Internet Engineering Task Force 112, 12 Nov 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF112-TEEP-20211112-1200

Description

TEEP meeting session at IETF112
2021/11/12 1200

https://datatracker.ietf.org/meeting/112/proceedings/

A

All right, I think it's time, let's see if I can turn my video on.

A

Good morning, good afternoon and good evening, everyone, this is our our last day. Home stretch welcome to the trusted execution, environment and provisioning working group. Hopefully you can hear me now.

A

Let's go ahead and get started. um I think most of you are very familiar with the note well with respect to the ipr um and how we conduct our business here.

A

One thing that we wanted to call out is the code of conduct we want to follow. This is based on rfc 7154 and, to summarize here it's basically for us to treat each other with respect.

A

We are all professionals coming in with our own point of view and diverse backgrounds, so we should keep our discussions um more of an impersonal and to the point um as we're working to define solutions that will inter-operate across the globe. Okay.

A

So, given that I will thank hannes in advance, I've got the links here, um good to see you. I've got my co-chair with me here um and I've just noted the links here for the meeting materials as well as the note-taking um I forgot to update. um No, I think the minutes link is correct.

A

So thank you, hannes, for being our notetaker. I encourage everyone else. It's a live document to go to the um uh cody md or whatever. It's called now hedgehog um and help out and if you can also help us um recording.

A

That will help sorry if I got the title slide wrong. Hannes. What did I do.

A

Yeah, okay, my bad I'll do better next time; okay, so oh shoot, yeah, you're right, okay, so uh agenda for today.

A

We've got akira providing us the hackathon. We still have. Our um architecture and protocol drafts have been submitted to um publication. uh For today, we've just got the hackathon report. um Akira I've got you and I think, you've embedded them in your slides to talk about the um the suit and teap. I think that was also part of your hackathon, but there's a github request for this and then the rest of the time we'll spend um talking about the protocol, see I'm like not awake.

A

It should say protocol not not architecture, my bad uh so barring those updates any any other agenda. Bash.

A

Going once going twice right so akira, do you want me to share your slides.

B

um No, I think I would like to share my screen.

C

B

It good and I could flip the page.

B

How, how does is my screen showing right now.

A

uh No, we just see.

B

D

Video, oh, I see um yeah. I.

E

Think the chairs.

F

You should accept uh his request to show you their desktop or the reloaded slides. ah Thank.

G

F

A

Oh there it is yeah.

B

A

Interesting, I see two two icons for the share.

F

Yes, this is because he asked to share, uh desktop and then click on the other icon. You can deny the other request.

A

Okay, I've tried to accept both. I see your slides now.

B

And how do I flip it just a minute.

A

So in the lower you should see this. uh Oh.

B

There it is, I see.

D

A

D

I didn't know I didn't know the progress from the last idea. I think yeah and I think the arrow keys on your keyboard will also work.

B

Yeah, it definitely.

D

B

Oh yeah, it does so. I put two things in the slide. One is about the hackathon and another one is for the uh adding three suit format: examples in teep, so um I'm going to start from hackathon talking about hackathon, we yeah. We were having a hackathon last week with the jointly with suit working group.

B

Yes, um yes received very early email on tuesday from hannes and yes, we we jumped in and also we had we um on the in japan side in in japanese time, we were working on um going through our implementation and um file filing issues on the github and creating put uh plo requests and the so uh for the first. This is for uh explaining what what is steep first so t honestly, it's not only about deep from the beginning from the when the protocol draft and architecture draft.

B

It was obvious that its suit and rats was going to be um used in the deep and uh and the in the format was changed from otr p to t was, uh then it was from json. Then it was obvious. It's going to be using coset, so um well, there's many things have to be done in making the deep draft finishing, which is which, which is tough but um which is also challenging and good good thing to do. Work, try it so um from last.

B

um I gifted this idea. We focused on, I mean me and the other people in japan was yes. I would like to call their name name. Yeah um from asd is suzakson from second takayama and tragedy, and also um from yes, we joined on the arm um suit work, suit, working group hackathon too, so random, harness and and dave was working on um in on his time zone too.

B

And coming back so we were, uh the main focus was adding suit format in the tip draft, yes, and- and we would like to- we would like to finish suit manifest example in the tip, so everybody who is going to use teep would also understand how to construct the suit manifest inside. The t protocol then, and then it will in then will be much easier to have. The concrete cdl example, with the diagnostic notation example and the binary representation with the commented.

B

Description with with and just the binary and also we started from the last week is started to how um think about how to support the cose.

B

Okay, so for the stamp site, we will have a tamp proto um this uh as a implementation as a tam. It's it's open source on the github. um I I forgot to write it down the github link here, but it's. If you search on the web browser temp prototam, then it will be. You could go to it and we.

B

What we really did was uh um try that we we added about three different way of the having suit manifest inside the tip um message, but we just first we um focus on having a trusted component binary, which used to be called trusted application in binary inside the suit manifest, and that will be inside the deep message, a deep update message and also we from takayama-san we started to have uh libsy suit.

B

It's meant to be a library to support, to make it easier who wants to implement it cheap device or tam, and it's it's, uh and so that's was uh adding this um having suit manifest inside a leap, c suit and also deep device. We have an open source yet, but um we we trying to working hard to finish the implementation, taking very long time by the way I'm after this ietf119112, I would like to focus on finishing tip device implementation.

B

Publicly available.

B

As soon as possible, I don't know how long it will take, but, um yes, I will put other work item aside and I'm going to focus on making team device implementation on github and what we did was we take message format.

B

Let's keep updating so finished, supporting draft zero, six of the tip message portion and then adding this exam um example uh suit manifest format and which is- and also uh it says, integrated payload here, but um it means um in the same same with the on the top line, is adding tc binary inside the soup. Manifest super manifest could have only manifest and could have binary and separately, but um right now we wanted to have try having a binary inside the suit manifest and make it workable between the deep device and time so.

B

um Okay- and these are the feedback on the draft- is uh one two three four five.

B

Issues and put full request, and first one is um from dave, and I think this is uh many of them were going to be uh going through with the dave's talk.

B

But um briefly going through is uh yes and the tip tip message: yeah, where you we're going to use each token or just the token, and and it's we.

B

We need to decide when to include the token or or not so uh that's dave's, issues on the github and and also another topic was, I was participating in a suit working group on this monday was yes about cypher suit and, honestly, if, since we have suit manifest inside the deep message we will just like to use whatever it happens on suit man um suit a manifest draft to you for using um cose exactly the same in the deep, then it will make it much easier for the implementation.

B

We don't have to add any more feature in the library or anything else, we're just reusing it and that's. But um to do that, we just need to align the description between the suit and tip, and that's the second one and and the third one is uh yes was really uh working on.

B

Is he went through reading the suit manifest um draft and and proposing you there's a in the uh um description, then the suit manifest for the day for for the usage of the deleting the binary or firmware or trusted component it was probably using unlink, is more preferable.

B

Was it was um r or takayamas in our understanding, so we made a um um issue listing pull request and, uh and the the fourth is the yes. This is something with we've been doing from these three months was keep updating finalizing the three way of the example in the deep message of the suit manifest, and the last is yes yeah. So this is was my quick one-line pull request is, um since it was the suit example and the suit manifest was using um es-2556 for the corsair.

B

Yes, cwt, then yeah, I thought adding in the cdl uh effort. Description might might be better, so it just made a one-line patch, okay,.

B

Yes, so then, um instead of going to.

B

Suit manifest example, um I would like to explain how the tip tip protocol uh draft is describing um seaboard description.

B

Yes, honestly, I did suffer a lot when trying to implement the seaboard. So since I suffered a lot, I thought I would put my knowledge into the deep protocol draft, so everybody else could don't have to go through uh entire, how to implement and how to debug it when the um when, when the negotiation not or uh point message going back and forth between the time and deep device, probably whoever going to implement the seaboard problem. Yes, I want just wanted to make it easier for them.

B

So um this is the left. Side is c board. Diagonal, stick not notation, which is uh derived from reading the cdl and in the right side. It's in the in the draft have a binary example, but with the comment in on it, so if anything doesn't work in with the talking with the other tier of the um on the internet, for example, deep device and um tam, then you just go. You could see the example and which line might be different in the binary.

B

If it's a json, it will be much easier to develop because it's text format and if you do the ether real, I mean like it's not ethereal right. Now, it's a wireshark and if you see the packet dump, then they're pretty much easy for them. If you do the top packet dump on the seaboard keyboard binary, it's all hex decimal.

B

So if you scan the hex decimal and keep going through the right side and left side for about five or ten times, you might started to see on the right side on this on the packet dump but started to imagine have an imagination of the left side. uh I hope so, but um yeah yeah.

D

B

Trying to make it slightly easier.

B

So, um and this is suit, manifest is also um similar. I mean oh yes, but we also have a c um seed. um What was the name? Yes, diagnostic notation and the binary representation with the comment on it.

B

So if anything, you have something, for example, if the coset orgasm doesn't match, then if it's, if you could see whether it has minus 16, it's going to be negam215 is going to be 2f and hexadecimal and from the beginning, from d86b a3 do you go through, and if it's you need you, if you you just you could check if it's correctly, it's tf and parsing correctly in the implementation.

B

Yep then, I think I'm going to go through the suit manifest examples.

B

um Any question for so far.

B

B

Okay, so first example is uh probably the easiest example. How does it look is if, when the tip update message is uh sent from time to tip agent in the tip device, it has the um the suit manifest.

B

Has the uri pointing to the where the trusted component binary is uh hosted so and then the t um and then the tip device we're going to um in the implementation they're going to fetch or download the trusted component binary right?

B

Now we still using dot ta for the convenience, for the understanding and and inside the tc iphone you id dot t is it doesn't have to be this um file name, you could choose any kind of the file name and since since it's uh in the um arm, implementation for the opti was using uid and the file name of the ta. um I I added the easier to parse it in the mine.

B

You could use the uid.ta and for the example on the um into sgx and it's any, you could use any kind of the file name. So it's dc hyphen uid.ta, which it's going to be. It doesn't have to be using your id or any file name um pointing to the binary and then the binary it has any of the um yeah um hexismo or any binary inside.

