►
From YouTube: RATS WG Interim Meeting, 2020-02-05
Description
RATS WG Interim Meeting, 2020-02-05
A
D
A
A
A
B
E
So
brilliantly
about
the
design
team,
I
posted
a
new
document
yesterday
on
the
disk
should
be
quite
useful,
who
is
it
Ben
and
I?
I
feel
I
miss
one
or
two
people
on
this
list:
Dave
Taylor,
Frank,
Williams,
Hank,
Thomas,
Monty,
Ned,
Eric
and
I'm
sure
I
miss
one
person
here
yourself
myself,
that's
true,
myself
is
in
the
list
and
I
think
there's
somebody
else
that
I've
missed
that's
probably
really
loud
and
I
forgot.
It
wasn't
official
out,
so
we've
been
meeting
Tuesdays
at
10:00
a.m.
est.
E
So
yesterday
we
had
a
meeting
read
about
eight
meetings
from
ViCAP
106,
eight
open
issues.
Still
too
close,
we
had
twenty
one.
Twenty
three
poll
requests
who
are
still
open,
so
most
of
the
meeting
has
been
spent
going
through
the
suggested
text.
Someone
has
proposed
and
a
lot
of
heavy
bashing
and
a
lot
of
going
around,
who
wouldn't
say
in
useless
circles,
but
sometimes
it
seems
like
circles
about
a
precise
meanings
of
word
and
I.
E
Think
that
that's
a
little
bit,
what
we're
that's,
where
our
goal
is
to
nail
things
down,
I
feel
that
we're
making
a
lot
of
progress
and
we
have
I
think
a
very
consensus
process
going
forward.
So
there
the
URL
I,
could
paste
it
into
the
chat.
Even
that
has
a
dip
major
thing
since
version
oo,
which
was
a
very
skeleton
as
we've
added
a
composite
to
tester
concept.
E
So
the
idea
that
you
have
either
a
chassis
with
a
bunch
of
blind
cards
you
want
to
tattoo,
or
in
some
cases
you
may
have
an
Android
or
other
mobile
device
that
has
some
additional
processors
or
even
in
clays,
or
something
like
this
that
will
attest
around
for
each
other.
We
filled
in
a
lot
of
the
conceptual
messages.
Passport
background
check
models,
this
kind
of
thing
and
we
added
a
bunch
of
diagram,
we're
currently
discussing
third
sliced
over.
Do
we
still
have
a
Center
for
the
discussion
of
the
terminology.
E
There
may
be
some
additional
additions
that
we
make,
but
we're
trying
to
keep
it
fairly
tight.
They
have
an
introduction
that
we
need
to
write
and
probably
we'll
just
take
text
from
one
of
the
other
drafts
that
is
proposed.
We
can
group
still
need
to
decide
if
they
want
in
these
cases
in
this
document
and
this,
oh,
you
want
some
of
them
all
of
them.
How
many
of
what
level
of
detail
so
we
haven't
had
any
communication.
E
We
have
some
text
coming
odd,
which
is
on
the
essentials
and
called
the
layered
approach
to
an
attestation
and
this
which
should
be
recognizable
to
many
who
are
familiar
with
security
and
just
to
see
and
how
that
that
kind
of
process
works,
and
so
that
text
will
probably
fight
in
the
next
week
or
two
based
upon
the
rate
that
we're
going.
I
expect
us
to
have
a
document
that
could
see
work
in
group
last
called
by
IETF
or
perhaps
just
finishing
one
or
two,
please
add
IES,
and
that's
really
it
I
guess.
F
G
E
Yeah,
so
we
already
have
in
the
UC
a
document
we
already
have
that
in
these
case
we
also
have
the
fact
that
that
the
teeth
in
case
is
fact
a
hybrid
of
background
and
passports.
Check
mechanisms
are
topologies,
but
that's
actually
one
of
the
driving
factors
for
some
of
the
documents
they're
armed
as
to
how
to
suit
precisely
connect
into
it.
