►
From YouTube: IETF-SCITT-20230320-1600
Description
SCITT meeting session at IETF
2023/03/20 1600
https://datatracker.ietf.org/meeting//proceedings/
A
B
B
B
But
I
think
it's
it's
time
to
get
started,
so
this
at
this
conference
call
I
wanted
to
at
least
have
a
chance
to
speak
about
the
upcoming
IDF
meeting,
which
is
next
week
and
to
talk
a
little
bit
about
the
agenda.
I
have
posted
emails
today
to
the
list
showing
a
a
very
brief
agenda
that
I
put
together.
So
we
have
something
online
which
of
course
includes
the
architecture
document,
the
use
case
document
and
the
other
the
receipt
document,
but
I.
B
It
would
be
nice
to
allocate
speakers
to
those
presentations
as
well
as
have
a
rough
indication
on
the
time
slot
needed
for
each
of
them
and
then
equally
important
to
actually
know
what
issues
we
want
to
tackle
during
the
meeting.
B
B
Before
you
search
for
this
I.
C
No
no
I
have
the
loads.
That's
not
a
problem.
I'm,
just
figuring
it
out.
How
do
I
ask
for
request,
sharing
permission
on
IDF
I,
keep
forgetting
this
presentation
view,
or
how
do
I
ask
permission
for
data
tracker
request
to
ask.
B
Information
on
the
on
the
left
hand,
side
there's
the
panel
at
least
on
for
my
for
my
version
and
then
you
can
do
share
screen
next
to
sort
of
like
the
microphone
and
the
camera
and
so
on.
B
But
also
quite
important
is
the
question.
B
With
yeah
I
I,
don't
see
it
what
you're
sharing
but.
B
C
C
To
it
yeah,
okay,
yeah,
here
we
go,
everybody
should
be
able
to
see
the
agenda
now.
A
B
Not
yet,
but
why.
B
That
and
do
we
know
who
is
going
to
be
at
the
meeting
so
because
that's
quite
important
from
for
the
presenters,
obviously
I
think
it
would
be
good
to
have
a
number
of
the
presenters
be
in
the
room
to
discuss
something
rather
than
having
everyone
presenting
from
remote.
B
E
Okay,
I'm
audible,
that's
awesome,
I'm
in
a
weird
Wi-Fi
in
Sweden,
but
it
works.
That's
great,
so
I
will
be
in
Japan.
Yes,
okay
and
I
can
be
a
far
back
for
any
kind
of
presenter.
E
I
think
some
time
zones
suffer
from
time,
zone,
Divergence,
I,
guess
and
and
I
I
don't
want
to
impose,
but
I
could
do
the
architecture.
Presentation
I
can
also
I
would
also
gladly
relinquent
visit
to
Steve
if
he
feels
comfortable
with
attacking.
A
B
A
Simple
just
to
get
on
a
meeting
and
just
coordinate
it.
It
was
walking
around
with
a
laptop
constantly
meeting
in
the
bar
or
table.
Wherever
else
we
can
get
people
together
so
as
much
as
I
would
love
to
help
without
being
on
site.
I.
Don't
think
it's
practical
for
me
to
facilitate
this
at
this
time,
but
I
can
throw
it
together
a
template
and
put
together
some
stuff
taking
what
Honda's
had
here,
but
filling
in
all
the
content
on
the
daily
basis,
leading
up
to
the
actual
presentation.
F
I
will
be,
and
I
can
cover
the
architecture
of
the.
A
A
Great,
who
else
is
from
our
group
going
to
be
there.
H
C
I
have
permission
to
join
remote,
so
I'm
happy
to
kind
of
present
anything
remotely,
but
I
I
cannot
certainly
travel
to
Japan
yeah
yeah.
B
B
That's
that's
excellent,
Steve
from
the
architecture
document.
Do
you
have
specific
issues
that
you
think
are
worthwhile
to
spend
time
on.
A
Some
of
the
pieces
that
were
coming
up
most
were
understanding
the
core
concept
of
what
skip
provides,
which
is
that
verification
of
an
identity
related
to
content.
So
I'm
not
sure
if
we
want
to
focus
on
that
as
the
core
part
of
the
presentation
that
basically,
you
submit
something
to
skit,
the
identity
is
verified
and
as
long
as
the
verifies
identity
gets
endorsed
or
notarized,
or
maybe
that's
the
piece
that
we
want
to
focus
on
and
then
the
content
comes
out.
That
was
one
part.
That
I
think
we
wanted
to.
A
Try
to
you
know
ratify.
Is
the
right
word
on
on
getting
that
solidified
there
and
then
the
other
was
the
conversation
related
to
the
Merkle
tree
formats,
because
that's
the
other
one.
That's
coming
up
that
Hank
had
been
facilitating.
A
B
So
you,
you
mentioned
the
identity,
that
would
you
call
the
terminology,
a
separate
item
from
the
identity,
because
that
was
also
something
Ray
put
forward
with
his
diagram
I
think
we
had
a
lot
of
good
discussion
there
is
that
is
that
what
you
meant.
A
Yeah
I
think
you
know,
raise
diagram
kind
of
helps,
zoom
out
to
put
perspective
to
the
pieces
that
we've
been
talking
about
and
we've
that
helped
facilitate
some
of
the
conversations
in
the
latest
merger
I.
Think
when
we
talk
about
the
architecture
doc,
what
is
the
Core
Concepts
that
we
want
to
participate?
A
You
want
to
convey
and
what
I've
heard
us
solidifying
around
and
trying
to
get
a
little
more
understanding
is
the
notarization
of
content
so
that
it's
not
just
any
ID
goes
in
identity
of
a
statement
is
submitted,
the
registration
policy
is
evaluated
and
as
long
as
the
identity
is
verified
in
the
registration
policy
is
is
validated.
