►
From YouTube: IETF112-RATS-20211112-1430
Description
RATS meeting session at IETF112
2021/11/12 1430
https://datatracker.ietf.org/meeting/112/proceedings/
B
I
I
just
described
the
deep
meeting,
my
hand
fell
off.
D
E
Assist
me
finish
this
yesterday
for
another
session,
while
my
son
went
wild
on
candy,
so
there
are
ways
we
can
manage.
Can
someone
please
volunteer.
A
C
A
A
Thanks
gary
appreciate
it:
okay,
thanks
to
both
our
scribes,
eric
and
gary,
so
just
a
reminder
that
this
session
is
being
recorded.
A
A
If
you're
aware
that
any
ietf
contribution
is
covered
by
patents
or
patent
applications
that
are
owned
or
controlled
by
you
or
your
sponsor,
you
must
disclose
that
fact
or
not
participate
in
the
discussion
as
a
participant
or
an
attendee
to
any
itf
activity.
You
acknowledge
that
written
audio,
video
and
photographic
records
of
meetings
may
be
made
public
personal
information
that
you
provide
to
ietf
will
be
handled
in
accordance
with
the
ietf
privacy
statement.
As
a
participant
or
attendee.
You
agree
to
work
respectfully
with
other
participants.
A
In
terms
of
online
meeting
tips
make
sure
your
video
is
off
unless
you're
cheering
or
presenting
mute,
your
microphone
unless
you're
speaking
use
a
headset
as
strongly
recommended
bullet
a
session
blue
sheet
is
automatically
generated
based
on
ietf
data.
Tracker
logins
chat
rooms
in
mideco
are
connected
to
the
jabra
chat
rooms
on
ietf
data
tracker
and
there's
more
more
information
here.
If
you
need
it,
just
a
reminder
of
the
code
of
conduct,
itf
participants
extend
respect
and
courtesy
to
their
colleagues.
A
At
all
times,
participants
have
impersonal
discussion
participants,
devise
solutions
for
the
global
internet
that
meet
the
needs
of
diverse
technical
and
operational
environments.
Participants
are
prepared
to
contribute
to
the
ongoing
work
of
the
group,
there's
some
information
for
access
to
the
various
meeting
materials.
It's
also
available
on
the
on
the
media,
echo
video
stream,
and
then
the
agenda
for
today
is
as
you
see
here.
A
So
unless
there
are
any
comments
or
requests
for
his
change,
I
think
we're
ready
to
to
jump
into
the
agenda.
A
So
first
up
will
be
a
a
discussion
regarding
overlap
between
attestation
results,
e
eat
and
attestation
sets
we've
in
the
previous
meeting.
We
have
had
presentations
on
on
all
of
these
drafts,
so
those
who
are
attending
the
first
session
should
be
familiar
with
them,
and
this
session
is
intended
to
have
a
conversation
around
what
the
overlap
is,
if
any
and
if
there's
any
work,
that's
that's
potentially
a
blocker
for
any
of
these
moving
forward.
G
A
Okay,
so
this,
I
think
that
this
eric
slide,
so
maybe
eric
if
you
wanted
to
just
talk
to
it
to
kind
of
get
things
started.
That
would
be
great.
G
Basically,
it
is
defining
claims
and,
as
you
know,
that
has
been
reviewed
many
times
and
draft
moriarty,
which
is
a
listing
of
what
sets
of
evidence
that
might
be
sent
from
an
attester
to
a
verifier.
G
H
My
understanding
from
the
eat,
spec
in
section
1.3.2
of
eat
spec,
explicitly
says
that
it's
not
just
for
things
coming
from
the
tester.
It's
also
for
claims
that
appear
in
the
attestation
results.
It's
a
generic
format
and
the
eat
spec
currently
covers
both
as
far
as
its
scope.
I
believe
that's
what
the
document
says
right
now.
Somebody
can
correct
me
if
that's
not
the
intent.
E
The
main
purpose
is
to
be
able
to
define
what
a
set
looks
like
right
and
that's
absolutely
not
covered
in
the
e
draft,
so
just
to
make
sure
that
that
distinction
is
very
clear.
This
is
really
to
set
up
a
registry
so
that
people
could
define
sets
of
local
attestations
that
could
be
sent
together
as
a
single
attestation
remotely
for
scale.
G
Separately,
all
right
so
looking
at
the
definition
of
the
or
eat
draft,
as
well
as
the
attestation
sets
to
answer
dave's
question.
The
text
in
the
draft
in
the
e-draft
does
say
that
it's
mostly
coming
from
a
tester,
then
the
later
section
says
there
are
new
attester
claims
that
art
might
become
from
a
verifier.
G
All
right
on
the
bottom
relationship
as
kaplan
just
talked
about
at
the
station
sets,
is
really
defining
types
and
sets
of
evidence
in
different.
I
Yes,
just
quickly
the
the
avoid
attestation
results,
discusses
identity,
claims
like
hardware,
identity,.