I.
E
Don't
think
that
we
have
anything
specific
to
say
at
this
point,
but
I
guess
if
there
is
and
I'm
not
sure
that
there
is
a
direct
connection,
I
think
it's
a
connections
through
teeth,
as
a
use
case,
fatigue
that
student
to
the
roots
we
use
case
for
teeth
and
that
teeth
is
a
new
state
for
rats.
I,
don't
think
we
have
a
direct
connection
to
Justin
too
much
I,
don't
understand
what.
A
H
D
E
H
G
H
H
In
rats
because
I
think
you're
commenting
on
you
know
the
Michael's
presentation,
which
you
may
not
be
able
to
see
right
now,
but
he
said
you
know,
the
working
group
needs
to
decide
if
they
want
use
cases
in
the
architecture
documented,
so
all
of
them.
How
many?
What
level
of
detail
I
think
you're
answering
that
you
certainly
want
the
teep
use
case
covered
in
there
when
you're
asking
about
the
relationship
to
suit,
and
should
that
be
in
the
level
of
detail.
That's
in
the
rats
architecture
document.
H
H
C
And
I
think
one
thing
needs
to
be
clear
if
it's
specified,
because
on
the
list,
some
were
inferring
that
we
could
just
use
the
suit
manifest,
but
there
are
other
manifests
that
are
widely
adopted
for
software
update
for
larger
systems
like
I,
can't
see
Dell
adopting
the
suit
manifest
because
we
already
have
stuff.
We
use-
that's
well
adopted
elsewhere
right,
but
we
want
to
do
other
things.
J
Exactly
so,
but
but
you
bought
it,
but
what
I
do
is
either
have
a
trustworthy
source,
respect
those
packages
or
you
can
do
remediation
with
them
and
remediation
is
one
of
the
goals
is
working
towards,
but
it's
not
having
it
go.
So
the
remediation
action
could
be
the
sentence
that
we
have.
Some
variant
action
may
be
or
somewhere
else
near
there.
That
says,
and
soot
has
some
redeeming
capabilities
due
to
updating
complete
bundles
or
software
yeah.
C
F
G
C
A
Okay,
come
on.
D
Sorry
this
is
rich,
my
keys
Mike
said
Oh
we'll
be
done,
and
then
we
can
go
to
working
group
last
call
and
I
think
that's
inappropriate
to
go
right
from
a
design
team.
That's
been
working
for
weeks
directly
to
last
call.
It
should
sit
in
the
working
group
for
some
number
of
weeks.
B
E
I
agree
with
you
we're
going
to
come
back,
so
we
can
group
regularly
so
that
nothing
is
to
surprise
but
I
guess
we've
also
been
told
to
get
it
done.
So
you
know
if
the
working
group
chairs
want
to
have
a
six-week
last
call
or
whatever
they
want
to
do
whatever
whatever
seat
is
appropriate,
is
up
to
you
chote,
louder,
I,
guess,
okay,.
B
So
so
the
question
Michael
is
one:
does
the
team
believe
they
can
have
a
draft
ready?
You
said
around
the
time
of
IETF
one
of
seven,
but
it
would
be,
but
if
you
had
something
at
least
a
week
or
two,
preferably
two
or
more,
which
is
about
now
to
give
the
reviewers
or
the
participants
a
chance
to
review
so
that
we
could
have
the
question
at
the
IETF
1:07
whether
the.
E
Global
uses,
it
I
believe
it
levy.
The
draft
cutoff
date
is
March,
9,
yes,
and
so
that's
in
four
weeks
without
and
we
have
a
hackathon
in
two
weeks,
I.
Imagine
that
for
those
of
us
are
there
and
we
will
make
some
significant
in-person
progress
on
any
ups,
any
issues
that
we
have
so
awkward
ideas,
that
is
a
draft,
will
can
call
it
feature
complete
in
about
a
week,
and
then
that
leaves
about
two
weeks
for
debugging.
