►
From YouTube: IETF-SCITT-20230605-1500
Description
SCITT meeting session at IETF
2023/06/05 1500
https://datatracker.ietf.org/meeting//proceedings/
A
A
A
Good
to
hear
you
Hank,
hey
Steve,.
C
A
So
I
sent
out
a
brief
agenda.
I
was
suggesting
to
also
discuss
the
key
trans
topics.
I
forwarded
them
an
email
or
I
forwarded
them.
The
meeting
invite
for
our
weekly
call
and
ask
them
also
to
join
I,
don't
know
if
anyone
here
is
actually
from
the
key
transcript
or.
A
F
I
didn't
see
you
send
that
out
when,
when
did
you
send.
A
A
Okay,
maybe
they
turn
later
and
and
then
we
can
talk
about
that
stuff.
The
the
other
thing
where
we
stopped
last
time.
Last
week
we
had
a
holiday,
so
we
we
skipped
that
meeting,
but
the
week
before
we
talked-
or
we
looked
at
the
list
of
open
issues,
and
we
specifically
spent
some
time
on
one
open
issue
that
Antoine
created.
He
was
talking
about
the
the
URL
for
the
transparent
statements,
I
believe,
if
I
remember
that
correctly,
but
there
are
tons
of
other
issues
that
we
need
to
go
through.
A
Unfortunately,
well,
it's
good
that
we
captured
them
captured
the
open
issues.
Steve
is
that,
okay
for
you
to
go
through
them?
What
do
we
have
other
topics
that
we
would
like
to
sort
of
like
we're
on
a
gender
bashing
phase
for
today,
any
other
suggestion
or.
G
A
C
C
Proof,
ID
and
how
we
are
arranging
that
to
be
updated
significantly
for
the
next
iteration.
A
Okay,
I
guess
maybe
maybe
if
we
discuss
this
after
Steve
left
I,
think
is
that
okay
for
you
Steve,
because.
A
No
no
I
mean
we
start
with
the
with
looking
at
some
of
the
issues.
Maybe
we
can
assign
some
issues
to
someone
who
is
most
qualified
to
make
some
proposals
on
resolving
the
issue
or
we
maybe
some
of
the
issues
are
actually
stale
and
we
can.
We
can
close
them.
B
A
H
This
is
Charlie
sorry
I'm
running
a
little
bit
late.
I
got
back
to
back
to
back
meetings
here,
but
one
thing
that
I
I
have
brought
up
in
the
past
is
that
there
is
no
standing
invitation
for
this
meeting.
I,
don't
think,
is
there
I
mean,
isn't
it
a
different
URL?
Every
week.
H
A
Yeah
I
I
believe
that's
true,
because.
G
H
New,
a
new
calendar
invite
and
firing.
C
H
Outlook
web
access
as
the
calendar-
and
it
puts
it
in
my
Mac
calendar
and
that
I
mean
I-
can
go
click
on
that.
But
it
doesn't
register
in
the
calendar
that.
H
H
A
A
D
E
D
A
G
Too
many
buttons
to
turn
things
on
and
off
all
right,
so
we'll
spend
a
couple.
I
guess,
10
minutes
going
through
some
of
this
stuff.
I
was
gonna
work
from
the
back
for
some
ones
that
possibly
hopefully,
that
we
can
close
more
quickly
and
triage
some
of
these.
So
this
one
was
the
terminology:
I
think
we've
got
the
majority
of
it
done
with
this
PR.
G
In
fact,
we
made
comments
of
this,
so
I
guess.
My
proposal
here
is
just
to
close
this
one
at
this
point,
because
we've
converged
most
of
the
stuff
we've
Ray
had
a
good
doc
that
we
reviewed
I.
Think
we've
got
a
good
stability
Point
here.
F
What
was
my
sorry,
what
was
my
document
that
you're
referring
to,
because
can
you
go
I
guess
I
can
open
it
up
and
look,
but.
G
Yeah
it
was
this
one
I,
don't
know
if
my
screen
yeah
there
he
goes.
Oh.
F
G
H
Heard
documents
of
the
the
skipped.
G
Well
that
that's
not
going
to
come
through,
it
is
the
document.
F
So
I
think
one
of
the
things
that
that
we
can
just
say
if
it's
pretty
sure
this
is
true,
we're
saying
append
Only
log
instead
of
registry
or
Ledger,
even
though
we
it
may
be
implemented
in
some
other
way.
Okay,
so
it
was
just
a
to
use
that
named
as
a
as
a
way
to
just
say
that
and
then
get
rid
of
the
other
other
type
of
nomenclature,
and
then
probably
in
our
definition,
we
can
say
an
append.
Only
log
might
not
be
in
a
pen,
Only
log.
F
It
may
be
something
else
that
that
still
has
the
attributes
that
we
need
was
that
one
of
the
main
things
Steve
that
was
done
here.