B

And this example: good thing is the um yeah. The first line is.

B

The um developer, who is who create made the binary of the trusted component, um is, uh could going to be download from their website or https link. So you could you? Could you will notice? The tip device have downloaded the binaries and and and the um and the time does do not have to um host their uh the dc binary on the temp side. So you just you, just provide a certain manifest to the deep device and then the team, um the tip device, will get the bioneer binary from a trusted component developer.

B

So it doesn't have to worry about it, um and the downside is um yeah. Trusted component developer have to have a web server or whatever um hosting the trusted component. Binary and deep device need to download the binary separately after receiving the suit manifest.

B

But um it's not a big deal for the second night and first line how much it depends on how much the trusted company developer have the uh have the domain name and have the bandwidth for the distribute, the binary, okay and the sec, and the second example is also pretty much straight straight forward.

B

The only difference is uh inside the sea suit manifest. Instead, I have a uri, it has the. um um What do you call it in this uh cdo.

H

B

Instead of that, you are pointing to other website, you have the dc binary embedded inside the suit manifest, as as this very simplified written here detail is, is in the draft, but- and this is the simplified way of the x um description so good, so this one is the more intuitive. So if the tip deep device requests the dc binary uh to the time server, then the time server tip, update message will contain the suit manifest with the tc binary.

B

So you could receive it in one message and, and yes, it's just pretty much the same. What uh opposite? From the? What I discussed with example, one is the trusted component developer: do not have to host the binary. Yes, um it's and also it's pretty much the same. What opposite of what I I I have just this um said.

B

um The trusted component binary is going to be this by time. So if yeah you just don't, have one can't, you need to trust the temp and you can't. You can't count the trusted binary, download number or something if you wish, but um oh yeah yeah, but the good thing is you don't have to worry about it and, uh and also it's the time message from the update message from the tam to deep device will contain the binary. So it stands. Probably it's going to be tend to be uh um message will be.

B

The size will be larger than um just having a manifest, but um I really don't think it's a big big. uh I mean big negative point. I think it's it's uh that that's that's the even even downloading a trusted company binary separate from team device from trusted component uh developer hosted web website. It's it's going to use the same bandwidth.

B

B

And example, three is the um adding the um um example of the um what brandon have uh um talked at. I dif one last iedif when, when having the personal data for the particul for the dc binary already inside the dc uh deep device, then you could um how you could um this rate? The in this example is the personal data is the example is having a config.json file, um the providing to the.

B

Depended tc binary is in this example, is the one already have in the deep devices dc uid.suit? So if the dc device already have the tcu id exactly the same tc already installed, and these deep device then could receive the personal data with the suit manifest inside the deep update message and yes, okay, yeah. I think I pretty much finished my slide so.

B

So, yes summary, yes, we just started to move on um adding the suit support and we started to start the.

B

Consider how to support the corsair and the suit I mean that I'm a tip, and yes, we we now we, uh I don't know this suit, manifest for three format. It should be inside the deep draft or it should be in the suit manifest um um um ma'am, second draft or external draft, not sure, probably it's going to be discussion with the brandon later, with the dave's talk and- and yes, I just wanted to explain how the seaboard looks in the tip yes and after what I define one line.

B

Yes, the we would like to go on to support uh finish the implementation and having the running code, and, and so we could verify. First, um we could uh uh yeah have the feedback on making the t protocol draft more concrete.

B

Yes, that's it um questions yeah.

A

I don't see anybody on the queue.

D

I want to ask something about this horse.

A

B

There were a couple of.

I

People on on the chattic you're.

A

Feeling your pain.

A

So the the question- and I think I saw it noted from dave um the the issues that you had listed on the github. I forget the number was it 161.. um I.

B

Want 62, uh it is.

A

That has now been resolved. Oh there's a set of them right.

B

A

B

Is still um pending there so.

A

B

If the, if it's okay, to have the three formats in the deep draft, it will be yeah, could anybody could uh remember, um dave or ming could merge it or if, if it's more appropriate, to put put it in the suit manifest external draft, which brandon have split it last week, um yeah we could move that to the um to suit manifest draft. I really don't mind which, which is going, which should go into it, because it's anyway we're going to use the same format.

A

It does need to get covered um dave. You have a comment.

H

Yeah, I just uh first what I put on the chat. Was it wasn't uh merged into draft 07 just because it was merge conflicts, whereas the uh iv deadline was coming up and then those were resolved shortly after that.

H

One question that plays into that is how much of these examples um suit generic versus teep specific right. So, for example, if there was a suit spec that had the thousand examples that just didn't have teep stuff in it. Is that close enough or does steep? I think right now. Tp has one example in there for each message: type where it's like the personalization date examples. I think it's the closest to get curious third example right, not the first to the second one.

H

If I remember right, um that's from memory so uh akira, please correct me if I'm wrong, but uh if suit had more examples in some document, then would t need to cover all the examples or just one of them, which is what we're doing right now, and so I think that's the interesting question that is asking that I would uh love to hear uh people's opinions on so.

B

B

Is brandon here.

A

Yeah, I don't see brendan on.

B

I thought he was going to jump in so.

A

Yeah, I thought so as well.

B

B

B

Honestly, these three example is a very, uh very s specific, with the t I'm suit manifest uses because of the deep um handling between tam and deep device, but it it doesn't, it doesn't mean they have to be in deep draft. um It could be a manifest external graph.

A

Well, it could be its own separate draft as well, and then we.

H

A

Whether that work gets done here in teep or it goes back to suit um hank you're in the queue.

J

Yeah, sorry, I uh it was hard for me to press the buttons. I don't know why uh this is hank um so yeah there is so in principle. That is not a problem to pull that into the manifest draft or the uh if it's, if it's just the reintegration, um there's also merits to have that in a separate draft. I think we are happy to help here uh if it is uncomfortable for the cheap id to to somehow build their around the content. That's not a problem we can.

J

We can have that in suit and suit suit-ish um ids.

B

Only only concern to having the uh example and the suit manifest in the external draft is. It has the like uh in the example um for in the format, it has the like tc hyphen uid.ta, which need the knowledge of the how the ta works, um but um yeah.

J

Yeah, that is use case, specific expositional text, so I I you could we can abstract that or we can we can. uh We can ask uh guidance from some from the area director if it's fine to have a specific uh name here. I I think that's that's just a. It is a legwork problem.

B

Or, or having the three example in deepdraft, but have the all other a bunch of the other example in suit manifest as as.

J

B

Now is also fine.

J

Yeah that yeah, but then you so so maybe other people have an opinion, but but you I think, I'd like uh to see the examples in one place. To be honest,.

B

Nice yeah so yeah.

A

So hank you're you're kind of saying you prefer it in the suit.

J

The preference is not so if it's, if it's too uh clunky to have them deep, I think suit is happy to help. I would call it like that, so I I don't have a preference. I I have a. I have a the desire to help.

J

A

So I see brendan brendan is on.

A

And, of course, he prefers it in the teep document. Okay,.

D

B

Yeah, that's right. Yes,.

A

Okay, all right.

B

So we can continue.

A

That discussion, I guess, on the main list.

K

Could I just briefly say why sorry for jumping the queue there? um Essentially the concern I've got, is that with the refactoring that's been done in suit, so that there are multiple documents with multiple different um sets of of pieces of the original suit manifest.

K

Now it suits already going to have examples in more than one place, and because of that, I think it would be really sort of uh incongruous to have teap examples in the core of the suit document. uh When some of suits examples aren't in the core document.

B

I see yeah and also, if, if, if the manifest form format is in the deep draft, we could say um we could how you, how to up um um how to adopt the suit manifest in a future protocol other than deep yeah. It might give it a little bit of guidance. Yes,.

J

Skipping of the audio exactly when brandon said the essential sentence. When could you please repeat that.

K

Sir sure, the the the point is that suit has examples spread over multiple documents right.

H

K

So I'm happy to put examples in suit where they're appropriate, but the question is, if there isn't an appropriate document in suit for a teep example to land in, I think it's just a little bit incongruous to to shoehorn one into a document where it's not appropriate, so it makes sense to me to put you know: if teep is a profile of suit, then it should have its own examples for suit. Does that make sense.

J

Yeah, that makes sense, but that would remain so the profiling aspect of cheap would that be its own document. Then it isn't the protocol rt texture so, um but would that go in cheap? Then.

C

So so bend up the big if.

A

J

Yeah, so so that's why I assumed suit is the more likely lane, but I'm I'm just guessing now so so maybe other keep offers have a better editors, have a better opinion.

A

So ben is listing another issue um on the chat that if we have a lot of examples that there may be a desire to have them all in one place and so um okay, I don't think we're going to resolve this here.

A

H

A

Ben since you're yeah.

E

I think my my note in the jabber may have been based on a flawed assumption. So I think dave is clarifying that you know the idea is to have a single document. That is just examples, and the question is whether to do that in the teep or the working groups and I think either. Those are fine, and I agree with you that we're probably not going to get a clear resolution in the meeting right now.

E

A

Okay, well so we'll continue forward, then um thank you. Akira.

B

Yes, thank you. How do I stop the steering slide? Oh there, it is oh.

A

I I can just revoke it as well. um Okay, so up next we have dave with the main protocol. Spec dave. Do you want me to share slides or you want to share them.

H

um You can share them, but I've been in queue for uh a curious document. uh Brendan was actually not present in the meeting at the time that a curious question was first worded, so I wanted to clarify one nuance of the question. If you don't mind.

A

Please go ahead. I somehow didn't see it.

H

And we don't have to answer it right now, but I want brendan to fully understand the question. So if this is moved to the list, then he can appropriately weigh in the examples that akira walked through the part of the question that we would love you to weigh in on uh not necessarily the mic here, but at some point right is the examples of things like um what does it look like when you take the actual binary embedded into the suit manifest?

H

What does it look like when you have a uri that points to it hosted off uh off? The thing are those things that are inherently teep specific concepts or are those things that are generic, and so that's the examples he's going through is those different variations, and so that's why the question is: is it really something in a tea profile, or are these just examples of generic suit things that should, or maybe already are in in a document in the suit working group?