I
G
Okay,
we're
not
yet
talking
about
that
angle,
yet
between
the
top
and
the
one
on
the
left
we'll
get
to
that
one!
Next!
Okay!
Sorry!
If
I'm
off
there
any
comments
on
attestation
results
to
the
the
attestation
results.
Voip
draft
in
the
morality
draft.
Is
there
any
disagreement
that
there's
no
overlap
there.
G
All
right,
so
the
last
discussion
is
the
one
that
that
lawrence
just
pointed
out
is
that
there
is
a
draft
and
claims
in
the
eat.
Draft
on
identity
and
the
draft
void
attestation
results
has
types
of
identity.
G
So
in
the
left
draft
void
relationship
to
draft
rats
eat,
there
are
new
claims
that
could
be
taken
into
eat
on
the
attestation
results
and
there
are
identity
types
in
eat
that
could
be
used
in
embodiments
of
the
draft
attestation
results
that
would
be
used
for
secure
information,
interaction
models
and
that's
why,
on
the
very
left
hand,
side,
there's
a
something
that
says
subsequent
draft
embodiments
could
use
eating
coding
for
things
like
specific
identity.
Claims
of
the
types
that
are
identified
in
active
station
results.
G
J
J
Oh
yeah,
sorry,
no,
when
I
change
the
audio,
sometimes
it
skips
here
on
my
side,
sorry
yeah!
This
is
saying
I
yeah,
I
I
think
it's
a
little
bit
like
like
with
the
attestation
sets.
So
yes,
I
think
that
when
we
arrive
at
a
maturity
level
that
we
can
assess
that,
actually
we
can
use
identity
claims
from
each
if
they're
applicable
and
that's,
I
think,
the
the
reason
why
each
is
there.
J
So
we
can
reuse
generic
claims
that
are
relatively
universal
and
if
we
have
to
create
additional
claims,
these
can
be
in
addition
to
each
later
so
to
speak.
They
don't
have
to
be
in
the
each
core
document.
I
think
if
we
arrive
at
the
conclusion
that
there's
something
that
is
definitely
this
disjoint
and
still
about
identity,
I
think
it's
a
no-brainer
to
to
add
a
either
in
this
document
or
a
separate
document
next
to
the
information
model
that
we
actually
do
here.
J
Some
claim
definitions
so
they're
not
very
far
apart,
and
I
think
that
is
not.
It
will
be
complementary
and
not
conflicting.
We
just
have
to
make
sure
that
we
reuse
everything
in
each
that
can
be
reused
in
order
not
to
do
redundant
things.
That
would
be
bad.
G
All
right,
so
I
think
that's
a
good
point.
There's
lots
of
documents
and
lots
of
identities
out
there.
Certainly,
there
are
other
giraffes
like
draft
chen
rats,
te
identification
which
also
uses
identities.
So
there
will
be
a
lot
of
identities
that
can
be
tested
and
there
are
some
in
eat.
There'll
be
some
in
many
other
drafts.
G
It
doesn't
look
like,
there's
anything
normative
that
I
see,
that
would
be
a
conflict
in
the
existing
drafts,
I'll.
Let
the
others
jump
in
and
assert
their
own
thoughts
on
this
anybody
else
who
wants
to
jump
in.
I
think
the
answer
from
the
last
itf,
though,
is
no.
It
doesn't
feel
like
there
are
major
overlaps
in
normative
claims
between
these
drafts.
At
this
point
or
the
purposes
of
the
drafts.
A
Thanks
eric
so.
A
If
that's
the,
I
guess,
the
question
is
to
the
to
the
group,
you
know
that
are
are
the
various
concerns
that
some
have
had
about
overlap
addressed
by
this
conversation
is
there?
Are
there
other
aspects
that
we
need
to
discuss.
C
Yeah
this
is
gary
here.
I
I
had
a
question
directly
to
eric.
I'm
gonna
take
a
break
from
my
notes
and
then
I'll
transcribe.
My
question
as
in
as
a
as
a
eat,
co-editor
there
is
a
put.
There
is
a
pull
request
outstanding
on
on
attestation
results
and
lawrence
is
created.
C
G
Currently
that
I
would
agree
with
that,
there
is
what
I've
seen
with
the
software
result
and
the
stuff
that
has
gone
into
the
draft.
Recently
we
have
existing
claims
where
there
is
a
conclusion
about
that
claim
made
as
part
of
software
result
and
having
supplementary
verifier.
Approval
of
information
is
a
very
different
thing
that
what
draft
void
is
doing,
which
is
evaluating
the
overall
trustworthiness
of
a
device
itself.
So
it's
it's
very
independent
claims.
Yes,.
C
Just
as
a
follow-up,
so
you
would
have
no
objection
to
us.
It
has
incorporating
a
pull
request
and
and
bringing
that
to
bringing
that
particular
claim
in
to
eat.
G
I
think
that's
an
independent
question.