If
you
want
to
take
my
software
model
at
this
point,
it's
not
feature
complete.
E
We
have
some
questions
about
whether
we
should
have
certain
features
or
not,
and
so
we're
very
much
looking
for
the
wiki
feedback
on
that
and
I
guess
we'll
make
a
decision.
If
you
don't
have,
we
don't
clearly
hear
real,
clearly
hear
an
answer
and
I
have
I
I
will
actually
post
some
emails
to
start
see
some
discussions
on
some
of
these
questions,
but
they'll
still,
you
have
to
wait
for
me.
B
B
J
I
I
You
know
we
don't
have
to
close
the
issues.
We
can
just
want
to
make
sure
I'm
up
for
up
front
with
the
process
here,
some
okay,
so
on
UID
size,
discussion,
I
think
it
was
Montreal
and
someone
pointed
out
I
wasn't
paying
paying
attention
to
the
birthday
problem.
So
now
I
am
and
have
done
some
math
and
some
thinking
about
how
big
you
want
you
Eid
should
be.
This
is
for
the
you
Eid
that
is
based
on
a
random
number,
not
the
you
Eid,
that's
based
on
like
an
IMEI.
A
I
Any
of
these
other
schemes,
so
first
I,
want
to
point
out
that
you,
a
ID
sizing,
is
not
the
same
as
for
IP
addresses
because
they're
they
can
never
be
reassigned
or
reused
over
time
space.
The
devices
might
not
be
IP
connected,
and
you
know
we
expect
them
to
be
very
large
data
databases
of
IOT
devices
in
n,
IMT
backends,
so
I
considered
three
use
cases
or
three
or
three
scenarios,
one
where
we
have
10
billion
people
each
device.
I
Each
person
has
a
hundred
devices
and
that's
because
this
might
be
light
bulbs
and
motors
and
parts
of
cars
and
parts
of
refrigerators,
parts
of
public
infrastructure
like
traffic
lights
and
parts
of
the
factory
that
they
work
at
or
the
office
they
work
at
and
so
on.
So
100
actually
is
maybe
small
in
that
in
that
way,
100
over
their
lifespan
or
concurrently,
I
didn't
think
about
that
and.
I
I
The
next
scenario-
okay,
we
bumped
that
to
a
hundred
thousand
devices
per
person.
Now
we've
got
a
database
of
1
quadrillion
device
at
1,
quadrillion
and
then
128
128
bits
is
seems
marginal
for
that
this
is
kind
of
the
edge
of
what
I
think
we
could.
You
know
from
what
we
can
imagine
today,
the
third
case
where
we've
upped
it
to
a
hundred
billion
people
and
maybe
because
maybe
work
I,
don't
know
tagging
on
all
mammals
or
something
and
a
million
devices
per
person.
I
I
That's
a
just
to
test
the
bounds
there.
So
another
use
case
there,
so
that
would
need
192
bits
at
least
is.
I
Yes,
so
there's
an
appendix
I'll
show
you
to
show
you
that
calculation
in
a
minute
but
I,
think
our
options
are.
We
can
just
we
can
say
it's
128
bits
which
is
kind
of
what
like
goo.
It's
dot
do
and
we
never
expand
to
that.
Beyond
that
we
can
say
it's
128
bits
now,
but
you
should
anybody.
That's
receding
that
you
should
allow
for
256
bits
or
we
can
just
go
straight
to
256
bits,
so
the
center
of
gravity
seems
to
be
on
around
option
2.
I
I
So
these
two
columns
here
the
subsystems
in
proportion
basically
cancel
out
so
then
I
did
the
probability
calculation
based
on
the
birthday
attack
for
for
one
database
of
those
so
2
times,
10
to
the
minus
15
for
128
bits
and
trillion
records.
That
seems
okay,
10
to
the
minus
9
for
quadrillion,
since
marginal
and
one
in
10,000,
I
think
one
in
50,000
or
ten
quadrillion
is
clearly
a
problem.