The
statement
is
placed
on
to
the
log.
I
was
hesitating,
I
was
making
sure
to
get
the
right
terminology
and
that
process
we've
been
discussing
or
it's
been
discussed
on.
What
should
we
call
that?
A
A
Don't
think
that's
what
the
architecture
reflects
today,
so
we
can
certainly
bring
it
up
if
you'd
like,
but
that
would
be
so
I'll
wrap
up
real
quickly,
so
I
think
one
is:
do
we
want
to
just
affirm
that
that's
the
process
of
what
we
think
the
skit
register
skit
service
represents
and
then
do
we
want
to
put
time
into
the
Merkle
tree
conversation
as
the
new
ID,
that's
coming
in
so
with
that
I'll
stop.
B
Okay,
now
I
have
a
couple
of
people
in
the
queue
I
I
tried
to
sort
of
note
that
I
I
created
three
bullets:
emergency
the
identity
and
I
call
it
terminology,
slash
building
blocks,
but
okay
go
ahead.
H
Yeah
just
a
quick
comment
on
the
terminology.
It
might
be
useful
to
identify
what
things
we've
resolved
since
the
last
meetings
and
then
what
things
are
still
open,
because
we
did
make
progress,
at
least
on
the
resolving
statement
versus
statements
and
claims
and
and
we
still
have
an
additional
terminology
around
what
we
call
The
Ledger,
slash
transparency,
service,
log.
A
People
queue
up,
do
we,
so
this
is
what
we're
just
talking
asynchronously
about
of
from
now,
until
the
meeting
and
through
the
meeting
do
we
want
to
continue
to
thrash
on
the
terminology
or
use
the
current
terminology
in
the
dock.
Just
so,
we
can
make
progress
on
things
outside
of
that
terminology,
because
I'm
afraid
we're
still
in
this
cycle
of
debating
terminology,
as
opposed
to
the
larger
scope
of
what
we're
trying
to
achieve.
B
All
right,
yeah,
I,
think
I.
Think
the
the
discussion
about
the
terminology
turned
into
a
a
question
about
better
understanding
about
the
individual
building
blocks
or
components
are
and
I
think
that
was
a
that
was
a
good
discussion,
and
maybe
we
should
finish
that.
Then
it's
easier
once
we
know
what
the
building
blocks
are
and
what
the
semantics
is.
B
It's
easy
to
give
them
some
names,
or
at
least
easier,
so
yeah
with
I
I,
wouldn't
so
we
can,
of
course,
if,
if
you
guys
make
some
progress
on
this
till
the
meeting,
that
would
obviously
be
great.
But
the
meeting
is
already
next
week,
so
I
wouldn't
expect
the
miracle.
Suddenly,
okay,
the.
G
Oh,
thank
you,
honest
I,
I'd,
like
to
just
make
a
recommendation
that
we
put
more
emphasis
on
the
purpose
of
skit
and
by
that
I
mean
it's.
It's
really
to
provide
a
higher
degree
of
transparency
into
the
software
supply
chain,
trustworthiness
for
consumers
or
the
people
who
are
going
to
be
using
software.
So
that
would
be
my
recommendation
is
that
we
we
make
that
a
much
clearer
aspect
or
clearer
in
the
document
in
the
architecture
document.
Thank
you.
B
Okay,
yeah
I
I
think
in
general,
like
if
we
hand
over
the
document
to
someone
who
is
completely
new
to
skit.
Ideally,
they
should
be
able
to
understand
the
use
case
and,
and
the
architecture
document,
at
least
to
a
certain
extent
like
if
they
don't
understand
the
problem.
Obviously
there's
an
issue.
G
B
We
can
definitely
ask
some
some
people
who
are
not
part
of
this
conversation
to
review
the
the
current
document
versions
and
to
give
us
some
feedback.
I
think
that
would
be
extremely
useful.
If
you
know
someone
I
know
some
people
I
will
I
will
do
that
yeah.
That's
a
good
good
idea,
thanks
dick
Hank.
E
Yeah
hi,
this
is
saying
several
comments,
so
at
the
very
beginning,
I
heard
Cedric
is
a
good
candidate
for
the
architecture,
presentation
in
general
and
I.
Think
K
is
a
good
candidate
for
the
presentation
of
the
use
cases
in
general.
I
agree
with
that.
E
We
are
not
alone,
so
everybody
can
help
to
the
point
of
now
I'm
splitting
to
the
point
of
creating
presentations
and
the
meeting
is
next
week.
We
will
be
very
verbose,
email
wise
on
the
list
towards
that
goal
of
having
slides
that
everybody
is
not
surprised
by
at
the
meeting
I
we
can
start
early,
but
I
think
the
hackathon
is
one
time
frame.
It's
Saturday
and
Sunday
in
Japan,
where
we
can
polish
and
and
Tinker
the
slide
still
and
I
think
we
have
to
very
have
a
boss.
E
That's
not
just
three
people
sitting
at
the
table,
doing
it
like
in
secret,
but
we
want
to
push
ideas,
questions
to
the
mailing
list.
I
know
it's
a
weekend,
but
for
it
you
have
the
hackathon
weekend
is
basically
the
the
hardest
work
apart
then
talking
about
the
architecture.
I
think
Cedric
can,
as
is
an
excellent
choice,
to
to
just
convey
the
whole
thing.
Where
are
we
at
what
are
the
current
issues?
What
are
we
doing
here?
E
So
now,
I
think
I
start
to
assume
that
the
architecture
has
to
additionally
take
on
that
task
of
of
telling
the
story
of
how
these
tiny
building
blocks
that
we
are
building
actually
are
to
be
utilized
to
build
bigger
systems
and
I.
Think
that
something
should
there
be
a
point
of
discussion,
a
long
discussion
at
the
IHF
meeting,
maybe
half
an
hour
actually
so,
just
as
a
proposal
as
a
discussion
plan
and
I
just
looked
at
the
agenda,
that's
my
final
comment:
cozy.