I
don't
know
if
I
would
want
to
see
that
I
don't
have
any
problem
with
it,
the
so
the
the
software
result,
but
I
think
it's
an
independent
question
on
whether
people
want
the
details
of
the
verifier
results
against
each
claim.
G
So,
if
you're
saying
that
I
I
have
no
problem
from
a
scope
overlap,
I
have
no
real
experience
in
my
use
of
verifiers
to
want
that
level
of
detail
in
a
relying
party.
Personally,
I
think
relying
parties
should
be
simply
relying
on
very
high
level
conclusions
from
a
verifier,
so
I
wouldn't
want
to
verify
a
reliant
party
that
is
really
looking
at
a
lot
of
detail
from
a
from
another
device.
D
G
And
that
is
an
open
question
that
I
don't
think
we've
addressed
as
a
working
group
to
say
what
are
the?
What
are
the
the
ways
these
particular
claims
interrelate
and
that's
a
very
hard
problem
if
we
want
to
go
ahead
and
try
to
pick
that
up.
I
do
think
that's
a
very
large
conversation
to
say
how.
How
do
we
make
sure
that
our
that
our
information
models
have
reasonable
ties
between
them
and
that's
how
I've
reframed
that
question.
K
I'll,
just
a
tail
off
of
guy's
comment
on
a
document
to
say
how
these
pieces
fit
together,
but
also,
possibly,
I
think,
it's
more
of
a
support
document
of
being
justifications
for
why
it
ended
up
this
way
in
a
way,
because
I
know
some
of
it
might
be
on
the
mailing
list,
but
some
of
it
was
through
discussion
and
learning
over
time
yeah.
This
doesn't
really
make
sense
to
put
these
two
pieces
together
and
why
they're
separated
now
so
five
years
from
now,
when
someone
comes
back,
why
didn't
these
two
pieces
go
together?
I
Okay,
I'm
gonna,
just
say
what
was
in
the
slide,
then
I
think
this
is
actually
really
important,
so
I
don't
see
attestation
results
as
just
one
thing:
there's
not
going
to
be
one
attestation
results
draft
there.
I
I
Annotation
results
could
be
like
eric's
draft
the
a
particular
conception
of
a
vector
of
eight
values.
Attestation
results
could
be
a
very
large
pile
of
claims
that
are
input
to
a
machine
learning
based
risk.
Engine.
Anastasia
results
could
include
certification
information
about
the
device
through
a
dloa
ethnic
attestation.
Results
could
be
in
eat
format,
so
eric's
draft
could
be
implemented
in
terms
of
eat
or
it
could
be
implemented
in
terms
of
yang
or
something
else.
Attestation
results
could
be
sea
war
or
json
or
snmp
or
xml,
or
all
kinds
of
things
like
that.
I
So
I
basically
see
the
relationship
between
eat
and
eric's.
Draft
is
kind
of
I
mean
whether
there's
overlap
or
not,
or
competition
or
not,
is
really
the
wrong
question.
The
the
point
is
is
like
it's,
a
the
the
relationship
is
a
little
more
subtle.
You
can
use
eat
as
kind
of
a
substrate
or
a
you
know
basis
for
implementing
eric's
draft.
It
can
be
the
basis
for
imp
for
attestation
results
in
some
other
form.
You
know,
maybe
I
don't
know.
I
Geary
defines
an
attestation
results
scheme
and
eric's
draft
could
be
also
done
in
snmp
or
yang,
or
something
else
right.
So
I
think
that
I
mean
one
of
my
one
of
my
requests
is,
it
would
be
if
eric's
draft
is
adopted,
that
it
not
be
called
attestation
results,
as
if
it
were
the
sole
solution
for
attestation
results.
A
A
J
J
So
I
was
a
little
bit
confused
on
the
list
because
I
thought
there
was
a
working
group
adoption
coil,
but
it
was
a
call
for
comments
on
the
adoption
and
then
there
was
an
actual
adoption
coil,
but
I
think
these
might
have
been
conflated
on
the
list
a
little
bit.
So
I'm
not
sure
if
there
is
an
actual
difference
on
participant's
side
here
at
this
visible
difference.
So
my
first
question
would
be:
where
are
we
right
now.
L
I'm
looking
at
the
mail
list
right
now,
hank
and
I'm
trying
to
see
if
there
were
any
comments
to
the
and
my
apologies.
If
I
didn't
make
that
clear,
because
I
did
put
out
a
call
for
adoption
earlier
this
month.
E
L
The
adoption
today
all
I
saw
was
a
comment
question
from
ned.
L
L
Yeah,
so
perhaps
the
question
we
should
be
asking
right
now:
hank,
you
have
addressed
the
comments
that
came
in
earlier
back
in
may
july,
right.
J
L
Sorry
all
the
authors,
yes,
okay,
so
let's
just
ask
the
question
now
then
question
is
whether
I
need
to
put
a
poll
for
adoption.
So
does
this
working
group
believe
this
is
important
work
and
we
should
adopt
it
as
a
working
group
document.