H

And so, if you can do a scan through of akira's examples and say these things are actually just illustrating generic concepts versus no, this one is actually a teach specific concept that would be very valuable, brennan.

H

All so so, let's move on to the uh protocol slides here, I gotta leave the queue and leave my audio on okay. Hopefully you can all still see and hear me all right. uh We're gonna be talking about draft seven of the cheap protocol. Next slide.

H

All right so since 111 there was a long backlog of old issues that we've been slowly working through in deep working group meetings and we've now got to the point that almost all the old issues have now been resolved and we're only um talking about new issues. And so I'm going to clear the backlog today in the discussions here and then go on to the new ones file. But there really aren't any old ones.

H

Previously, we kind of picked the most important ones to talk about in the working group meeting and we've now kind of cleared that backlog and so and most of the spec right has now been implemented by at least one implementation right. You heard akira mentioned the last pieces that were kind of still in progress right, integration of other things, but um we think we've uh fleshed out all of the areas of the spec that there might be an issue until we actually implement things.

H

But there's uh no section of the spec that somebody hasn't at least started on so go ahead and go on the next slide.

H

All right, so um here are some of the ones that we previously discussed at ietf 111 and I'm not going to go through uh each of these on slides. This is just a list of things that we covered last ietf meeting and we had proposed resolutions and those have now been incorporated into draft seven, and so we added the error code uh for no freshness mechanism in common.

H

um You can read through the rest of those, but all of those we believe we've just put in the results from what was in the minutes from last ietf meeting. Okay, go on to the next slide. There are things that people want to stop and ask about.

H

But the point is um all of these are things we spent some time discussing last time, so these are the ones that uh were continued this one we spent quite a bit of time on, um and so this was like all the discussion of ocsp and capability discovery that was kind of the main focus of last meeting, and so we've done the results there right, we've removed all references to ocsp right.

H

We said you just have to have a update mechanism to update your trust anchors and that's how you do replication uh and so all the different points that were raised during the meeting. We believe we've incorporated those back into the spec, and so I'm not going to show you the text, because my belief is it just matches what we said and we would invite you to inspect the text yourself. Just to verify that uh if you had an appointment point, you.

J

Want to be in there.

H

Make sure it's in there, but we believe we've collected everything from last ietf meeting, so I want to go on and discuss new issues, and so, unless there's a question on those, um then I'd like to go on. Let me pause for a second there's: nobody in the queue right, okay, let's go ahead and go on unless there's questions on any of those.

H

So all right, so I'm going to walk through um other ones that were kind of in the in the backlog, and so this is one that was one of the one of the older ones. It's finally been merged, and so this one, um uh I think, was originally one of the hackathon uh filed issues from uh maybe two or three ietfs ago, and the text finally got merged.

H

So after various edits and rebases and merge conflict resolutions- and so uh remember tokens here is the name for the nonce-like thing that appears in a uh that can appear in a deep request. That's echoed back in the deep response if the tam needs to uh match requests and responses, and so depending on the freshness mechanism and use, and so on the token is optional, depending on use case it's up to tam, and so when you are using a token, sometimes known as announce right, it now has actual requirements around.

H

There must be random different per request. Only one response is allowed per token.

H

You can't use it for other purposes other than this particular purpose in teep, and uh when you issue a nonsenate request, there should be some expiration um such that you can't come back three months later or something right. Just the expectation is you don't keep state around forever right? So that's the kind of the guidance that's in there right now, so that one is now merged next.

H

So this one now I'm getting into the one that I filed during this hackathon right. This one is ambiguity in the spec that, um in my opinion, there's a straightforward way to address this, but uh here's my presentation about it.

H

The update message allows the token field and says it's optional, but it actually doesn't have any text that says when to include it right, and so you can treat that as a couple that you could read that as a couple different ways. So uh the responses right a success message or an error message.

H

You send back when processing an update message does say that you have to echo back the token if it's present in the update and uh the update can include a suit report and if the suit report has announced, um then um uh I should say if the update has a uh token, then the suit report, if present, must have the suit report nuds in it, okay and so the br, and I see russia on the cube. But let me finish the slide here and then I'll go to urs.

H

uh The proposal that I have is just to clarify the ambiguity is to explicitly say that it's up to the tam implementation, so in other words, you are allowed to have a token in a delete message or an update message or a query request message: it's not a requirement that you use. You know all three or none of the three you can pick and choose.

H

However, you want, in other words we don't explicitly say that, but the post list, you say the team gets to decide when a token in is uh is appropriate, uh so I can do it sometimes not other times or whatever that's my proposal, because that's one way to read the wording right now, and so I my opinion is that's the least change from what the text says right now and leaves the most freedom for people to innovate and optimize for their implementation and then separately.

H

Besides explicitly saying that to say that uh the teap agent must ensure that the suit report nonsense present if the update um contains a nonce- and so um that's already implied okay, but it's not explicitly stated so we could make that any more explicit so ross. Do you have an opinion on this? One go ahead.

L

No, I have an opinion on the last one. um I'm sorry, it took me longer to read your list than you spent on the slide.

L

Nancy yeah, the uh my concern is the tokens must be different per request. um I hope you don't mean that people have to keep track of every token they ever used.

L

um What you mean is that the probability of reuse is small.

H

It, I think, the intent, and so I think the actual wording was authored by one of our japanese colleagues, but I believe that the intent is that uh it must be different per outstanding request and so uh and there's different ways of doing that. And so I there are ways to not have to retain state. So you could have a pseudo-random sequence.

L

Right that that's my point is.

H

That the probability of.

L

The same value being picked is so small that you don't have to keep track.

L

H

L

H

We're gonna look for some better wording.

L

There, so I that that's my concern is: okay is some word smithing.

H

Okay, good point make sure that appears in the notes and we'll pick that up. Thank you all right. Let's go on nancy!

H

If, unless there's anybody in the queue getting up for this one, uh unless there's any uh uh alternate proposals, then I will go forward with this proposal um unless somebody has a better idea.

H

So if I see nobody at the queue we'll assume that that would be okay, all right, so the next whole section of the agenda and since the uh rats working group is uh up right after teep today, I prioritize the eat stuff in the agenda to make sure that we have time to go through this as opposed to the suit stuff, um which does not have, uh I think, right after this, and so I wanted to have any input necessary for us to go into the rats working group after t.

H

So if we were to run out of time, I would rather make sure we cover all the eat stuff and um not cover all the other stuff that I have or cover less the other stuff that I have so I've got eat and suit. Then optimizations in that order. So here's the eat stuff, so um there's been a bunch of threads about this one started off as the uh rats meeting on monday, and so let me just uh summarize the discussion uh I've seen so far.

H

If there was anything overnight, I am not up to speed, but I I I'm up to speed as of yesterday so yesterday afternoon, all right, so uh there were two issues related to referencing of each one of those is already merged. One of those is open to track the remaining things and so um on. The left is the sets of uh requirements and I'll go through the the ones for the second row there and more uh details in the later slides, but this is the one that summarizes all the other ones.

H

So uh there's a set of requirements from the architecture draft okay, which is, as nancy said, is already in the isg. So we've already got you know working through consensus on the left column, although I have a question about that later.

H

As we'll see, um the middle column is what draft 07 says right now: okay, and so there are uh one two three of those uh requirements- that draft 07 points to the core, each spec as meeting those requirements, and there are five of those that points to an individual submission, hank's document as meeting the other five in the hopes that those would be merged into the spec right. That was the status as when draft 07 was posted. Okay on the far right side um is the current proposal for the next draft other than the yellow.

H

One is uh subject to uh discussion here and so we'll talk about that another another. uh There's a couple of variations of how that might be done or not done or whatever, so the other ones that are currently point to bar calls. The proposal is to point those to the latest eat spec, because there's been some uh rewordings of some existing things in some cases and there's been some new claims added in other cases.

H

Okay, so the belief now is that the vendor of the device can be specified using an oem id claim and remember that each has different claim sets. You can have a claim set for each component right. Your overall evidence can have multiple claim sets one for each layer or one for each component or whatever, and so oem id can appear multiple times, one for each component right, so the vendor of the device. If you're talking about a device claim set, then oem id would be the vendor of the device.

H

Similarly, the device, unique identifier euit, could be used as the unique identifier in a claim set about properties of the device. Okay, as opposed to the properties of you, know the firmware or the t, the tpa or whatever else so eoid, we believe could be used for that one and then new uh in the latest, each spec they added the software identifier.

H

As you know previously, it talked about coswoods, but it didn't actually have any uh formal text in there that was implementable, and now it does right, and so now, in the coswood section, the software name, the software version um can be used to meet uh the. What what the architecture document uses words for firmware type and firmware version right. It uniquely identifies what's the firmware, that's actually on there, and so the belief is that the 11 spec draft 11 of eat actually meets um all.

H

But one of the requirements of the um that's talked about in the teep spec right now, the deep architecture document right now and that's classic device, and so that's what all the remaining discussions about is that one remaining thing- um and I see brendan in queue so is if you're gonna anything other than class of the device is in scope, for this slide so feel free to ask questions anything else. So.

K

Yeah, I I guess the the thing that I want to make sure is that we're not um constructing a situation where devices are required to convert between a variety of different identifiers.

K

um This is this is a moment where we need to be really careful about how we sync up between a bunch of drafts that are in flight at the moment, I'm concerned and and to to be honest with you. I I have not looked through this to to the extent where I can tell whether oem id euid and the current uuids specified in the suit draft are compatible or not.

K

I just want to ensure that we're not forcing constrained nodes to convert between a variety of different identifiers for the ease of consumption of large-scale systems, because I think that would be a mistake.

H

So I think the one that you should look at and form your own opinion, I think, is euid, which is specified and eat as being twice as long as a uuid, and so I think the other ones you'd probably be happy enough with, but that one I would draw your attention to inform an opinion so.

H

It's like a uuid in the same sense of properties other than the length is twice as long.

K

I I think that device identifiers are probably the id that suit cares about the least, so I suspect I'm not too worried about that. One.