G
We
we
did
use
append
Only
log.
We
did
use
transparency
service
as
the
main
pieces
to
the
latest
changes.
A
G
F
Yeah,
okay,
so
I
I,
think
transparency
service
has
been
pretty
useful
thing
to
say
and
helps
people
kind
of
understand
what
it
is
without
anything
more.
They
they
just
kind
of
shake
their
head
and
go
okay.
I
know
what
it
is
a
little
bit:
okay,
so
that
that's
that's
probably
going
to
help
us
is
to
have
that
that
change
versus
saying,
skit
or
skit
registry,
or
something
else,
because
that
doesn't
doesn't
do
it.
But
okay.
Thank
you.
E
E
A
C
A
That
puts
a
little
bit
of
burden
on
you
after
all,
this
discussion
and
you're,
right
up
and
so
on,
and
so
on,
to
double
check
whether
you're
happy
with
what
we
finally
ended
up
with.
H
H
F
F
And
I've
been
coming
across
this
a
lot
and
maybe
it'll
be
a
good
tool
for
us.
Okay,
and
that
is,
if
you
have
there's
there's
us,
there
can
be
a
signature.
You
know
somebody
signed
something
and
then
there
is
away-
and
this
was
all
in
the
nist-
they
have
a
whole
thing
about
how
to
you
know
how
to
get
the
to
prove
that
the
person
actually
has
that
signature
at
that
time,
where
you
send
them
a
nonce
and
there's
also
I,
think
that's
the
way
to
do
it.
F
So
that's
kind
of
like
a
wet
signature
on
something
so
that
you
can
say:
okay
I
sent
you
a
non,
so
you
did
it
right
now
and
you
signed
it
so
I
know
you
have
that
signal
that
private
key
then
there's
a
secondary
thing,
which
would
be
that
I,
don't
see
discussed
in
places,
but
I
think
it's
the
way
they
use.
They
do
a
lot
of
the
open,
SSL
stuff.
Where
or
that's
not
the
name
of
it
at
where
you
you
have
something
that
you
actually
do
trust
and
then
it
observes
it.
F
So
if
you
had
an
entity
that
did
a
wet
signature,
checking
of
the
private
of
the
you
know
the
public
key
and
private
key
connection
that
seems
like
that
would
be
the
definition
of
a
notary
and
not
the
transparency
service,
which
is
a
little
bit
different
than
than
what
I
think
of
as
a
notary,
and
that's
how
I
think
about
it.
Now
I
I'm,
so
so
I
would
take
out.
F
A
transparency
service
is
often
referred
to
by
its
synonym
notary
because
in
my
mind
that
doesn't
that
isn't
right,
but
I,
don't
know
if
we're
trying
to
edit
this
now
or
and
I
don't
want
to
get
distracted
from.
If
there's
some
serious
thing
we
need
to
accomplish
thanks.
G
I
mean
I.
Think
of
the
when
we
have
this
particular
issue,
we're
tracking
it
was
the
registering
transparency
service.
I
think
this
was
where
we
were
trying
to
figure
out,
and
we
do
have
this
piece
here.
I
think
the
notary
is
a
part
of
it,
but
not
the
a
synonym
I
would
agree
with
that.
I
thought
we
had
a
different
issue
tracking
that.
G
So
we
can
put
it
in
I
mean
we
can
leave
this
one
open
and
revisit
here
or
we
can
track
it
as
part
of
the
other
issue,
because
we
we
wind
up
with
this
one
being
a
larger
specifically
around
registry
and
transparency
service.
Then
we
have
another
one
that
specifically
talks
around
the
notarization
process.
F
Okay,
so
I
don't
think
they
actually
normally
call
it
notarization,
but
I
know
they
called
the
The
Trusted
time.
Stamps
could
be
used
with
a
notary
functionality,
but
I'll
tell
you
what
I'll
do
is
I
will
because
I've
been
working
intently
on
this
lately.
So
I
you
have
my
attention
on
it.
Man.
F
What
I
will
do
is
write
up
what
I
understand
as
these
little
pieces,
because
I
I've
I've
been
trying
to
just
you
know,
understand
the
various
cryptographic
mechanisms,
and
these
are
mechanisms
that
are
are
they
are
mentioned
in
places,
but
I
I
see
that
the?
What
what
is
the
name
of
the
everybody's
using
now
and
say,
because
you
know
they
had
trouble
with
people
getting
you
know
paying
for
a
a
public.
F
Key
of
you
know
certified
public
key,
and
so
then
they
went
to
the
cheap
free
method
to
do
it
and
I
I.
F
Is
there
a
clear
definition
of
what
a
notary
is
because
it
certainly
is
not
not
a
transparency
Service
in
itself,
it's
in
it's
a
function
that
is
a
cryptographic
function
and
and
I
think
it's
this
deferral.