L
J
J
Yeah-
and
I
think
we
should
do
this
in
the
working
group
as
a
working
group
item-
I
think
that
is
not
a
single
author
team's
job
to
address,
because
because
this
is
basically
external
input-
and
I
think
that's
the
working
good
process
right.
L
Yeah,
so,
okay,
so
I
just
started
a
poll
so
whether
we
need
to
work
whether
the
draft
needs
work
more
work
or
not,
it
goes
to
the
question
of
do
we
believe
the
working
group
needs
to
be
addressed,
addressing
direct
anonymous
attestations
and
that
being
said,
whether
we
can
adopt
this
particular
draft
as
the
starting
point.
L
C
J
C
Let
me
let
me
put
it
another
way.
What
is
the
then?
What
is
the
purpose
we
already
have
that
we
already
have
specification
being
defined.
J
Yeah,
but
we
do
not
map
that
to
the
reds
architecture,
so
that
introduces
new
terminology
and
we
have
no
idea
how
to,
for
example,
place
the
daa
issuer.
Is
that
its
own
role?
Where
do
we
do
this?
How
does
it
work
with
subscription?
How
do
the
others
models
map
that
will
be
work?
That
is
to
be
done
in
this
document
here,
it's
very
unclear
how,
because
daa
is
is
just
this
is
basically
tpm
work
and
and
and
even
even
with
the
dice
relationship
it
is.
J
It
is
not
clear
whether
gets
architecture
how
this
should
work,
so
we
define
roles
and
conceptual
messages,
and
now
we
have
to
understand
how
would
these
roles
and
messages
we
have
to
modified
or
extended
to
support
daa,
and
that
is
already
covered
to
a
significant
extent
in
the
document
today,
but
as
ned's
comments
show,
there
are
still
some
parts
of
the
solution
that
we
do
not
cover
yet,
and
so
I
think
documenting
that
and
highlighting
how
this
works
in
relationship
with
the
architecture
is
fundamental
to
how
it
is
implemented,
then,
as
a
let's
call,
it
itf
interoperable
solution.
J
L
L
So
so,
if
we
can
just
move
on
roman
you're
in
the
queue.
M
Thanks
nancy,
just
for
the
in
the
spirit
of
transparency,
I
want
to
double
check
that
everyone
appreciates
how
we're
doing
the
consensus
here.
So
we
did
a
call
for
adoption
on
the
mailing
list.
As
far
as
I
can
tell
only
one
non-author
supported
it
and
then
what
we're
doing
here
now
is
confirming
what
we
tried
on
the
mailing
list
in
the
working
group,
and
the
poll
is
showing
us
that
13
or
I'm
sorry
15
folks
do
support
adoption
right.
H
H
Yeah,
I
just
wanted
to
add
to
what
hank
was
saying
in
response
to
the
question:
what's
the
purpose
daa
as
a
concept
is
not
specific
to
tcg,
although
it
needs
to
be
aligned
there,
we
also
want
to
specify
it
in
the
ietf
such
that,
if
you're
using
non-tcg,
related
use
cases,
you
are
still
capable
of
doing
daa
or
at
least
explains
how
you
can
do
daa
using
eats
and
the
rest
of
the
riots
architecture,
so
otherwise
completely
agree
with
hank's
answer.
But
I
think
that
this
is
important
for
the
working
group.
Thank
you.
L
Okay,
thanks
and
lawrence
just
put
in
the
chat
that
the
daa
needs
to
cover
more
than
just
tcg,
which
we
could
do
if
we
adopted
this
document.
Okay,
I'm
going
to
get.
A
Absolutely
yeah
so
we're
you
know
seven
minutes
over
so
but.
L
L
M
No,
that
that's
actually
why
I
wanted
to
kind
of
speak
up,
because
typically
we
do
it
the
other
way,
which
is
we
do
it
at
the
meeting,
and
then
we
try
to
confirm
it
on
the
mailing
list
and
what
we
and
then
you
sum
the
two
of
those
and
what
we
did.
What
we're
doing
here
is
the
reverse,
which
is
we
started
on
the
mailing
list
and
we're
summing
it
with
what
the
meeting
results
are.
M
So
to
me
you
know
it
doesn't
matter
which
one
you
start,
it's
a
it's
a
question
of
how
you
do
them
together,
so
we
don't
need
to
confirm
this
again
on
mail
list,
because
we've
already
tried
that
and
the
other
kind
of
key
thing
we
might
want
to
ask,
is
we
didn't
hear
any
objections
raised,
but
you
know
now
might
be
a
good
time
before
we
decide
to
adopt
it.
Are
there
any
objections
we
want
to
raise
here
in
the
mic
to
talk
about.
J
L
For
for
those
that
have
objections,
if
you
want
to
speak
now,
because
there
is
consensus.
D
Yeah
nancy,
this
would
be
quite
a
bit
of
work.
Wouldn't
it
you
know,
is
it?
Is
it
something
that
is
viewed
as
important
enough
in
to
the
larger
community
to
actually
put
work
into
it?.
