►
From YouTube: IETF105-TEEP-20190722-1000
Description
TEEP meeting session at IETF105
2019/07/22 1000
https://datatracker.ietf.org/meeting/105/proceedings/
A
A
Part
of
the
IETF
I
kept
out
of
here.
Actually
how
many
people
is
this?
Their
very
first
teeth
meeting
your
hand,
the
very
first
one
excellent.
Thank
you
welcome
we're
glad
you're
here.
Thank
you
for
coming
all
right
for
note.
Takers
I,
believe
we
have
one
note-taker
right
now:
Thank
You,
Ned
Smith.
It
would
be
helpful
to
have
a
second
note-taker
as
it
back
up.
We
keep
notes
in
the
ether
pad,
which
is
the
bottom
link
there
you
should
be
aware
of,
and
if
you
go
to
the
I,
you
just
learned
this.
A
A
It
was
the
charitable
watch
anything
we
do
have
Medeco.
We
will
be
watching
the
jeffer
and
I
think
we
have
somebody
else
watching
Jeff
are
too
okay.
Is
there
anybody
else
who
wants
to
watch
ever?
We
didn't
have
a
screen.
Okay,
I!
Think
you
been
okay,
great,
alright,
here's
our
agenda
for
today
and
I
will
mention
in
case
you
didn't
get
the
notice.
It's
been
widely
broadcast.
Our
Friday
session
is
moved
to
tomorrow
morning,
hey.
A
That
means
we
have
plenty
of
time,
and
so
today
our
focus
is
on
the
architecture
document
issues,
and
these
are
just
guesses
on
the
time
here.
The
time
is
flexible
and
that
if
we
run
long,
that's
perfectly
fine.
We
have
the
time
and
the
item
number
for
the
transport
discussion
will
move
to
tomorrow.
If
we
need
more
time
for
architecture
discussion
today,
this
is
our
current
agenda.
For
today.
A
This
is
the
agenda
for
tomorrow
morning
same
time,
we're
in
a
different
room
at
same
time
tomorrow,
and
so
tomorrow
we
get
into
protocol
and
the
starting
at
11:00
a.m.
tomorrow.
We
will
have
the
discussion
about
attestation
and
the
relationship
with
the
rats
working
group.
Okay,
there
are
some
rats
participants
that
we
want
to
be
in
that
discussion
and
they
have
a
conflict
during
the
first
hour,
and
so
all
the
attestation
stuff
will
start
at
11:00,
and
so
as
you'll
see
right
now
we
are
all
puns.
Are
just
estimates
but
you'll
see
before
11:00.
A
Those
don't
add
up
to
an
hour
right,
which
is
why
the
transport
destruction
overflowing
to
tomorrow
is
perfectly
fine.
If
we
do
that
right,
we
will
be
able
to
have
time
for
non
Advent
station
related
stuff
during
the
first
hour
tomorrow
and
I've
had
station
during
the
second
hour
tomorrow.
Okay,
any
agenda
bashing
any
comments
on
the
agenda
before
we
actually
begin
their
agenda.
Here's
our
agenda
for
today
just
look
good.
Okay,.
B
D
D
I
game
I
didn't
try
again:
okay,
I,
looked
at
how
stock
map
dead.
We
have
a
brief
document.
Update
of
three
change.
You
know
from
table
to
2003
meet
you
I'm.
Still
the
me
John,
it's
a
secret
domain
is
removed
from
document
as
it's
not
dependents
anymore.
So
you
know
this
has
been
a
important
topic
has
been
discussing
last
several
working
group
and
last
few
month
and
I
will
have
intermittent
and
from
less
ITF
would
have
a
resolution
and
a
we
get
agreement,
so
we
removed
actually
place
dependency.
D
Secondly,
we
had
tip
agent
in
T
as
an
entity
model
its
insight
II.
There
was
some
terminology
collective
occasion.
What
means
agent,
what
it
means
broker
and
so
on,
so
that
tip
a
dad
I
have
a
some
more
slide,
won't
slide
each
for
each
of
his
changes.
Briefly
summer
there
and
T
broker
and
tip
agent
and
agent
was
more
aligned.
I
clarified
in
a
document
update.
D
In
addition
to
this
changes,
we
had
a
interim
meeting
in
May
17th
and
no
ideas
also
have
a
working
session,
so
we
worked
blocked
in
that
day
and
we
work
through
several
important
topics.
Now
it
has
some
update
on
that
next
No,
so
here
quick
glimpse
of
the
issues
totally
current
listed
sixty-four
issues
for
architecture
before
IETF
104,
we
closed
Italian
issues
resolved
and
in
last
three
month
we.
D
D
Are
we're
continuing
to
work
on
someone
we
have
not
made
update
or
have
not
discussed
much,
but
like
this
one,
so
editorial
changes,
this
should
be
not
I
complicate
the
the
complex
ones
or
major
ones
would
briefly
touch
on
bound
today,
and
we
give
some
discussion
I
like
to
get
a
feedback.
Also,
that's
a
man
in
Asia,
so
next
I'll
could
to
throw
this
one.
For
the
interim
interim
meeting
and
a
working
session
update,
we
hosted
this
in
May
17th
at
a
somatic
office.
We
have
which
a
medium
part
an
hour.
D
They
have
a
working
session
by
a
teacher
and
the
chairs
First
Avenue
Nestle.
Are
there
issues
with
discussed
and
there
was
some
solution
proposed
for
the
issues
or
problems.
There's
a
list
here
relate
to
architecture.
There's
some
also
our
product
discussion
to
not
lives
here,
but
it
is
more
ready
to
architecture.
First,
when
we
talk
about
secret
domain,
what
follows
that?
D
Do
we
remove
us
to
wait
more
need
more
feedback,
so
it
discover
secret
domain
tea,
page
ancient
architecture,
terminology
alignment:
this
was
not
email
straight
actually,
after
the
working
session
formula,
the
working
staging
was
okay,
not
what
we
call
it.
We
mainly
spend
time
whiteboard
in
the
end
to
in
the
flow,
then
look
at
where's
a
protocol
gap
with
octet
gap.
What
the
interactions
would
to
have
complete
coverage,
also
face-to-face
brainstorming.
So
what's
the
API,
we
should
put
there
and
adversely
we're
actually
quite
a
useful
exercise.
D
We
discuss
this
ta
distribution
pipeline
app.
Remember
earlier.
We
have
a
issue
set
thi
PT
tribute
part-time
or
by
client
app,
but
when
the
client
app
hard,
it
should
be
done
and
we
want
afford
it
and
have
a
worker
flow.
I
will
talk
about
here
attitude.
It's
a
good
example
which
illustrates
the
interaction
support
components.
D
We
also
discuss
a
topic
about
the
end-to-end
security
between
sever,
provide,
MTE.
Being
a
service
provider
went
deliver,
some
trust
application
or
special
IP
protected
awkward
zone
to
in
Tierra
is
there's
a
private
concern.
Is
there
are
P
disclosure
course
on
how
to
address
that?
So
I
heard
some
slide
on
that
one.
D
The
next
I
could
so
this
topic.
First.
Thank
you.
Sorry
issues
issues.
First,
one
this
one
says
I
mean
Fe.
The
people
in
particular
for
first
time
come
here.
Early
draft
has
been
assuming.
There
is
a
secret
domain
for
trust
application.
You
install
SAS
application
into
a
trust
only
into
a
secure
domain.
That
was
the
inheritor
form
global
platform
concept.
D
I
have
secured
Thomas,
partly
ASIC
element,
but
when
a
pro
to
prote
easy
now
say
is
secret
or
may
require,
and
Hannah
said
earlier,
this
issue's
that
what's
action,
meaning
that
what
a
secret
to
me
used
for
its
oscillation
scheme,
it's
a
it's
a
management
scheme
or
its
user
for
provisioning.
So
what's
the
purpose,
but
it
will
have
as
GX
and
different
teas
is
that
required?
Is
that
necessary?
So
the
consists
of
feedback
combines
and
no
adronis
we're
gonna
see
it
has
to
be
a
requirement
for
trust
application
in
broad
t,
different
T
kinds.
D
So
what
we
decided
was
said
tip
doesn't
need
to
expose
secret
domain
api's
anymore,
so
set
aside.
We
just
have
a
trust
application
management.
However,
however,
we'll
leave
that
to
implementation.
So
if
a
t
like
a
logo
for
TZ
want
to
use
such
secret
domain
on
the
coverage,
fine,
they
can
implement
T
per
protocol
and
ta
management
API
like
it.
You
start
here
on
account.
They
can
assign
implicit
secret
to
me,
identify
whatever
they
decide,
but
for
protocol
level
we
would
not
interpret
it
would
not
assume.
D
There's
such
thing
right,
it's
a
implement
dependent
but
for
other
T's
and
never
have
concept
it
continually
just
mad
it
here
yeah.
So
that's
an
important
decision.
I
think
this
will
be
one
of
the
major
decision
in
architectural
I.
Will
our
concealer
because
avert
pick
a
change?
Alright,
big
change,
we
removed
half
of
ap
ice
for
the
coffee
Kyle
and
also
remove
a
lot
of
key
management.
I'd,
never
say
early.
There
was
a
model,
Ultherapy
management.
That
was
it
now.
You
have
a
key
social
security.
Oh
man
secret.
