►
From YouTube: IETF111-RATS-20210726-2130
Description
RATS meeting session at IETF111
2021/07/26 2130
https://datatracker.ietf.org/meeting/111/proceedings/
B
A
Yeah
so
before
so,
I
think
first
off
is
welcome
everyone
to
the
wrap
session
and
we
have
some
item
in
business
immediately
here
to
get
volunteers,
so
I'm
kind
of
flipped
through
kind
of
the
boilerplate
stuff
here,
but
just
so
everyone.
Everyone
is
aware
what
the
what
the
you
know,
contribution
and
participation
requirements
are.
A
That's
been
outlined
here
on
this
slide
in
in
these
in
the
chair,
slides
this
session
is
being
recorded,
so
just
be
aware
of
that
and
let's
be
polite
and
and
to
each
other
and
so
forth.
A
So
first
up
is:
we
need
volunteers,
we
need
the
jab
prescribe
and
we
also
need
two
minutes
takers.
A
C
D
C
Volunteered
yep,
we
could
use
an
a
second
one
as
well.
A
Okay,
all
right,
so
I
assume
everybody
is-
is
virtual,
so
yeah
yeah.
If
for
some
reason
you
can't
adjoin
with
meat
echo,
then
you
know
chat
with
someone
who's.
Who
can
who
can
forward
your
comments
if
you
have
them
so
with
that,
let's
move
on
so
here
here's
the
rundown
of
our
agenda.
A
We
have
pretty
full
and
a
pretty
full
engender,
so
we're
gonna
start
off
with
the
rats
architecture
followed
by
eat,
followed
by
chara
and
riv.
After
that
we
have
reference
interaction
models
and
daa.
A
Then
we
have
concise
reference
integrity
manifest
and
that's
followed
up
with
attestation
sets,
and
these
are
all
sort
of
quick
topics.
So,
let's,
let's
we'll
have
to
pay
attention
to
the
clock,
make
sure
we
don't
get
behind.
So
with
that,
let's
jump
into
out
of
out-of-state
rats
architecture.
I
thought
I
saw
mcr
on
the
list.
So
that's
your
topic.
If
you
can
jump
in
and
and
drive
that
for
us,
that
would
be
great.
E
So
the
short
of
it
is
that
we
haven't
made
any
significant
changes
almost
with
the
last
ietf
we're
waiting
for
the
shepherd.
E
A
So
there
was
some
activity
on
the
on
the
list
having
to
do
with
so
you
know
it
might
be
considered
some
minor
points.
Has
the
team
reviewed
those
and
do
they
have
opinions
on.
A
E
We
expect
to
get
an
80
review
and
then
iesg
reviews
and
the
the
requests
are
to
change
a
diagram,
and
we
have
not
gotten
together
to
discuss
that
as
a
group
so
at
I
think
that
we
can
substitute
the
diagram
at
some
point
there
when
we
reconvene,
but
I
don't
think
it
needs
it.
I
I
I
personally
don't
don't
wish
to
change
the
diagram
and
we
have
not,
as
a
group,
come
to
any
consensus
at
this
point
about
that
diagram
change.
E
I
think
that
we
will
get
comments
from
our
ad
and
iesg
and
we
will
have
to
restart
our
weekly
design
team
meeting
to
deal
with
those
issues.
So
the
sooner
we
get
those
reviews,
the
sooner
we'll
deal
with
what
other.
What
other
issues
there
are.
F
I
had
some
comments
on
layered
attestation
and
that
it
could
be
clarified
and
maybe
different,
and
there
was
some
at
least
one
other
person
on
that.
I
it's
not
a
critical
issue
for
me,
but
I
just
maybe
you
could
comment
on
how
you
see
that
fitting
into
work.
E
I
feel,
like
we've
changed
the
document
12
times
in
that
area,
and
I
think
that
the
the
place
where
we
are
at
is
a
compromise
between
different
interests
on
how
to
clarify
this.
So
I'm
not
enthusiastic
about
any
further
changes
and
I
didn't
see
any
suggested
text
there.
So
I'd
be
happy
to
engage
with
that
the
time,
but
at
this
point
I'd
just
like
the
document
to
get
to
the
next
step
of
review
and
I'm
not
sure
that
I'm
not
sure
that
these
changes
are
are
critical.
E
I
I
think
that
at
this
point
it's
an
architecture,
it's
not
a
design
specification,
and
so
we
don't
have
to
cover
every
single
possibility,
but
rather
we
have
to
make
sure
that
everything
is
clearly
fits
in
there.
In
other
words,
it's
we're
allowed
to
be
a
little
bit
wrong
about
some
minor
bits.
As
long
as
we're
not
wrong
about
major
bits,
we
don't
forbid
people
from
doing
something,
but
we
don't
have
to
necessarily
include
every
option
that
people
can.
Think
of
so
that's
my
take
on
it
anyway.
H
F
Yeah
this
is
lawrence
dunblade.
My
my
main
comment
is
it's
really
hard
to
understand
from
the
brevity
of
the
text?
What
layered
attestation
is
what
the
core
concept
is,
and
so
it's
not
it's
just
really
hard
to
understand
it.
It's
not
a
matter
of
like
detail.
It's
just
that
that,
without
a
lot
of
tcg
background,
which
some
people
don't
have
that's
at
least
that's
what
it
seems
to
me
that
it's
really
hard
to
understand.