If
somebody
watching
a
wet
signature
being
done
and
then
saying,
I
watched
it
and
you
can
and
I'm
I'm
a
very
trusted
entity
because
I
have
the
paid
for
public
key,
and
so,
if
somebody
does
then
maybe
in
the
chat
you
can,
let
me
know
where
it
is
and
I'll
go.
F
Look
at
it
but
I'm
trying
to
I'm
trying
to
absorb
everything
about
this,
because
just
to
let
you
know,
I'm
working
on
a
a
air
gapped
protocol
which
basically
will
be
requesting
for
data
or
delivering
data
and
then
securing
it
on.
You
know
flash
drive
or
jump
drive
or
something,
and
so
I
we're
working
on
this
right
now,
but
anyway.
Thank
you.
F
Yeah
no
I
I
will,
but
I
probably
will
will
not
but
yeah
yeah
I'll
do
that
yeah.
This
is
number
yeah.
This
is
issue.
Seven,
okay!
Yes,
you
said
thank
you.
G
Okay,
I
need
to
drop
so
I'll
leave
it
for
you
guys
for
the
next
items.
A
I
Vaguely
I'm
not
I,
didn't
I
did
not
join
on
that
basis.
Okay
or
you
probably
can
say
more
about
that.
A
J
You
hey
yeah,
so
I'm
following
the
key
transparency
work.
So
if
you
haven't
watched
the
boss,
videos
you,
you
should
they're
really
excellent
from
the
last
ietf.
They
had
a
lot
of
really
relevant
content
and
I.
Think
the
important
thing
for
folks
here
to
understand
is
when
you
say
key
transparency.
They
mean
like
key
Value,
Store
transparency.
They
don't
mean,
like
cryptographic,
key
transparency.
J
At
least
that's
my
reading
of
the
current
Charter.
They
they
do
have
a
structure,
that's
sort
of
similar
to
our
concept
of
a
feed.
I,
don't
believe
it's
going
to
be
bound
to
any
particular
content
type
so
similar
to
the
way.
Skit
is
also
not
bound
to
any
particular
content
type.
F
So
so
Ori,
if
you
don't
mind
me
asking
this
question,
do
you
see
from
your
your
review
of
this?
How
we
can
does
the
key
trans
stuff
seem
to
fit
into
the
identity?
F
J
So
they,
you
know,
they
talk
a
lot
about
applying
key
transparency
to
username
like
identifiers,
like
email
addresses
or
or
phone
numbers.
Where
you
know
you
want
a
consistent
public
key
for
a
given
phone
number
and
you
want
the
property
that
no
network
adversary
can
partition
the
network
in
some
way.
That
would
you
know,
disrupt
the
end-to-end
encryption
capabilities
of
communications
Networks.
F
Well,
I
I
like
the
answer,
and
so
it's
progressing
my
my
understanding.
So
thank
you.
D
Yeah
just
a
short
bit,
so
thanks
Ari
for
filling
in
do
we
have
maybe
I'll
go
find
them.
We
should
put
links
to
the
buff
videos
in
the
in
the
Hedge
docks
to
make
it
easy
yeah.
So
I
got
a
similar
impression.
I
had
a
bit
of
a
dialogue
on
the
chartering
process
and
I
think
the
words
they're
using
look
like
a
huge
overlap
and
I
also
think
it's
kind
of
confusing
key
transparency
and
certificate.
D
Transparency
to
me
are
extremely
closely
related
things,
but
maybe
they're
further
away
in
these
groups
than
than
it
seems
because,
indeed,
when
I
questioned
the
sort
of
aims
or
the
overlap,
the
response
that
I
got
back
was
very
much
focused
on
a
user-centric
personal
privacy.
Anti-Stooping
prove
these
are
the
so
the
reason
it's
looking
at
bits
of
keys
is
prove.
These
keys
are
actually
the
keys
that
were
made
over
there
and
not
some
that
were
replaced
in
the
middle,
which
is
a
very
special
use
case.
D
That's
kind
of
adjacent
to
us
so
yeah,
it's
it's
an
interesting
one
to
to
watch
for
potential
creep
overlap,
but
it
doesn't
look
to
me
anymore,
like
the
initial
use.
Cases
are
actually
going
to
particularly
overlap
with
our
use
cases
if
I've
understood
that
right.
I
Problem,
it's
just
like
a
different
different
thing:
that's
stuck
in
the
than
the
logger
in
the
tree
at
the
end
of
the
day
and
there's
there's,
of
course,
like
deployment,
specific
considerations
that
go
into
what
goes
in
the
log.
With
regards
to,
for
example,
who
owns
the
thing
that
goes
in
the
log?
Who
is
the
public
key
correspond
to
who
produced
the
software
artifact
whatever,
but
like
the
core
of
this
work?