L
So,
given
that
there
is
consensus,
I
believe
this
indicates
that
the
working
group
believes
it
is
important.
L
If
we're
running
low
on
time,
so
let's
ask
the
question
that
roman
post
on
the
chat,
if
you
can
post
on
the
chat
because
we
are
running
over,
would
you
volunteer
to
work
on
it.
L
M
I
I
think
this
is
good
enough.
I
mean
we're
demonstrating
that
up
one
more
to
say
so
in
the
chat
you
know
it's
just
we're
gonna
have
to
you
know,
I'm
I'm
sensitive,
as
mentioned
in
the
working
group,
about
having
enough
bandwidth
to
do
all
the
work,
all
the
documents.
At
the
same
time.
Maybe
the
follow-on
discussion
is
about
kind
of
sequencing
and
we're
this
where
we
should
push
the
energy
in
the
working
group.
L
Okay,
so
the
question
on
the
chat
has
been:
I'm
gonna
end
the
the
session.
What
does
it
mean
to
not
raise
hand?
It
means
that
you're
voting
no.
L
I,
like
dave's
response.
Okay
in
the
interest
of
time
we
we
are
adopting
the
daa
draft,
so
hank
and
the
authors,
please
convert
it
to
an
ietf
draft
and
you
have
for
those
who
raise
their
hand
that
are
willing
to
work
on
it.
Please
work
with
the
current
authors
of
that
draft
to
improve
it
all
right.
That
said,
let's
move
forward
to
the
next
agenda
item.
A
Concise
reference
integrity
manifest
that's
what
I
have
so
we
still
have
one
more
presentation.
Oh.
J
Not
joining
and
but
way
is
here,
okay,
but
you
give
away
it's
like
super
late.
Okay,.
K
J
Me,
let
me
go
into
this
here,
then
so
hi.
This
is
about
reference
integrity
benefits,
of
course.
So
we
have
a
mission
statement
here.
We
have
to
inform
and
verify
about
how
a
tesla
looks
like
the
initial
cut
we
have
here
included
is
the
the
og
reference
values.
J
I
think
the
the
software
results
in
in
the
new
claim
in
lawrence's
each
id,
for
example,
would
cover
that
when
kosovo
will
cover
that
we
have,
we
have
an
inclusion
of
verification,
key
material,
so
to
make
sure
that
this
evidence
is,
but
I
have
endorsed
values.
So
these
are
the
things
that
the
tester
really
can't
talk
about
itself.
I
don't
know
you
did
a
tester
without
the
camera.
Looking
at
itself
can't
tell
you
it's
green
yeah,
so
some
things
have
to
be
endorsed
from
the
outside.
These
are
endorsed
values.
J
Other
things
are,
for
example,
fips
compliance,
some
other.
What's
on
the
isolation,
qualities
of
a
t,
these
a
tester-
I
can't
really
tell
about
itself
because
they
are,
for
example,
are
the
hard
route
of
trust
that
kickstarts
all
of
these
trustworthiness
claims,
and
so
that
that's
of
course
in
here
there
are
future
steps.
But
in
the
interest
of
time
I
might
not
go
through
all
of
this.
J
I
think
that's
very
important
to
highlight
that
extensibility
is
key
here
and
we
have
a
a
vast
maybe
doing
that,
but
we
have
a
lot
of
places
where
we
can
add
ext
code
points
like
like
new
claims
that
will
be
defined
when
there's
more
each
claims
in
the
future
and
and
some
things
that
we
need
here
so
next
slide.
Please,
there
is
already
applicability
to
this,
so
in
tcg
this
was
taken
up
actually
and
they
have
adopted
the
information
model
over
there.
J
That's
interesting
to
the
layered
attestation,
as
these
endorsements
can
tell
you
at
which
sequence
which
environment
is
supposed
to
create
evidence
about
a
target
environment.
This
is
called
layered
attestation
here
in
rats
and
that
there
has
to
be
some
verifier
guidance.
How
how
that
makes
sense,
and
how
is
that?
J
What
might
not
make
sense
so
skipping,
for
example,
the
bootloader
in
in
this
chain
would
would
probably
be
fatal,
but
but
if
the
verifier
doesn't
know
that,
so
that
has
to
be
informed
about
that,
there's
also
a
profile
being
created
in
parallel
for
coram.
That
is
specific
to
the
rnpsa
solution.
That
sr
psa
token
id
in
in
here
in
this
working
group
and
and
the
psa
endorsements
is
so
to
speak.
The
other
side
of
the
coin
again
as
evidence
endorsement.
J
So
this
this
profiling
of
the
columns
back
in
parallel
level
and
and
the
the
use
of
it
in
tcg,
is
our
our
proof
of
concept
and
even
running
code,
and
then
I
can.
I
can't
really
tell
a
lot
about
this
yet,
but
there
is
a
tpm
based
evidence
project
in
the
enterprise
space,
but
the
reliable
party
is
a
responsible
party.
They
did
not
agree
in
time
that
they
can
disclose
anything
about
it,
but
stay
tuned.