E
Sorry,
I
would
be
interested
in
additional
text,
but
what
I'm
trying
to
say
is
that
I'm
I
I
don't.
This
is
not
intended
to
be
a
tutorial
on
it.
I
think
it's
reasonable
to
say
to
people
if
you
really
really
need
to
know
more
about
this
part,
then
go
go
read
this
part,
but
we're
trying
to
get
the
overall
architecture
here,
not
a
design
spec,
and
that's
where
the
problem
I'm
having
is
that
people
are
saying.
Well
what
about
this?
What
about
this
I
said.
Well,
that
sounds
great.
H
Sorry,
I
wasn't
interrupted.
Oh
can
I
just
offer
this
quickly.
H
I
will
pay
close
attention
to
this
on
the
list
and
I
would
like
to
see
a
suggestion
of
text
and
an
area
where
this
is
addressing,
and
I
would
like
to
figure
out
if
we
can
come
to
this
quickly,
so
I
will
help
with
that
process
as
much
as
possible.
Go
ahead.
F
Yeah,
so
I
I'm
not
asking
for
a
detailed
design,
I'm
not
asking
for
specifics
here
or
of
like.
I
don't
think
what
I'm
asking
for
is
a
tutorial.
I'm
just
saying
for
me:
it
took
me
weeks
and
a
lot
of
writing
and
a
lot
of
reading
to
understand
what
was
there
in
layer
data
station
and
have
my
understanding
confirmed.
So
I
think
there's
a
pretty
big
gap
between
michael
what
you're
saying
you're
saying
like
what
the
text
is.
F
H
I
heard
you
and
I
will
work
with
all
of
you.
G
Yeah
so
hi,
this
is
saying
so
if
we
are
addressing
this
via
proposals,
I
think
it's
very
important
to
have
a
targeted
edition
that
might
have
some
overlap
with
additional
text
where
it's
it's,
it's
molding
into
the
interfaces
of
existing
text,
but
we
can't
substitute
carefully
consensus-based
text
or
section-wise
that
that
that
we
can't
create
consensus
about.
That
was
the
reason
why
the
last
effort
stalled
to
to
improve
this.
So
if
we
are
going
with
a
proposal
based
approach
here,
it
has
to
be
targeted
additional
text.
G
I
think
that
interfaces
into
the
existing
one.
C
C
I
think
we
should
just
let
it
continue
and
go
to
ad
review.
Okay.
A
All
right
so
next
topic.
F
Hello
next
slide,
so
I'm
going
to
do
for
this
this
few
minutes,
I'm
just
going
to
do
the
graph
status
update.
We
have
a
longer
discussions
on
thursday
for
the
others,
so
here's
my
kind
of
overview
of
the
planned
contents
of
and
eat
the
claims.
F
This
is
adjusted
from
last
ietf
and
that
I
added
the
bottom
right
corner,
which
is
a
some
claims
about
certifications,
like
common
criteria,
certifications
achieved
by
the
attestation
targets
and
some
claims
that
describe
the
results
of
a
software
measurement
like
did
the
reference
values
actually
come
complete,
so
those
are
particularly
attestation
results.
Oriented
claims
claims
that
go
to
the
relying
party
that
I
I've
added.
That's
the
main
difference
from
this
because
I
think
that's
an
important
thing
and
I'll
have
more
discussion
on
on
thursday
next
slide.
F
So
a
fair
bit
of
progress
since
last,
since
110
you
can
see
the
blue
arrows
are
where
things
are
progressed.
I
you
know
won't
go
into
too
much
detail
on
that.
Just
to
note
that
there's
definitely
been
some
stuff
progressed.
F
That's
just
been
one
draft
since
ietf110,
and
most
of
those
changes
are
in
that,
although
the
the
lighter
blue
ones
are
still
in
github,
not
actually
in
a
published
draft
yet
and
as
you
can
see
by
the
green
bars
a
lot
of
them,
I
think,
are
close
to
ready
for
last
call
or
are
some
are
ready
for
last
call
and
some
are
definitely
closer.
F
Yeah,
the
the
little
the
key
is
up
in
the
upper
right
there,
so
four
bars
is
ready
for
last
call
no
open
issues
as
far
as
I
know,
nothing
in
github
and
so
next
slide.
F
So,
in
addition
to
just
working
on
specific
claims,
there's
some
other
work
that
you
know
document
structure,
work
that
needs
to
be
dealt
with,
particularly
it
has
to
adapt
to
the
rat's
architecture
using
the
terms
of
tester,
verifier
and
stuff,
like
that
and
some
there's
some
text
that
needs
to
be
removed.
That
was
the
same
as
last
presentation,
but
so
there's
been
no
progress
on
that,
but
it's
getting
close
to
the
top
of
the
list.
F
Here's
the
list
of
changes
that
since
ietf110,
so
the
semi-permanent
uuid
ueid,
was
added
and
more
discussion
on
thursday,
an
appendix
comparing
eat
and
idev
id
was
added
a
discussion
on
that.
On
thursday.
F
Those
were
discussed
in
at
110.
they're,
pretty
straightforward
ways
to
include
coast,
wood
and
suit,
manifests
and
comed,
and
any
other
kind
of
manifests
or
measurement
reporting
mechanisms,
and
then
just
some
basic
mechanical
stuff
was
missing.
String
labels
for
jason
for
the
enumerated
types.
I
I
made
the
ea
on
13
hardware
versions,
folded
them
into
the
coast
with
version
scheme
and
now
the
whole.