That
is
like
how
the
law
is
structured,
how
proofs
are
generated?
Who
audits
the
log
all
that
stuff?
I
Is
it
to
my
understanding
like
highly
similar
to
what's
being
developed
in
in
KT
Katie.
D
I
think
that's.
The
crucial
difference
is
that
I
I
would
be
inclined
to
agree
with
you
and
the
reason
we
started
this
thread
is
that
for
a
great
many
use
cases,
the
writer
answer
just
from
an
efficiency
of
work,
point
of
view,
if
nothing
else
would
be
to
use
skit
and
cozy
Merkel
tree
proofs
to
do
all
this
stuff,
the
pushback
on
that
opinion.
C
D
D
If
a
friend
comes
at
you
and
and
if
they
want
to
solve
those
use
cases,
we
could
expand
our
scope
and
our
on
our
Tech
to
solve
those
use
cases,
but
I
think
we're
not
quite
there
yet,
and
the
the
interesting
question
would
be
whether
they
are
constrained
to
that
or
whether
we
accidentally
get
this
big
overlap
that
we're
talking
about,
but
that
that's
that's,
where
I'm
kind
of
convinced
that
there
is
other
work.
That's
that's
worth
doing,
not
to
say
that
they're,
in
many
cases,
very
overlapping.
D
F
Yeah
I
think
there
is
a
big
difference
there
from
what
I've
seen
and
I
did
did
view
all
those
they
were
great.
It
seems
like
they
do,
have
a
different
problem
at
hand.
At
least
constraints
on.
It
are
different
in
that
they
have
a
much
higher
volume
of
participants
and
we're
probably
looking
at
here
and
those
participants
are
like.
The
the
the
entities
that
are
probably
submitting
to
skit
are
are
less
likely
to
have
any.
F
You
know
problem
with
identifying,
like
they
probably
have
a
domain
name
already
associated
with
them,
for
example,
and
whereas
just
people
messaging
each
other
or
something
don't
really
have
that
they
might
have
an
email,
something
less
significant.
So
so
I
think
that
those
constraints
are
different
enough,
such
that,
if
I
were
making
a
call
myself
with
no
one
in
the
room.
F
I
would
say
that
that
if
we
try
to
overlap
with
what
they're
doing,
then
we're
going
to
get
ourselves
with
a
lot
of
features
that
we
don't
need
and
features
that
they
that
we
need
that
they
don't
have
so
so.
I
think
that
that
I
would
not
push
for
for
trying
to.
But
I
think
we
should
still
be
very,
very
cognizant
of
what
they're
doing
and
and
what
the
issues
are,
that
they're,
seeing
making
sure
that
those
are
dealt
with
on
our
site.
F
A
A
To
discuss
this,
rather
than
sort
of
use,
sort
of
like
second-hand
information
on
on
what
they
are
trying
to
accomplish,
what
the
similarities
and
the
differences
are
keep
doing.
That.
A
E
Thank
you,
honest,
yeah,
I
think
we
need
to
also
keep
in
mind
that
this.
This
is
not
a
green
field
opportunity.
There
is
a
fairly
large
supply
chain
implementation,
that's
underway
that
that's
existed
for
you
know
a
few
years
you
know
things
like
signed
software
products
and
so
on
and
so
forth.
So
whatever
we
do
here,
hopefully
it
will
be
Center.
You
know,
synergistic
with.
What's
out
there
already
I!
E
Think
that's
going
to
be
important
to
adoption
of
skit
is
that
we
can
accommodate
the
practices
that
are
already
being
used,
but
we're
adding
some
value
that
people
will
will
find
useful
like
the
authenticity
and
integrity,
verification
components
that
will
help
bring
that
trust
to
the
to
the
public,
so
that
they
can
check
this
registry
or
transparency
service
to
see
if
a
piece
of
software
is
indeed
really
trustworthy.
Thanks.
A
J
A
Yeah,
certainly,
okay,
let's
switch
sort
of
back
to
to
the
agenda,
namely,
let's
give
Hank
briefly
a
chance
to
talk
about
the.
I
B
C
A
commuter
is
the
abbreviation
for
concise,
Merkel
tree
proofs.
There
are
two
types
of
them,
but
I'm
not
going
into
the
details
here.
So
we
were
why?
What
are
we
doing
here?
We
are
standardizing
two
tiny
fragments.
One
of
them
is
about
the
sign
statements.
It's
what
the
issuer
the
supply
chain
entity
emits
as
the
as
the
actual
statement
about
the
supply
chain.
C
That
is
the
sign
statement,
and
then
we
use
the
transparency
service
to
to
give
some
additional
assurances.
That's
what
the
transparent
statement
then
is,
and
that's
basically,
the
sign
statement
plus
the
receipt
and
the
receipt
is
the
other
tiny
thing
that
the
standardizing
here,
and
so
therefore
it
is
too
cozy
using
envelopes.
