►
From YouTube: IETF-SCITT-20230109-1600
Description
SCITT meeting session at IETF
2023/01/09 1600
https://datatracker.ietf.org/meeting//proceedings/
A
A
B
A
A
A
C
A
C
A
Are
joining
hey
Roy?
We
need
to
make
sure
that
someone
is
taking
notes
today.
A
A
A
Should
add
their
names
to
the
participant
list
in
the
note-taking
tours
so
because
that's
then
obviously
helps
to
keep
track
of
who's
in
the
call
and
who's.
Not.
Okay,
actually,
is
that
true,
isn't
that
generated
automatically.
A
So
I
guess
we
have
three
minutes
after
the
hour.
Let
me
also
turn
on
audio
hi.
Everyone
saving
bandwidth
again.
A
I
mentioned
on
the
mailing
list.
This
is
obviously
our
first
meeting
this
year
and
great
that
everyone
is
back
from
vacation
and
I
hope
you
had
a
good
holiday
for
those
who
had
a
holiday
and
we
will
continue,
will
be
left
off
last
year
and
again,
I
would
like
to
remind
you
all
that
this
is
a
official
idea
of
working
group
meeting
before
the
the
rules
that
apply,
but
it's
so
that
sense.
It
hasn't
changed
since
last
time,
hey
Ray.
E
A
A
Three
weeks
ago,
I
also
or
two
weeks
so
so
I
I
looked
at
the
Repository
to
see
what
changes
have
been
made.
Since
we
had
our
last
meeting
and
also
we
had
some
email
exchanges
over
the
holidays
regarding
the
use
cases
from
the
six
door,
Group,
which
I
looked
at
and
tried
to
distill
out
what
the
main
sort
of
features
were.
Key
features
were
and
I
posted
that
mail
to
the
list
and
I
want
to
clean
up
the
the
repository
a
little
bit.
A
The
use
case
document
is
getting
in
a
better
and
better
shape.
So
that's
fantastic
I
wanted
to
double
check
whether
the
content,
that
is
there,
both
the
BR
and
the
issues
are
actually
up
to
date
and
and
what
changes
have
been
applied
so
I
think
Hank
you.
You
should
say
a
few
words
about
the
changes
you've
been
making
over
the
last
few
days.
D
D
Yeah,
this
is
my
kid's
fault,
so
I
blame
it
all
the
kids,
so
there's
that
yeah
so
a
use
case
document
not
a
lot
of
changes.
Basically
harness
I
was
addressing
Euro
video
feedback
like.
Why
is
section
two
there
there's
no
content,
isn't
that
kind
of
Superfluous,
so
that's
gone
an
example
in
A,
A
A
Primitive
example
on
one
of
the
consumer
requirements:
I
forgot,
actually,
which
one
it
was,
but
it
was
in
your
review,
another
one.
D
You
were
asking
for
a
such
a
specific
guide
that
I
think
if
you're
crossing
a
line
of
use
cases
and
went
to
Solutions
territory,
so
it
didn't
do
that.
So,
unfortunately,
I
put
a
fixes
issue
into
the
commit
and
therefore
you're
coming
closed.
Although
only
half
the
issue
was
basically
addressed,
so
I
have
to
revive
that
again
it
just
was
force
of
habit,
just
fixes
blah
and
then
proof
it
was
gone,
the
magic
of
GitHub,
and
so
so
that's
the
things
that
I
I
address.
D
Basically
today,
it's
all
about
your
input.
I
think
we
can
address
open
issues.
They
I
appeal
them
like
relate
them
out
of
your
email
and
put
them
into
separate
issues
on
GitHub
and,
and
one
of
them
is
about
the
usage
of
the
term
trust.
So
I
think
that
could
be
a
good
agenda
item
for
today.
D
D
So
now
we
have
two
items
that
is
basically
in
style,
yogish
and
the
rest
of
is
raw,
like
style
Hank,
and
maybe
we
can
take
the
best
of
both
worlds
and
and
mix
that
a
little
bit
so
that
we
can
make
them
look
more
homogeneous
that
which
is
basically
lost
now
also
I
have
only
today.