That's
not
a
secret.
J
I
just
couldn't
refer
with
them,
so
so
we
I
think
we
show
or
as
always
early
on
running
codes.
The
reason
of
our
site,
of
course,
is
a
very
prominent
part.
There,
but
also
the
applicability
to
other
domains
we
can
show
with
other
documents.
This
document,
actually,
I
think,
is
an
embedded
team
for
public
review
and
will
be
out
in
I
guess
next
week.
Unfortunately,
so
we
can't
look
at
this
today,
so
next
slide,
please
there
is
yeah,
just
basically
I
spoiled
that
already.
J
So
this
is
not
here
yet,
but
if
you
want
to
have
a
look,
there's
of
course
not
only
the
id
we
incubate
most
of
the
stuff
in
in
github,
and
especially
the
cdda,
is
reused
and
on
for
different
ids.
Yet
so
the
one
the
cddi
is
used
in
column
and
for
the
profiling
of
corem
and
the
psa
endorsement.
So
there
is
a
synergy
across
multiple
documents
already
and
that
is
working
out
quite
well,
and
the
quality
increased
significantly
due
to
that
continuous
testing
next
slide.
Please.
J
So
yeah
these
are
all
the
pointers,
so
co-rim
is
is,
is
basically
the
bundle.
I
think
I
said
that
already
commit
is
the
heart,
via
hierarchy,
equivalent
to
code
smith.
Co
suite
is
a
file
system.
Specific
files
hashtag
results
from
from
its
claim
here.
These
are
typically
in
fire
systems.
It
was
hard
to
squeeze
firmware
in
hardware
components
into
the
file
system
concept,
so
that
made
commit
happen.
It's
a
concise
module
identifier.
J
It's
basically
the
complement
here,
so
a
firmware
that
is
not
located
in
the
file
system,
but
on
hardware
like
the
firmware.
That's
why
it's
called
the
bay
is
is,
for
example,
referenced
here,
and
we
have
of
course,
support
for
coastward,
as
I
just
highlighted,
there's
also
a
command-line
tool.
Thank
you.
I
think
thomas
was
had
deleted
on
that
that
you
can
create
columns
comets
and
kosovo's
respectively,
on
the
user
command
line
at
home
on
your
system.
J
When
you
have
the
right
tool
chain,
I
think
that's
really
useful
to
get
early
hands
on
again.
I'm
rushing
a
little
bit
through
this
because
we
lost
a
little
bit
of
time
here.
We
want
to
have
an
open
mic
still
in
the
end,
so
next
slide.
Please,
there
is
the
question
of.
Does
this
work
fit
this
working
group,
and
so
we
read
the
charter
extensively.
J
We
stared
at
it
hard,
and
so
I'm
not
sure
if
I
have
to
run
through
all
the
texts
here,
but
the
bolder
text
is
our
phrasings
from
the
charter
and
so
of
course,
describing
an
attester
to
a
verifier
is
standardizing
formats
about
assertions
about
the
systems,
components
of
a
test.
Styles,
it's
directly
associated
with
evidence
because
you
need
it
in
corresponding
to
evidence.
J
It
is,
of
course,
as
a
requirement
in
the
architectures,
sorry
in
the
reds
charter,
protected
and
and,
as
essence
would
be,
the
evidence
and-
and
it
is
intended
to
be
consumed
by
verifiers,
which
is
a
role
that
is
covered
in
the
architecture
which
is
and
curiously
is
not
covered
in
the
charter.
So
that
is
something
that
I
I
kind
of
forgot.
To
be
honest,
I
thought
that
the
verifier
was
named
explicitly
in
the
charter.
J
It
is
not,
but
as
we
send
as
we
focus
on
evidence
at
the
center
of
the
verifier,
I
think
it's
just
appropriate
to
to
do
the
compliment.
Also,
that
is
the
endorsement
and
the
reference
values.
J
So
so,
basically,
having
said
that,
all
the
really
important
things
here
that
is
that
this
is
feuding
definitions
into
this
work
are
the
supply
chain,
stakeholders,
so
everybody
who's,
building,
tes
or
components
for
trustworthiness
or
some
some
software
components
that
are
then
in
the
end:
a
testing
environment,
for
example,
running
in
tes,
again
that
these
are
authors
on
this
this
document
and
and
to
some
extent
again.
I
highlighted
this.
J
We
we
have
already
agreement
with
tcg
because
they
adopted
the
the
terminology
we
introduced
here,
specifying
identifying
systems
and
the
key
material
that
we
use
for
that.
So
so
that's
part
of
the
goals
of
the
chart.
That
seems
seems
to
us-
and
this
is
just
our
office
opinion
here-
to
be
in
line
with
the
charter.
The
next
slide,
please.
J
There
are
also
deliverables
defined,
and
I
think
it's
rather
simple
to
say
that
we
cover
deliberate,
two,
three
and
four
three
might
be
arguable,
because
you
would
have
to
check
the
use
cases.