E
E
The
receipt
first,
get
potentially
with
an
air
code,
just
become
a
profile
of
that
idea
and
cozy,
and
luckily
cozy
happens
before
skit,
so
I
think
a
report
from
the
Cozy
working
group
with
respect
to
that
context
of
the
receipt
ID
in
skit
is
an
order
so
whoever's
doing
that
should
basically
come
there
and
say,
oh
by
the
way,
cozy
hated
it
or
whatever
you
know,
because
he
loved
it
I
don't
know
and
then
go
from
there
and
that
and
that's
all
I'm
gonna
say.
B
I
Okay,
hi
thanks
all
right,
so
one
thing
I
ran
across
this
last
period
of
time.
I
guess
last
week
is
the
use
of
the
word
trust
versus
trustworthy
and
trustworthiness,
I
notice,
I
I,
thank
dick
for
saying,
trustworthy
versus
Trust
trustworthiness
and
then
so
that's
one
thing:
I
just
wanted
to
bring
up
that's
a
good
way
to
kind
of
try
to
dodge
the
issue
of
of
the
sort
of
emotional
thing,
which
is
trust
versus
being
trustworthy,
which
is
more
of
a
more
of
a
you
know.
I
Deterministic
thing
so
I
just
wanted
to
say
that
I'm
not
going
to
go
to
Japan
I
would
love
to
because
I
love
Japan,
but
I'm
not
going,
and
secondly,
so
I
may
try
to
participate
remotely
if
I
can,
but
regarding
this
high
level
diagram
which
I
I
don't
want
to
try
to
make
that
be
a
any
kind
of
a
you
know,
handcuffs
or
anything
to
to
force
anything
but
I
want
I
I
think
that's
important
to
point
out
the
difference
between
what
the
registry
produces
in
terms
of
of
evidence
and
creating
some
sort
of
a
final.
I
You
know
determination
about
whether
something
is
can
be
trusted
or
is
get
a
big
green
check
mark,
which
may
actually
require
some
form
of
artificial
intelligence
evaluation.
At
that
point,
and
that's
not
part
of
the
registry.
Second.
B
Thing
May,
I
I'm,
trying
to
sort
of
I
think
you
tried
to
convey
an
important
point
about
your
diagram,
but
I
wasn't
quite
I
didn't
quite
got
for
the
meeting
minutes.
I
Okay,
so
so
on,
this
sort
of
you
can
remember
the
diagram
on
the
right
side,
where
of
course,
where
they
were
the
people
viewing
into
the
into
the
registry.
Looking
at
it
not
submitting
data.
Just
looking
evaluating
the
data
that
the
evaluation,
the
final
evaluation
of
of
the
evidence
would
not
be
you
know,
inside
the
registry,
that
would
be
something
that
would
be
done.
I
Add
another
layer
and-
and
so
this
was
something
I
that
I
briefly
said
just
that
there
were
two
layers,
but
that
that
I
think
is
an
important
thing,
because
you
know
I
I
really
respect
it.
The
position
that
dick
is
bringing
to
the
meeting
where
he
wants
to
have
that
final,
big,
green
check
mark
but
I,
don't
think
that's
part
of
what
the
registry
necessarily
provides,
and
so
I
was
trying
to
point
that
out
on
the
diagram.
I
Did
that
clarify
it?
For
you
honestly.
B
Definitely
I
think
it
also
lines
up
with
what
tank
has
previously
mentioned
about
this
idea
of
like
describing
the
building
blocks
to
create
the
bigger
systems
so.
B
Definitely
a
longer
conversation
I
think
it's
a
good
conversation
to
have
so
we
should
definitely
allocate
more
time
to
this
yeah.
I
So
on
one
other
point:
I
wanted
to
make
as
I
was
thinking
about
this
diagram
and
and
what
is
the
registry
or
a
log
append
Only
log
of
people
I
think
is
a
pretty
popular
way
to
say
it
and
if
you
can
have
any
other
like,
if
you
can
have
say
skit,
Registries
somewhere
else,
and
that
you
would
say,
okay
well
we're
going
to
allow
these
to
be
distributed.
I
Then
you
could
also
say
this
get
registry
could
just
have
one
item
in
it
and
that
could
be
distributed
and
then
then
the
the
final
point
is:
why
not
have
everything
just
have
one
item
in
it
and
not
have
some
sort
of
centralized
registry,
so
I
think
we
need
to
think
through
because
I
don't
know
the
answer
to
that.
I.
I
Don't
know
why
exactly
maybe
there's
some
very
good
rationale:
why
an
append
Only
log
it
or
Ledger
these
kind
of
things
is
necessary,
maybe
they're
not
and
if
they're
not,
then
then,
maybe
it's
better
to
have
a
more
highly
distributed
concept
and
and
I,
and
so
that
may
be
too
much
to
tackle
in
this
one
meeting.
I
But
if
you
had
additional
time
thinking
about
what
we
need
like
this
append,
Only
log
is
a
popular
thing
to
say,
but
do
we
need
that
and
and
again
if,
if
it
can
be
one
item
in
the
log
and
that
can
be
distributed
and
you
can
have
distributed
logs,
then
why
not
just
start
with
and
say
that
they're
all
they
all
just
have
one
item
in
them
and
now
work
back
from
there.
Okay
enough
from
me,
thank
you.
G
J
We
can
okay,
so
a
couple
of
things:
I
guess
the
first
thing
I
think
I
just
want
to
observe
is
that
the
queuing
system
with
raising
of
hands
is
quite
fair
and
that
everybody
has
to
get
in
line.
But
I
do
think
that
somebody
should
declare
themselves
king
or
queen
and
run
an
agenda
because
we're
taking
too
long
I
think
to
get
through
these
various
points
and
I.