The
science
team
is
rather
straightforward.
I'm
not
going
into
details
about
that.
The
receipt
needs
to
include
information
about
the
trees
used.
There
is
not
just
one
tree
out
there.
C
There
are
different
flavors
of
ash
trees.
There
are
balanced,
they
are
small,
they
are
labeled,
they
are
a
lot
of
again
mechanisms
and
metadata.
You
can
add
to
that.
There
are
consistency,
proofs
and
inclusion
proofs
and
such
so.
What
are
we
doing
here?
We
are
going
overloading
a
a
receipt
that
is
just
for
skit.
C
Then
we
decided
to
cut
it
into
halves
if
we
go
to
the
Cozy
world
and
make
a
generic
Mercury
proof
document
there
that
already
exists,
and
then
I
wanted
to
profile
that,
for
example,
foskit
trying
to
do
that
we
realized.
Now.
That
is
a
lot
of
things.
We
overload
this
document
with
also
we
are
already
initially
overloading
it
with
a
cherry-picked
algorithms
that
might
be
a
little
bit
too
much
and
it
actually
might
be
contested
somehow
under
question,
and
so
so
I
think
we're
diving
that
back
I.
C
Think
Ari
is
the
leader
of
this
document
and
you
can
add
something
from
this
point
of
view
after
I'm
I'm
done
with
this.
So
what
we
did
is
we.
We
decided
to
use
the
one
algorithm
as
a
hash
algorithm
for
trees
that
is
already
known
in
the
iitf,
and
that
is
for
certificate
transparency
that
is
already
an
RFC,
and
so
when
you
want
to
enumerate
algorithms
for
trees,
we
just
start
with
the
one
that
is
well
known
in
the
ITF,
make
a
cozy
structure
for
that.
C
That
is
basically
the
basis
for
all
the
other
things
and
the
receipt
and
and
we're
not
only
doing
that
I
think
it's
it's
a
good
current
practice
at
the
moment
to
to
start
a
base
document
and
immediately
a
profile
for
it.
So
you
understand
that
we
had
looking
at
the
second
document
how
to
profile
the
base
document.
The
base
document
comes
with
a
very
known
algorithm
and
the
profile
document
will
come
with
a
not
so
well
known,
algorithmet's,
also
popular
and
I.
C
Think
it's
CCF,
depending
on
the
author's
decision
and
so
going
from
there.
We
now
have
the
agreement
I
think
internally
how
to
proceed
with
this.
We
are
doing
a
cozy
document
that
is
still
the
concise
Mercury
proofs,
with
just
a
single
algorithm
from
CT
that
is
well
known,
establishing
the
registry
and
immediately
in
parallel
having
a
profiling
document
for
the
base
document,
says
how
to
add
other
algorithms
to
the
registry
and
how
to
describe
the
extensions
to
the
structure
that
is
used
in
sibo
here
so
I
think
that's
the
current
Way
Forward.
C
It
took
a
while
to
find
our
sweet
spot
here.
To
be
honest,
especially
with
the
Chun
and
involves
stakeholders,
and
especially
with
a
lot
of
inputs
here,
I
think
that's
that's
the
way
we
want
to
do
it
right
now
and
that's
why
I'm
highlighting
this
again.
This
is
not
about
the
science
statements
about
the
receipt
structure,
we're
doing
cozy
first
CT
first
and
the
Pro
5
CCF,
probably
in
parallel,
and
therefore
we
should
have
a
good
basis.
C
Open
items
are
registration
policies
at
the
time
of
creation
of
the
C
because
they
can
alter
the
believability
of
receipt
and
einsight.
So
a
receipt
might
might
need
a
link
back
to
the
registration
policy
enforce
at
the
point
of
creation
of
receipts,
to
understand
who
was
allowed
to
put
a
sign
statement
into
the
service
at
the
time.
C
So
that
is
an
thing
and
of
course
we
want
to
reference
statements
between
services
at
some
point,
so
we
have
to
reference
those
early
feedback
from
Russ
like
we
have
to
identify
the
service
the
receipt
is
created
by
is
an
optional
and
relatively
easy
to
fix
thing.
C
That's
already
included
today,
yeah,
that's
basically
my
report
and
maybe
already
has
some
additional
items
for
this,
but
I
think
that's,
basically
the
summary
of
where
we're
at
so
yeah
a
little
bit
under
the
cover
Sean
but
I
think
the
solution
we
came
up
with
is
pretty
straightforward.
Now.
C
A
Latest
version
of
the
document
which
I
put
into
the
meeting
minutes
so
in
case
you
guys
want
to
catch
up,
the
profile
document
is
I
assume.
C
Exactly
it's
not
there
yet,
unfortunately,
I
I
was
I
was
counting
on
it
a
little
bit,
but
unfortunately
as
availability,
always
as
far
as
we
are
probably
going
to
do
it.