D
No
me
sheriff
ISP
owned
by
SB,
who
said
so
that
complexity,
so
status,
wise
architecture
document
has
updated
to
remove.
The
secret
domain
has
made
pieces,
but
this
is
somewhere.
We
may
have
a
word
with
her,
not
fully
removed,
but
at
this
is
product
apartment.
Also
Hannah's
we're
talking
tomorrow
and
abortion,
which
didn't
make
my
change,
but
it
wasn't
to
researchers,
a
pneumo,
HD
and
the
protocol
is
a
schema
relating
luleƄ.
Circuit
domain
is
a
first-class
City
that
right
have
identifier
name
key
and
saw
in
schema.
A
D
Sarah,
that's
a
pretty
close
to
all
right.
Okay,
yes,
yes,
yes,
hello
straight
doc,
Amanda
has
been
damn
yeah,
so
next
one,
this
is
a
very
simple.
Is
he
introduced
and
there's
a
thank
safe
and
a
lot
of
good
feedback
come
back
there
terminal
earlier
I
mean
you
know
we're
beginning.
We
have
that
I
was
a
very
old
time.
Okay,
first
draft
is
arrived
at
an
agent
without
EAP
agent,
cheap
agent.
Now
a
clarify
to
say
we
have
a
tip
a
broker.
D
You
know
are
in
rich
Ward
because
need
a
handle
transport
layer,
righty
Anaheim
network
capability.
So
you
need
something
in
the
e
to
do
that
job.
Then
this
are
you
need
property
that
we
need
something
inside
t
to
handle
the
tip
protocol.
So
is
that
such
concept-
and
this
is
a
formally
formulated
district-
we
caught
tip
agent.
So
now
we
do
have
a
architecture
component
cut
tip
agent
in
society
which
would
text
their
messages
from
tip
a
broker.
D
D
You
should
relate
to
this,
no
matter
what
you
call
agent,
you
could
broker
what,
when
you
call
an
agent
when
talk
agent
now
it
means
it
a
entity
inside
RT,
a
has
implemented
is
implemented
dependent,
whether
it's
a
trusted,
Application
Specialist
application
self,
maybe
maybe
special
system
trust,
applique
application
or
maybe
not
dependent
ee
yeah,
but
it
is
a
component
conceptually
reprint
that
so
this
one
next
on
folder,
you
can
see
it'll
get
better.
So
now
you
have
clone.
Aside
to
my
side,
you
have
TP
broker.
D
You
know
reee,
which
handles
networking
to
remote
service
talk
with
a
local
tea
in
a
device.
So
you
have
tip
agent
Harper,
Philippian,
Tam,
site,
Sam,
sighs.
This
is
a
created
to
the
depth.
Allure
Israel
have
very
hot
tam-tam
may
run
all
senti
went
on
the
riccati
I
better
say
you
may
highways
Jack.
You
have
also
TV
and
you
have
component
it
web
server.
We
know
HTTP
protocol
you
will
have
on
the
web
a
server.
Do
we
need
to
formulate
some
conceptual
module
there
we
come
given
name,
yeah
question
comebacks,
they
say
is
named
Tammy.
D
We
call
this
time
prokhor,
but
it's
broken
right
word
at
a.
Let
me
change
later,
for
this
is
like
your
feedback
yeah.
So
so
far
and
say:
do
we
may
call
this
temp
rocker
symmetric
to
this?
You
have
agency
a
broker
and
then
this
time
a
service
side
will
have
this
time
engine
right.
Imagine
when
the
engine
like
this
and
then
you
have
a
web
tier
or
transport
level.
8
horas,
para
autonomy
is
necessary,
HTTP
temporal
car.
So
that's
that
from
architect,
Stockman
my
question
more
come
West.
D
So
shall
we
this
entity
into
the
architecture
diagram
into
the
architectural
document
and
Dave
tomorrow
today,
I
can
later
he
may
have
a
new
one
more
in
a
different
stack.
Talk
about
this
awful
product
document
definite
will
be.
Must
missions
then
to
a
pushback
as
a
measure
for
the
current
document.
We
need
a
formula
that
right
if
he
introduced
about
that,
we
just
a
temp
service
with
talk
West,
madam
service.
D
D
D
D
We
started
with
architect
document.
They
were
started
with
the
protocol.
Say
May
protocol
is
a
message.
The
protocol.
You
have
a
message
exchange
between
te
and
the
Tam
right
to
manage
your
trust.
Application
install
just
installed
here:
DVT
a
Manticore
status,
but
long
this
then
we
introduce
architect
component,
will
have
to
broker
and
tip
agent
how
to
talk
each
other
interoperability
right
then,
when
they
need
API
I
call
this
tip
agent
API
will
have
its
definition
in
ot
IP
protocol.
Okay
in
that
protocol.
Now
the
question
says
this:
one:
where
should
be
defined?
D
We
editors
discussions
and
we
may
define
this
an
architecture
talk
nothing
in
a
porn
talk
or
transport
talk
that
one
way,
because
this
can
be
sheer,
no
matter
what
protocol
define
in
this
message,
but
it
isn't
just
that
between
retort
and
which
ye
and
the
TE.
That's
a
same
API.
We
meet
to
that.
That's
a
one
proposal
guide,
but
here
th
and
this
80-85
chat
support
protocol.
They
were
have
I've
see
already
for
that,
one
right,
supportive
on
HTTP.
D
The
first
one
requires
three
four
Peter
client
app
talkative
a
broker,
or
a
summer
installer
T
installed
in
IE
to
trigger
some
installed
ta.
Do
we
need
to
define
P
and
not
so
far
as
I
know,
we
leave
that
on
say
how
that
an
int
active
broker
may
be
platform
dependent
right
plan
for
depend
on
whether
the
IOT
device
or
Android
or
HDX,
how
that
done?
We
may
not
be
able
to
define
that
it's
outside
of
our
control,
so
I
said
no.
This
is
only
intention
and
no
definition
here.
D
The
another
side
if
we
introduced,
am
broken
savvy
at.
Am
this
also
link
here?
Do
we
need
to
formulate
some
API,
or
this
only
has
one
black
box
they
just
defined
here
they
have
a
D
intercept.
The
API
is
called
here.
This
will
be
risk
for
API
assumed
lies
any
practice.
This
only
internally
send
to
it
process.
Message
similar
to
this
site
right,
API
call.
There's
a
process:
the
message
was
a
simple
JSON
whatever
so
so
far.
We
just
consider
one
two,
three,
the
we
would
define
a
protocol
for
snow
five,
TBD.
A
A
Is
that
I
think
the
level
of
depth
that
you
go
into
should
be
the
same
between
at
two
and
five
I?
Don't
have
any
opinion
on
the
amount
of
depth
that
belongs
in
the
architecture
document
as
to
whether
it's
very
hand
wavy
or
whether
it
is
a
list
of
the
names
of
the
api's
I,
have
no
preference
there,
but
I
think
whatever
the
answer
is
for
two
I
would
prefer
that
the
answer
should
be
the
same
for
five.
E
So
sorry,
I
wish
that
my
opinion
is
that
the
one
inside
probably
is
needed,
at
least
from
what
I
understand
for
some
use
cases,
the
other
on
the
right.
It's
kind
of
internal.
In
my
opinion,
it's
that
they
shouldn't
be
linked
together.
I,
don't
think
that
if
that
one
is
included
that
one
should
I,
don't
think
so,
I
think
two
is
to
stay
on
five
I
have
no
okay.
E
G
G
When
we
say
2
is
normative,
then
I
have
a
hard
time
saying:
5
isn't
for
the
same.
For
the
same
reason,
it
creates
a
lack
of
symmetry
in
the
protocol
and
in
the
architecture
and
I
think
that's
difficult,
so
I
understand
the
desire
to
not
be
normative
in
the
tam
side
to
allow
for
more
flexibility,
I,
don't
think
it.
It
hurts
much
too
to
have
it
be
the
same
as
as
number
2,
so
I'm,
leaning
towards
saying
both
2
and
5
should
be
defined
and
they
should
be
normative,
but
I'm
open
to
having
that
discussion.
A
If
you
use
the
same
name
for
something
which
says
I
invoke
this
event
and
one
says:
I
react
to
the
following
behavior
in
response
to
this
event
right,
then,
you
can
correlate
information,
the
two
specs
they
fit
together,
okay
and
so
line
number
two
is
a
way
of
doing
that
for
the
TE
device
side
of
both
specs
okay
line.
Number
five
is
a
way
to
coordinate
between
those
two
sides
of
the
Pam
side
of
those
two
specs
right,
so
that
is,
would
be
the
benefit
of
having
the
literal
names
in.
A
There
is
just
to
say
if
there
was
an
update
of
either
of
those
specs
for
some
alternative
specs.
So
let's
say
an
alternative
transport
spec
was
defined.
It
was
not
HTTP
right,
someone
who's
going
to
do
a
different
transport
spec,
they
would
say
if
they
were
normative
in
there
as
David
suggested
we
were
suggesting,
then
a
new
transport
spec
that
was
a
non
HTTP,
would
say,
and
here's
the
names
I
have
to
specify
the
behavior
for
right.
That
would
be
a
requirement
if
you
made
it
be
normative
right.