J
Think
a
little
more
structured
discussion
would
be
a
way
to
you
know
to
kind
of
put
a
pit
in
these
things
and
and
move
on.
So
that's
my
that's
my
sort
of
meta
suggestion.
The
second
thing
is
I
guess
I
have
a
question
which
is
going
to
be
followed
by
some
comments.
Who
is
the
audience
at
this
meeting?
Is
this
just
another
I
mean?
Is
it
going
to
be
similar
to
this
meeting
or
is
it?
Is
it
some
larger
population
that
will
have
influence
or
how?
J
What
is
the
the
Japan
meeting.
B
Yeah
purpose
of
nature:
yeah,
it's
a
it's
a
wider
audience,
so
people
who
are
at
the
meeting
can
will
drop
in.
So
there
will
be
a
large,
a
larger
number
of
people
like
how
you
have
to
look
it
up,
but
maybe
last
time
we
had
150
people
or
so
in
the.
B
It
it
definitely
helps
on
one
hand.
Of
course
we
want
to
get
people
who
haven't
followed
the
discussions
on
the
same
page
or
at
least
get
interested
in
the
work,
but
on
the
other
hand,
we
also
want
to
make
some
progress.
So
there's
the.
H
J
Yeah,
okay,
so
so
here
are
my
comments,
then
so
the
first
one
is.
We
have
yet
to
have
the
debate
about
the
identification
and
what
we're
going
to
allow
there.
We
originally
specified
Cosi
and
there
I
mean
I
personally
feel
that
that
we
need
to
expand
that
just
to
you
know
kind
of
give
a
nod
to
what's
really
going
on
in
Practical.
World
second
thing
is
the
idea
of
the
miracle
tree.
It's
kind
of
inherent
with
cozy
and
I
think
we
have
moved.
J
D
J
D
J
Good
question
I'm
not
sure,
but
bottom
line-
is
that
we,
you
know
if
we
restrict
I
personally,
don't
know
of
any
use,
that
of
any
use
case.
That
cozy
is
active
in
right
now.
Perhaps
there
are
many
right,
but
I
know
that
it
is
not
the
dominant
way
of
describing
identity.
And
my
question
is,
you
know:
do
we
want
to
lock
ourselves
into
something?
That's
yet
to
achieve
wide
adoption?
Actually.
G
D
It's
secure
messaging,
that's
mine,
okay,
pgp,
those
are
the
largest
serialization
formats.
They
both
support,
x49,
I,
I,
think
you're
kind
of
getting
it
wrapped
around
an
axle
here,
which
is
one,
is
the
serialization
format
of
how
to
represent
the
data
and
the
fields
and
the
other
ways
the
identification,
identity,
format
in
it.
That's
referenced
and
I
agree
that
x509
and
and
the
open
question
for
the
the
ITF
is:
do
we
want
to
slowly
move
or
and
support
other
types
of
identification
mechanisms
such
as
did
web
and
so
forth?.
J
J
So
well
maybe
that
question
is
answered
then,
but
I
do
think
the
just
from
practical
adoption
perspective.
We
need
to
make
sure
that
we
allow
backward
compatibility
here.
So
that's
that's.
That's
comment
one,
and
so
the
comment
two
was
the
the
append
only
thing
Ray
mentioned:
why
do
we
need
append
only
I,
actually
I'm
scratching,
my
head
on
that
as
well?
It
is
it's
certainly
a
way
to
you
know
ensure
that
you
continue
to
have
that
log.
J
H
D
J
Frame
the
discussion
yeah
well
right,
so
I'm
throwing
it
out
of
this
meeting
instead
of
at
the
IET
meeting,
so
we
can
maybe
get
some
of
those,
and
so
so
then,
and
then
the
third
thing
is,
you
know
if
we
are
requiring
some
vetting.
J
I'm
using
that
term,
you
know
on
purpose,
because
it's
vague
if
we
require
some
vetting
before
an
entry
can
be
made.
It's
skit.
Doesn't
that
imply
a
trusted
third
party
who's
going
to
be
out
there.
You
know
administering
this
thing
and
you
know
I
think
that
that's
a
an
undefined
role
right
now.
D
J
J
J
Yeah
well
right
and
you
know,
transitive
properties
of
trust
and
everything
like
that
are
or
other
issues
as
well,
but
I
mean
how
are
we
going
to
get
that
in
there?
How
are
we
going
to
say,
okay,
that
is
or
isn't
okay
for
skit
without
somebody
administering
it
centrally.
D
There
there's
multiple
aspects
of
it.
If
you
have
your
own
corporate
or
some
group
that
has
their
own
skit
instance,
then
it's
up
to
the
management
of
that
Corporation
or
that
that
that
identity
in
the
case
of
governments
they're
going
to
set
up
their
own
yeah
a
set
of
trust.
So
it
is
going
to
end
up
being.
If
you.
A
J
Than
just
that
right
and
that's
I
guess
that's
that's
intrinsically
my
point
is:
if
we're
doing
that,
then
why
wouldn't
we
allow
that
administrator
to
decide?
Why
does
it
need
to
be
notarized?
Why
does
it
have
to
be
a
special
format
for
identity?
Why
can't
we
let
the
administrator
of
or
The
Trusted
third
party
simply
make
that
decision
based
on
you
know,
multiple
choice,
a.
B
Bunch
of
things,
let's
not
begin
to
that
those
details
now,
because
I
think
we
are
collecting
the
items
that
we
are
going
to
discuss
at
the
meeting
next
week,
which
is
two
hours
long
and
so
Charlie
from
your
item
list
I
have
captured
the
the
identity
question.
I
think
you
are
also
like
I.
Consider
the
last
Point
a
little
bit
similar
to
what
Steve
raised
with
the
debate
about
the
building
blocks.