I
I
So
you
know
these
numbers
are
very
pessimistic,
so
yeah
you
say:
well,
ok,
you
calculated
at
8
seconds,
but
that's
a
really
a
worst-case,
so
it's
maybe
more
like
10
days
or
something
like
that.
But
anyway
this
is.
That
was
where
you
know.
It's
really
trying
to
get
to
pin
this
down
to
a
number
for
this
active
database.
I.
Don't.
I
H
So
I
want
to
ask
about
the
birthday
problem
and
the
database
and
I
don't
know
if
this
is
arguing
that
number
one
is
an
option
more
than
you
thought
it
was
or
what.
But
the
question
is
you're,
assuming
that
a
collision
happens
whenever
the
ID
is
the
same,
what
I'm
going
to
ask
is:
is
that
really
the
collision
or
is
the
collision
only
if
the
ID
is
the
same
and
it
is
signed
by
the
same
entity.
I
H
H
H
H
H
I
D
H
I
They
should
have
the
appropriate
amount
of
entropy
in
them,
but
I
mean
you
could
be
compliant,
probably
with
the
EU
I'd
expect
by
doing
that,
just
taking
the
the
hashes
any
key
and
a
gooood
and
asking
those
together
to
produce
honor
plenty
of
fits,
that's
probably
compliant
with
what
is
being
asked
of
EU
IDs.
So
the.
H
E
H
E
I
I
H
Don't
agree
with
that
because
those
may
be
subsystems
and
the
companion,
the
composite
evidence
or
subsystems
in
a
layered
one
where
they
do
have
a
relationship
between
them.
So
ten
layers
of
feeling,
sorry
or
a
tree
of
things
of
you
know
three
layers
with
various
leaves,
and
so
it's
not
just
a
chain
it's
a
tree,
so
they
can
absolutely
be
a
relationship
between
them
but
you're
right.
There
can
be
keys
that
are
different,
but
Michael
is
right
that
you
gotta
put
the
keys
in
that
in
the
evidence
anyway,
in
different
claim
sets.
A
F
H
I
And
so
yeah
I
think
we're
probably
enough
to
take
this
to
the
list.
There's
some
back
and
forth
discussion,
because
the
the
clear
intent
of
au
Eid
here
was.
It
is
the
sole
thing
you
need
to
uniquely
identify
the
device
in
the
world
and
if
you
want
that
identification
to
be
based
on
more
than
one
claim,
some
combination
of
claims
or
characteristics
or
pieces
of
the
eat,
then
I've
gotta
go
back
to
the
drawing
board
on
this.
D
D
A
A
I
Very
clear
intent
of
you
Eid
is
it
is
the
sole
claim
that
identifies
the
device
uniquely
and
what
I
see
what
I'm
hearing
everybody
say
is.
No,
we
don't
want
that.
We
want
the
uniqueness
of
the
device
to
be
identified
by
a
combination
of
claims
and
some
sort
of
a
good
thing.
It's
not
a
you.
Eid
is
one
of
them.
H
You
are
tiny
to
constrain
for
constrained
IOT
devices.
A
smaller
number
of
bits
is
better,
especially
if
the
problem
is
pretty
speculative,
then
it
so
like
I'm.
Looking
at
your
screen
right
now,
Sierra
likelihood
speculative
right,
putting
a
definitive
cost
in
the
short
term
on
tiny
devices
or
things
that
are
purely
speculative
may
not
be
a
good
trade-off.
That's
when
I'm
pushing
back
on.
E
Listening
to
Dave's
argument,
I'm
now
in
option,
2
and
I
want
to
point
out
that
in
the
Seaboard
structure,
at
least
relatively
easy
to
do,
125th
or
256,
or
some
prime
number
in
between,
if
you
prefer,
and
that
it's
the
complexity
in
dealing
with
this
is
really
on
the
receiver,
which
generally
not
not
as
constrained
so
option.
2
that
120,
the
minimum
that
we
should
allow
for
more
seems
like
a
probably
reasonable.