A
D
E
E
Sorry,
furbish
again,
I
don't
have
a
strong
opinion
like
like
you
Dave,
but
I'm
thinking
of
the
case
when
I
have
multiple
thumbs
and
I'm
kind
of
not
sure
that
is
the
same.
So
I
don't
know
if
it's
important
to
have
the
separation
inside
each
of
the
thumbs
or
not
that's
what
I'm
a
little,
not
not
clear.
So
for
this
implication
one
time,
maybe
it's
okay
to
separate
and
have
both,
but
for
multiple
I
don't
know.
Maybe
it
should
be
normative.
For
that
case,
I,
don't
I
don't
have
opinion,
but
that's
okay.
F
H
F
Data
structures
and
the
schema
to
allow
these
interfaces
to
relay
information,
and
so
you
could
define
transfer
protocols
or
transport
protocols.
I'm,
not
sure
here.
Whether
number
two
and
number
five
would
really
be
in
scope
for
us
here
in
the
IETF
I
will
be
open
to
suggestions
of
how
it
could
be
in
scope
right
now,
the
way
I'm
looking
at
it
to
me.
It's
not
even.
I
F
Again,
the
architecture
spec
to
me
describes
of
workflow
right
and
so
I.
Guess,
if
you're
trying
to
ask
that
so
the
question
was:
can
it
at
least
be
informative
right
and
so
from
an
architecture
perspective
I,
guess
I'm,
not
making
a
distinction
of
informative
versus
normative?
Unless
you're
saying
this
is
a
hard
to
requirement
that
has
to
be
in
the
Charter
or
teeth,
and
we
must
define
these
within
teeth.
Does
that
clarify
it.
A
Me
taco
needs
to
be
able
to
hear
you
so
I'm
Dave,
Saylor,
I'm
speaking
for
the
participant
mic
from
anyway.
This
remote,
the
I,
think
that
the
API
is
are
in
scope,
I
think
the
various
analogies
in
the
IETF
for
abstract
API
switch.
Are
you
familiar
with
that
term?
Other
examples
in
the
ATF
gssapi
as
a
well
known
RFC,
that
was
an
abstract
API.
The
taps
working
group,
this
charter
to
do
various
api's
and
the
abstract
api's
means
that
you
don't
specify
how
it
looks
like
in
a
particular
programming
language,
because
that
can
completely
vary.
A
What
you
specify
is
some
name
for
it
that
can
appear
in
a
document
which
may
be
different
than
the
name.
That
appears
in
a
particular
programming
language
and
the
meaning
of
that
API
right
without
specifying
oh,
and
this
thing
has
to
be
an
integer
or
something
that's
not
abstract.
That
would
be
a
concrete
API.
The
ITF
does
those
when
you
need
to
correlate
behavior
between
two
different
specs
like
two
different
layers
like
between
TCP
and
the
layer
above
TCP
right,
says:
here's
a
different
event.
A
connection
comes
in
I
lost.
A
The
connection
message
arrived
things
like
that.
That
are
events
the
TCP
exposes
in
some
sense
that
list
of
events
is
an
abstract
API.
That's
what
I
believe
is
in
scope
here.
That's
what
the
protocol
document
and
transport
protocol
document,
the
T
probe
message,
protocol,
TR
PE
and
the
transport
protocol
document
talked
about
and
I
think
it's
in
scope
for
the
working
group,
but
the
level
of
detail
and
the
architecture
document
is
what
I
do
not
have
any
strong
opinion
on
as
to
whether
it
is
that
detailed
or
no
detail
or
anywhere
in
between.
E
D
J
K
A
K
Terms
of
what
to
do
for
the
architectures
back
itself
and
I
sort
of
agree
that
maybe
it's
still
unclear
about
whether
we
need
to
describe
things.
As
you
know,
specific
abstract
api
is
or
if
we
could
talk
about
in
more
generic
terms.
This
is
the
sort
of
information
that
you
need
to
convey
between
these
two
islanders,
not
and
exactly
how
you
do
that
will
be
to
find
somewhere
else.
Naza
flee
from
this
working
group,
possibly
implementation-specific
mm-hmm,
so
I
mean
we.
K
We
need
to
consider
what
the
architecture
looks
like
in
terms
of
which
pieces
are
going
to
interact
and
what
sorts
of
things
that
might
be
doing
and
yeah
I'm
open
to
having
the
api's
described.
I
I,
don't
know
that
there's
a
clear
obvious
one
way
versus
the
others,
so
I'm
excited
to
hear
people
you
know
discussing
it
and
seeing
what
they
think.
F
D
D
This
will
illustrate
let's
change
some
kind
of
functionality
involved.
Alright,
this
architecture
level,
but
this
more
like
product
costs
back,
but
you
more
because
it's
up
I
want
to
show
the
use
case.
A
we
discussed
when
you
install
ta,
where
the
TA
partner
is
a
fun
note
inside
a
clan
app
or
maybe
in
system
already,
it's
another
always
distributed
by
Pam,
and
this
has
major
impact
on
the
AP
is
API.
So
what
functionality
you
have?
D
A
support
optional
require
elements,
are
comments
and
so
on
in
a
first
draft,
we'll
assume
T
upon
is
always
farm
time
from
service.
Later
we
say
for
like
a
CH
others
that
ta
partner
and
not
necessary
from
time
and
how
to
support
it,
and
we
get
to
live
in
more
thought
during
a
working
session.
You
know
me
so
the
float
looks
like
this.
D
You
always
start
with
client
application
right.
Client
application
has
manifest
a
file.
It
says
there
was
this
way
used
to
refer
to
suit
as
something
with
to
BD,
it
says,
cannot
depend
on
one
ta
and
this
ta
can
be
downloaded
from
this
time.
Url
or
not,
download
make
contact
time
URL
for
authorization
yeah
that
manifest
file
and
the
cloud
app
will
pass
this
to
tip
a
broker
by
the
way
this
can
be
from
an
installer
independent
platform,
not
as
an
application.
Oil
meant
core
applications
that
call
installer.
D
I
me
that
yeah
that
installer
may
call
TV
broke
is
a
you
to
that
job
before
me
and
wonder
that
means
says
you
have
something
conceptual
as
a
request.
Yet:
okay
I
needed
here,
here's
a
TS,
an
20
fire.
Also
I
say
AHA
binary,
not
in
this
case
he
could
shoot
the
steep
broker
he
broke.
First
contact,
he
procured,
parkways
a
tip
agent
locally,
is
a
TA
audience
thought
and
even
starts
that
you
don't
need
necessary
co-op
right,
but
so
that
the
first
thing
caught
the
T
tip
agent.
Now
you
need
function.
D
How
to
card
that
first
AP
has
a
request
here:
I'll
correct,
yet
whatever
you
called
there's
a
request
here,
tip
agent
inside
said
is
a
TA.
Or
do
you
start?
Yes,
no,
let's
assume
empty,
no
I
don't
know
ta.
They
announced
for
this
one
with
the
Tammy
URL
override
a
policy
card
right
so
spot
a
cell
right
say
this
could
tell
me
URL,
but
then
this
one's,
whether
it
has
known
time
earlier
that
time
already
contact
me
in
the
past
I've
trusted
time.
D
Then
we
make
shortcut
head
if
you
never
know
that
time
right
is
it
give
me
time
and
name
knew
that
that
says
yet
right,
I,
don't
know
what
it
is.
I
mean
atrocity.
I
will
not
leak.
My
information,
what
it
does
say
this
one
would
go
back
to
here.
It
is
here's.
The
time
you
could
contact
so
call
bhakti
bhakti
broke
is
now
talk
with
Tam
again
now,
we've
got
a
step.
D
D
It's
a
sign
message
so
that
it
can
tell
the
sixth
tell
the
tip
agent,
who
I
am
so
he
can
make
decision
whether
are
well
a
lot
of
temp
to
to
something
in
this
device
and
to
make
that
a
car
tip
broker
will
has
the
message
camp,
give
it
to
the
agent
what
a
cart
well.
I
could
generate
a
name
now
process
T
per
message
right.
It's
just
API!
So
look
at
this,
our
abstract
api's.
If
yeah
I'm,
sorry
interface,
how
to
record
that's
as
a
work?
No,
it
just
discussed
so
now.
D
First,
once
the
process
is
on
Cory
now
this
one,
you
says:
okay,
I'm
a
good
day
and
remember
this
one
requesting
you
start
T
air
outputting
as
a
message:
correct,
Co
response
which
they
requested.
Ta,
yes,
t
ID,
and
this
one
right
here
is
T
planning,
hash.
Okay,
by
the
way
this
one
you
have
local
pond
or
a-
and
this
generates
such
message
is
signed
signed
by
te
key
and
a
now
send
it
back.
Send
it
back
to
step,
8
queries,
funk
back
and
now
come
come
back,
say:
okay,
this
is
the
Weis.
D
I,
trust
and
I
would
say,
decide
proceed
to
you
start
yeah.
It's
sending!
You
start
here
command.
You
know
this
tier
command.
It
doesn't
need
to
give
that
ta
Pinery
right
blop,
because
he
upon
your
locally
available.
But
what
one
thing
does
was
I
was
gonna.
Mention
that
one
we
talk
about
is
flow
message:
ta
Panerai,
while
we
send
it
over,
we
get
tears
there,
either
version
or
pond
or
a
locally
quanta
ponder
it.
I
may
say
you
have
old
version
or
you
have
pond
route,
don't
trust!