It
just
runs
on
the
coast
with
version
scheme,
and
there
was
a
lot
of
github
issues
that
were
closed.
F
I
believe
that's
it,
although
I
think
geary,
you
know
we
were
trying
to
gary
made
some
comments
offline
here
and
we're
trying
to
get
towards
last
call
so
I'll.
Let
gary
do
you
if
you
want
to
talk
gary,
you
can
talk
about
that.
I
Yes,
so
I've.
Thank
you.
Lawrence.
I've
submitted
a
deck.
I
don't
think
it's
really
fair
for
me
to
try
to
shoehorn
time
into
this
meeting,
so
I'm
just
hoping
the
chairs
are
just
included
in
the
record
and
it
actually.
I
It
goes
through
on
the
list
of
open
issues
currently
in
the
github
repo,
and
it's
it's
my
view
on
what
is
essentially
last
call
blocking,
and
there
are,
there
are
several
issues
remaining
that
I
do
believe
were
last
call
blocking
my
request
to
the
chairs
and
to
the
working
group
is
to
set
a
deadline.
I
think
privately
have
communicated
the
chairs.
That
august
15
seems
to
be
reasonable
for
opening
new
issues
with
respect
to
the
spec.
I
That
group
members
think
would
be
required
before
that
that
could
be
received
to
proceed.
To
last
call,
I
would
the
strong.
I
would
request
that
if
new
issues
are
going
to
be
open,
that
they'd
be
focused
primarily
on
what
I
call
spec
fixes,
rather
than
enhancements,
because
we
should
note
that
eat
has
a
ability
to
define,
has
defined
the
capability
for
profiles
for
defining
profiles
and
designating
profiles
with
a
perfect
purpose-specific
claim.
I
So
you
know,
I
know
a
lot
of
people
have
different
views
on
how
we
can
be
extended
in
different
areas
as
far
as
attestation
is
concerned,
but
I
think
that
was,
it
was
not
meant
for
e
to
cover
every
special
use
case.
I'd
also
mention
that
you
know
several
standards.
Bodies
of
now
now
have
essentially
normative
references
to
eat
and
therefore
it.
I
Is
in
it
is
in
the
interest,
for,
I
think,
all
all
involved
to
ensure
that
the
spec
is
stable,
but
I
don't
think,
but
it's
going
to
be
very
difficult
to
set
up
to
set
up
some
of
the
things
that
are
ongoing
within
other
standards
organizations
if,
if
the
spec
is
continually
evolving
so
I'll,
give
an
example
of
the
co-chair
of
the
fido
alliance,
fast
identity,
online
alliance,
iot
working
group,
our
propose
we've
recently
defined
a
secure,
onboarding,
spec
fido
device
onboard
it's
actually
available
on
the
alliance's
website.
I
I've
introduced
it
in
this
in
this
form
before
and
we
would
like
to
set
up
a
certification
program
based
on
a
stability
spec,
and
I
believe
global
platform
has
actually
addressed
this.
In
fact,
even
if
you
look
at
some
certification
programs
like
armed
psa,
certified
they're,
there
are
references
to
the
eat,
eat
compliance.
There
is
a
valid
attestation
form,
so
I
think
that
you're
seeing
a
lot
of
you're
seeing
a
lot
of
industry
interest,
but
at
the
same
time
it's
basically
not
you
know
we
don't.
I
J
Question
is,
and
it's
okay,
if
we
need
to
defer
the
question
until
thursday,
but
I'll
ask
the
question
now,
because
it
relates
to
the
slide
that
lawrence
had
up
that
had
the
different
green
bars
and
was
it.
You
know
two
bars
or
three
bars
or
four
bars
or
whatever
and
the
question
is
you
mentioned
that
you
know
you
can
have
different
documents
that
have
different
things
and
extensions
the
future?
J
I
I
think
so
I
think
we
would
like
to
see
the
last
of
those
bars
make
it,
but
I
think,
if
yeah,
but
I
think
that
also
I'd
be
interested
to
hear
what
we
think
would
actually
be
better
split
off
as
a
profile.
That's
building.
On
top
of
the
neat
spec
yeah,
like
I
said
I've,
I've
classified
all
I
can
go
with
by
is
the
open
issues,
so
I
mean
yeah.
I
F
Okay,
well,
I
have
one
one
more
comment:
it
was
that
that
you
know
my
hope,
for
the
set
of
claims
would
be.
You
know
a
really
solid
core
set
of
useful
claims
that
you
could
build
some
basic
attestations
on
and
that
they
were
really
clear
and
valuable.
As
you
know,
across
the
broads
of
use
cases,
that's
what
I've
been
aiming
for,
and
you
know
in
my
kind
of
list
of
claims,
I'm
targeting
that
that
was
the
that's
the
objective
there.
A
So
is:
is
it
the
case
that
people
are
not
providing
feedback
or
comments
or
participating
on
the
on
the
github,
because
they're
happy
with
everything
that's
there
and
they
want
it
to
move
forward
or
are?
Are
there
people
out
there
that
that
are
thinking
hey?
I
need
to
read
this
again
and
comment
on
it.
J
I
guess
dave,
since
there
was
two
of
us
that
were
asking
what
the
github
link
is.
I
would
take
it
as
people
have
been
following
the
list
and
didn't
know
what
the
github
link
was
and
necessarily
okay.
F
Okay,
very
very
little
activity
on
github.