H
So
Michael,
can
you
elaborate
on
your
probably
so
if
you
have
a
constrained
device,
that
is
a
I
guess,
I'm
going
to
phrase
it
as
a
relying
party.
Let's
say
you
have
a
light
bulb
that
you
want
to
turn
on
and
turn
off
or
perhaps
a
better
example
would
be
I
have
a
door
lock
and
I
only
want
to
allow
it
to
be
locked
or
unlocked
by
something.
That's
attested.
A
H
E
Well,
I'm
not
sure
that
I
accept
your
your
use
case
to
begin
with,
because
I'm
not
sure
that
that
I'm
going
to
do
an
attestation
every
time
I
turn
the
light
on
and
off
or
unlock
our
locked
door.
I
think
that's
going
to
happen
at
some
commissioning
time
and
so
I
think
there's
something
more
complicated
going
on
there.
I
don't
know
sorry.
H
Let
me
rephrase
my
use
case,
but
I
only
want
to
allow
it
to
be
unlocked
by
a
remote
party.
Who's
been
attested
now.
The
other
way
around,
that
is
to
say
well,
the
remote
priority
has
to
go
through
some
verifier
and
along
the
Sun.
As
long
as
it
comes
in
signed
by
the
verifier
is
key:
I
never
pay
attention
to
the
ua.
U
Eid
of
any
sender
right,
it's
not!
Even
in
the
anticipation
result.
I
I
would
tend
to
think
that
that
fax,
what's
going
to
happen.
E
Passport
model
that
I'm
describing
yeah
fair
enough
go
on
okay.
So
if
you
want
to
do
it
the
other
way
around,
then
then
you
know
accept
that
there
may
be
a
cost
in
the
future.
But
that's
why
I'm
saying
I
think
we
could
live
with
128,
but
I'm
pessimistic
about
about
this
and
so
saying
like
well,
okay.
E
So
if
we
live
with
128,
that
means
we
don't
paint
any
network
cost
for
the
extra
extra
byte
now,
but
we
potentially
pay
for
a
code
space
of
requirement
to
be
able
to
approach
that
in
the
teacher
right.
So
that's
where
it
comes
down
to
I.
Think
right,
so
I
think
that's
a
good
point.
Okay,
and
and-
and
my
observation
is
that
code
space
crunches
are
we're
mostly
over
we're
at
the
have
a
couple
megabytes
of
code
in
most
fairly
tiny
devices.
Now
it's
not
sixteen
fourteen,
more
and
so
I.
E
I
So
what
I'm
saying
is.
G
I
like
to
make
it
I'd
like
to
make
an
observation
that
I
think
the
two
the
two
sides
of
this
are
talking
past
each
other.
In
one
respect,
one
of
you
is
talking
about
a
unique
thing
to
uniquely
identify
the
device.
Another
seems
to
be
talking
about
uniquely
identifying
the
claim
or
the
attestation.
So
in.
I
G
I
G
H
I
E
H
I
H
I
Would
be
useful
to
discuss
as
well?
So
let
me
understand
one
thing:
I
did
not
understand
when
wasn't
clear
to
me.
One
way
or
the
other
from
various
people's
points
was
whether
this
set
of
bits
is
standalone,
as
the
identifier
or
it
is
in
combination
with
other
claims,
was
Michael
suggestion
stand
alone
or
in
combination
with
other
claims,
stand.
H
E
I
didn't
I,
didn't
know,
I
exactly
said
that,
but
I
guess
that's
what
option
two
is
yeah.
You
do
125th
now
and
and
yeah
effectively.
The
upper
bits
are
zero.
I
hadn't
thought
whether
the
upper
the
orbit,
but
you
know
yes,
okay,
opera
bits
are
zeros,
and
so
yes,
it's
a
byte
stream.
How
else
would
it
be
encoded
in
seaboard?
I
have
no
idea
telling
them
as
a
byte
stream
so
but
but
I
guess
it
could
be
asked
in
coded
as
an
integer,
but
support
256
bit.