D
So
you
give
a
tear
hash
that
hash
or
some
of
whatever
on
telefĆ³nica
or
some
data.
You
could
tell
the
panel
rate
data
about
a
TA,
so
Tim
can
make
a
policy
decision.
It
can
make
have
a
later
version.
Ta
partner,
I
said
isn't
watching
you
should
be,
is
not
the
one
you
already
released
right,
because
you
may
have
a
lot
older
version
locally.
The
latest
version
may
be
in
cloud
and
that's
the
intention,
so
you
say
so
just
workflow
why's
this
come
back
now
you
can
install
one
thing.
D
I
wanna
point
out
here
is
the
API.
So
now
see
now
you
have
an
install
command
is
a
T
per
message
that
was
signed
and
encrypted,
but
over
enemy
secret
ways,
a
mermaid
City
and
kept
the
piety
Tiki
here,
so
that
machine
encrypted
keep
a
poker
in
bikinis
that
Tommy
broker
right
all
the
network
transport.
D
You
sure
you
came
data
for
to
tip
agent
in
this
case
it
doesn't
more
than
that,
you
can
tell
what
they
need
does
is
need
to
do,
is
put
it
in
story,
a
message
process
plus
optional
ta
partner
that
itself,
but
is
that
a
piece
of
outside
of
a
time
remember
it's
a
other
side,
a
sign,
a
message:
it
is
a
form
ie,
not
a
from
a
sign
amazing
for
time
it's
locally
here.
Well,
it's
sign
T
upon
resigns
anyway.
Ta
partner
is
signed
by
who,
by
the
similar
provider,
not
necessary
for
town.
D
All
right
forget
who
she
deliver.
Author
right
who's,
the
developer
applicant,
develop
a
silver
provider
sign
up
our
silver
provider.
Actually,
this
I
said:
if
you
talk
writing
tomorrow,
I
think
this
is
one
part
of
the
sinus
sauce
or
more
clarification
so
interesting.
If
I'm
a
might
be
entity
to
buy
the
SP
SP
time
device
all
have
a
key
and
certificates,
multiple
entities,
rights,
three
time,
key
kawazu
key
and
SP
signing
key
so
anyway.
D
So
the
point
is
this:
a
function
here
need
a
company
that
key
upon
is
optional
and
past
the
agents
not
tip
a
journey
install
a
solution.
It
has
a
binary,
it
may
retrieve
a
binary
form
local
system
it-
you
may
not
give
to
me,
maybe
in
a
resource
location
already
know.
I
will
fish
myself,
so
that
gives
this
cut
four
options:
different
variety
and
different
usage,
as
you
can
see,
we
need
to
handle
when
you
dress.
So
this
will
add
some
parkour
complexity,
but
it
looks
all
there's
a
valid
case
that
we
need
to
consider.
D
A
For
if
it
wasn't
where
some
tes
may
need
the
TA
binary
in
order
to
install
the
TA
binary,
other
tes
may
not
right
and
so
I
think
in
presentations
in
this
working
group,
I
think
David
wheeler
in
this
sx1
explained
it
s.
Gx
is
an
example
of
one
that
does
not
need
the
actual
TA
binary
at
install
time.
It
only
happens
at
say,
load
time
or
whatever
you
don't
need.
The
actual
bits
of
the
thing.
A
C
Is
there
a
I
just
did
a
quick
look
at
a
three
Randy
Turner
with
Lana
senior?
Is
there
a
use?
Cases
have
been
mentioned
about
connections
between
across
networks
between
a
agent
and
something
outside
of
the
device.
Basically,
the
multicast
applications
to
multiple
agents.
At
the
same
time
or
multicast.
C
D
D
L
So
the
client
appetizer
is,
is
the
device
management
find
out?
So
it's
not
really
like
there's
only
this
app
and
then
that
damn
broke
has
also
the
device
management
servant.
So
that's
the
underlying
protocol
that
provides
that
distribution
mechanism
and
that
that
exists
already
has
been
to
try
it
out,
and
some
people
actually
deploy
that
already
and
so
on.
So.
A
B
M
G
This
is
Dave
wheeler
I,
think
the
distribution
of
the
binaries
could
be
multicast,
but
our
whole
protocol
is
based
on
a
an
attestation
from
the
te
e
to
the
Tam.
So
we
could
talk,
maybe
in
the
architecture
document,
about
decoupling
that
more
directly
and
using
a
multicast
to
push
out
a
binary
to
too
many
and
end
stations.
That
probably
requires
us
to
talk
a
little
bit
about
opening
up
a
different
type
of
transport
right
with
a
port.
G
A
Suit
working
group
chair
here,
I
was
join,
T,
fancy
working
group
chair
and
so
tomorrow,
we'll
have
a
discussion
about
the
relationship
to
suit
as
part
of
Hana
ciseaux,
TRP
presentation.
The
discussion
of
how
you
distribute
binaries
to
things
is
something
that
I
claim
is
heavily
related
to
the
suit
manifest
discussion
and
I
would
invite
people
who
want
to
participate
in
the
you
know.
Could
I
multi
cast
off?
How
would
I
reference
a
by
URI
ata
that
is
multicast
or
whatever
is
a
great
discussion
to
take
to
the
suit
working
group?
L
Our
neighbor
that
I
think
it's
useful
to
discuss
this
topic
in
the
architecture
documented
that
they
are
indeed
other
transport
and
the
distribution
of
the
binary
may
be
done
in
multiple
different
ways,
but
I
don't
think
it
will
require
us
to
do
a
new
protocol
mechanisms
because
those
exist
already
and
have
been
used
like,
for
example,
we've
been
using
this
distribution
mechanism
in
Laura
van
and
it's
actually
it's
not
using
IP
in
that
case,
for
the
distribution
and
I
agree
with
the
other
notes
that
Dave
will
add
it
earlier.
Yeah.
D
I
think
that
if
just
the
tip
on
our
caste
chip
itself,
it
would
be
simple
problem,
but
for
the
adaptation
hor
it's
a
into
end
today,
the
individual
device
you
get
a
multiple
castle
have
a
form
of
devices,
they've
had
different
keys
and
we
cannot
do
either
yeah,
okay,
okay,
good,
it's
a
like
that.
We
have
summer,
ok,
Coromant,
okay,
I
will
move
on
there.
Basically
illustration
you
can
see,
hopefully
help
that
this
slides
over
where
the
functionalities
we
need
to
illustrate
the
architecture
and
a
way
to
will
go
to
the
product
cost
specifications.
A
D
This
one
is
which
the
sky
will
have
not
opted
document
yeah,
and
this
was
not
in
any
document
yet
I
think
it
is
sauce
particularly
upon
right.
We
do
have
this
one
actually
atomic
dust
nation
which
support
T
upon
and
claw
nap
with
into
this
level
of
detail
and
how
an
impact
and
what
considerations
big
architectural
half
we
talk
about
a
click
on
save
up
with
the
requirement
right.
What
part
are
gonna
shoot
to
do
and
other
should
do.
D
D
Me
this
to
issue
related
to
this.
That
there's
this
relate
to
issue
about
earlier,
would
have
number
nine
Tim
but
installed
here
in
single
pass,
say
we
have
multiple
girls
in
his
architect
did
I
make
it
efficient
I
don't
make
each
end,
then
I
mean
a
single
pass
single
pass.
What
this
progress
Ted
update,
we
first
started
wise,
like
single
pass
means.
Today
you
need
to
run
trips.
You
always
start
with
time
Cory.
What
the
Vice
look
like
is
tear
there.
D
What's
there,
then
you
start
here
and
so
on,
but
is
that
if
she
insists,
can
you
just
a
don't
to
to
Ron
chefs
use
one
run
trip
right
so
then
it
means
you
can
start
with
T,
locally
sign,
requests
and
time
terms.
Yes,
go
ahead,
compact
that
one
on
track.
So
this
is
two
issues
related
related.
Okay,
now
come
back
to
this
on
the
two
issues
here
this
one
needed
hiding
in
a
similar
way.
Can
we
achieve
that
and
we
come
to
this
conclusion
indicator.
D
Ideally,
your
claw
nap
t
brokered
poverty
region
locally,
yes
and
use
sigh
first.
However,
you
don't
want
to
send
your
signing
information
out
to
someone.
You
leak
your
information,
because
you
don't
know
that
time
yet
that
privacy
concern
okay,
no
means,
so
you
don't
support
it.
You
send
it
not
she
not
right
yeah.
So
that's
all
yeah
yeah,
okay,
that's
a
harvest
kind
of
a
talk
by
to
say
really
reach.
Ree
gave
me
URL.
I
would
not
trust
a
URL
yet
because
I
do
not
know
how
to
timing
information.
D
Yet,
then
I
will
not
give
anything.
So
that
was
a
sign
you
could
but
or
not.
Okay,
we're
not
a
give
a
sunny
information
out
until
I
know
it
is
the
time
I
could
trust
alright.
So
for
that
reason
you
can
see
they're
here
sign
I'm
not
going
to
give
it
a
Sunday.
The
first
in
step,
four
I
only
give
maybe
Tommy
URL
you
contact
a
five
step.
You
do
the
first
contact
verified
contact
time
time.
Give
you
some
back
time,
give
Asante
that
give
you
certificate.
Now
you
can
verify
this
at
mo.