Besides
what
I'm
doing,
I'm
I'm
just
chunking
it
away
at
it
myself.
Here
I
mean
I'm
doing
most
of
the
writing
and
most
of
the
issue
management
and
most.
A
F
A
All
right,
so,
let's
take
the
suggestion.
We
have
some
open
mic
time.
Actually
you
know
today
and
thursday,
so
we
can
if
people
want
to
go,
go
revisit
the
github
sort
of
during
the
during
the
week
and
come
back
thursday.
That
would
be
great
to
bring
this
topic
up
again.
A
Okay,
so
with
that
we'll
move
on
to
the
next
topic,
which
is
chara
and
riv,
this
is
hank
burkholtz
and
guyford.
Erco.
G
Yeah,
I
think
so
it
could
have
been
the
other
way
around,
but
we
can
do
it
this
way
yeah.
This
is
about
shower.
This
is
a
short
recap.
Network
devices
were
the
starting
base
for
this.
This
is
a
yang
module
for
challenge
response
based
evidence
exchange
using
tpms
next
slide.
Please
there's
only
one
slide.
It's
the
document
status.
This
will
happen
again,
so
this
id
is
bundled
a
little
bit
with
the
architecture
and
the
rift
due
to
a
normative
references
to
both
documents,
expecting
them
to
clear.
G
We
remove
that
dependency
with
the
interaction
models
id
by
downgraffing
into
informative
at
the
moment,
so
that
that
doesn't
become
a
blocker
that
doesn't
remain
a
blocker.
Actually
that
was
suggested
by
the
chairs,
and
I
am
absolutely
fine
with
this.
The
authors
and
sorry
the
editors
agree,
and
I
think
there
was
no
opposition.
G
We
have
a
lot
of
outdented
art,
ascii
artinora
id.
That's
that's
a
weird
xml
to
rfc
issue
from
the
xml
carson.
I
don't
know
how
he
did.
It
found
some
free
cycles
to
build
some
hot
fixing
into
a
cram
down
rfc
here
mixed
successes.
Some
tree
diagrams
are
now
looking
better
some
diagrams,
don't
that's
about
not
a
blocker.
I
think,
because
it
is
an
tool
problem
at
the
moment
at
the
very
verse,
it's
an
rfc
ad
problem.
So
so
that's
fine
from
the
editor's
point
of
view.
G
Yang
doctor's
comments
also
seem
to
be
all
addressed.
I
think
what
you're
waiting
for
is
the
final.
Yes,
this
is
it
the
the
young
doctor
review,
I
think,
still
without
conclusion,
so
waiting
for
that
or
maybe
having
missed
that
and
waiting
in
vain.
The
next
step
could
be
after
write
up
the
ad
review
on
isg,
but
that's
well
my
question
here.
At
the
end
next
steps,
I
think
we
addressed
everything
we
can
do.
A
So
if
it's,
you
know
waiting
for
somebody
to
do
something
you
know,
is
it
appropriate
to
to
go
talk
to
the
yang
doctors
and
ask
them
what's
holding
it
up.
G
Yeah,
so
a
tiny
ping
would
be
in
order.
I
think
eric
typically
does
that
occasionally,
but
I
think
we
sent
everything
out
and
now
we
are
basically
waiting
for
response.
A
In
in
previous
meetings,
we.
G
C
So
that's
so
good
and
then
ned.
Let
me
speak
to
this
because
I
I
am
close
to
the
shepherd.
I
mean
I'm
almost
done
with
the
shepherd
write-up,
so
I've
been
conversing
with
the
author,
so
the
rib
is
ready
to
go.
I'm
just
waiting
on
the
chara.
There
were
a
couple
of
things
that
I
had
asked
the
authors
to
do
to
address
vis-a-vis
the
id
nets
with
respect
to
the
yang
doctors.
C
I
need
help
with
the
tooling,
because
I
need
to
to
verify
at
least
the
lint
passes
and
I
can
reach
out
because
I,
as
far
as
I
could
see,
the
authors
did
address
mahesh's
comments
but
you're
right
hank.
I
should
reach
out
and
make
sure
he
he
gives
us
the
thumbs
up,
because.
G
C
Showing
up,
if
you
look
at
the
document
tracker,
the
yang
comments
still
are
showing
the
errors
that
I
need
to
verify.
Finally,.
G
Maybe
that
that's
actually
an
rfc
at
issue
in
the
end,
but
but
I
think
the
really
important
thing
is
the
thumbs
up
from
from
young
doctors
to
to
move
along.
I
think
that
that's
the
actual
thing
we
should
look
out
for
the
other
items.
Yeah
again,
I
can't
reproduce
them.
My
yangland
has
no
problems
with
it,
but
it's
it's
actually
younger.
C
Okay,
but
in
either
case
I
need
to
verify
with
mahesh
the
the
young
doctor,
who
did
the
review
to
make
sure
he's
satisfied.
I
think
that's
the
last
thing
and
then
we'll
be
ready
to
to
push
the
two
drafts
forward
together.
Thanks.
A
Okay,
so
with
that
sounds
like
a
good
segue
to
the
next
topic,
which.
C
C
E
I'm
there
I
am
sorry,
I
was
distracted
and
I
think
I
closed
the
wrong
window.
Tab!
Oh
no!
Maybe
that's
it
nope!
That's
not
it!
Oh,
my
god.
Okay.