B
I
think
this
is
again
falls
into
that
category,
so
definitely
something
that
is
quite
important
and
like
to
me
from
from
the
discussion
so
far,
and
maybe
we'll
see
how
how
we
go
to
the
end
of
this
meeting,
but
it
sounds
like
maybe
the
architecture
document
is
something
that
needs
probably
most
of
the
time.
I
would
say,
maybe
maybe
even
more
than
more
than
an
hour
more.
B
But
yeah
but
then
then
we
run
out
of
time
right,
but.
B
So
it
is
the
bike
of
the
time
and
and
as
as
Hank
mentioned
like
for
the
counter
signatures,
we
just
get
an
update
on
what
happened
in
cozy
and
what
what
they've
decided,
or
at
least
they
think
they
decided
and
also
a
brief
update
about
the
use
cases,
because
they
don't
seem
to
be
as
controversial
as
some
of
the
things
that
you
brought
up
here.
J
Yeah
I
agree
with
that,
so
yeah
I'm
just
bringing
out
the
points
because
I
think
they're
going
to
be
important
like
I'm
kind
of
looking
down
the
road.
If
we
do
implement
this
thing,
what
are
going
to
be
the
toe
stubbing
exercises?
Okay,.
B
J
J
Just
those
are
just
points,
but
I
do
think
we
need
to
think
about
those,
so
I
am
done.
Thank
you.
K
H
K
Great
great
discussion
so
I,
my
I
thought
some
of
my
thoughts
on
all
those
topics.
The
audience
this
is
a
cool
audience
to
be
able
to.
You
know,
throw
our
our
ideas
in
front
of
stakeholders
who
need
to
understand
how
this
will
help
them.
So
the
audience
includes
lots
of
very
Savvy
and
security.
Conscious,
end
users,
lots
of
developers,
lots
of
infrastructure
controllers-
and
you
know
all
those
people
are
gonna
care
about
some
aspect
of
this.
K
So
in
my
mind,
one
of
the
I
I
mentioned
in
the
chat
some
ideas
about
you
know
my
question
of
scaling.
K
Itf
is
good
at
scaling
things
worldwide,
although
occasionally
bad
too,
you
know
some
things
fall
on
their
face,
so
in
particular,
how
can
one
of
my
Notions
is?
How
would
an
end
user
consumer
gather
all
the
evidence
that
they
need
to
address
some
of
the
main
use
cases,
both
simple
ones
which
are
going
to
be
easy
and
complex
ones
that
you
know
we
just
want
to
make
sure
that
we're
going
to
handle
it.
Take
a
new
user
with
a
new
app,
and
that
app
is.
K
Yeah
folks
are
pointing
out
a
variety
of
skit
instances
which
are
gonna.
You
know
leave
them
on,
hopefully
not
a
wild
goose
chase
through
claims
about
whether
or
whether
or
not
it's
in
the
software,
whether
that
vulnerability
is
important
for
the
way
that
software,
which
is
buried
in
some
Library.
You
know
a
couple
layers
down
is,
is
used
in
that
application
and
people
are
going
to
be
putting
up
all
these
cool
new
attestations.
It
says
yeah
we
use
that
Library.
K
We
know
it's
got
that
vulnerability,
but
it
doesn't
affect
the
way
that
we
use
it
and
then
some
testing
companies
gonna
weigh
in
and
say
well
I,
don't
know
you
know
when
I
tickled
the
app
it
it
seemed
to
be.
You
know
so
there's
just
a
bunch
of
claims,
and
you
know
in
my
mind,
different
end
users
will
query
all
that
in
different
ways
and
have
different
answers
for
a
certain
app
because
because
of
the
nature
of
their
requirements
and
their
threat
model,
so
you
know
I
see
the
the
query
as
being.
Indeed
something.
K
That's
that's
important
I
mean
there's
lots
of
other
queries
that
are
much
easier.
You
know
like
and
what
versions
you
know:
what's
what's
the
s-bomb
for
that
Library,
so
that
it
can
be
incorporated
in
my
bigger
s-bomb
or
whatever,
but
you
know,
as
we
combine
both
positive
and
negative
results.
I
I
want
users
to
be
able
to
solve.
You
know
what
dick
keeps
pointing
out
is
the
ultimate
problem,
which
I
think
is
not
you
know
it's
not
like
skit
is
going
to
say
this
is
trusted
or
even
that
source
is
trustworthy.
K
K
Try
to
map
all
the
language
from
these
documents
into
something
that's
coherent,
and
that
will
help
us
then
do
the
use
case
document
do
the
architecture
document
and
maybe
to
culminate
the
discussion
of
those
two.
Have
somebody
run
through
a
bunch
of
complicated
end
user
queries
that
that
tie
together
again
the
concerns
that
that
came
up
around
identities?
You
know,
like
all
I've
got,
is
this
Yuba
key
here?
How
am
I
gonna
sign?
You
know
statements
related
to
my
role
in
in
all
of
these
things.
So
that's
some
of
my
thoughts.
B
Thanks
Dave
I
think
the
important
Point
might
take
away
from
what
you
said
is
is
really
on
also
the
point
that
they
create
is
like.
You
want
to
take
a
perspective
or
explain
the
the
technology
or
what
we
are
working
on
in
terms
of
the
end
consumer,
in
terms
like
how
they,
how
they
would
benefit
from
this
is
that
is
that
a
good
summary.
K
Well,
I,
so
I
would
that's
a
definitely
a
piece
of
it.
In
other
words,
we
want
to
be
solving
a
problem
that
people
have.
We
want
to
have
at
least
some
things
that
we
think
the
people
in
the
room
are
going
to
use,
because
if
this
room
doesn't
have
people
that
want
to
use
it,
then
you
know
this
is
all
worthless.
Then
I
think
it
it.