H

Okay, all right, but yeah those would be feedback. I think for the uh rats working group, which uh I would invite you to the working group session following this one. So all right unless there's any other comments on any of the other ones, then all the rest of these things are about the classic device discussion, which has been a active discussion this week. Thank you to all of those who have weighed in on it and thank you for coming to this session, if you wouldn't normally be in teeps. So next slide, please, okay!

H

So let's do some history here and talk about some background for class of device, because there were some questions for anybody coming from, say the rats working group that wouldn't normally be here in teep as to what this requirement is and what teeps use is so the first use of this in teep came from the legacy otrp draft, which we don't use anymore.

H

But if you're looking back at the history, you can see- uh and I think um uh jeremy had posted on the combined thread- that the teep suit thread about what otrp does, and so you see in the otrp protocol, which is now part of uh global platform specifications.

H

It does have this notion of type of firmware right, which I mentioned the previous slide, that the coswood can cover that one and the type of tee included in a device right, and so that's one example. Wording and otrp does this so next slide, but that's not our spec anymore. So it's just that was a predecessor to what deep architecture has okay, so a couple places in the deep architecture document that actually specified the requirement that we're talking about now.

H

Okay, one is here talking about device, identifying information, okay, um attestation information, maybe may need you, you can identify a device to the tam right, that's more like the the euid case right, you need. It allows uh this hand provides services, a device such as managing installed, tas, providing subscriptions to services, locating device, specific keying material to communicate with and authenticate the device or authenticate device.

H

In some cases it may be sufficient to identify only the class of device right if you're managing you know, 10 000 things, you have the same policy for all 10, 000 of them, not on the device by device basis for scalability right and so what's the class of the device right, not the serial number, but what's the what's, the model number or some other class or category that applies to the whole uh set of things not on a per serial number basis, where eoid is like a serial number. Okay next slide.

H

um The other part of the requirement just to uh verify is in the tee identifying information, and this is the type of tee that generated this attestation might be, must be identified right and includes. You know, version information for hardware, firmware software and so on. Those those other bullets are the other rows in that table.

H

Right, t, manufacturer information for the uh te right, that's like oem id for the tee claim set right is required in order to disambiguate the same te created by different manufacturers and so as an example right in the uh arm ecosystem. Right, you have a uh say, a trust zone uh dee, but the actual uh chip manufacturer is a very it's anybody that licenses the arm design right.

H

So you can imagine a trust zone with multiple oem ids, but it's the same te type, which is trust zone right so again, there's a there's, a classic device there. In this example, I think if I'm interpreting, if I understand the arm ecosystem right, this is an example where there might be a te type that would be. That would span multiple oem ids and that's an important concept to keep track of. When I get to that question in another slide here, so all right.

H

So hopefully somebody will correct me if I have something wrong, but this is the text that was that's already passed working group last call and has passed on the isg, so we already have consensus on this text and now, let's just uh we have to talk about how we can effectively meet these requirements, so go ahead and go on to the next slide. Nancy.

H

H

As meeting that claim- and so this is what we want to replace with a a uh a working group document, whether this document gets adopted is working or joking, but this is really the only thing left that depends on. Is this one section here if we make those other changes that I mentioned, because the eat spec has now incorporated other things, so there's a cloud.

A

Yeah, this is not good.

H

No just checking am I back now: yeah you're.

C

H

Okay, yeah, I gotta know I got a notice from mitecho that I was having glitches, so I knew about it. So as long as I'm back now, I'm saying uh so this one. It was a proposal that uses a uuid to meet the type claims about the the type of device type of pe.

H

um This one says you could use a uuid for those two purposes and that's what the keep spec references right now and so whether a t uuid is appropriate or not, is an upcoming question, but that's one that we said that we as referenced in the last deep spec. So that's one proposal next slide.

H

um I don't see the slide on my screen. Can you guys still see the slide on the screen.

L

Okay, here we go, we see the epr 139 slide, yep.

H

It was just delayed, it came up for me all right, so um lawrence opened a pull request on monday or tuesday against the eat. Specs saying would this meet the requirement? Okay and that's what has been generated? Lots of discussions so in this example right? It's a uh byte, uh blob, okay, as opposed to a uid, okay, and you can see the various descriptions and stuff there right set by the hardware oem vendor again wording is flexible. This is just a pull request right.

H

uh There's no global schema format for this claim, and so it's still opaque, just like a uid is right. There's no format for the claim. It's an opaque blob that you can use, but there's no structure in it. Okay, so again, that's a pull request is another proposal.

H

H

Okay, so here's the set of questions for discussion here and various individuals have weighed in on the list on these questions already, but I wanted to summarize what the questions were that people have weighed in on and see if we can get any way forward or direction here.

H

So we know whether this is going to be a t profile thing or an general thing: okay, so the first one- and these are all interrelated questions here- so feel free to get in the mic in any one of these four questions here, because there are uh inner relationships between these okay. I know a number of people have posted their comments to the list, but not everybody here has read. Everybody is probably up on that thread and we want to get some consensus direction out of the working group here, if possible.

H

So the first one is this notion of a hardware class identifier right. Is this a notion that is specific to teep, or is this a generally applicable notion? Okay, that's. The first question is the value of the class identifier. Is that something that's globally unique like a uid is? Is it something?

H

That's up to the vendor right because you know if it's a blight blob or whatever could two different vendors use, the same value and the meaning of it is different or is it up to the profile where two different vendors can use the same value and the meaning of it is the same because it's more like a identifier of trust zone, regardless of what the vendor is right?

H

Is it uh opaque or is there any structure to it? You can see the two proposals that I mentioned are opaque.

H

If heaven forbid somebody used a text string, somebody might assume some structure or even if it's a bite blob, somebody might put some structure in there, where you would not do that with a uid right now, both the proposals are opaque from my understanding and then finally, is the value, a uuid as in hank's uh original proposal or a place uh white blob like it is in lawrence's one or, as was brought up on the email thread, a uh text string which was mentioned is what otrp does and brendan said.

H

Please no um or is it an oid or is it a url and so that's kind of all the the of the uh things people are weighing on the long thread. So um I see brennan in queue, so you get to go first.

K

So uh this this might actually back up slightly to oem id as well just as a warning, uh but I I think it's important to consider in this that class identifiers are not unique for a device. One device could have many class identifiers and the the reason this is really important is because it allows someone to distinguish between the various different kinds of configuration that they care about.

K

So, as you mentioned, you could easily have a class identifier for a tee, but you might also want to have a class identifier for all the tees of a particular kind that also have access to a specific trusted peripheral, like maybe a particular version of a gpu.

K

If you happen to be building drm um or maybe you uh care about access to a specific kind of crypto accelerator, in which case you definitely need a class identifier for that, and that's probably actually going to have a different oem id and a different class id than the tee itself. So what you actually care about in these situations is aggregations of multiple oem and class id pairs.

K

And so I I mean there's a couple of different ways that you can handle this. You can have a structured class identifier in some kind of enormous tree or you can have a list of pairs which is possibly easier to parse and handle there's a lot of different options here and- and I think it's important- that we consider that there are a lot of different use cases here for different kinds of uh ways of identifying exactly what a class means to you and your ta.

H

um I will mention the the out of the two possibilities you mentioned: there's a third possibility, I think, which is the one that's most natural and eat, which is multiple claim sets.

H

uh So you have just like you could have multiple claim sets one for each layer. You could have one more. You have multiple claim sets one for each component and a composite device. You could have multiple claim sets for other purposes. So if you need to have different, uh you said you know, lists of uh you know pairs of them. You could put those in different claim, sets and use the sub mod relationship to indicate the relationship.

H

That's probably the one, that's the most natural way, because then it's not just this pair, you could have any set of claims that could be varied uh together right. You could have you know whether it's a time stamp or anything else that kind of goes along with that. So multiple claim sets is the most natural way to do that, but I see other people in queue, so I.

K

I mean I mean the thing the thing on that is that um one particular thing can have multiple claim sets. You could have a particular.

H

K

That t e could have a particular type of uh of os and and so on, and so on.

H

um So, what's interesting, I I guess I didn't give you the background here, but for anybody, that's not familiar with the t format. There's ah when I say up to the profile here in the second bullet, there's a separate claim, that's the profile, okay and so there's a with the value of being what that profile would be, and so you could imagine you know profile value equals, uh teep right and so uh the same component in theory could also have multiple profiles, which would be multiple claim sets for the same um for the same component.

H

Just because that component happens to be wearing two hats and have two profiles that is in theory possible too. I don't think that example is in there, but I don't think there's anything that would preclude it. So, okay, uh hank.

J

Yeah hi um hi dave, um so um so my next words I have to phrase very carefully. I have to tweet very carefully because none of my co-authors are here and they are all the hardware, vendors and the te builders and the at the station environment creators. So- and this is already hinting this is coming from rats and in reds. They think I like brent's comment on.

J

You can have multiple ways to express these: uh let's call them multi-oem multi-parts things that you have multiple classes combined, and that is especially true in composite devices and composite device attestation rats where you also have the layered attestation, maybe on top of that. So you have also the dependencies which environment reports on which requirements and so on and so on. So we are very careful and very complex in describing that from the supply chain side and we decided on maps that have classes instances and groups which are arbitrary.

J

Subsets of these can be identified with specific maps that can have class ids, vendor strings model, strings layer, identifiers and other indices of hardware, for example, there's the entitymap that can help you. So there's a lot of things that really can help.

J

If you support all of these and then I think in the github thread about this uh thomas just provided a very small subset that is detect, oid, detect, uuid and detect integer, which is an interesting choice, but from coming from one of the vendors who just used numbers there, and that is a te pa component, not a complete te identifier so and that's not including instances and groups and such so.

J

I think, uh looking at that corresponding work in rats tentatively, that is a korean, might yield a lot of interesting choices here and also, I think, represents the complexity of how to um represent uh hierarchies of composite class. Things to have the uh which again would be can be, could be classed by their own. Then uh um how complex that is so so yeah oid, uh all that is possible actually and- and- and I don't know if this complexity is required for etf. So that's that's my my take-home idea.