C
C
That
that
we
have
the
two
people
taking
notes,
so
thanks
sorry
for
the
disruption.
K
Hi
nancy,
it's
guy,
hi
guy,
go
ahead
so
yeah,
so
I
I
will
just
very
quickly
go
through
this
material,
just
as
a
refresher
for
where
we're
at,
and
I
think,
there's
only
one
action
at
the
end,
which
is
to
forward
it.
So
next,
please.
K
K
This
was
the
back
and
forth
diagram
for
how
the
attestation
works.
In
this
case,
a
lot
of
this
is
defined
by
both
architecture
and
also
by
the
way
tc
tpms
are,
are
designed
and
and
and
have
to
be
used.
Next,
please.
K
When
we
say
attestation
in
this
context,
we're
looking
to
validate
the
code
credentials
and
configuration
on
the
device,
that
is
any
security,
sensitive
files
plus
the
credentials
used
for
the
operation
of
the
device
and,
of
course
the
point
of
this
is
to
ensure
the
infrastructure
is
secure,
so
that
the
higher
level
higher
level
security
mechanisms
can
be
can
be
trusted.
K
K
K
K
So
I
think
the
next
step,
as
far
as
I
know,
is
simply
to
forward
the
thing
to
the
next
stage
of
review.
Nancy
ran
the
net
checker
on
it
and
found
a
couple
of
a
couple
more
nits
that
I'd
missed
in
the
interim.
Of
course,
some
of
the
references
are
out
of
date
by
a
version
which
I've
corrected,
and
one
of
the
one
of
the
drafts
has
changed
name.
K
So
I
will
correct
that
I,
and
with
that
I
think,
that's
all
we
know
about
oh
and
the
knit
checker
is
complaining
about
one
line
which
has
an
ascii
character,
a
non-ascii
character
that
I
can't
find,
but
keep
looking
at
that
the
version
there's
a
version
which
I
can
check
in
under
number,
eight,
more
or
less
immediately.
K
I
might
spend
a
few
more
minutes
trying
to
find
the
the
non-ski
character,
but
other
than
that
I
think
we're
set,
and
with
that
I
can
ask
if
any
of
the
chairs
know
of
anything
else
that
we're
missing
before
we
go.
C
Yeah,
I'm
just
waiting
for
you
to
do
for
the
riff.
It's
just
getting
rid
of
the
errors
on
the
id
net
errors
yeah
and
same
for
tara,
but
chara
has
the
additional
confirmation
from
mahesh
so,
but
I
think
we'll
we'll
be
ready.
A
C
So
let
me
know
when
well
I'll
see
it
when
you
post
yeah.
K
K
Sorry,
I
missed
the
check
in
the
check-in
window
by
by
a
day,
and
it
looks
like
it's
open
again
now.
So,
while
yeah
finish,
I'm.
G
G
We
had
one
actual
issue
left
that
was
addressed
recently.
This
was
an
oversight
on
my
part
and
I'm
sorry,
so
I
just
addressed
that
today,
a.
G
Quantity
relationship
was
was
the
wrong
way
around,
so
in
the
definition
of
authentication
secret,
it
was
basically
broken.
I
phrased
it
basically
in
the
inverse,
and
now
it's
correct.
I
think
that
issue
I
think
it
was
called
by
way
is
now
addressed.
There
was
a
additional
pr
issued
by
one
of
my
colleagues.
G
They
brought
a
lot
of
new
topics
into
the
game
and,
after
some
wetting,
the
editors
agreed
that
basically,
this
is
out
of
scope
for
now
and
not
for
now
for
this
document
actually,
because
it
would
alter
or
extend
not
even
profile
but
extend
the
architecture
roles
and
some
of
the
semantics
and
and
also
conflicted
with
some
of
the
terminology,
so
that
pr
we
abandoned
it.
G
It
is
not
go
into
further
consideration
for
this
document
here,
which
leaves
this
document
issue
free
at
the
moment,
and
the
pr
is
not
closed,
so
everybody
can
have
a
look
at
it,
but
it's
it's.
It's
basically
abandoned.
So
the
proposal
here
is
that
we
can
now
go
to
for
thorough
wedding
of
the
content
and
find
out
if
this
is
ready
for
a
working
group
last
call
or
find
that
or
due
to
via
a
working
group.
Last
call,
and
that
would
be
the
editor's
proposal.
A
So
do
we
want
to
do
a
last
call
on
this
one
right
now.
G
C
G
C
You're
only
talking
about
the
reference,
okay,
never
mind,
yeah
yeah,
so
ned.
We
need
to
ask
how
many
people
have
read
this
current
version
reviewed
it,
because
we
need
to
make
sure
that
enough
participants
have
read
it.
A
A
A
A
J
Unlike
the
poll
freezing,
your
verbal
question
was
the
current
version,
which
is
different
from
how
the
poll
question
is
listed.
A
A
G
So
the
the
only
question
is,
what
is
an
early
review
here
and
do
we
want
to
maybe
ping
some
directorates
explicitly.
G
C
Ned
yeah,
why
don't
you
start
a
new
poll
and
just
raise
the
question?
Raise
your
hand
if
you
believe
the
interaction
models
draft
is
ready
for
working
group.
Last.
A
A
C
L
I
am
so
I
just
wanted
to
comment.
We
can
certainly
proceed
with
exactly
what
you
just
said:
kind
of
nancy.
Let's
just
make
sure
that
we
get
positive
feedback,
even
if
there
is
no
feedback
with
numbers
a
little
higher
than
this.