D
I
trust
after
that.
Second
time,
I
think
protocol
variation,
remembering
on
says,
okay,
subtle
here.
Second
time
we
install
another.
Two
year
later,
the
TTP
agent
can
crash
at
time
certificate
here
already
contact
time
once
in
the
past.
Another
time,
if
you
can
tell
me
URL,
come
time,
identify
I
can
now
sigh
first,
you
know
one
single
pass,
so
there's
a
card
that
two
protocols,
it's
a
particle
variation
who
want
a
support,
post
right,
you
get
debit,
and
then
you
have
oh.
G
Yeah
this
is
Dave
wheeler,
so
so,
from
my
perspective,
there
there's
two
issues:
one
is:
is
privacy
and
the
other
is
the
issue
between
multiple
round
trips
to
the
Tam
versus
local
storage.
In,
in
my
te,
the
the
way
that
Ming
has
described
it
I
can
maintain
a
list
of
that
I've
authenticated
before
and
then
I
can
use
that
to
reduce
the
round-trip.
But
if
I
don't
have
that
storage,
then
I
can't
do
that
yep.
G
That's
not
trusted
and
you'd
send
your
attestation
information
to
a
Tam
that
you
don't
trust
and
they
may
not
even
respond
back
to
you
right
or
you
could
get
a
response
back.
That's
signed
and
the
CA
is
not
in
your
trust
anchor
list.
So
then
you
don't
trust
it
and
you
end
the
whole
whole
protocol
exchange.
But
but
the
trade-off
here
really
is
storage
and
privacy
versus
round
trips
and
privacy
and
as
well.
A
D
D
So
what
right,
then,
that
tip
agent
to
a
pre-installed
there,
most
probably
yes,
ite
it
configure,
say
when
coming
I
decided,
give
a
sound
requests
used
to
say:
I
forget
this
option
right
I
could
give
a
sign
request,
talk
to
time
or
say
no
I.
To
give
you
the
you.
Are
you
can't
act
I'll
require
you
give
me
some
data
first,
those
can
happen.
There's
a
comfort
of
our
architecture.
I
said
protocol
scope,
right,
possible,
I
think
causes
all
general
ideas
here
say
we
want
to
support.
D
This
is
our
particle
should
support
such
use
cases
options
then
that
relate
to
up
schema
of
the
schema.
Your
missus
completeness
writing
in
protocol.
Spec
will
say
what
and
miss
at
this.
This
message
here
write
a
more
site,
so
this
a
flavor
yeah
good.
This
is
a
good
discussion,
another
one.
Another
one
this
one
talk
about
a
say,
a
use
case
where
I
have
it
yeah
we
talked
about
it.
We
came
with
with
us
three
entities
again
it
three
in
today
and
then
a
diagram
here.
D
You
have
similar
provider,
you
have
time
and
you
have
device
silver
provider,
give
a
truss
application
to
device
right
through
attempt.
Silver
providers
are
not
always
a
temp
provider
all
right
as
a
particular
case.
However,
many
supplies
a
software
work
Whizzer
like
at
this
time.
Oops
Tam
is
a
camera
manufacturer.
They
put
a
software
into
camera,
but
I'll
have
a
AR
model.
Where
you
have
the
confidential
information.
I
don't
want
even
time.
No
I
don't
want
to
give
that
the
IP
to
the
manufacturer
right
only
I
know.
Now.
D
How
do
you
deliver
that
to
devices
so
that
their
case
is
here,
let's
kiss
here,
so
no
to
that
one
first,
on
T
upon
ray,
is
encrypted
form
time
to
device.
So
you
see
earlier
I
take
a
packet
of
flow
here
when
t
upon
or
is
it
distributed
from
tam-tam
being
encrypted
by
the
baskis,
the
only
time,
a
scanty
question
these
channels
into
insecure?
What
the
topic
here
has
silver
provided
behind
this
on
another
grammage,
a
second
yeah,
this
aunt
silver
quarter
here.
D
This
diagram
comma,
will
give
the
TA
into
insecurity,
but
from
silver
provider
how
to
sever
productivity.
Binary
@m
cannot
decrypt
can't
she
not
see
it
because
if
time
can
reverse
engineered
code
right,
so
that's
a
problem
which
address
that's
actually
interesting
case
and
justification
Notley.
It
also
delivered
confidentiai
p
there.
So
how
to
solve
the
problem?
How
to
solve
a
problem
and
a
discussion
come
back
ear
say
that
case
time
can't
deliver.
Your
application
has
simply
between
a
binary,
which
is
just
a
generate
code
and
confidential
P
Street
as
a
personalization
theta.
D
Rather,
you
initialize
that
artificial
intelligence
marble
your
theta
mala
is
that
as
that
data
initialization
piece,
so
what
do
you
have
is
that
you
have
at
am
by
manufacture
reinstall
software,
generic
software?
Whatever
your
am?
What
do
you
have,
and
you
should
has
a
data
time?
We've
got
data
time
another
time,
but
at
that
time
a
silver
provider.
You
were
hosted
so
that
way
we
can
leverage
a
sim
time
to
device
T
per
protocol
without
change.
So
you
guys
dress
Palmer
that
well
yeah.
There
is
a
problem
that
well
that's
a
proposal.
D
A
It's
to
remember
the
issue
was
introduced
by
saying
we're
gonna,
remove
security
debate,
and
so
the
editors
left
all
the
use
cases
that
security
man
was
providing
and
assumption
of
security
providers
as
well.
We
want
to
make
sure
that
when
we
route
security
domain,
it's
related
content,
we
don't
actually
break
any
use
cases.
So
how
could
you
maintain
this
use
case,
and
so
they
walk
through
all
these
and
they
said
well.
The
way
that
we
deal
with
this
is
to
have
the
service
provider.
For
this
particular
case,
they
could
have
a
second
tab
and.
B
D
D
A
Also
talked
about
how
you
can
potentially
use
it
with
confidential
code.
The
example
case
is
confidential,
personalization
data,
but
the
same
thing
would
work
either
way
right,
whatever
you
can
express
in
a
suit
manifest
Brendan
explained
during
the
aedra
meeting
right
that
many
of
you
are
at.
You
can
use
this
to
manifest
to
express
any
files
or
any
contacts.
Yet,
okay,
I.
A
D
D
It's
a
TATP,
no,
not
here
and
with
this
earlier,
but
you
thought
earlier
so
hard
to
do
that,
one!
It's
a
it's
a
complicate.
You
know
software
dependencies
can
be
infinity
loop
or
deep,
but
whatever
so
is,
may
sue
to
a
group
restart
address
similar
problem
or
would
defer
to
that
one.
So
what
it
is
a
document
wise
which
adopted
reflect
that
then
we
can
close
the
issue.
D
Multiple
times
for
a
single
clan
app
all
right,
just
the
example
we
said
one
Khurana
can't
depend
t8,
he
has
binary
and
personalization
they
could
go
to
separate
tab.
I
even
won't
here
can
go
to
different
tabs
multiple
times
supported
by
one.
Yes,
it's
valid
use
case
is
in
scope,
will
support
it,
and
then
this
was
from
last
meeting
family
you'll
see
more,
but
it
isn't
no
okay.
So
it's
just
so.
We
will
have
documented
update
document
that
we
have
this
one
support.
D
We
just
say
only
that
you
notice
this
one
I
want
to
point
out.
You
could
have
multiple
time,
but
it's
a
this
one
single
time
content
a
bad
tip
right.
So
that
means
that
type
of
how
all
the
other
tears
you
have
it
multiple
time
but
multiple
time,
but
forgiving
tip
you
go
to
one
and
the
tears
supply
their
tier
two
that
time,
if
it's
a
different
attempts
that
one
time
can
talk
all
the
time
leak
like
it
all
it.
Yes,
just
like
a
google
apps
talk
like
a
whole
look
after
happy
and
won't
plan.
D
You
can
turn
them
from
one
place,
but
you
decided
to
the
article
article.
Do
another
class
I
was
fine,
all
right,
you
can
go
to
different
places,
but
all
together,
this
is
a
simplified
decisions.
Just
say,
makes
this
live
simplified,
not
always
really
acted,
200
different
times
all
right.
So
that's
a
quick
burn
on
there
for
one
device.
D
D
A
F
A
Go
back
okay,
aha
day
feeler,
hackathon
participant.
We
actually
talked
about
this
issue,
and
so
I
just
wanted
to
relay
to
the
working
group
that
there
is
something
that
an
implementation
has
to
do
with,
and
my
belief
was
that
it
did
not
require
any
changes
to
the
architecture.
Document
and
I
want
to
share
it
here
to
see
if
people
agree
that
it
requires
no
change.
The
architecture
document,
okay,
and
so
what
this
is
saying
is
that
if
I
have
a
client
app
and
the
client
app
depends
on
two
TAS.
A
Okay,
let's
take
a
case
where
one
of
those
TAS
is
already
installed
in
the
t'ee,
and
one
of
those
TAS
is
not
okay.
Now
the
one
that
is
installed
may
have
been
obtained
from
Tam
one
and
the
new
ta
needs
to
come
from
Tam
all
right
least
that's
what
the
manifest
says.
Okay,
so
as
an
implementation
decision,
you
have
to
figure
out
how
you're
going
to
deal
with
that
right.