This
week
we
are
agreed
on
the
file
name.
We
agreed
on
content
and
I
think
we
have
to
move
on
the
pull
request.
It
exists
on
the
links
that
already
probably
shared
I'm
checking
this.
E
C
C
A
J
J
A
prototype
implementation
and
it
follows
the
latest
pull
requests
on
the
draft
and
it
defines
cozy
representation
of
assigned
inclusion,
proof
and
a
cozy
representation
of
a
signed
consistency.
Proof
and
those
are
the
two
proof
types
that
RFC
9162
defines
which
is
RFC.
9162
is
the
certificate
transparency
RFC,
which
defines
the
minimal
consistency
proof
for
our
binary
Merkle
tree.
So
there's
good
reason
to
implement
that
particular
algorithm,
because
it's
you
know,
provably
the
smallest
consistency
proof
for
an
append,
Only
log.
That's
it.
A
So
this
is
something
at
least
your
prototype
is
something
that
we
could
play
around
with
at
the
hackathon.
J
Yeah
I
think
the
pull
requests
have
links
to
the
source
code
behind
it
and
the
demo
is
up
on
skit.xyz.
The
demo
is
a
little
hard
to
understand
because
it
uses
detached
signatures
and
say
you
have
to
juggle
many
files,
but
the
demo
implements
the
draft
pull
requests
that
are
up.
A
A
C
Or
broken,
or
at
least
so
we're
back
at
square
one,
at
least
from
my
point
of
view
here.
D
G
D
Thank
you,
okay,
so
just
walking
down
the
list
we
did
triage
these
a
while
ago.
Do
we
want
to
just
go
down
the
117.
A
Well,
we
did
start
with
the
first
one,
and
then
we
had
a
lot
of
discussion
on
this
one
and
and
I
think
that
was
good.
The
second
one
Hank
you
apparently
have
been
assigned
to
do
this
one
is.
H
B
C
I
not
entirely
sure
to
be
honest,
I
I
think
that
the
at
the
moment
the
text
is
clear.
C
It
is
kind
of
inline.
Ray
has
its
opinion
here,
but
I
think
I
can.
If
you
would
like,
if
there's
agreement
on
this,
if
there's
a
yes
give
us
a
proposal,
I
can
do
a
PR
on
the
definition
of
a
pen,
Only
log,
that's
pretty
concise.
I
can
run
it
with
Ray
reviews.
Okay
with
that
and
some
other
initially
I,
don't
know
early
Alpha
testers
for
the
text,
and
then
we
can
go
from
there.
If
you
want
this,
I
I,
don't
think
it's
a
blocker.
C
So
so
it's
not
super
urgent,
but
maybe
it's
useful
for
anybody
who
wants
to
point
at
these
documents
and
give
somebody
an
understanding
what
an
append
Only
log
term
means
here.
G
C
Yeah
I'm,
just
taking
the
action
item
just
to
get
more
movement
I
think
I
can
do
one
task
per
week,
at
least
so
that
would
be
one
task
and
it's
not
a
big
one.
Yeah.
A
Let
me
note
that
in
the
meeting
minutes
that
you
are
going
to
take
this.
F
Yeah,
it's
okay
with
me:
I'll!
Try
to
put
that
cover
that
in
that
number
seven
I
think
it
was
that
I'll
work
on
thanks.
C
Writing
the
stone
shall
I
include
some
examples.
So,
of
course
a
history
is
an
example.
It's
pretty
obvious,
but
Ray
should
we
talk
maybe
offline
about
another
example.
It's
definitely
not
in
history
or
something
like
that.
For
your
point
of
view
sake.
C
They
take
this
offline
I'm
not
trying
to
install
this.
That's
the
disgusting
of
London.
A
And
I
think
this
is
ori's
issue.
D
Yeah
and
I
think
it's
it's
very
relevant
because
we
want
to
have
registration
policies
as
the
sort
of
main
hackathon
thing.
So.
J
J
F
So
by
policy
identifiers,
maybe
we
can
look
at
that
one
and
just
make
sure
we
understand
what
it
is
this
effectively
names
or
links,
if
you
will
to
stuff
in
the
append
Only
log
like
how
we,
how
we
refer
back
into
the
log,
is
that
what
this
is.
K
My
remembrance
of
this
is
that
even
the
configuration
changes
need
to
be
recorded
and
generate
a
receipt
onto
the
append
Only
log,
so
we
know
that
it's
there.
The
real
question
was
any
other
receipts
generated,
needs
to
be
able
to
point
at
what
the
registration
policy
they
were
acting
on
at
the
time-
and
this
is
what
this
discussion
was
about.
A
C
So
foreign
would
be
nice
if
two
different
transparency
servers
would
immediately
by
by
Design,
understand
what
to
look
at
and
how
to
resolve
it,
and,
and
so
so
that
that's
I
think
one
one
of
the
aspects
here.