So
if
folks
can
just
say
I
read
it,
I
have
no
comments.
I
endorse
it.
Proceeding
that
would
be
a
big
help
to
everyone.
C
J
Yeah,
I
got
in
to
explain
why
I
think
the
numbers
do
do
make
sense
just
to
respond
to
hanus,
and
I
put
this
in
the
chat,
but
I
just
wanted
another
lock
here
that,
in
my
opinion,
if
the
chairs
and
the
authors
do
not
know
of
any
open
issues,
then
I
don't
have
any
reason
for
anything
that
shouldn't
go
to
working
group
last
call
whether
I've
read
it
or
not.
J
Now,
in
this
case,
I
have
read
a
much
earlier
version
right,
there's
nothing
to
say
that
you
can't
do
multiple
working
groups
last
calls,
I
think,
that's
completely
up
in
the
chairs.
If
the
chairs
want
to
delay
it,
you
can,
if
you
want
to
start
a
working
group,
last
call
the
first
day
of
your
reviews.
J
You
can,
and
so
I
raised
my
hand
as
a
no
for
the
first
one,
because
it's
been
a
year
since
I
read
it,
and
I
did
my
raise
my
hand
for
this
one,
because
if
you
don't
know
of
any
open
issues,
I
read
one
a
year
ago
and
if
you
don't
know
of
any
open
issues,
that's
a
good
reason
to
do.
A
working
group
class
call.
A
All
right,
so
we
want
to
do
a
working
group
last
call,
then
I
I
think
what
they
dave.
A
Yeah,
okay,
all
right,
so
we
will
take
a
note.
This
will
move
the
reference
interaction
models
to
working
group
last
call.
A
G
G
This
is
not
adopted,
it's
it's
a
related
id,
so
now
we're
going
into
the
related
id
section
of
the
session
and
there
was
a
tremendous
amount
for
four
zero
zero.
I
think
and
pre-adoption-wise
a
lot
of
good
feedback.
So
there's
a
tribute
some
thanks
here.
G
Thanks
a
lot,
the
people
from
the
surrey
university
are
not
here
right
now
because
they
were
like
okay
and
we
are
not
joining
midnight
for
20
minutes.
So
that's
it's
understandable,
so
so
the
the
offers
so
to
speak
generate
a
funnel
through
me
here
right
now,
latest
revision
introduced
a
content
for
the
privacy
and
security
consideration.
Section
s
has
been
rightly
so
pointed
out
in
the
reviews
for
for
pre-adoption,
and
there
was
no
real
push
back.
G
There
was
just
a
lot
of
yeah,
well
good
feedback,
and-
and
so
so
that's
very
at
at
the
moment-
also,
I
hope
dave
that
was
okay
to
put
on
the
slide
dave
agreed
if
you're
not
methodically
dissecting.
Every
sentence,
like
with
the
architecture
document,
to
join
the
author's
team,
which
is
very
welcome.
I
think
we
are
really
happy
to
have
a
a
real
world,
itf
la
here,
so
to
speak,
and
that
helps
us
accomplishing
our
goals,
and
that
would
be
the
next
goal
here.
G
That's
near
target
is
the
request
for
an
adoption.
To
be
honest,
some
of
it
was
adopted
already
so
by
ripping
it
out,
it
became
unadopted,
and
then
we
introduced
the
diagrams
we
enriched
it.
So
so
a
a
new
adoption
call
is,
of
course,
an
order,
and,
as
I
can
see
it,
there
might
be
interest
in
this.
So
I'm
relatively
cautiously
optimistic
that
a
working
group
adoption
call
would
be
in
order
also.
C
G
Okay,
so
I
I
got
comments
about
the
content,
maybe
that
I've
used
for
the
call
from
I
am
relatively
honest
and
thomas
they
weighed
in
so
again
the
people
here
so,
but
that
might
happen
before
the
adoption
poll
I
don't
know.
Maybe
I
missed
the
call
to
be
honest.
C
Okay,
well,
the
the
call
for
adoption
was
done
in
late
may,
first
week
of
july
and
in
in
full
disclosure,
thomas
fasati
did
give
you
some
feedback
as
well
as
guy.
C
So
so
this
is.
C
Where
I
would
ask
the
question
whether
people
have
read
it,
because
you
you,
I
would
say
80
to
90
of
the
the
content
was
from
the
content
that
was
in
the
information
interaction
model.
Sorry,
some
of
it
was
new.
But
again,
this
is
to
say,
we
need
to
find
out
how
many
people
have
read
it
before
we
get
asked
a
question.
C
A
That's
the
question
to
raise
hands
if
you've
read
the
da
draft.
C
Yeah
ned,
if
you
can
do
the
ham
thing
again,.
G
A
C
C
C
I
I'm
I'm
just
tempted
to
just
put
it
in
the
interest
of
time.
How
are
we
doing
on
time.
C
Yeah,
okay,
so
ned,
let's
just
take
it
to
the
mail,
since
we've
got
six
people
that
reviewed
it
and
I
can
put
out
the
adoption
call
for
adoption
for
this.
Okay.
A
All
right,
so,
let's
keep
moving.
So
next
topic
is
concise
reference
integrity
manifest.
This
is
hank.
G
Yeah
so
yeah
this
is
hank.
I
drew
the
short
straw
here.
This
is
difficult
to
present
in
a
short
time,
so
yeah,
please
next
slide
to
the
title.