A
If
you
say,
oh,
that
one
was
already
installed.
Okay,
then
of
course
I'm
gonna
call
one
only
for
the
missing
ones:
okay!
Well,
what
if
ta
one
is
actually
right
in
the
middle
of
the
process
of
big
installs
right?
So
you
have
these
issues.
You
know
race
conditions.
So
how
do
you
deal
with
that
in
me?
Thinking
through
it
at
the
hackathon
I
thought
that
this
was
an
implementation
issue
and
didn't
need
to
be
serviced
to
the
level
of
the
architecture
document.
A
But
it's
something
an
implementation
would
actually
definitely
have
to
deal
with
because
there
it
could
easily
come
up
I
express
a
dependent
to
TAS.
One
of
them
is
already
being
installed
or
has
already
been
installed
for
my
different
TA
from
where
ta.
What
do
I
do
about
that?
Okay,
so
that's
the
question
and
I'm
interested
in
David,
wheelers
I
guess
opinion
as
to
whether
you
think
it
affects
the
architecture
or
not,
because
right
now,
I,
don't
I,
think
it's
a
protocol,
commentation
issue,
but.
G
So
the
this
is
Dave
wheeler,
so
the
discussion
that
we
had
last
time
and
what
I
was
putting
forward
was
that
this
this
problem
really
is
a
bit
is
yeah.
It's
a
bit
some
it's
a
bit
manufactured
in
in
a
real
ecosystem.
When
a
service
provider
puts
out
an
application
and
they
publish
things
to
a
Tam
they're,
not
going
to
publish
part
of
the
application
to
a
Tam
and
part
of
the
application
to
a
different
town.
G
The
the
whole
application,
including
the
TAS,
is
really
going
to
be
published
to
a
single
Tam
and
they're,
going
to
provide
a
list
of
Tam's
that
they've
published
to,
and
so
the
likelihood
that,
when
you
do
it
install
I've
got
to
go
to
tam
a
to
get
part
of
the
app
and
tam
be
to
get
another
part
of
the
app
is
really
not
likely
to
happen
unless
someone's
really
screwed
up
in
the
way
that
they're
publishing
their
applications.
Now.
G
A
So
yeah,
yes,
I,
agree
with
everything
that
they've
set.
The
the
ecosystem
point
is,
if
you
have
a
particular
TA
that
is
out
there.
That's
like
a
third
party
ta
that
two
different
client
apps
from
different
organizations
want
to
depend
on
now.
Of
course,
in
that
particular
case,
I
agree.
The
way
you
phrased
it,
which
is
the
client
a
vendor,
will
pick
a
particular
TA,
a
particular
Tam
and
that's
where
all
of
its
dependencies
will
be,
and
so
that
just
means
an
ecosystem.
This
is
a
particular
example
or
a
particular
TA
could
be
retrieved.
A
The
exact
same
version
could
be
done
through
either
of
two
towns.
Okay,
and
so
that's,
why
I
think
it's
an
implementation
issue,
because
you
can
just
assume
that
you
only
care
about
the
ones
that
are
missing
if
the
version
number
matches
it
doesn't
matter
which
can
you
got
it
from
okay
and
that's?
Why
I
believe
that
it
does
not
affect
the
architecture
document?
That
is
just
implementation,
because
it's
as
if
you've
got
up
on
the
other
tan,
because
the
hash
will
match
you
agree.
Okay,
so.
G
I
think
one
an
interesting
perspective
of
this
is
how
we
deal
with
open
source
right,
so
open.
Ssl
is
a
perfect
example
right.
We
we,
a
lot
of
applications,
depend
on
open
SSL,
but
most
of
the
time
it's
already
installed
on
on
the
platform,
and
you
just
have
to
make
sure
you've
got
the
right
version
and
suits
gonna
handle
that
for
us,
so
it
in
that
case,
if
I
don't
have
open
SSL
installed,
my
te
version
of
open,
SSL
it'll
get
pulled
down.
F
Annotate
that
in
New
York
picture
is
the
example
for
how
it
may
become
an
implementation
issue.
Not
how
suits
are
gonna
solve
everything.
D
So
when
talk
of
this,
aren't
you
some
point
I,
don't
one
thing
when
I
caveat,
we
talked
about
a
single
time
contacted
by
cheaper
broker,
which
triggered
by
a
tip
agent,
remember
to
talk
earlier
exception.
Is
this
data
tap
when,
when
you
solve
something
data
and
upon
or
separate,
you
will
go
to
two
times,
not
a
one-time
all
right,
so
we'll,
oh
I,
think
we'll
add
some.
This
wording
in
architecture
document
just
separate
this
one.
D
When
you
start
tech
data
time
can
be
different,
which
it
differently,
this
one's
a
much
generically
talked
about
to
say
one
application,
multiple
independent
at
es
right,
different!
Yes,
but
if
you
seemed
here,
I
have
a
secret
data
and
Bonaire
and
will
allow
you
would
have
a
and
how
to
do
that
as
a
not
to
use
ketchup
on
both
the
protocol
in
architecture
we
need
a
let's
try
to.
This
is
a
little
bit
except
Shinto
that,
but
we
got
categorized
differently.
I
got
just
no
to
that
that
interest
in
problem.
D
B
A
D
L
D
D
Wondering
whether
they
meant
dedicate
to
some
more
trustworthy
town
say
I'm
not
do
it
for
the
kid
to
a
your
ham
provider.
I,
really
trust
not
like
a
manufacturing
in
a
different
country.
Something
I
just
talk
a
lot
of
here
right,
but
I
may
have
a
time
with
hooli
hosted
time.
They'd
have
all
the
capability
and
scalability
service
right.
So
you
don't
have
a
who's.
Your
soft
but
he's
choice
at
a
guy
you
dedicated
to
them
yeah.
G
G
Of
do
we,
let's
not
make
the
protocol
overly
complicated
in
order
to
support
going
out
to
multiple
Tam's.
If,
if
that
starts,
to
become
an
issue
with
the
flow
zone,
I
don't
think
it
will
I
think
they
can
be
separate.
But
if
we
start
to
have
issues
with
you
know,
coordinating
different
flows
to
different
teams,
we
may
want
to
rethink
what.
D
We're
doing
because
if
you
do
that
at
is
this
push
it
back
to
either
silver
provider
host
am
host,
am
themself
to
be
that
scalable
right
or
they
will
have
to
find
a
one.
They
can
trust.
So
you
are
me,
ready,
I've,
given
everything
to
you,
so
you
will
Wow
onto
yeah
you
would
you
were
not
disclose
it
yeah.
So,
okay.
A
Now,
what
I'm
hearing
in
this
discussion
I
want
to
confirm
that
our
understandings
right?
What
I'm
hearing
is
that
we
don't
yet
think
it's
required
to
say
that
the
10th
that
the
broker
needs
to
talk
to
you
might
aims
in
any
case
right,
because
we've
talked
about
a
couple
cases
here,
that
I
think
they
was
brought
up
where
you
can
still
do
personalization
data
without
having
that
broker
talk
to
two
towns
right
and
a
couple
of
those
cases
if
I
understand
right
is
where
the
Surfrider
hosts
the
Tam.
A
So
you
don't
have
to
do
that
and
so
you're
only
going
to
the
tamp
at
the
personalization,
a
in
the
first
place,
I
think
in
all
three
ghost
cases
right,
yeah,
there's
only
one
Tam,
with
the
broker
talks
to
you
and
so
I
think
what
we're
hearing
is
that
we're
not
convinced,
there's
any
case
in
practice
that
we
would
actually
need
to
talk
to
to
Tanz.
Is
that
what
you're
saying?
Yes,.
D
Yes,
but
now
come
back
to
this
Oh
Jeffrey
ability
here
is
that
are
the
printed
packer
now
this
on
enemies.
This
solution
is
not
going
to
be
used,
because
this
is
this
and
talk
about,
say
if
you
want
protected
as
a
I
write.
It
is
a
kind
of
example
am
are
wall
that
data
will
be
given
to
Tam.
You
trust
you
don't
have
a
host
you.
Let
me
know
that
attack,
because
you
know
compact
this
song,
because
in
this
case
you
talk
it
to
time
my
data
time
and
find
a
bit
tap.
D
G
And
if
you
go
back
to
the,
if
you
go
back
to
the
previous
slide
from
from
last
time,
where
we,
where
I
talked
about
this,
there's
a
the
fourth
bullet
under
resolution
in
in
the
case
where
a
Tam
doesn't,
you
know,
only
is
doing
the
personalization,
they
can
basically
front
a
second
tan
behind
them
to
pull
the
information
through.
The
only
issue
where
that
wouldn't
work
is
if
that
data
Tam
doesn't
have
the
bandwidth
to
do
that.
Right
and
I.
D
B
D
G
D
F
N
L
This
is
honest:
I
was
wondering
whether
I'm,
so
when
Brendan
presented
the
the
suits
work
and
how
it
applies
to
deep
to
me
that
personalization
data
concept
that
can
be
sort
of,
like
is
part
of
the
suit
mechanism,
looks
like
a
fairly
simple
mechanism,
doesn't
require
the
deployment
of
a
data
time,
because
the
time
when
you
create
that
personalization
data
and
protected
it
that's
not
nothing
specific
to
OT
abhi
itself
and
then,
when
I
hit.
Add
an
terminology.