Of
course,
it
would
be
nice
to
have
a
a
standard
way
to
to
resolve
the
policy
and,
as
Ray
already
sorry
as
foreign.
C
Assertions
in
the
in
your
own
tree,
so
so
the
registration
policy
of
the
tree
can
be
stashed
in
the
tree
and
there
will
be
a
specific,
very
known,
feed,
for
example,
inside
HV,
and
that
the
the
the
pointer
back
to
these
policies
could
be
standardized
in
that
way
to
to
have
a
well-known
feat,
so
to
speak.
That
has
always
to
exist
in
a
transparency
service,
so
that's
maintained
a
history,
and
that
is
the
decision
to
be
made.
I
think
that
is
an
excellent
Way
Forward,
but
I'm
not
sure
if
everybody
agrees.
C
So
that
is
basically
the
topic.
Do
we
want
to
have
well-known
Feats
for
certain
things
and
just
to
give
another
example,
the
trustworthiness
of
a
processing
node
in
a
tree
called
stash.
It's
Red's
things
in
a
tree,
basically
about
frustrating
is
right,
so
so
there
could
be
a
few,
a
limited
number
of
of
feeds
that
we
would
support
and
are
mandatory
to
implement
for
certain
assertions
about
the
the
three
service
itself.
The
transparency
service
itself,
and
one
of
them
is
definitely
the
registration
policy.
C
One
other
thing
for
future
Edition
could
be
attestation
results
from
rights,
for
example.
So
so
there's
a
lot
of
use
for
that
and
maybe
it's
a
fundamental
principle
and
I
think
that's
that's
a
thing
to
to
decide
yes
or
no
on
in
the
working
group.
E
Thank
you,
harness
yeah
I.
One
thing:
that's
really
important
from
a
consumer
standpoint
is
the
ability
to
you,
know,
verify
and
validate
these
identities
and,
of
course,
the
ability
to
do
that.
I
think
skit
has
a
role
in
part
of
that,
but
it's
it's
not
alone.
It's
not
the
only
party.
That's
involved,
for
example,
using
an
x.509
certificate.
E
You
know,
as
a
consumer
I
want
to
know
two
things
is
that
an
is
that
an
authentic
entity,
an
identity
and
is
it
still
valid
and
that's
still
valid
part
is
important,
because
these
these
certificates
can
be
invalidated
because
of
many
reasons
they
can
be
found
to
have
been
used
to
sign
malware
and
they
can
be
invalidated.
So
these
are
important
aspects
that
I
don't
think.
Skit
is
going
to
be
able
to
maintain
a
constant
update
on
validity,
I
think
that
has
to
come
from
another
party
who's
monitoring
for
for
those
valid
certificates.
Thanks.
A
K
Yeah,
that's
a
dick.
The
problem
becomes
the
time
validity
of
certificates
is,
is
a
problem
so
being
able
to
do
that?
Forevermore
is
impossible
at
the
current
fix,
509
capabilities.
The
whole
point
of
the
notarization
is
to
basically
say
at
the
point
in
time
the
evidence
was
received.
Here's
what
the
state
of
that
identity
was,
and
that
is
your
longer
term
ability
to
audit
the
signature.
Yes,
you
basically
need
to
be
able
to
know
the
identity
of
who
signed
it,
but
the
ability
to
check
it
is
limited
to
a
very
finite
window.
K
The
statement
that
it
got
it
revoked
at
some
point
is
why
we
get
into
the
discussions
of
endorsements
and
claims
saying
hey.
This
has
been
revoked
as
a
product
with
a
negative
endorsement.
Backfills
this
whole
conversation
I
think
you
we
need
to
get
out
of
Simply
using
x509.
Revocation
as
a
way
is
the
only
way
to
invalidate
things
it
just
doesn't
flow.
It
doesn't
work
past
a
finite
window
of
two
years.
K
Well,
that
better
alternative
is,
is
basically
that
you
kind
of
need
to
know
that
there's
a
number
of
problems
with
individual
signatures.
Is
you
now
have
to
push
out
a
new
set
of
trusted
roots
from
across
the
world
and
I?
Don't
think
we
want
300
more
Roots
being
sent
around
as
here's
how
you
here's
trusted,
Cas
and
so
forth.
Yeah.
H
So
so
on
Dick's
thing
if
I
may
interpret
their
dick
for
you,
you
first
said
this
is
a
you
know.
This
is
something
that
we
have
to
work
into
the
existing
infrastructure
and
for
that
reason,
I
think
he's
right.
You
have
to
have
some
way
of
bridging
to
certificates,
while
understanding,
obviously
the
drawbacks
that
Roy
mentioned
here
so
yeah
so
I
think
that's
that's
a
good
question.