I
just
referenced
them
by
by
number
here,
but
I
think
for
all
these
use
cases,
you
will
require
a
certain
supply
chain,
entity,
information
about
the
system,
components
and
yeah.
So
so
maybe
I
for
the
interest
of
time
I'm
not
restating
what's
in
the
charter
here
right
now.
This
is
just
our
let's
call
it
analysis
of
of.
J
Does
this
work
fit
into
the
current
charter's
scope
or
would
we
have
to
recharge
for
this,
and
our
assumption
is
well.
This
fits
more
than
we
even
expected
for
it
to
fit,
but
but
again,
of
course,
this
is
not
our
decision.
This
is
just
our
assessment,
so
that's
where
we
are
leaving
life
with
is
the
next
slide?
J
Can
we
do
a?
Can
we
do
a
working
group
called
for
adoption?
Actually,
you
can
see
the
ongoing
work
on
github
how
the
issues
are
handled.
Everything
is
very
transparently
and
open
there.
J
J
There
have
been
thrice
weekly
design
meetings.
We
hope
to
dial
that
down
a
little
bit
when
this
becomes
a
working
group
item.
But
again
we
are
used
to
this
for
like
a
year
now,
so
so
that
is
happening
and
yeah.
So
we
are
comfortable
with
doing
that.
The
charter
seems
to
allow
for
it,
and
so
now
I
would
place
that
question
first
to
this,
for
the
attendance
in
this
session
of
the
group
here
then
maybe
to
the
list,
but
but
maybe
some
early
feedback
here
would
be
nice.
L
So,
admittedly
I
don't
know
I
haven't
been
looking
at
this
part
of
the
github
hank,
so
my
first
question
was
to
ask
who's
actually
reviewed
it,
but
I'm
also
looking
at
the
open
mic
time
and
to
roman's
point
the
prioritization
and
importance
of
this,
given
all
of
the
other
graphs
that
we
need
to
progress
right.
L
D
L
D
J
That's
not
software
and
the
korean
is
the
bundle.
Coram
is
the
manifest.
So
it's
a
bundle
of
all
the
items
that
compose
in
a
hierarchy
or
maybe
even
inverse
things
on
your
composite
devices.
They
can
be
rather
complex
but
iot
devices.
Luckily,
so
not
you
need
at
least
a
commit
that
tells
you.
This
is
my
device
and
its
firmware
as
soon
as
you.
If
you
or
a
file
system
kicks
in,
you
need
to
go
suit
to
understand
if
its
layout
is
fine,
and
so
I
think
that's
the
relationship.
J
The
program
is
the
umbrella,
manifest
where
we
are
some
it's
it's,
it's
called
actually
the
the
the
the
crater
it
can
be
an
oem.
The
oem,
for
example,
could
re-label
other
hardware.
J
So
it's
so
opaque
identifiers
are
important,
as
we
already
established,
for
example
in
and
what
was
it
in
cheap
just
now,
and
so
so
yeah,
that's,
that's
the
korean
part
and
commit
again
is
the
hardware
hierarchy,
including
its
firmware
and
applicability
of
environment,
identification
and
then
in
this
environment
there
are
very
often
file
systems
and
these
file
systems
are
then
covered
by
cosplay.
Does
that
in
a
nutshell,
answer
your
question.
J
L
Yeah
all
right,
okay,
I
realized
we,
we
had
open
mech,
but
we
had
some
items
left
eric.
Is
it
quick.
L
So
so
we
have
two
open
items
that
we
started
on
whenever
it
was
that
we
met
on
monday,
one
was
we're
trying
to
assess
readiness
of
the
eat
draft
for
working
group.
Last
call
there
was
discussion
about
including
the
claims
needed
to
satisfy
teep.
L
I
can
report,
but
then
dave
I'd
like
you
to
also
elaborate.
L
L
H
Sure
so
I'd
put
this
on
the
list,
so
you
should
have
it
all
in
your
mailboxes,
because
I
put
it
in
the
break
because
teeth
met
right
before
rats,
and
so
I
put
the
conclusions
and
thank
you
to
all
of
the
rats
people
who
are
actually
there
in
the
teat
meeting,
but
not
all
of
you
were,
and
in
particular
gary
and
lawrence
were
not,
and
so
I
tried
to
represent
the
views
that
you
play
from
the
list
in
that
meeting,
and
so
the
takeaway
from
teep
is
that
t
believes
that
the
concept
of
a
class
identifier
is
not
type
specific,
and
the
recommendation
is
specifically
that
the
eat
spec
would
would
define
a
claim
but
leave
the
definition
of
the
values
of
the
claim
to
profiles
and
to
vendors.
H
In
other
words,
the
t
profile
would
be
responsible
for
specifying
a
specific
values
of
that
claim.
That
would
be
useful
for
keep
and
what
the
meanings
of
those
values
are,
and
also
to
that.
The
e
would
be
able
to
specify
how
a
vendor
gets
a
value,
in
other
words,
there's
a
way
for
profiles
to
get
values
and
a
way
for
vendors
to
get
values,
and
so
that
is
the
outcome
density
did
polls.