This
is
the
presentation
of
a
zero
zero
related
related
id
about
rims.
You
might
have
heard
the
term
rims
before
reference
integrity
manifest
also
might
sound
familiar.
We
have
reference
values
in
the
architecture.
That's
closely
related
that
you
can
see
the
authors
listed
here
next
slide,
please!
G
So
a
quick
recap:
that's
the
architecture,
diagram
a
little
bit
rearranged
and
you
can
see
the
verifier
is
kind
of
hub-ish
in
the
middle
of
all
of
this
next
slide,
please,
in
order
to
function
that
verifier
needs
a
description
of
the
a
tester
that
is
supplied
to
the
verifier
in
order
to
appraise
evidence
from
that
a
tester
and
to
assess
with
its
own
policies.
Of
course,
if
that
verifier
really
functions,
so
one
of
the
things
that
I've
been
already
mentioning
is
reference
values,
but,
more
importantly,
this
this
requires
information
model.
G
Such
data
model
here,
without
that
the
tooling
around
verifiers,
is
basically
arbitrary
and
so
yeah.
That's
that's
our
focus
for
standardization
here
in
support
of
the
supply
chain
actors.
Next
slide,
please
I'm
running
a
little
bit
through
the
slides,
because
we
don't
have
so
much
time
so
yeah
measurements,
so
the
reference
values.
Of
course,
if
you
have
something
in
evidence
that
can
compare
to
that
also
endorsements,
there
are
two
two
primary
things
you
could
think
about
either.
G
It's
evidence
that
the
tester
and
neither
a
target
environment
nor
in
the
testing
environment
can
create
ever
a
a
very
arbitrary
example
is
the
color
of
the
device.
It
doesn't
know
that
how
the
user
painted
it
so
it
has
to
be
endorsed
from
the
outside.
That's
an
endorsed
value,
that's
not
very
critical!
G
Sometimes
you
have
this
testing
environment
in
there.
These
also
cannot
produce
evidence
or
car
do
not
produce
evidence
about
themselves.
It's
against
the
principle,
and
so
this
also
these
these
testing
environments,
at
least
the
very
initial
ones,
have
to
be
endorsed
from
the
outside
coram
addresses
both
of
these
domains.
G
So
there
is
a
simple
layouts
where
you
have
one
testing
environment
for
a
target
environment
and
that's
your
device,
but
then
you
can
have
relatively
complex
devices
with
multiple
testing
environments
and
multiple
targeted
layer
attestation,
as
norad's
already
pointed
out,
that
it's
not
always
easy
to
understand
could
be,
for
example,
express
the
sub
modules
from
eat
and
there
needs
to
be
a
a
well
the
the
pattern
the
intended
state
to
compare
with,
and
that's
that's
what
this
reference
integrity
manifest
is
about,
and
the
co
probably
is
already
spoiling.
G
The
surprise
is
for
concise
yeah
and
that
that
means
it's
all
phrased
in
sibo
next
slide.
Please.
G
So
yeah,
that's
basically
a
summary
of
what
just
said
and
also
and
reference
provider
conceptual
messages
in
one
yeah.
G
Thank
you
just
go
to
the
next
slide,
that's
fine,
and
so,
when
the
high
level
design,
we
actually
realized
that
we
tinkered
with
with
formal
available
static
structures
that
that
would
allow
for
expressing
what
we
need
and
then
and
then
the
permutation
of
of
combinations
of
environments
and
intents
became
so
complex
that
that
that
static
designing
this
became
a
a
a
burden
through
the
design,
and
so
we
we
changed
at
some
point
to
actual
graph
data
models
that
these
are
rdf
likes.
Basically,
a
property
graph
directed
one.
G
You
might
know
about
this,
so
hank
is
a
human,
that's,
a
triple
of
a
subject,
predicate
an
object
and
and
this
this
concept
can
be
relatively
easy
without
using
a
json
ld
or
it's
not
yet
existing
a
variant
that
is
a
cbo
ld,
be
implemented
in
a
manifest
format,
and
and
to
do
that,
we
have
already
a
structure
that
can
do
this
hierarchical
representation
of
software
components.
That's
called
switch.
What
we
are
missing
here
was
the
co
mid.
G
The
concise
module
identifier
that
can
represent
the
hardware
tree
of
the
device-
that
is
the
tester
and
that
is
basically
also,
for
example,
representing
these
layers
and
layered
attestation,
and
so
the
commit
is
part
of
this
id
and
the
co-rim
is
effectively
the
bundle
mechanism
around
all
of
that
next,
I
please,
I
think
I
already
bulged
a
little
bit
ahead,
content-wise,
so
these
so-called
troopers
these
expressions
they
they
associate
of
course-
and
that's
a
very
obvious
thing.
G
You
measure
something
strange
collect
them
put
them
into
evidence,
send
them
to
the
verifier
and
reference
where
you
compare
them.
First
item
then,
as
I
highlighted
same
thing,
can
go
with
the
testing
or
target
environment
with
the
endorsement
again,
the
hardware
was,
for
example,
a
te
quality.
That's
isolation,
confidential
is
an
endorsement
of
the
testing
environment
can
go
into
this
rim,
and
then
you
have
to
associate
these
pieces
of
evidence
relatively
reliably
with
with
the
reference
measurements
of
the
endorsements,
and
that
is
done
via
cryptographic,
identities.