H
I
have
my
hand
up
for
a
while,
so
I
wanted
to
just
jump
in
here
and
the
the
topic
I
wanted
to
discuss.
Was
you
know
the
policy
piece
besides?
If
there's
a
policy
right,
the
way
we've
kind
of
architected.
This
thing
is
that
it's
supposed
to
be
somewhat
administrator
independent,
even
though
in
reality
it's
probably
going
to
be
trusted
third
party
most
of
the
time
implementing
it,
but
who
is
in
charge
of,
for
example,
stating
you
can
only
use
spdx
and
one.
K
K
H
Don't
agree
and
I
guess,
but
I
do
think
there
is
a.
There
is
a
missing
piece
here.
It's
kind
of
a
vacuum
on
who
gets
to
talk
about
policy,
because
otherwise,
if
it
is
in
fact
a
you
know,
administrative
independent
architecture,
you
could
end
up
having
policies
in
there
from
all
kinds
of
untrusted
sources,
and
then
everyone
would
have
to
evaluate
the
policy
for
its
trustworthiness
independently.
H
H
Yeah
yeah
start
building
up
a
thread
and
things
get
to
be
a
pretty
complicated
weave.
K
The
the
trick
here
to
understand
is:
if
we
do
it
whatever
way,
we
we
pick
here
either
it's
by
the
receipt
of
the
policy,
we're
pushing
that
as
a
requirement
for
anything
on
top
that
has
to
support
search
right.
So
there
is
some
ripple
effect
of
how
we
encode
this
putting
on
the
outer
system
as
to
what
basic
search
requirements
we
kind
of
need.
H
Is
there
a
need
for
an
instantiation
rule
setting
preparation
to
build
this
kit?
I,
don't
think
that's
been
called
out
anywhere
in
architecture.
H
K
H
There's
probably
other
things
too
so
so
there
might
be
like
an
initiation
architecture,
initiation
step.
You
have
to
go
through
when
you're
starting
a
skit
and
then
I
think
in
that
section
we
should
probably
State
what
the
various
parameters
are
that
you
need
to
decide
on
before
you
set
this
up.
H
A
I,
don't
think
this
is
the
only
one
there's
a
few
others.
Yeah
I
want
to
I
think
the
issue
lacks
a
little
bit
of
clarity
on
what
we
are
trying
to
do
with
which
document
like.
A
For
that
policy
would
be
helpful
to
do
so,
but
that's
not
what
this
the
text
on
the
screen
says
so
so
I
don't
know,
maybe
it
it
needs
some
more
text
to
to
clarify
what.
H
Chat
seems
orthogonal
to
that
conversation.
I
guess
yeah
I
have
no
problem
with
either
way
of
talking
about
it,
but
we
should
probably
settle
on
one
is
policy
in
or
out
for
skit
I
guess.
That's
the
main
question.
A
H
A
This
is
abortion
and
we
tried
to
get
some
other
things
done
first
and
then
we
it's
actually
this
one.
A
A
Two
more
minutes
left,
so
it's
that's.
C
Really
quick,
so
personally,
my
personal
point
of
view
is
that
we
need
to
provide
the
in
in
in
data
formats
speak.
We
need
to
provide
the
place
for
the
very
to
put
the
pointer
through
policy
too.
Yes,
I
think
that
that's
that's
pretty
mandatory.
If
there's
other
opinions
about
this,
please
say
so
on
the
list
or
here
I
think
that's
highly
important
because
you
have
to
detect
if
that
pointer
changes
that
could
be
a
buy
compute
right.
So
you
can
just
have
like
four
ages,
the
same
pointer
and
suddenly
changes.
C
Then
you
have
to
understand
what's
pointing
to
now
right,
so
this
indication
of
change
of
policy
that
might
impact
your
trust
in
the
service,
it's
highly
important
to
Consumers
of
the
receipt,
and
that
is
why
it
should
be
indicated
already
in
the
receipt
blessing
and
and
and
how
to
deal
with
it.
That
is
a
more
complicated
question
right
to
resolve
it.
Do
we
do
degree
standard
ways
to
represent
it?
I
don't
know
so
so,
but
I
think
the
the
place
has
to
be
there.
I
think
that's
it.
B
C
A
Of
you
to
get
this
moving
forward
off
list
and
then
to
have
prepared
a
discussion
for
next
week.
H
Very
good
is
that,
did
you
did
you
give
the
one
to
me
then.
A
A
To
to
check,
with
all
of
you
to
actually
prepare
a
little
bit
more
structure
on
this
issue
for
next
week's
discussions
to
make
some
progress
on
yeah.
D
A
look
at
it
for
sure
thanks,
there's
a
bunch
of
connected
issues
around
registration
policy
I
think
we
should
bundle
them
up
and
make
them
the
agenda
for
next
week,
rather
than
knocking
off
a
little
slice
at
a
time.