K
You
know
we
have
all
kinds
of
good
things
so,
but
driving
from
that
end,
point
which
I
think
we're
not
just
giving
them
a
hammer
that
solves
it,
we're
giving
them
a
bunch
of
you
know,
access
to
a
bunch
of
information
that
they
or
their
very
smart
skit
clients
will
use
to
factor
there
anyway.
So
we're
going
to
have
a
problem
that
we
think
we're
solving
and
that's
why
we
do
use
cases
and
then
we're
going
to
say
now.
K
If
we
have,
you
know
a
useful
number
of
people
doing
that
you
know
use
this
might
be
useful.
If,
if
it's
used,
you
know
by
end
users
around
the
world
every
time
they
touch
one
of
the
play
stores
or
install
software
on
their
laptop
or
whatever,
but
you
know
it
could
be
useful
if
it
didn't
get
to
that
level
if
it,
if
it's
just
used
by
an
open
source
provider
to
to
document
their
their
us
bomb.
You
know
that
would
already
be
a
huge
win,
although
we
kind
of
have
that
in
Sig
store.
K
So
you
know
like
what
I
just
how
does
this
fit
in
and
how
do?
How
do
things
that
we
think
will
be
useful,
Drive
the
need
for
policies
and
scaling
and
and
and
clients
that
will
be
useful,
so
yeah
thanks.
B
F
Yes,
thanks
so
first
on
the
form
of
the
meeting.
I
agree
with
what
has
been
said
before.
I
think
it
would
be
good
to
be
my
directory
for
the
agenda
and
I
think
all
the
questions
to
these
are
excellent
questions.
But
there
are
also
questions
that
we
have
visited
in
the
past,
for
which
we
try
to
hide
some
tags.
That
represents
our
consensus
in
the
architecture
formers
of
them,
not
all
of
them
and.
B
F
B
So
that
I
said
like
on
that
one
yeah,
it's
it's,
it's
always
a
challenge
to
be
disciplined
because
on
one
hand
I
at
least
speaking
for
myself,
I
don't
want
to
cut
discussions.
That
I
think
will
lead
us
somewhere.
B
Beginning
sometimes
it's
not
clear
about
the
challenges
are,
of
course
it's
also
difficult
to
to
get
totally.
Oh,
it's
easy
to
get
lost
in
in
debates
which
then
won't
help
us,
but
there's
a
fine
line
between
them,
so
we'll
yeah
well.
Obviously,
John
and
I
will
obviously
have
to
pay
attention
to
where
things
are
going
and
try
to
get
the
best
out
of
it.
F
Yeah,
no
again,
I
really
don't
want
to
get
the
discussion.
I
think
there
are
all
great
questions,
but
again
I
think
we
should
more
symmetically
go
back
to
what
we
have
written
or
discuss
before
to
avoid
restarting
from
on
scratch,
because
they
have
a
quite
natural
questions.
Yes,
so
so
so
on
and
back
to
the
legend
of
that.
So
so
yes,
I
can
present
where
we
are
kind
of
progress
on
the
architecture.
F
I
also
hope
that
Ori
will
be
able
to
present
the
summary
of
what's
happening
with
the
kuntasaning,
because
at
the
meeting,
otherwise
either
Hank
or
I
can
can
cover
for
him
for
the
prior
issues
that
were
discussed,
so
they
were
scalability
and
they
are
in
in
brief,
I
think.
The
way
we
see
scalability
is
by
making
sure
that
the
transfer
on
state
Mountain
receipts
can
be
disseminated
and
checked
offline.
F
So
you
don't
need
to
go
to
the
to
The
Ledger
or
to
the
the
registry
to
verify
whether
whether
something
has
been
registered
and
also
with
the
receipt
that
provides
freshness.
You
don't
need
to
go
to
the
registry
to
check
for
freshness,
at
least
with
the
resolution
of
hours.
We
should
be
sufficient
to
our
application.
So
that's.
F
In
terms
of
having
research
to
provide
offline
checking
so
that
its
case
like
replicated
authenticated
data
without
too
much
trouble
on
identification,
I
think
we
discussed
a
lot
on
the
list
on
auto
identify
is
schwarza
and
we
are
using
the
ID
that's
controversial,
but
it's
also
quite
flexible
and
that's
what
we
are
right
now
in
the
architecture.
What
we
discussed
at
work
and
that
I
would
like
to
summarize
at
the
meeting
is
or
to
identify
individual,
transparent
statements,
and
they
are
it's
something
that
we
did
not
have
initially
is
important
for.
F
Our
Federation
is
also
important
for
the
transaction
statements
and
I
think
we
made
some
progress
at
the
last
meeting,
but
it
will
be
good
to
consolidate
that
so
I
hope
to
have
at
least
a
couple
of
slides
to
catch
up
and
to
to
centralize
on
the
problem.
That's
if
that's!
Okay,
that's
that's
the
main
body
to
make
thanks.
C
C
If
some
newcomer
joins
in
the
state-
and
he
has
similar
questions,
we
can
always
refer
him
to
the
history
and
say
this
was
discussed
and
so
and
so
date,
and
this
was
the
conclusion
made
because
of
these
reasons
we
have
taken
this
direction
in
architecture
and
that's
why
this
kind
of
architecture
has
been
laid
down
laid
out
rather
than
like
just
discussing
here
is
a
good
thing,
but
two
meetings
down
the
line
everybody
will
forget,
and
somebody
asked
me
ask
the
very
similar
questions.
What
do
you
have
asked?
C
So
one
aspect
of
this
second
thing
is:
yes:
I
understand
it's
in
Japan,
so
you,
my
anticipation,
is
I
may
be
wrong,
but
my
anticipation
is
that
there
would
be
many
more
new
participants
who
might
show
up
there
with
interest.
So
our
agenda
should
have
a
bit
of
yes.