G
Luckily,
testing
environments
have
these,
and
so
the
coram
or
commit
especially
can
express
the
complement
to
that.
So
you
can
associate
pieces
of
evidence
with
these
reference,
manifest
that
you
have
in
store
as
a
verifier.
So
all
of
this
is
basically
a
bundle
that
we
can
provide
next
slide.
Please-
and
these
are
now
three
examples
again
as
hank
is
a
human.
A
target
environment
has
reference
values
for
explicit
expression.
Here
the
example
goes
with
a
class
of
devices,
and
these
have
certain
reference
values
you
had
to
expect.
G
So
so
one
of
these
can
match
multiples
of
these
can
match.
That's
a
policy,
that's
not
what
we're
doing.
We
provide
the
allowed
values
for
that
class
id,
and
so
that
is
something
that
is
done
in
our
scope.
A
policy
expression,
therefore
explicitly
is
not
in
the
intended
scope
of
the
quran.
Although
pointers
two
sets
of
sources
for
policies
might
become
in
scope,
we
are
not
relatively
not
absolutely
certain
about
that.
Yet
next
slide,
please.
G
G
We
do
not
invent
new
ones
to
bind
cryptographic,
identity
statements
to
our
reference
or
endorsement
values,
and
these
are
cosy
key
sets,
that's
pretty
well
understood,
and
if
you're
using
public
keys
that
are
associated
with
private
keys
from
the
testing
environment,
it
becomes
relatively
far
quickly
obvious
how
this
works.
So
these
crypto
identity
statements
help
you
to
identify.
G
Does
this
reference
belong
to
a
explicit
one
instance
thing
in
the
world?
Does
it
extend
to
a
class
of
devices
that
both
of
these
concepts
can
be
expressed
in
our
layout
today
with
the
zero
zero.
G
Just
let's
go
ahead:
you
have
two
slides
and
then
I
think
we
have
done
now.
We
can.
We
can
skip
this
one.
The
composition
is
basically
all
next
steps,
that's
nice
to
know,
but
this
is
all
possible.
That's
also
nice
to
know
next
slide
is
interesting
again.
I
think
no
one
slide
to
ghost.
We
are
skipping
this
one.
G
One
slide
to
go:
we
are
skipping
this
one
yeah,
so
this
is
it
so
comets
and
bits
are
the
grouping
mechanisms
for
our
statements.
These
are
wrapping
the
claims
so
to
speak,
the
reference
claims
and,
and
also
these
have
a
evolution.
So
so
they
can,
they
can
be
outdated.
Software
can
be
a
new
versions
that
can
be
patched
can
be
superseded.
Also,
hardware
modules.
There
can
be
a
lot
of
ranges
for
hardware
modules
in
a
class
of
devices,
because
you,
I
don't
know
you
excel
a
range
of
price
range.
G
For
example,
this
comes
in
handy
to
to
allow
one
coma
to
express
all
this
complete
range,
for
example.
So
these
groupings
criterias
are,
of
course,
application
specific
and
they
are
supply
chain
specific
and
but
they
can
be
very
suitable
for
firmware
updates
with
suit,
for
example.
So
so
there
are
some
there's
some
overlap
there
and
then
next
I
please.
G
Yeah
and
the
co-rim
is
basically
the
envelope
adding
some
metadata
that
the
the
supply
chain
actor
isn't
in
charge
of
creating
that,
and
so
so
that
is
effectively
what
this
is
all
about.
It
is
a
standardized
exchange
method
that
is
enables
supply
chain
actors
or
oems,
or
basically,
all
of
these
people
that
are
obviously
the
upper
bureaucracy,
creating
endorsements
and
reference
values
here
and
yeah.
G
So
so
so
it's
a
very
quick
summary
run
through
I'm
sorry
for
the
lack
of
time
I
ran
into
this
with
eight
minus
and
I'm
coming
out
with
this
four
minus,
so
kathleen
you
have
four
minutes
more
than
before.
A
H
I'm
not
sure
about
that.
Math,
though
hank
I'll
go
very
quickly
here.
I'd
just
like
to
get
more
comments
on
the
draft.
I
did
receive
a
few.
I
will
iterate
on
it
very
soon.
There
was
agreement
that
it
could
move
to
a
working
group
document.
So
hopefully,
when
that
next
revision
comes
out,
it
will
come
out
with
the
working
group
name
on
it.
So
I
will
do
that
within
the
next
couple
of
weeks.
H
A
G
A
G
Yeah,
no,
we
can't
go
so
th.
This
is
all
sibo
cdl,
it's
using
coast
with
it
adds
the
complement
of
coma
to
it
gives
the
whole
bundle
back
and
it's
it's
basically
for
cloud
big,
you
global
things
and
your
iot
device
that
controls
your
light
switch.
You
know
so
it's
it's
scalable
and
it's
in
cyborg.
So.
G
Yeah
have
a
look
at
this.
We
will.
We
will
publish
a
lot
of
updates
in
the
near
future.
There's
a
lot
in
this
voice
for
the
composition
here,
but
again
we're
over
time,
and
also-
maybe
I
might
have
some
time
left
visual
thinking
on
thursday,
and
we
can
pick
that
up,
especially
kathleen's
topic.
I
think
we
should
re-address
here.
A
Okay,
all
right,
so
with
that
just
a
reminder
we
meet
again
on
thursday
we
have
two
sessions
and
we'll
look
forward
to
seeing
you
there.