J

I think um maybe you don't need all of that, um but maybe maybe looking at this and having a subset of what is required.

H

So again, for other people in the queue here. um The thing that is the most useful is any comments on the top two comments on the bottom. One is probably the least important, because that's important only once you've agreed on the answers to the top ones, and so is it team specific or general? Is it profile, specific, vendor, specific or globally unique?

H

And I understand brendan's point is maybe the answer is multiple. If you have multiple purposes who knows, uh but that's the one I would most likely to get a consensus on, uh so we can get direction to um eat versus rats, sorry eat versus teep versus rats. I think a number of the rats community have argued that it should be prof up to the profile and could be done in teep.

H

I think previously tip assumed it would be global and be done on rats, but that was before this thread, and so that's why I wanted to spend some time on this. So eric you're up next.

I

Sure hi eric voigt coming over from rats. uh I definitely think it should be global. uh I do think there are parallels with profile. Certainly things like tpm, 1.2 and 2.0 are things that are useful to standardize the behavior of effectively what an api your behavior is. So the idea of having a union of behaviors sort of supportable here is something that is interesting uh on the text discussion as it should be a string.

I

I don't think we want to have anything like that, but I do think that there are values in having standardized options which people have agreed on on api type, as well as having some vendor extensibility for new types that are out there.

H

um Okay, um honest and then I'll uh give an exam if somebody else doesn't I'll give an example or two that came up on the list where I think uh lawrence gave one exam of things that might be up to the vendor or up to the profile and see what people think, but hannah's you're in queue go ahead.

H

Hey. um I hope you can hear me.

G

um I I'm trying to write the meeting minutes and it was difficult to sort of associate the responses of the commenters to the questions. uh Maybe maybe you could? Maybe you could summarize um like um what did you hear like? What did you get out of the the comments so far, so I can capture it in the meeting minutes for the for the benefit of others who are not on a call.

H

um I'm with you, so that's why I was going to ask some more specific questions, but uh I I had a hard time associating comments with specific questions too other than I think um uh brendan's. I I could where brendan's point was, uh there might be multiple types of class class identifiers so that one was pretty clear. um The uh hink is back in queue, so I think he's going to clarify his comments. The mic so go ahead. Hank yeah.

J

Apparently, as I understood afterwards, I uh replied to the least interesting one. It's the last question so so that there's that and also it is a lot of things, and it is a complex hierarchy. Tree.

H

Okay, all right, so uh the I'll I'll mention the two excel. I see eric you're backing queue. If you want to clarify yours, go ahead well, one other and the bolt two.

I

Value globally unique but vendor extensible, and there are ways of doing that.

H

Yeah, okay, so yeah eric's comments specifically on the second one, okay to support both, um which I gather as something there's many address space. There's many numbering spaces in iana that do that right that have a vendor extensible section reserved whether we're talking about numbers or strings or any other format. There's ways to do that so um so um examples that have come up on the uh on the list is things that are vendor-specific and uh I think lawrence gave an example um where his example was a generic example.

H

That says you know tesla, and so his was in the argument as to why a uh byte string is better than uuid, because it's more compact and accessible for constrained devices, because your class identifiers could be very short, much less than say. 16 bytes such as you know, tesla model s, 3, x or y would be an examples of say one byte things that are what vendor specific right, just translate that into te type or device type or whatever, instead of tesla. But your point is, you could have say one byte um identifiers.

H

That is really within the context of an oem id. The pairing of that plus, you know, a very small number of bytes is unique class identifier, that's a vendor specific one, so that was one example that came up on the list.

H

The example that I gave earlier is something that might be not vendor specific but up to a profile, which is, if you had a te type that could span multiple vendors, multiple oems, and so I mentioned trust zone which you could imagine. The same thing could be true for risk five, uh tes or whatever.

H

If there's multiple vendors that have the same te type and you have tas meant for that te type, regardless of which chip manufacturer built the chip right, just like in tpms right same spec, but many different tpm manufacturers right, and so um there was examples of why a class identifier might be profile specific, why it might be vendor specific and of course, uuids are just globally unique.

H

um And so, if you think about do, we need a registry of things that are well known, okay or not, because if it's up to the vendor, you don't need a registry right. If you have up to the profile, you need a registry right, um whether so we would need in the uh t profile if, if we have the class identifier values that are specific to t right, if keep says, here's the weight gives us space. You could register you want trust zone.

H

Here's the I enter registry to register a value for trust zone, that's vendor agnostic, and so uh what a people, because uh what we want to know is is this something that needs to be done purely in teep and rat, and there's no requirement on rats and rats can just have to eat, go forward without talking about this and say that's part of a t profile and we can add claims in there.

H

Okay rats would be fine with that right, that's something something we've talked about in teep, hence this discussion or if we say no, no, there's really nothing. That's uh type specific here. This is all generalizable and it should really be in the right in the uh eat, spec or at least in the rats working group, and so that's the most important. That's the top bullet here, that's the most important one, because uh in the next meeting right rats is going to try to decide.

H

Should we start working group last call on eat and kind of ignore this or have the discussion going on parallel or just leave it to t right. That's the what we want the feedback to rats to be for the next meeting. So now that I've clarified that and given some examples, anybody else have opinions on this, because otherwise, I'm going to summarize maybe a straw man from what I've heard so far.

H

Just to help honest okay, I think, if I were to put out a straw man so far based on list discussion so far, the path of least resistance might be to say that at least for now, it's specific to type and a t profile, uh but with a vendor extensible space. So to eric's point okay, in which case we keep would have to define a new claim. We would have to define a new say.

H

I enter registry for the values and a way for vendors to extend them and then the bottom bullet becomes a teat question and not a rat's question okay, but that seems to be the path of least resistance based on the thread so far. But since this is a different direction from what type has said so far, this is our chance to either change our minds or to stick the course or whatever so.

H

um But I think that's what I that when I saw the last responses from geary and lawrence, I think that was their conclusion, that they did not see any consensus that there was some generally applicable thing. But if you think that there is, please come to the mic and say so because that's probably the default path that rash, where the rats would advise us on.

H

If I'm reading the thread correctly,.

H

Nancy you're also a co-chair of rats. Anything else. You want to add that that would help the rats versus a deep discussion.

A

No, I think you you're stating all of the issues and I'm frankly, I'm I'm trying to make sense of of the email thread as well. I'm trying to figure out how we get consensus.

H

Okay, if I don't hear everybody come to mike, then I'm going to say that we don't have any other more strict guidance to rats other than sure we'll deal with it in a teep. If somebody else wants to argue that is general feel free, but otherwise, because kind of the the worst case uh danger would just be. We define something, that's keep specific. It turns out to be.

J

H

And now we've got two claims that do the same thing in the future: right. That would be the risk, and maybe that will never happen, but uh all right brendan.

K

Okay, I'll take them in order. It looks to me like it's a general problem, whether or not there's a this is a general solution. I don't know, but there's definitely a general problem. um You can see that because suit has identified the problem as well. So it's definitely not t specific.

K

um I think that class identifiers should be scoped by vendor or profile. I don't think they need to be globally unique um because in general you can't find something that has a class that's relevant for security or compatibility that doesn't come with either a vendor or a profile.

K

If you have, if you can come up with a counter example, then I'll I'll step back from that one, but I don't think that they can ever be globally unique.

K

I I I plead with you to please make sure that it's opaque and to enforce somehow that it's opaque and my preference is a uuid, because you can turn anything into a uuid by using the type 5 uuid which just hashes it and throws away a bunch of the bits.

K

So that's my preference, because it ends up being enforceably opaque, because the content actually just doesn't mean anything other than allow you to uh match it to something. You already know.

H

Thank you. um I think that was a very useful comment and thank you for explaining the rationale that makes a lot of sense to me. So I'm just going to repeat back what I heard, because I think I agree with everything that you said the only one.

H

That's I think debatable is the last one, but I tend to agree with you on it, and so I think the proposal is that the claim id right, meaning the the seabor integer number or label or whatever um is actually general and the values of it, are either vendor specific or up to the profile. So in other words, the eat, spec could say here is the well-known claim, but the values of it need to be specified.

H

One of the requirements for a profile is to you know, cover how the values are done, but there's still a way to do it for vendors and a way for the profile to find well-known values. I'm repeating back what I think your proposal is right um and then out of the values right, regardless of whether it's done by the vendor the profile, then it uh must be opaque.

H

Okay and uh you like uuid, specifically because it guarantees that it's opaque well and the other reasons too, even if it's a little bit longer, um if you're, trying to bite string or whatever the danger is, somebody would try to put structure in there and you wouldn't like that, and so uib actually enforces the annual peakness requirement. Did I get all that right sounds good to me?

H

Okay, but yeah. Thank you. The thank you for the technical rationales for all of those that was very useful.

H

Okay, anyone else have an opinion, because otherwise I'm gonna- I since I like uh brendan's, uh summary there um I'd like to uh see other any objections to that as the teep recommendation. As we go into the rats working group next, that the request for uh rats would be hey, can you define a claim um but uh leave it up to the vendor and the profile to define the values to go with the claim.

A

I I want to make sure we're capturing it in the notes. Well, as well.

H

Yeah I mean like oem id right, the oem id the the rest working group is not going to actually define the values of oem id right. It's going to define like a registry or something or a way, or it does right. It defines a way for you to figure out what goes in there right.

H

Remember if it's your your one of the other id numbering spaces already exist, but the point is that each spec doesn't enumerate the values right says: here's how to put stuff in there- and this is this case where it could say the profile needs to do that. Ayanna needs to do that whatever so all right, hank.

J

So um yeah, I think that t requires this, this uh opaqueness and everything they can transform to a type five uuid on the evidence side or at the station result side of things, which is fine, and I think brandon said the critical words because you know that. So, on the other hand, you have to know that, so that is something you that there, where a uu id might not be uh sufficient, but that's not a cheap problem. I think so. I would agree with.

H

Okay, is there any objections to saying that uh the the my summary of uh what brendan said is the uh consensus of those in the room? I'm not saying it is yet I'm saying: okay, would that be the consensus of the room? If you don't uh think that that is the uh consensus, you have a technical uh argument against that. Then please come to the mic, we're trying to form a consensus, so that is a proposed consensus. Do people um like that or not?