Integers
number.
E
Yes,
the
same
thing
doesn't
matter
right,
so
so
that's
I,
just
thought
I
would
think
it
is,
and
so
look
I
said
if
you
want
to
have
192
I
think
we
shouldn't,
because
at
the
code
space
issue
for
dealing
with
the
audio
receiver,
we
should
have
128
or
256
and
that's
it
and
anything
else
is
an
error
arm
and
and
and
that's
that's
good
enough
to
test
with,
like
you
can
test
those
two
cases
and
it
needs
to
do
that.
Yeah.
H
A
E
Zeros
in
right,
so
if
you're
going
to
burn
128
you've
made
the
decision
to
120,
then
I
think
you're.
Just
fine
and
the
the
you
know
I
going
forward.
We
may
have
a
plane
that
does
you
know
what
we're
switching
to
256
is
and-
and
you
know,
they'll
be
a
mix
for
a
couple
decades
and
whatever
use
is
becoming
very
cheap
or
something
No.
I
J
I
I
I
A
I
Okay,
so
sounds
like
it's
okay
to
merge.
Are
we
okay
that
works,
that.
I
I
What's
in
the
the
current
pull
request
and
kind
of
get
a
bit
of
permission
to
merge,
it
I,
don't
think
it's
perfect
and
I
think
it
will
need
another
go
around,
but
I
think
getting
it
into
a
draft
for
more
wide
review
and
I'm.
Also
getting
the
all
OCD
dl
fixed.
It's
kind
of
key
to
getting
this
e
dl
fixed
is
a
really
useful
thing.
So
I
want
to
point
out
a
few
things
here.
Claims
are
not
inherited.
I
There's
no
inheritance
between
a
module
on
a
sub
module
so
like
in
this
example
I'm
showing
here
or
sub
mods.
The
nonce
is
repeated
for
each
sub
mod
and
like
debug
state
would
be
have
to
be
repeated
for
each
sub
mod.
So
the
the
no
inheritance
character
characteristic
I
live.
Is
you
know
kind
of
in
then
keep
it
simple
category.
I
Maybe
it
will
result
in
some
larger
tokens.
I
didn't
sounds
like
that,
may
be
a
concern,
but
is,
if
we
don't,
if
we
do
inheritance,
then
we
have
to
start
coming
up
with
inheritance
rules
and
they
seemed
scary
to
me.
Try
to
come
up
with
inheritance
rules,
especially
like
through
some
of
these
claims,
are
complicated
and
hard
enough
to
understand
as
they
are.
I
So
that's
one
aspect
of
it.
The
other
is
just
yeah.
So
this
do
a
thing
called
attachment
attachment
describes
how
a
sub-module
is
attached
to
the
attest
er,
so
the
values
can
be,
it's
enumerate,
its
unspecified
in
unspecified
device.
Internal
means
it's
in
the
same
device.
Enclosure,
PCB
internal
means
it's
on
the
same
circuit
board.
Chip
internal
means
it's
on
the
same
on
the
same
chip
is.
I
J
J
F
A
A
E
Nice,
but
how
would
a
chiclet
differ
in
its
connectivity
to
a
chip
and
doesn't
meet
me
described
because
I
guess
the
point
is
going
forward?
We
could
have
ten
different
variations
like
that
and
do
they
is
it
important
I
see
that
the
USB
cable
is
much
much
different
than
it's
in
the
same
chip
in
terms
with
we're
a
north
bank?
What
really
matters
is:
is.
A
How
flexible
the
configuration
is
and
I
think
that
the
point
of
having
a
an
attachment
claim
is
to
try
and
speak
to
the
configurability
of
the
part.
In
other
words,
can
it
change,
but
it's
not
really
called
out
directly
as
that's
what
we're
trying
to
say
here
and
I
threat
is
that
if
it's
changeable,
then
it
could
change
and
we
want
to
be
able
to
recognize
that
it's
a
changeable
thing
or
not
a
changeable
thing.