L
D
A
E
E
Whatever
you
have
to
send
could
be
a
problem,
so
I'm
not
sure
that
it's
not
a
privacy,
it's
more
of
a
reality
of
you
know
scalability,
so
I'm
wondering
what's
happening
in
that
case
when
you
have
the
same
application
but
two
times
to
talk
to
because
of
depending
on
the
region
or
whatever
so
I'm,
not
sure
that
that
case,
the
scale
of
BT
in
that
case
works.
You.
D
Mean
the
question
about
the
times
the
capacity
to
support
magnatum
Isis.
Well,
this
is
assumption
you
know
what
at
Google.
Anyway,
we
have
many
Internet
services.
We
have
surveillance
devices
that
if
you
host
a
time
service,
you
can't
design
to
support
capacity.
That's
a
sumption
here,
time
service.
You
do
that.
So.
G
G
G
D
D
Sauce
anchor,
this
is
a
warm
for
the
also
major
topic
right
as
a
contextual
label.
Right
and
time,
your
trust
anchor.
We
need
to
support
life
cycle
right
away,
ng
annum
or
delete
older
ones
whatever
right,
but
after
all,
what
we
roughly
mention
there
was
that
on
this
to
question,
one
is:
does
it
fit
into
architect?
Document
away
should
be
a
separate
document.
D
I
said
trust
anchor,
what
a
format,
what
format
is
right
of
transacts
off
and
has
update
the
two
issues,
involve
that
issue
city
to
and
51
put
together
right
what
a
format
and
how
do
you
enable
that
update?
At
the
same
time,
we
notice
that
a
suit
is
a
reverse
and
they
may
Soviet
you
have,
but
this
will
need
more
work,
said
away
more
work.
What
a
mangling
here
is
suit
is
more
for
firmware,
update
scheme,
nevermind
standing,
but
trust
and
is
a
key
management
yeah.
It's
true.
D
A
One
of
the
sutures
I
believe
that
this
same
problem
is
shared
by
suit.
Whether
suit
believes
that
it
can
be
solved
with
a
manifest
format.
I
don't
know
yet
I
think
it
might
be.
But
I
don't
know
what
the
working
group
things
or
you
can
look
the
editors
of
the
documents
that
great
now
so
yeah
but
I
agreed
that
the
same
discussion
would
be
in
scope
for
suit.
D
So
what
am
I
mark
our
science
up,
but
it's
a
race,
it's
here,
it's
about
a
dependency.
Well,
all
the
line,
you
said,
but
then
that'll
be
synchronized
that
workgroup
there.
So
we
differ
there.
This
work
well,
if
I
differ,
then
the
architect
on
whether
we
can
close
it
all
will
have
to
wait
there
to
finish
this.
That's
a
yeah
to
a
group.
We
need
to
be
line
for
sure.
It's
just
for
this
on
webcam,
whether
we
can
complete
defer
their
before
they
have
defined
I.
Think.
A
The
possible
overlap
words
can
maybe
in
the
intersection
between
teeth
and
suit,
is,
if
you
consider
the
trust,
anchor
store
to
be
personalization
data
in
the
te
and
the
firmware
part
of
that
that
we
need-
and
it's
squarely
in
the
intersection
between
the
two
groups
right
and
so
both
groups
I
think,
could
discuss
this.
Okay.
D
Okay,
I
need
a
follow
up
as
much
as
it
is
to
issue
still
all
parts,
they're
gonna
major
issues,
others
say
we
talk
about
NFL
I'd
have
felt
it's
a
more
than
less
complex
and
we're
close
we're
close
to
close
those
issues.
We're
talk
about
this
one.
You
start
here
single
pass
early
and
local
T
signing
not
bad
one.
I
would
just
keep
this
allows
the
issue
of
talk
today.
It's
a
we
closely,
something
there
was
a
Anders
who
could
bring
up
a
proposal
so
King
proposal
about
ot
IP
protocol
self
current
protocol.
D
He
proposed
a
way
use
a
session
key
based
one
I'm
sitting
the
base.
One
he's
a
pirate
protocol
is
that
clan
aside,
tip
broker
or
less
conceptually
tip
broke
and
T
page
and
API
protocol
tip
broke
or
translated
a
JSON
message
process.
There
don't
push
it
down
to
the
label
more
important
like
he
said
he
would
like
to
have
a
tea
and
TAM
used.
Even
oh
man.
What
kind
of
key
change
to
negotiation
key
after
that
future
attestations
based
attestation
key
you
can
station
key
our
future
as
they
already
artists.
You
have
proved
our
use.
D
Agitation
proof
so
that
one
there
is
a
proposal
is
a
can.
We
move
that
direction
and
we
added
the
chair
sort
of
commented.
We'll
look
at
this
one.
First
of
all
convey
this
dramatic
change
from
current
JSON,
see
bond
based
protocol
kind
of
a
stateless
move
to
a
pioneer
protocol
and
use
a
session
key
tutor.
Our
remaining
asset
Asia,
like
ITT
nari,
try
to
leverage
rats,
I,
don't
Amaro
Tyler
grass
and
use
a
manufacture
suit
to
data
traumatic.
It's
a
word
different.
That
Concepcion
mala
is
a
dramatic
change.
D
Alright,
second,
one,
the
pirate
probabilities
and
simple
protocol
will
also
fail.
This
is
more
friendly,
right,
friendly
you
to
depart
you
to
read
the
third
ones.
The
patent
that
taken
out
is
a
patent
either
he
would
write
you're
free,
maybe
but
it's
a
repentant
domain.
So
based
on
that
one
fell,
this
all
what
you
know
felt
comfortable,
go
there.
It's
a
lack
of
support,
United
us
and
then
the
filer
just
close
issue
that
I
do
want
to
report
all
the
issues
we
saw,
and
it
gave
me
practice-
would
group
and
yeah.
G
A
The
objections-
let
us
know
because
the
the
fire
seemed
to
close
it
themselves,
saying
this
to
not
be
interested
in
doing
this
session
negotiation,
but
there
really
were
two
different
aspects
of
this
proposal
that
are
somewhat
separable
right.
One
was
the
notion
of
having
sessions
and
I
think
that's
the
one
that
had
the
IP
that
property.
A
A
A
A
The
broker
prat
cracks
out
the
JSON
or
C
for
cracks
out.
The
binary
blob
passes
that
into
te
e
and
that
the
binary
blob
is
what's
passed
between
inside
the
TE
right.
That
was
his
primary
protocol
to
get
that.
Okay
yeah,
so
he
said
oh
well,
I
could
do
this
in
binary,
and
yet
you
still
need
a
parser
for
that.
Yeah.
A
G
There's
this
Dave
wheeler
part
of
that
discussion
that
I
recall
from
from
the
discussion
with
Anders
was
he
didn't
think
that
a
JSON
parser
would
fit
in
many
of
the
small
T
E's
which
may
be
true
and,
and
there
were
security
concerns
around
putting
those
full-fledged
JSON
parsers
inside
the
TE
as
well
and
and
I?
Think
there's
some
there's
some
validity
to
that.
I
think
in
in
many
cases
were
putting
much
more
into
ease
today.
G
Then,
then,
perhaps
even
five
years
ago,
on
the
on
the
session
based
stuff
I
had
some
discussions
around
at
Intel,
we
do
have
different
attestations.
We
call
them
stream
based
access
stations
where
we
negotiate
session
key
and
attach
a
test
stations
to
that
negotiation.
But
that
requires
then
that
the
parties
to
the
protocol
are
two
distinct
points
and-
and
you
can't
flow
attested
data
beyond
that-
endpoint,
because
it's
the
attestation
is
basically
gone.
G
It's
it's
part
of
the
channel,
so
you
really
know
no
better
off
than
maybe
doing
TLS
and
and
carrying
some
attestation
during
the
TLS
session,
and
so
it
makes
it
hard
to
build
an
ecosystem
around
the
Tam.
When
your
data,
once
it
leaves
the
pipe,
is
no
longer
a
tested
and
and
verifiable,
so
that's
the
reason
why,
from
my
position,
we
didn't
want
to
go
with
a
session
based
attestation.
We
wanted
a
token
based,
as
we
talked
about
with
rats
where
the
signature
is
attached
to
the
data.
Your
your
your
passing
back
and
forth.
L
I
think
the
interesting
part
of
the
conversation
was
the
question
about
what
do
you
put
in
the
in
a
normal
world?
What
versus
what
are
you
placing
in
the
secure
world
and
my
I
discussed
this
on
on
the
list
with
understand
and
I,
don't
see
how
you
maintain
the
functionality
and
security
and
then
still
not
put
most
part
of
the
code
into
the
secure
word?
L
But
if
someone
of
you
has
some
ideas
on
how
to
better
make
that
split
and
but
for
you,
according
to
the
trusted
information
base,
of
course,
that
would
be
really
great.
Having
said
that,
the
new
version
and
that
I
put
together
for
presentation
tomorrow,
actually
has
fewer
messages
and
fewer
and
let
much
less
functionality.
So
by
that
it
already
has
this
much
smaller
trusted
information
base
that.
A
The
binary
protocol
versus
Jason
and
see
where
protocol
I
will
argue
that
that
is
not
an
architecture
document
issue.
It's
a
no
tricky
issue
and
tomorrow
and
how
does
this
presentation
tomorrow?