C
So
that's
another
thing:
I
wanted
to
inform,
and
the
last
thing
is
that,
yes,
physical
presence
is
good
to
present,
but
don't
make
it
like
a
very
hard
kind
of
a
bottleneck
that
if
Steve
is
not
able
to
travel
or
is
not
able
to
travel
or
somebody
else
is
not
able
to
travel,
then
they
will
not
be
presenting
because
I've
at
least
I
know
certainly
about
the
rats
group
that
this
is
not
like
a
very
hard
thing
in
the
rats.
B
C
G
Thank
you
Johannes,
so
transparency
and
Trust
are:
are
there
buzzwords
that
we're
hearing
all
over
the
place
here
in
the
U.S
and
we're
seeing
it
in
policy
documents
like
National
cyber
security
strategy?
G
There
was
a
document
released
just
today
from
the
national
infrastructure,
Council
advisory,
Council
and
and
transparency
and
trust,
and
they
mentioned
specifically
the
software
supply
chain.
So
there's
definitely
an
audience
of
interested
people
who
want
to
have
access
to
something
that
they
that
will
give
them
insights
into
Trent
into
trustworthiness
and
I.
Think
that
this
this
opportunity
is
what
we.
G
Clearly
enough,
we
have
a
lot
of
details
about
implementation
like
Merkle
trees
and
other
information,
but
I
I
think
that
we
really
just
need
to
have
a
higher
level
of
discussion
or
position
that
we
make
clear
in
the
document
that
this
is
what
we're
doing
and
and
that
I
think
we're
we're
letting
the
forests
of
the
trees
Cloud
the
forest
by
having
all
the
details
being
The
Upfront,
you
know
material,
that's
my
that's
my
comment.
Thanks.
B
And
definitely
definitely
true
dick.
This
was
something
I
I
just
talked
with
Steve
about
in
terms
of
like
how
should
the
architecture
document
look
like
and
I
think
that's.
There
are
some
other
good
examples
in
the
IDF
on
documents,
architecture,
style,
documents
that
do
exactly
what
you
are
saying
like.
Of
course,
the
the
solution
is
important
as
well
and
and
as
Engineers
we
always
get
overly
excited
about
the
details
of
those
Solutions.
B
But
of
course
there
are
lots
of
other
people
out
there,
including
many
of
the
newcomers
that
yogish
was
just
talking
about
that
we
are
likely
going
to
see
in
Japan
at
the
meeting.
That
need
a
little
bit
of
background,
so
we'll
definitely
need
to
improve
that,
and
I
I
expect
that
that
will
happen
over
time
with,
with
the
help
of
udic
and
and
others
to
actually
fine-tune
the
wording,
so
it
becomes.
B
The
document
becomes
accessible,
also
to
folks
from
let's
say,
government
institutions
or
government
or
organizations
that
are
close
to
the
government
likeness
in
Nissa
and
yeah.
All
these,
these.
G
Type
of
people
yeah
in
fact
I-
can
give
you
a
really
good
example
in
newberger
who
works
in
the
White
House
and
you
know,
I
know
this
is
U.S
specific,
but
she
used
a
really
good
analogy.
She
referred
to
what
we
have
in
some
case.
Some
places
here
in
the
U.S
are
what
we
call
restaurant
cleanliness
scores.
So
you
walk
up
to
a
restaurant
and
right
there
on
the
front.
G
It
shows
you
what
the
grade
the
cleanliness
grade
is,
and
that's
the
kind
of
transparency
that
that
build,
that
the
US
government
is
suggesting
we
provide
to
Consumers
of
software
as
well.
Is
the
ability
to
show
them
very
clearly
that
the
software
is
trustworthy
or
not
and
and
I
think
it
has
the
opportunity
to
fill
that
void
right
now.
So
it's
a
place,
we
I
would
hope.
We'd
want
to
make
that
really
clear
in
our
discussions,
including
the
presentation
in
Japan
right.
B
Yep,
thank
you.
Okay,
with
a
few
minutes
left
I
think
you
all
have
given
a
huge
amount
of
information
on
how
their
children
should
look
like.
So
definitely
the
the
Hank
is
going
to
talk
about
the
counter
signing
of
the
receipts
document
at
the
end,
maybe
I'm
thinking
about
the
quick
update
like
10
minutes
or
something
is
that
good
tank
with.
E
B
Okay,
excellent
so
let's
say
10
minutes
summary
then,
for
the
use
cases
K
you,
you
could
walk
over
this
and
provide
an
sort
of
brief
introduction,
so
I'm
thinking
about
maybe
could
we
do
like
maybe
30
minutes
and
use
the
rest
for
the
architecture.
B
B
B
And
Cedric
you
are
going
to
run
the
show
for
the
for
I
would
say
we
could
probably
sort
of
like
split
the
architecture.
The
argument
presentation
a
little
bit
into
over
a
couple
of
people,
so
we
don't
so
we
have
a
little
bit
of
action
at
the
front,
so
I'm
thinking.
Definitely
so
let
me
let
me
think,
on
and
ask
them,
for
example,
Steve
whether
he
has
opportunity
to
join
I,
know
the
time
zone,
difference
and
so
on.
B
It's
all
difficult,
but
also
from
the
terms
of
topics
that
we
definitely
want
to
cover
during
this
architecture.
Debate
is
like
the
building
blocks,
the
identity
topic
again.
I
know
we
have
talked
about
some
of
those
things
before,
but
it's
one
thing
to
have
a
document,
and
it
have
it
accepted
as
an
initial
working
group
item
as
a
starting
point,
but
another
story
on
whether
people
actually
are
on
the
same
page
and
I,
don't
think
we
are.