H
H
Please
and
the
request
to
define
a
claim
but
leave
the
definition
of
the
values
and
the
semantics
of
the
values
to
profiles,
and
it
would
be
fine
if
rat,
says
well:
okay,
here's
a
claim
and
the
profile
in
order
to
have
values.
Here's
the
requirements
for
that
profile
to
define
a
value
and
what
you
have
to
do
for
it,
and
so
that's
kind
of
my
summary
of
what
I
heard
as
the
outcome
of
the
polls.
So
thanks.
L
Thanks
dave
lawrence
you're
in
the
queue.
I
On
github
from
thomas
and
jeremy
about
this
that
I
don't
think
line
up
with
other
discussion
here,
so
I
don't
think
there
is
consensus
on
this
particular
claim.
So
I
think-
and
but
that
said
in
terms
of
working
group
last
call-
this
is
a
relatively
minor
issue.
I
I
I
L
Okay,
okay,
well
said
lauren,
so
that
said,
I'm
starting
a
poll
to
see
if
the
group
believes
the
eat
draft
is
ready
for
working
group
last
call
and
I
believe
lawrence
you
did
update
the
draft.
So
I'm
speaking
to
the
latest.
B
But
then
but
then
the
answer
is
clearly
no,
because
the
draft
12
is
already
in
the
pipeline.
C
Draft
draft
12
is
draft
12
on
things
such
as
the
class
claim
is
awaiting
consensus.
We're
not
ready
to
push
that
out.
We
will
push
out
of
draft
12
with
last
call
comment
resolution
as
well.
We
don't
need
to.
We
don't
need
to
push
it
out
right
now.
J
L
L
Okay,
so
it
looks
like
we
have
consensus
for
the
minute
takers.
Please
note,
since
I
my
laptop's
still
not
well
as
an
action
item,
the
chairs
will
do
a
first
working
group
last
call.
L
All
right,
so
one
down
the
second
one,
roman
I'll
I'll,
need
your
help
here.
Since
I
keep
not
clarifying
my
notes
too
well,
the
second
one
was
there's
been
questions
about
the
status
of
the
architecture
draft
we
went
through
a
working
group.
Last
call
I
want
to
say
we
started
that
last
year
we
had
a
whole
round
of
comments
they
were
addressed.
L
L
We
had
the
process
of
going
through
the
shepherding
as
part
of
the
shepherding.
L
There
was
some
ipr
issues
that
came
up,
and
so
I
tried
to
put
the
the
discussion
of
just
the
ipr
on
the
mail
list
to
ensure
that
there
was
consensus
that
we
could
move
forward,
given
that
there
were
two
ipr
claims
put
out.
So
as
far
as
I
believe,
if
I
can
speak
on
behalf
of
the
chairs
kathleen,
you
can
speak
up
as
well
and
roman.
You
can
help
me
here
too.
L
E
E
So
if
we
could
just
mark
it
as
two
weeks
from
there
and
then
a
shepherd,
I
will
work
with
nancy,
because
you
know
ipr
is
a
little
more
complex,
but
so
I
won't
work
as
shepard
in
a
box
on
that
part
and
we'll
come
to
agreement
on
the
feelings
of
the
working
group
and
then
we'll
progress
it
to
the
next
step,
which
is
pushing
it
to
the
iesg
and
then
for
working
group
last
call
and
then
the
area
reviews
can
kick
off
at
that
point.
E
L
M
I
mean
you
and
you
and
you
and
kathleen,
laid
it
out
exactly
right.
I
mean
I
would
just
reiterate
to
the
working
group
we're
through
the
the
technical
reviews
inside
the
working
group.
We
just
tripped
over
this
ipr
issue,
and
so
now
is
the
time
that
the
working
group
should
raise
objection
or
provide
concurrence
that,
despite
this
new
information
related
to
the
ipr,
you
are
still
interested
in
the
document
proceeding
forward
or
wait.
M
It's
going
to
be
a
longer
conversation,
so
this
could
be
as
short
as
advancing
the
document
to
me
by
you
know,
early
early
december
late
november,
or
you
know
it
could
be
a
longer
conversation.
Let's
just
sort
this
out
in
the
next
kind
of
week
and
I
believe
with
the
two
week,
call
we're
going
to
close
it
next
next,
at
the
end
of
next
week,
that's
correct.
L
L
We
can
put
on
the
main
list
the
call
for
adoption
for
the
the
other
attestation
results
and
at
the
station
set,
so
that
one
we
can
put
on
the
mail
list,
and
I
think
with
that
we
can
close
the
meeting.
Thank
you
everyone
and
for
anything
else
that
you
want
to
take
up.
Let's
continue
that
on
the
main
list
as
well.
E
Thank
you.
Everyone,
a
big
thanks
to
you,
nancy
handling,
most
of
this
because
of
the
other
chairs
having
conflicts.
So
thank.