We
will
talk
about
OTR
PE,
where
I
think
thank
you.
David
for
summarizing
others,
as
if
you
would
say
JSON
inside
and
we'll
talk
about
using
see.
Bohr
is
the
current
proposal
to
solve
that
at
the
protocol
levels
and
that
of
the
architecture
level.
L
A
It's
no
we'll
talk
about
tomorrow.
The
OTR
TV
proposal
supports
both
Jason
and
c4,
but
even
before
that
we
have
had
discussions
in
this
working
group.
That
says
we
should
probably
want
to
allow
c4
as
an
option.
That's
come
up
in
a
number
of
different
meetings,
but
that
is
not
something.
That's
an
architecture.
If
you
will
come
back
tomorrow,
so.
D
Out
of
that
time,
this
one
issue-
actually
this
is
proposed-
arrest
us
three
years
ago,
a
long
time
ago
when
we
did
the
OT
IP
in
bikini.
So
what
do
we
look
that
at
right
and
for
look
at
idea?
It's
done
not
a
good
fit.
This
another
reason
is
a
scope
wise.
This
this
session
scheme
was
a
for
security
provision.
D
If
you
look
at
the
protocol
is
called
SKS,
secure,
key
storage
that
what
he
put
in
seeker
element
a
smart
card,
it's
more
address
to
the
security
key
probation,
but
the
OTP
small
tracer
trust
app
management.
It's
an
application
management
not
only
for
the
key
provision.
It's
not
key
management
protocol
that
it
was
a
really
tracer
for
the
key
management
protocol
for
key
storage
e
into
a
CSA
music,
o
elements.
So
on.
So
it's
a
different
flavor
right.
D
It's
a
strongly
realized
that
one
is
that
an
article
back
to
the
other
world
kind
of
have
keep
off
my
hip
on
say:
keep
off
my
key
provision,
workgroup
whirling
IETF.
We
have
yes,
it's
a
three-phase
rights.
We
face
probation
and
key
into
a
device
yeah
that
way,
you
decision
keep
you
to
be
all
trace
the
key
management,
this
one's
a
application
management.
We
don't
want
to
really
focus
that
one
use
that
one
that's
where
the
binary
could
API
call
lower
lower
tier.
He
won't
really
go
to
Silicon
label.
So
it's
a
different.
D
A
A
H
H
H
So
these
are
some
of
the
files
where
to
put
the
keys
and
certificate
and
Cas,
because
this
documentation
for
tea
architecture
draft
is
trying
to
be
made
to
be
generic
as
possible,
not
not
binding
to
any
particular
CPU,
not
particularly
trying
to
bind
the
who
is
the
developer
of
ta
or
who
is
the
developer,
the
service
provider
or
who
is
who
is
developing
at
EE
and
so
ta
could
have
multiple
time
or
to
considering
many
different
kind
of
or
situation.
For
example.
H
Client
could
have
many
TA
or
mini
situation,
so
the
page
goes
to
37
written
as
generic
as
possible
and
then,
when
I
tried
to
think
about
how
to
try,
extend
our
initial
prototype
implementation,
I
got
confused.
First,
ten
pages
of
a
knowledge
is
disappearing
from,
might
not
rain,
so
try
to
enumerate
on
the
slides.
So
we
when,
when
we
enhance
or
initial
prototyping,
we
won't
put
it
in
the
differ
on
location
of
the
keys
in
signature
and
CA
cert.
So.
H
So
in
the
this
first
first,
one
is
in
second
first
diagram
and
second
diagram
is
pretty
much
doing
the
same
whoo,
which
ta
could
be
loaded
in
verified
in
or
on
executed
and
in
the
teeth
architecture.
Documentation
ta
must
be,
must
be
signed
by
service
private
provider
and
need
to
be
verify
from
the
agent
or
or
TRP
agent
so
which
word
it's
going
to
be
used
in
the
documentation
in
the
future.
I'm
not
ready
sure
both.
D
A
H
Thank
you,
and
so
another
motivation
of
making
this
slide
was
writing
the
code
on
te
side,
especially
on
arm.
It's
not
easy
as
easy
to
write
it
code
on
the
re
re
si
most
of
the
not
doesn't
have
much
rich
system
call
or
library,
massive
library.
You
could
easily
use
it
in
t
side.
So
if
I
miss
it
starting
the
implementing
in
something
and
we
re
siding
and
later
I
have
to
move
in
at
ISA,
they
will
be
caused
a
lot
of
headaches
and
pretty
much
the
same.
It's.
How
was
this?
H
A
A
One
with
the
red
guy,
the
one
of
the
green
box
is
about,
what's
allowed
to
be
loaded
right,
and
so
the
spca
sir,
does
whatever
is
in
your
loader,
whether
it's
op
t
or
you
have
launched,
Enclave
or
whatever
on
the
red
slide.
This
is
about
the
keys
that
happen
when
you
are
loaded
that
are
used
for
SF
station
or
evidence
right,
because,
if
it
chains
up
to
a
hardware
root
of
trust,
this
is
the
keys
that
are
used
in
the
dice
chain
which
is
used
for
attestation
right.
A
A
G
A
A
B
A
A
H
D
B
D
A
Know
preparing
slides
with
their
own
purposes.
Ensuring
them
about
to
say
is
this
right.
Is
this
what
the
document
means
he
said
that
looks
interesting.
You
should
present
these
pledge
to
the
working
group
and
if
everybody
agrees,
then
we
at
least
know
that
everybody
is
the
same
understanding
of
the
interpretation
so.
H
D
H
Just
trying
to
clarify
page
19
of
this
ASCII
chart
yes
and
the
the
third
slide
is
most
of
the
authority.
Documentation
talks
about
how
to
pass
the
authority
for
binary
format
between
the
time
and
deep
agent.
So
so,
yes,
in
the
discussion
yesterday
is
pretty
much
was
obvious
that
ten
private
key
and
T's
see
a
cert
is
on
Tam
and
opposite
on
the
T
agent,
and
this
was
it
was
yes,
it
was
pretty
straightforward
and
clear.
H
H
H
I'm
not
particularly
sure
it's
does
it
match
in
the
architectural
documentation
or
whether
it's
going
to
be
really
used,
as
as
it
is
in
the
implementation,
but
my
understanding
was
om
will
have
TFM
pub
pub
and
private
key
pair
and
the
device
will
have
a
private
key
and
then
the
time
or
able
to
verify
the
device
with
it.
I.
D
We
Tom
justify
this
agitation,
the
time
trust
device.
Firstly,
trust
tiki
mighty
certificate
chin
into
a
TC
yeah.
You
have
that
one
in
last
slide.
I
would
have
your
TCA
optionally.
The
Archana
of
the
original
option
I
would
have
said
that
T
we
install
is
from
secure
boot
at
a
firmware
tea
table
case.
The
trusted
firmware
sorry
from
work.
D
He
was
scientist
at
T
loaded
is
from
secure
boot
and
from
Secretary's
home,
where
even
that
can
have
a
certificate
later
can
make
a
decision
say
this
is
device
which
run
T
which
further
secured
by
a
secret
boot.
So
you
have
a
to
trust
level,
trustee
itself,
also
optionally,
demand
or
mandate.
Whether
you
want
to
say
you
must
give
me
a
shuttle
firmware
last
assertion,
but
when
this
protocol
gets
to
the
last
few
sessions
where
ITF,
we
are
retiring,
that
trust
firmware
requirement,
because
some
t
turn
on
habit.
D
I
just
not
also
it's
not
normal,
so
normalized,
so
that
was,
I
think,
we're
good
to
put
out
a
formula
tech
document.
So
we,
if
you
could
wear
less
the
slide,
you
can
see
that
time
always
have
a
TCA
keys
there
right
that
what
a
trusted
right
TCA,
you
trust.
The
last
agitation
based
on
at
the
wise
key
firmware
was
optional
in
our
document,
but
a
new
one.
We
are
making
a
way
out
so
that
will
be
updated.
G
So
let
me
this
is
Dave
wheeler.
Let
me
agree
with
me:
I
think
the
trusted
firmware
is
probably
still
going
to
be
an
example.
So
if
you
go
back
to
your
previous
slide,
this
is
going
to
be
the
trust
relationship.
So
the
TE,
the
te
will
have
a
private
key,
which
the
Tam
will
trust
in
the
implementation.
G
We
will
talk
about
the
the
next
slide,
where
you
have
a
trusted
firmware
and
your
T
private
key
will
will
have
a
a
route
that
goes
back
to
a
trusted
firmware
key
or
something
so
so
your
the
key
for
the
TE,
maybe
its
itself,
just
a
single
key
or
it
may
be
part
of
a
trust
chain
and
the
trust
chain
is
just
an
implementation
option.
A
trust.
G
In
some
of
the
hardware
based
T's,
it
may
appear
as
though
it's
a
single
key
in
Te,
but
it
may
actually
be
derived
from
other
Hardware
keys
through
through
different
processes
as
well.
So
it
may
not
actually
expose
itself
as
a
certificate
chain,
although
it
may
be
some
sort
of
Hardware,
chained
P
so
and
we'll
try
to
explain
that
better
in
the
in
the
architecture
document
we
haven't
gotten
to
to
that
stage
yet
and
that
that's
probably
where
a
lot
of
the
confusion
lies
well.