H

I don't know if you want to do a a call of hands on this one or just a uh since nobody's coming to the mic. If we just say that that seems to be the sense of the room right now so up to you, nancy.

A

Yeah I mean I could take a poll or um why didn't I do it? The reverse? If there are any objections?

A

Okay, but now I have to capture what we're doing consensus for.

H

I'm going to try to pipe um something into chat here. Each should do a claim, but leave values, to values to be defined by um vendors and profiles. Okay, that's the first piece: okay,.

L

A

Think that's separate from the actual format you can.

H

Put it into two of them: okay and then number two um uh value should be a uuid to guarantee.

H

uh Uniqueness now uh previously, what keep had said is the deep working group as a whole does not actually care which format? It is only that we care that it's unique and we would leave it to to uh rest to decide that um and so. Okay, there we go.

A

I don't know that I stated it well, but um it's close.

H

A

All right, I think we have.

C

A

um Okay, I'm gonna give it another minute, because we've got 48 participants.

H

A

Only 13 have voted.

H

And then I'm going to propose that that's really the only one that you have to call on, because my opinion is based, uh if the opinion of that one is that the the yes is the consensus, then the actual discussion, other ones is not a teep thing.

H

It's a uh it's a uh rat's thing on the bottom bullet here, the only thing that might be worth uh doing it is: do we agree that the value needs to be opaque right, as opposed to the value needs to be a uid or whatever, which that should be up to how they meet the requirement? That's just our preferences right now and that's a rat's working group discussion, but um does the value need to be opaque would be a fair way to ask the question.

A

Okay, well, I agree with you that that first we need to agree that it should do yeah.

C

A

A

Okay, so we only have one no vote, so I think we have a good consensus here, because we've got 16 positive votes. Okay, so I'm going to call it and I think we have guidance.

H

So, do you want to ask the other question just leave that to the rats working group and say to take the rest of the discussion into rats.

A

Well, let me let me.

H

A

The second one is, the value should be uh um okay,.

A

I'm just gonna say: should the value be opaque? Okay, where.

H

Uuid is opaque, uh a black blob may or may not be opaque, but we're not asking the question about the format about this is opaqueness an actual requirement from keep.

A

Okay, so I've started a new poll whether the value should be opaque.

H

That's that's looking pretty strong consensus there.

A

Yeah, I'm gonna give it another minute, though,.

A

This may actually help us move forward on the eat. Draft too.

A

Okay, I'm going to give it 10 more seconds.

A

Okay, I think we've kind of stabilized so, um okay, that one you have strong consensus on, so I think we're good to go.

H

Okay, let's go on to the next slide, then thank you all. This has been a very useful discussion to me so, uh but before we leave the eat uh section.

G

uh I recorded for the first question uh consensus for the second question on. Well, you should be a big, strong consensus and I don't think you did a ball on the ua uuid itself right or did I miss no.

H

I didn't correct I'm saying, based on the results of the other two. This one is a uh rats uh discussion uh that okay really doesn't care and that it should be rats that calls that question that teep.

A

H

You for capturing that thomas yeah next slide um nancy.

H

Okay, um so uh trying to finish out the eat stuff, the eat document section seven covers requirements for an eat profile. There's this long list of requirements there. Some of those requirements are covered in the t document right now like use of json sieber or both where we say it's only seabor like the second one from the bottom seaboard tags. We previously last. I have a discussion and we're not going to use the seaport tag.

H

It's just raw because you always know that it's uh a uh they always know that it's um a uh an eat uh and so on, but not all of them. So next slide, please, you can see that I said long list of requirements says if you're going to find a neat profile, you got to cover all those. That's what the new document says. Okay, so today, um not all of those are covered in the tea protocol, spec. How many of those are right?

H

So there's two ways to resolve this issue: one is we just cover the missing ones by putting those in the t, protocol spec, another possibility is to say we could separate all the eprofile stuff and put it into the same spec? Okay, because it's already in the t protocol the pieces of it that are answered right now. The default answer is the same spec, but I just wanted to verify.

H

Is there anybody that has an argument as to why that should be separated out into a separate spec things that could have been reasons for b that do not currently apply is, if you had multiple protocols that were all going to be using the same eat profile, but that's currently not the case.

H

It would be a separate spec. If say, there was a reason to implement the eprotocol without the e protocol without the without the eat profile. That's not the case or if there is a reason to say we need the tea protocol spec to go to rfc, while we're still working on it, because it's optional, that's also not the case. So all the reasons I can think of for b don't apply and so right now the proposal is we're going to address this by putting all the other requirements there into the actual heat protocol spec.

H

Unless there's any objections. Okay, if there's nobody that comes to the mic, we can go on to the next slide, because that will be what's not in draft 07. That would be in draft 08 as we got to go through the rest of that list.

A

Okay, you've got ira agreeing with you on the chat.

H

All right, thank you. Next, okay, now we're out of the eat section. Now we are into uh so thanks to those um who um oh interesting, this one is actually out of order. I meant to go to the suit ones next, but that's okay, I'll still cover this. I meant to cover. um Let's see we got half hour left, let's skip this one we'll come back to it. I want to get to the suit discussions.

A

Yeah, you have exactly 30 minutes left.

H

um Or a little bit less because you want to save the last, but but I I'll go as long as you can. Let's skip this one. I want to get to the suit ones, because if we don't get the optimization ones, that's fine! This is the optimization category.

C

A

H

This is what we're going here.

A

Okay, I'm fine giving you the time dave. I mean the only the only reason why I left the five minutes was to assess readiness for this draft. Okay,.

H

A

H

Okay, uh yeah there's two there's two ones that are purely optimizations and that last slide was one of them. If we have time I'll come back to it, but uh but the other category is since we got suit people here, let's go over the suit discussions. Okay other than akira already covered one of those, so uh draft 07 includes brennan's, manifest examples.

H

He went through that last ietf and so uh that's sufficient to answer issue 41, but uh last iatf brandon also provided suit reports and we walked through those last meeting and the suit reports have not been added into the t. Protocol spec right now, so that's issue. Number 170 is to take brennan's examples that we used in the ietf 111 meeting and put those in the appendix of the t protocol spec 2, which is where the manifest examples already appear.

H

So that's issue number 170 not going to talk about that, because brendan gave that presentation last time, uh then there are uh two other issues. um One is the one that um actually, I think that's the wrong number on there. Oh that's the issue number. He had the pull request number, but it's the same thing. That was a curious presentation about the three types of suit manifests.

H

We've already talked about that in the meeting, but there's another one that he had in the hackathon slide that I'm going to talk about now, which is um the one about deleting a trusted component suit manifest. So next slide.

H

Okay, so there's two interrelated questions here in this issue, as I read it: okay, this has to do with removing or in the suit working group. We call that unlinking right because it's actually removed when the last link goes away right, you're, dropping a ref count right. um The issue in the t uh github says removing, but we mean unlinking. Okay, two related questions here. First, one for a suit is: should a suit parser unlink, all the dependent manifests when you uh all of all the dependencies when you unlink the dependent manifest right.

H

So if a references b- and you say unlink a does that automatically unlink b um or presumably I'm guessing, the answer is only when the ref count on a goes to zero. Would you unlink b right, but that's the question? That's in the issue here and then the second question is um well: keep is a protocol for doing things, but what happens if you try to run some alternate thing like running. As you know, some admin or whatever outside of t protocol, is there a way to unlink stuff and what happens if you do that?

H

Okay, because if you do that, um you may be doing it without having a brand new suit, manifest that says to delete it. Is it possible to delete a component that was added through suit at suit manifest without having a suit manifest that updates it okay, or do you have to do it through a suit manifest? That's what q2 is okay and so option number one? Okay? Is you actually require having a new, manifest?

H

Okay, even if you're doing it locally, you have to construct a suit, manifest that bumps the manifest sequence number um and that's what actually the suit processor is. What drops the ref count right, so the only way to drop the ref count taken by suit is to have a new suit, manifest higher verge sequence number or manifest sequence. Number that drops the ref count right. That would be option.

H

One option number two point: one has mentioned the issue, but I don't think anybody likes this one, which is uh you could try to have some suit parser that tries to undo a bait. So if you have a local undo, then it tries to look at the suit manifest and figure out how to how to unlink and uninstall it according to all the correct stuff in general, this one just doesn't work with all soup manifest and that's why it's there for completeness but uh yeah exactly please, no screams exactly yeah, so that one is really.

H

We should cross that one off and everybody agrees. That's not it okay, but then the other possibility is. Should there be a uh suit uninstalled so that the same suit manifest they did the install said.

H

Should you need to uninstall this later without having to manifest here's, what you would do, and so, if you tried to do something locally and you didn't have to create a new suit manifest, so it's really between option 1 and option 2.2, and this is really a question for the suit working group to weigh in on other than um the tpu's case. Is you can see the the the analogy that the filer had is the equivalent of like apt, remove dash y foo kind of equivalent for like an admin on the machine?

H

Does he have to do that by generating a new suit manifest, or can you do that by uh by some other means, with the actual uninstall commands were embedded in the last in the actual install manifest? And so uh that's what issue 168 was filed against um by our japanese colleagues or at least one of them so feedback on this one, especially from suit folks like brendan.

K

H

C

K

The the issue that bothers me with all of this is a question of privilege. Well, actually, there's two there's two issues. The first is exactly: how do you obtain the privileges to invoke and unlink when you are not the signing author and that's out of protocol? That's out of document um it's out of manifest. The question is: how do you manage that when everything's done with manifests?

K

This is pretty straightforward, because you are expressing your authority through a signature, but when you don't have that this looks to me like exactly the thing that some attacker wants to be able to forcibly remove something from your system.

H

K

H

Comment on that and by the way the default answer is option one, and so the actual pull request tries to put in some text uh that just clarifies using option one. But it's interesting to talk about whether option 2.2 is an option or not. So to answer your question brandon. um uh My view is that option. 2.2 is not completely out of the question whether it's a good idea or a bad ideas thing, but and that's because in the teep architecture document okay, there is a trust, anchor store.