A
E
A
I
I
wasn't
going
after
mutable
here
at
all,
that's
after
some
sort
of
rough
notion
of
how
easy
it
is
to
attack
so
that
if
you
have
an
ax,
tester
reporting
on
a
target,
that's
you
know
a
little
bit
removed
from
the
target.
How
reliable
is
that
add
a
station
about
that
target
because
it
sort
of
goes
to
how
easy
it
is
for
that
somebody
to
trick
that
a
tester.
H
That's
this
doesn't
really
do
that
I
mean
let's
say
you
have
a
USB
cable
attached
sub-module,
but
it's
all
inside
of
a
great
big
locked
cage.
It
with
you
know
a
foot
of
wet
or
something
like
that.
It's
still
external
to
the
device,
but
it's
very
difficult
to
physically
access,
as
opposed
to
something
that
has
an
enclosure
that
is
not
locked
down
and
is
in
a
public
location
device.
Internal
might
be
even
easier
to
attack
than
the
device
external
all.
I
H
I
That
and
that,
and
that
one
that
you
can't
really
do
anyways,
because
that
would
be
self
claiming
the
only
way
you
do
you
deal
with.
That
would
be
through
some
sort
of
reputational
thing
or
a
certification
program,
and
you
would
have
to
ask
some
sort
of
a
third
party
that
nowhere
near
the
target,
the
ax
tester
like
how
good
is
this?
A
tester
yep.
H
A
It's
a
sign,
sub
module
than
Thursday.
If
a
sub
module
is
in
a
tester,
then
presumably
there
is
a
manufacturer
certificate
about
the
a'
tester,
which
is
like
the
root
of
trust
or
whatever.
That
would
describe
what
it
is
and
how
its
manufactured
and
that
that's
the
same
mechanism
that
we
would
describe
in
terms
of
how
to
lead
a
tester.
But.
H
A
So
the
verifier
has
to
make
these
kinds
of
decisions.
It's
the
manufacturer
can
say
what
it
is.
You
know
this
is
how
it
was
manufactured,
but
the
verifier
has
to
decide
if
that's
attackable
or
not,
and
by
creating
a
claim,
that's
trying
to
capture
those
semantics.
It's
moving.
It's
moving
away
from
the
verifier
dealing
with
it
to
the
implementer
trying
to
specify
that
they
don't
know.
A
A
I
A
A
I
I
So,
let's
put
that
one
aside
for
a
minute
and
I'll
show
you
the
way
I've
set
up
the
sub
months
here,
so
the
the
sub
mods
is
heard
of
it,
so
it
kind
of
appears
as
a
claim
in
the.
In
the
token,
it's
there's
one
label
for
the
map
that
contains
all
the
sub
mods,
so
I
just
say.
My
20
here
is
the
label
for
the
that
for
all
the
sub
mods,
so
I'm
showing
three
sub
mods
here.
I
The
name
is
a
name
for
each
sub
mod,
and
that
is
a
the
label
in
in
the
map
and
in
each
sub.
Mod
itself
is
a
map
that
is
basically
contains
sets
of
claims
if
a
if
you're,
embedding
a
neat
token
inside
another.
A
token
then,
instead
of
having
a
map
here,
you
have
the
e
token
and
you
can
tell
by
looking
at
the
Seaboard
type.
It's
the
board
tag
this
tag.
This
will
be
tagged
to
say
it
is
a
they
either
a
CW
t
or
an
eat.
I
A
I
B
H
H
I
H
I
H
I
Some
more
debug
stuff
and
the
sort
of
guidelines
for
claim
creation,
but
catch
up
with
till
next
time
and
so
I'll
be
producing
a
draft
with
the
sub
mods
and
the
UV
idea
merged
the
sub
mods
less
the
attachment
type
with
those
merged,
and
that
will
probably
be
the
draft
that
goes.
It
goes
for
IETF,
107,
March,.