B
We
have
an
agreement
in
a
group
on
this
whole
identity
topic
and
also
not
on
on
the
way
of
the
the
different
building
blocks
and
I
think
it
relates
a
little
bit
to
what
Neil
has
been
mentioning
as
well
like
looking
at
it
from
from
I.
B
Think
these
looking
at
from
an
in-consumer
perspective
or
from
a
consumer
perspective,
gives
you
a
an
idea
on
like
which
parts
are
what
we
are
working
on
as
as
Technology
Building
Blocks
and
which
are
components
that
are
provided
as
as
part
of
let's
say,
a
service
provider
offering,
let's
say
the
event,
Only
log
I've
said
enough:
Steve
Cedric,
are
you
new
on
the
QR?
Is
this
orphan
entry
so.
F
B
That
discuss
user
identity.
F
B
So
we
talked
yeah,
that's
the
issue
right!
Okay,
so,
like
we
talked
about
like
today,
we
talked
about
like
we
had
this
pgp.
We
had
x549.
We
we
talked
in
the
past
about
open
ID.
We
talked
about
bits,
I
think
we
need
to
get
an
agreement
on
on
how
this
works.
F
F
I
wanted
to
mention
is:
do
we
plan
to
bring
any
thing
to
that
or
to
do
we
intend
to
get
any
decision
at
the
end
of
the
meeting,
or
it's
mostly
informational
this
time,
the
the
session
the
skit
session?
F
Do
we
expect
any
decision
to
be
made
that,
during
the
end
of
the
skid
session,
or
not.
F
B
Well,
hopefully,
we
get
some,
they
make
some
progress
on
on
open
issues
with
the
use
cases
and
the
architecture,
the
things
that
we
discuss.
That's
I'm,
hoping
of
course,
like
two
hours,
is
longer
than
this
meeting,
but
still
not
enough.
So
hopefully
you
guys
have
side
conversations
in
during
the
coffee
breaks
and
so
on
and
so
on,
but
yeah,
but
there's
no
big
decision
in
like
we
had,
let's
say
in
the
summer
when
we
formed
the
working
group.
A
So
sorry,
I
guess
I
I
was
jumping
because
we're
running
low
and
I
just
said,
I
was
actually
queue
with
Centric
finishing
I
to
yogesh's
point
yogesh
I
wasn't
trying
to
make
a
comment
on
remotely
presenting
just
the
facilitation
of
getting
the
the
meeting
minutes
and
then
sorry
not
to
be
with
the
presentation
done
while
on
site.
So
whatever
works
for
folks
that
are
there
that's
great
I'm
happy
to
help
in
any
way.
A
I
can
I
agree
to
Charlie's
point
I
think
we
we're
trying
to
find
that
balance
of
focus
on
agenda
while
making
sure
everybody's
heard.
So
it
is
a
difficult
balance
and
I'm
trying
to
learn
from
what
other
iitf
groups
have
done.
A
So
for
I
guess
we're
just
about
the
last
two
minutes:
I
assuming
next
Monday's
meeting.
We
will
cancel
because
folks
that
are
in
Yokohama
will
be
there
and
yeah.
B
We'll
start
to
shift
yeah,
that's
correct,
there's
no
meeting
scheduled
and
the
actually
the
no
meetings
currently
scheduled
for
the
weeks
after
the
ITF,
so
we'll
definitely
have
to
think
a
little
bit
on
whether
we
everyone
needs
to
think
whether
we
like
those
type
of
meetings,
is
the
Cadence.
Is
that
correct
or
should
be
bi-weekly
or
whatever
the
feedback
I
need
from
from
you
from
everyone
who
participated
all
the
time.
K
I'll
just
note:
I
I
love
this
notion
of
eating
food
and
the
restaurant
cleanliness,
as
just
one
of
the
many
things
that
a
variety
of
consumers
will
have
a
lot
of
requirements
around
that
vary
across
different
consumers,
so
that
might
actually
be
a
fun
one
to
write
up.
I
put
something
in
the
chat
about
that.
B
Cool
yeah
I
missed
the
name,
maybe
dick
I
don't
know
if
you
posted
that
the
name
of
that
person.
B
B
A
Typing
I
just
would
suggest
that
we
pick
up
on
the
weekly
meetings
after
ietf
116
and
to
Charlie's
point.
We
kind
of
figure
out
what
the
agenda
is
before
the
meeting.
Agree
to
that
and
then
keep
time
box
to
the
discussions
related
to
that
agenda
item.
So
we
can
continue
to
make
progress
and,
if
there's
a
good
discussion
that
comes
out,
that
we
queue
it
up
for
the
next
week
or
triage
from
there.
I
B
I
I,
just
I
wanted
to
suggest
that
we
summarize
the
times-
and
you
know
for
remote
participation
to
get
the
maximum
remote
participation
in
this
meeting.
To
put
that
on
the
list.
To
make
sure
everybody
knows
when.
B
I
B
Yeah
I
will
definitely
update
the
agenda
based
on
the
discussion
and
then
we'll
work
on
work
with
the
presenters
and
also
post,
obviously
the
the
info
again
in
time.
So
you
guys
don't
forget.
Okay,
we
ran
over
time
already
and
so
we'll.
We
need
to
finish
here.
C
B
C
You
comment
is
that
please
in
in
Japan,
please
take
a
feedback
of
the
timing
because
maybe
after
you
come
back
or
after
we
come
back
from
Japan,
we
might
have
to
reschedule
this
meeting
to
suiting
to
more
of
the
Eastern
times
as
well.
So
please
yeah.
B
We
can
we
can
run
a
doodle
poll
to
see
whether
the
what
are
the
preferences
for
the
time
slots
have
changed.
Good
idea,
thanks
thanks.
That's
it
that's
a
very
good
point.
B
Thank
you,
okay,
finishing
here
and
I,
wish
you
all
a
good
trip
to
Japan
and
we
see
and
hear
each
other
next
week.