H

Okay, so the trust anchor store can have one or more keys in it. That's the keys that are used to uh like by the manifest signer, for example, right so things that are used to run against the actual tas. Okay, as opposed to they say you know the the signing of teap commands themselves, the sign of the suit manifests, and so there's one or more um uh trust anchors in the trust, anchor store. Okay, and so the question here in 2.2 that you might be worried about is.

H

Is it really the case that you have to have the same trust anchor signing the uninstall as sign the install? Do you have to remember which trust anchor did it or is it just any trust? Anchor in your store is the one that can do that and, if you think about like key rollover and so on, is that really a trust anchor id of the actual trust anchor? But if you, if you took a choice that says any trust anchor in the trust anchor store, was equally trusted.

H

Okay, then, as long as uh the local install comes from one of those trust anchors it does, it would not have to be the trust anchor that actually signed the suit manifest. I think that's the distinction between option one and option 2.2.

K

Yeah, so I think the the take that I have on that is that any equally privileged trust anchor should be able to to unlink a manifest. um I just on that topic. I thought we were originally doing. Unlink for components, but we now appear to be unlinking manifests that that was a somewhat unintended consequence, but I I think it works. So I mean that's all right, but we did originally discuss this as unlinking components rather than unlinking manifests.

H

uh I did not think of the distinction when creating the slide, so that may be an error on my part, but it's uh you're right to call it out. So.

K

um The the other factor here is that provide that the question is: where do the links come from in the first place? uh If you have installed this thing uh manually, then I guess there's a link that you can unlink if it hasn't been installed manually. If it's been installed by another manifest. How do you unlink it? Is that something you're even permitted to do so? There's a question about link tracking and where these links come from, you can't simply decrement a reference counter.

K

Every time you call on link, because otherwise you could call on link many times and then leave your system in an unusable state. You can only unlink a link you've created, which means that you can only say apt, remove something that you've apt installed. Otherwise, you break dependencies.

K

So I guess the question is: if you were able to locally install a component, then you should be able to locally remove it.

K

In that case, you probably want a suit uninstall section, not command section or command sequence rather, because otherwise, um that I don't see how you would do the unlink it I'm not sure how that would make sense. I I think you probably need to have uh an uninstall command sequence. It's I don't see another way.

H

Is that something you think that the suit working group should actually add into, and by suit working group we mean mostly you, as the editor would actually add into the uh suit manifest id? Is that what you're thinking based on this discussion.

K

H

K

Would have to go into the trust domains id uh because I think it's highly relevant to just almost entirely a situation where you have multiple trust domains uh where just to be clear, teep is exclusively a multiple trust domain kind of domain uh yeah. I think it might need to go there and- and I mentioned in the suit working group and I'll mention it again. If anyone else would like to come on and edit that document they are welcome.

H

So I guess what I'm hearing is that for now, teep should continue to go forward with option one, but that uh uh uh the 2.2 suit will uh consider that and discuss it. um And I see there's we got a couple of us uh suit co-chairs here um and so that would then uh be a new discussion. We would start on the t uh on the suit mailing list.

K

I think it would have to it's so I mean the history of suit meant that uninstall wasn't really a question. It was really just for install because uninstall was typically replacement. So the idea of explicitly uninstalling something was a bit foreign and needs some additional consideration.

H

Yeah and thank you for correcting the language here, as I was constructing the slide. It was uh jet lag this week and so yeah that really should say suit, uninstall section, even if the text and the uh issue number says command right now, but this section yeah say here's the directives to do an uninstall. Should you need to do an uninstall without having any other information other than the suit manifest again.

I

H

Okay, so uh I guess we will push that option, 2.2 discussion to the suit list and uh currently there's an open pull request that puts in some clarifying text. Assuming that option number one is the way that you have to do it, and so the clarifying text just says: here's uh here's! What happens when you have the largest to do this? You do you do it via new suit manifest, and so it wouldn't actually reference the option, 2.2 stuff and unless and until uh suit, actually put something in a document. That's referenceable.

H

A

I presume you wanted to move forward.

H

Yeah I see I were in q, though.

C

A

E

Are you actually uninstalling a component or are you uninstalling a manifest.

A

Ira, I I can't hear you.

H

I I could hear him very faintly saying: are you actually I'm selling a component.

A

Or a manifesto.

H

That was what I was asking. Yes, yes, and I think brendan's comment was it can either one he thinks would be okay, but I think that's a a question for uh for pursuit, but I think both possibilities are are are out there. Okay, thank you.

H

Okay, all right, um personalization data scenarios, I'm going to summarize where we're at with this one.

H

I don't remember if there's a separate issue number there may be- and I didn't put it on the slide, so personalization data scenarios that are talked about in either the architecture document of the the t protocol document and make sure we're not missing something here.

H

First scenario for personalization data is where the developer provides both the binary and the personalization data right, they're packaged separately in some way, because the binary is exact is identical. That goes to all the different devices. The personalization data is different. That goes to different devices right, but since that's why they're packaged separately, but the same entity in this case is the developer and a signs both of them case b. Is where uh doesn't matter what the developer did right.

H

The one that actually manages the device is the one that's the actual science of trusted signer right, so the device doesn't trust arbitrary developers, it trusts its own operator and owner, uh depending on the use case, whether it's an operator an owner and so that one provides the binary, maybe gets it from a developer vets it signs, it itself, generates personalization data and puts it on there. As far as the protocol is concerned, this is basically equivalent to case a right.

H

It's a it's, a different organization, maybe a different uh human flow, but as far as the code goes, a and b are basically equivalent right. It's the same thing: okay, they're indistinguishable to code basically option c is where they're different entities, so the developer might provide the binary and the operator owner provides the personalization data.

H

So, like the configuration stuff right, what's the set of keys to use or what's the what's, the names or what's the website to talk to or whatever it is right so and so that's where you have different cases and so uh in this exam in this case, um the way shown to do this is that there's a manifest for the personalization data that has the tc binary manifest as a dependency right.

H

So the the operator says you need to install this personalization data, the personalization data says well in order to solve this, I'm going to also install the tc binary right and that's so you can have many manifests that point to one you couldn't do in the other direction, because you'd have one manifest that points to many it'd be very, very difficult by comparison, and so this is what's in the appendix e.1 example. Today.

H

Those are all the variations that are discussed today. If there's any variations missing, then please bring up or file an issue or whatever, but I think that's what's covered in the document now. So unless there's any comments, the mic next slide. Please.

H

Okay, next one is the cypher suites question this was filed during the hackathon uh by I don't remember who, um let's see so today, the cipher suites in the document. Right now it defines a new registry that has two values in it, and it says the tam has to support both of them and the teep agent gets to pick its choice of either of those okay next slide.

H

Okay, uh okay, it was a sobe son that uh filed this okay, so uh during implementation uh it was pointed out that uh there's this one registry in deep in a different registry in um in uh slash cose and can't we just use the same one so that we don't have to have two different spaces and so could uh t just say to use the actual numbering space and values out of cose, and then that would simplify the code. And so this is an example of what the document might say.

H

This is copied out of sobazon's proposal, which is you know the typecozy algorithms is the cozy algorithm es256, so those the two that were on the previous slide and there's various other ones that are optional, but you can see the way that it specified it. It does not create a new registry, and so we would delete the registry if we went with this proposal, and the point is this: would simplify implementations and so uh any comments on this.

H

This seems like it's a good idea and akira briefly touched on this during his presentation, so.

H

uh I'm sure ayanna would like not having to have two registries and another expert or something so um unless there's any comments on this one. um Yes, uh thank you for clarifying. It's always son, uh optional, just means um picking from the existing coset registry right.

H

uh Let's see, I.

C

H

I see people going say plus one from ira long discussion from ben, but I don't see ben at the mike, so I don't know if there's uh anything that needs to be discussed with the mic ben.

H

If you don't come to the michael, it seemed like you just go on, but if you want to say something go ahead.

A

I think he's just clarifying okay.

H

Next next slide, then, because uh if there's no objections, then I think it's probably a good idea to simplify so um all right, so suit cipher, suites. Okay, now we're into the manifest right. The proposal from the suit meeting just fyi, if you weren't in the suit meeting, was the suit decided that hss lms is actually the must um ecdsa is a should and you may implement others. Okay and those are just examples of others that there might be, but there's the the boston they should.

H

Okay, that's fyi from the suit discussion um early on this week. Next slide.

H

All right, so the next issue, from a hackathon that's still related to suit, um is issue 104. Okay, so here the uh the developer creates a suit manifest that points to the tc binary that the developer created right. So he hosts it on his own share or wherever he has it right. So the developer creates his own suit, manifest okay. So now you have a case where the tam- or you know the owner or the operator- wants to override that uri okay example: okay, it wants to host the binary itself right.

H

Maybe the tam is a tan for devices that are not on the public internet right, and so it has a location, that's accessible to the devices where the public internet that original uri might not actually be reachable in that location. Right think, you know cruise ship space, whatever it is you're in some disconnected network or some uh connect network, where you don't have reliable connectivity to the outside world. Okay, so you want to host that uri. So how do you override that?

H

Okay- and so one way to do this- is the tam just creates a brand new, manifest? Okay with the tam is the signer okay, and so it just reconstructs that, because the uh trust anchor is the tams trust anchor that the device trusts, you could create a brand new, manifest that the team can construct using taking the original manifest doing a new version copying most of the fields replacing the uri and saying brand new one. The developer is actually not in the loop. Never even identified doesn't have to be anyway, and so off you go.

H

So this is a case that I think no document changes would be needed. If I understand that scenario correctly, um issue 105 is a way to say. Okay, is there a way to reduce the effort to say somehow reference the original, manifest and just override the one field and say everything else, I'm incorporating by reference? Okay, it's this other stuff, except for I want to override this one field. Okay, and so here the binary is still signed by the original signer right, not by the tam. The tam is signing the manifest.

H

It says that original signer is actually okay, okay, and I just want to update the uri, and so is this a good idea or a bad idea, or some better way to do this and I've seen brennan and q to answer this so go ahead.

K

So I think you may be missing a couple of other options that are available, which might be more appropriate, I'm not sure uh so. The first one is plain old caching. So as long as you don't use an https uri, there's nothing to stop you from just caching the binary on some local system. Then you just override it in your transparent cache and away. You go no problem.

H

uh You're saying push the binary down to the device and update its http cache to say, go and look here. I didn't get it through http. I just pushed it down and shoved it in the cache right.

K

No, no, not that uh I mean that's an option as well that wasn't what I was aiming for. What I meant is that in your own network infrastructure, if you have a transparent cache sitting around, which I'm sure a lot of network infrastructures, do uh you can use that instead and then you just override the http request and serve it locally. I I know you can't do that with https, but there's already at rest security on your uh if you're using suit encryption, so you might as well just use a cache.

K

uh It's a much simpler solution, and I realize that we don't talk about it quite so much these days, given that uh https has taken over. But it's still it's a simple viable option and it's actually kind of the point of having at rest security on firmware binaries.

K

H

One of the couple of their options was there, others.

K

Yeah there's another one, um so one of the changes to the the suit manifest that came cropped up over this one was the use of integrated payloads referenced by a string, and that was specifically so that you wouldn't have to do conversions from the uri to the the key in the integrated payload. But the offshoot of that is that you can use that as a precaching mechanism.

K

You can then take your uh your your target, binary, download it in advance, as your distribution system move it into the envelope of your manifest and make its uh its key in the envelope the uri that's already in the manifest and then when the device goes to look for it. It first checks. If there are any string keys and if one of them matches it takes it there and if not, then it uh then it goes out and attempts to do a fetch. So you can do transparent, pre-caching.

K

So that that might be relevant as well and, as you suggest, a device's local http cache might be relevant too.

K

So uh yeah I'll look through.

H

But I'm not completely follow the the last of your three, uh the last of your options. Here I only followed parts of that and so.

J

H

Be useful to uh write it up on the list. I see, we've got six minutes left, so you're welcome to try again or to just put the description on the list. That's fine too! So.

K

uh All it is is that, because you've got a a string reference in the suit envelope for integrated payloads, that string can simply happen to be the uri that's specified in the manifest that doesn't require signing authority to do it doesn't require anything you can just put it there.

H

So I guess this might overlap with that uh discussion. We had about uh examples to say: do we want an example we're actually doing that with the binary uri.

K

That would be helpful. Yes, yeah.

H

Okay, any other comments on this one.

H

Okay, thank you. Brandon, let's go on to the next slide.

H

All right um so uh accurate do we do you actually want to talk through this one right now or defer and go on to another topic? The question to akira.

H

If, if a cure, doesn't this is your chance, I see, uh uh can.

G

If you want to say, if you want to say something, you can also come to the bike.

B

Yeah, my mic wasn't working um yeah uh other topic. First yeah, it's yeah: this is, it doesn't have to be yeah. Okay,.

H

All right, then we can, we can go on and it's the same for can, if you needed to say something, feel free to come to the mic. Otherwise, we'll go on all right, so yeah. So now we've got to the last two. Let's go back to the one slide that I skipped before. That was out of order that was supposed to be after this one. So go back to right before the use of suit uh slide. There's the first of the optimization, slides and uh feel free.

A

H

Call time because this one is just optimizations, okay, yeah! Thank you this one. I.

A

Mean you've got three minutes left, so, okay.

H

Yep I got it, I I I see the clock but uh call time if you want so all right. This one says um you know today um in order to get a query response you reach out to the tam with an empty payload. The tam responds to the query response, and then you can finally with a query request and then you can send your query response.

H

You have this extra round trip, and so this question is this is purely an optimization, but if you already know the tam key or cert right, whatever you're using to authenticate uh the tam, could you send an unsolicited query response to avoid the extra round trip? Okay? Well, obviously, you can't do this if there's information that varies in the response, the in the request that you actually need to put in your response so like if you have a token like you're having a not stuff, your freshness mechanism is uh nonce.

H

Then of course you cannot do this okay, but given that we have possibilities of having other freshness mechanisms right, you can use the epic ide. You can use time stamp freshness mechanism, and so, if you had that, then there's nothing that actually appears in the query request. That's different from any other query request that you've gotten from it. Okay, and so um is it possible to send an unsolicited query response if the query request would contain no information that you didn't already have okay and so here's the proposal to address this.

H

Okay, that the teap agent may send an unsolicited query response to a tam if all three of the following conditions are true: okay, because if any one of these is false, then there's a potential problem. So here's the three conditions number one you've gotten a query request already from that tam and it contained no token or challenge, in other words, there's no fields that actually vary by things, because those are the only standard fields that vary right, there's nothing in it. That would be different from the one that you got before that right.

H

So there's, no, no fields that vary number two. Is that um it didn't send you a process error, since you got that query request, because in other words you, if you this one, is to cover the case where you sent an unsolicited one and something had changed. The tam said up. You know, there's some um error and of course the tam just drops it. There's no uh bad response and so process error is the notification from the local broker.

H

The http returned that the transport returned an error so like for return, error, 400 or 500 http. Then the broker sends process error up to 10 broker up to 10 agents right, and so this says you do not get an error from trying to do this before that's number two number three is that the tam search or key or whatever, is cached and still valid right, so you can only do it if you actually have all the information you need to authenticate to tam okay.

H

So this is the proposed that if all three of those are true, then it's okay to send an unsolicited query response, because the extra round trip doesn't actually buy you anything.

H

Okay, any objections, because the proposal is to put that into the next version of the spec. So and of course we try to implement that in in the uh implementations before next ietf, so at least one of them so all right hearing. Unless there's any comments, then I think we're out of time. We've got like one minute left, but I don't think we have time to go to the last to the last one: there's only one more stop.

A

I I was gonna say if you're done with this slide, I can ask the question to you:.

H

A

You you've got a bunch of these comments. You now have a way forward with the eat. Claims too. So I'm presuming you're gonna continue to resolve these. The question for you is the protocol. Spec looks to be maturing.

A

The question is whether um there would be value in us doing an early. I could ask the iot director to do an early review. If you see value in that after you, you generate a new revision by the way yeah.

H

If the, if you can go to the very very last lie, which is basically asking that style of questions um so skip any other content, slides just go to the very last one as you're asking that um the I think your question is, is it useful to have an earlier review say even before a working request call right- and I think you know that might be perfectly fine right. My hope was. We could get to a working group, less called capable state around iutf 113.

H

That might mean you know immediately after 113, but sometime around that time frame, um but starting early review. If there's things, I think that would be useful. Yeah.

A

Okay, well I mean so my question now that you've posted to 113. We could wait till 1 13.

H

I mean you saw, there's still gaps like uh filling in the rest of the requirements around the eat profile I mean. Hopefully there shouldn't be anything surprising there, but the text isn't in there right and so there may be gaps in the text as opposed to implementation.

A

H

That's why yeah and so right now.

A

H

We should start working group last call once the number of unresolved issues goes to zero right, and so whether that happens before or after depends on whether we keep filing new ones and implementation. So.

A

Okay, so um let's shoot for doing the working group last call in 113 um and dido and I can keep pulsing the number of issues that could get added. I.

H

Mean best case right: the issue number goes to zero. At the time of uh you know the internet draft deadline, you could start a working group last call that would terminate at iutf113. So that would be best case.

A

Okay, um honest so we're out of time, but hannes is saying we should maybe do a hackathon in december johannes. I encourage you to put that on the mail list and um we can figure out how we can move forward and making progress. So you guys have have done a great job in ironing out some of these issues. So thank you for that.

A

H

A

See some internet discussion on.

H

Hss lms, please put that in the list too,.

A

I missed that, yes, okay, I want to be respectful of people's time, so we I'm two minutes over. Thank you. Everyone, uh great progress to everyone, and until our next time, thanks again and thanks.

B

Thomas for.

A

B

H

We'll see a number of you at the uh rats working group session in a half an hour.

A

A

Akira, it's late for you and very early for me.

B

But for me it's okay, yeah still still 11 pm, not bad on friday.

A

Yeah I've been waking up at three in the morning every morning.

B

G

B

For me last, I did one was more difficult because it started from one two or three a.m and then, in the end, around six a.m and then in the regular office working hours started from eight eight or something yeah.

A

So that's that's what's happening to me. That's.

G

Great, isn't it because now you lose nothing from your regular workday.

H

A

That I I've been on calls until 5, 00 5 30 in the afternoon yeah. I don't know about that, and yesterday was a uh u.s holiday.

G

B

G

G

I think your boss will will uh reward this.

A

Well and so to add insult to injury, why am I well? I really should not use this as an excuse for why my slides were skin, slides, no.

G

It just it wasn't, because I'm awake.

A

My laptop died tuesday at around 11 in the morning.

A

So I finally brought it back to life around midnight tonight, so I've only been taking one or two hour naps. So I'm I'm looking forward to the weekend to sleep.

B

One thing I um I'm I'm, I really wasn't noticing, but I started to realize this having a whole week of the ietf, the last day um improves my english.

A

Your english is very good, akita and and you're right. If I recall from when we started with teep.

H

A

Has improved not that it was bad to begin with.

B

um uh Yeah, my english, not always this good, it's sometime, I don't know, what's the difference in my brain, sometimes it easily comes out. Sometimes it doesn't. But um if it's I don't yeah somehow.

G

Just think about how our japanese improved over the lifetime of this working group.

B

Yeah, japanese, is um I mean difficult for me too. I mean I I just I born in japan. I grew up in japan, but still yeah buddy yeah. I mean many of the engineers chose the engineering subject because they didn't didn't like language and literature class. I mean.

A

Well, I I could say that to be true for me,.

D

A

Much preferred the math and sciences than I did.

D

A

uh Yeah in the us they call them the liberal arts right so.

B

A

And history and yeah.

G

But nancy that maybe explains why our documents look the way they are and they will never reach the pulitzer award stage right.

A

Yeah, that's true, the truth comes out. Is that right.

A

All right, I'm gonna go get refill. My my bottle of water see you guys in rats.

B

Yeah yeah see you later bye.

G

Guys bye, everyone.

G