Just
in
time
he
made
Monty
to
schedule
a
101
to
the
still
the
most
important
things
out
of
his
firmware
use
case,
especially
as
we
have
a
favorite
use
case.
D
You
have
to
separate
the
the
actual.
You
know,
use
cases
yeah
both
are
firmware,
but
they
address
the
different
requirements.
I
think
so
these
are
my
three
items.
The
last
one
was
Monty
is
TVD
I
think
we
will
deal
with
that
offline.
Somehow
these
people
will
find
some
time
I
assume
pending
monthly
availability.
B
Yeah
I'll
always
I
just
got
through
that
saw
that
this
morning
and
I'll
respond
to
you
with
my
times.
This.
D
Week,
yeah
excellent
yeah
for
you.
It's
unfair
I
can't
expect
you
to
reply
until
now.
Basically
so
yeah
I
had
like
I
had
eight
hour
Head
Start,
the.
D
F
Me
figure
that
out
yeah
just
to
add
to
Hank's
comment.
The
template
or
the
kind
of
thing
which
I
was
trying
to
follow,
was
The
Benchmark
I
treated
from
the
document
which
Hannah
said
shared
earlier
in
November
last
year
regarding
the
requirements
and
then
using
the
requirements
to
specifically
identify
the
problems
we
face
in
the
industry
for
taking
a
specific
use
case
in
the
question.
So
it's
not
going
anywhere
in
the
solution
domain
just
to
highlight
the
problem
and
take
the
draw
the
requirements
out
of
it.
D
Yeah,
because
maybe
we'll
have
to
have
a
101,
also
just
to
get
a
a
common
understanding
of
style,
make
a
proposal
here
again
so
that
the
working
group
can
like
it
or
dislike
it.
You
know
thumbs
down,
maybe
I,
don't
know,
then
we
can
some
rough
consensus
about
style
and
have
that
done
and
then
then
just
go
on.
D
D
D
I
think
there's
some
overlap,
but
we
have
to
find
that
out
so
I
think
everybody
who
wants
to
so
dick
Brooks
and
I,
for
example,
very
successfully
had
these
small
work
sessions
for
each
use
case
that
were
very
productive
and
very
fast
forward
and
I
hope
to
do
that,
maybe
with
a
small
participant
group
from
from
six
store
also,
so
we
can
find
the
right
place
like.
Is
this
distinct
enough
or
is
it
its
own
item?
What
do
you
think
like
have
that
it
has
a
hand
so
forth?
I
J
I
Sucks
having
audio
issues
but
I'm
I
work
with
him
on
six
star
in
this
capacity
as
well
and
have
more
time
zone
overlap
with
you,
Hank
so
I'd
be
happy
to
collaborate
on
this
sure
clue.
D
Okay,
Joshua
I
will
playing
you
down
on
my
task
list.
Then.
A
A
Can
definitely
talk
about
like
also
the
use
cases,
the
specific
ones
to
see
which
ones
we
should
capture
to
have
a
little
bit
narrow.
H
A
Down
during
the
meeting
today,
thick.
J
Yeah
I'd
just
like
to
say
that
Hank's
participation,
my
collaboration,
was
very
fruitful
and
I
I
do
want
to
thank
him
for
all
the
helping
get
the
words
right.
So
thank
you
very
much.
Hank
I
did
send
one
other
use
case
out
onto
the
email
list
which
I
just
put
out
there
as
a
proposal
of
whether
or
not
we
want
to
consider
it.
It's
entirely
up
to
the
group,
but
it's
basically
the
registration
of
a
of
a
trust
score
in
the
spirit
of
a
missed
consumer
software
label
type
concept.
Thanks
very
much.
A
Okay,
I
added
that
to
the
list,
another
question
for
cleaning
up
the
the
repositories,
or
at
least
getting
an
idea.
What
is
what
the
status
is
is.
A
Joshua
still
has
his
hand
up.
Oh
sorry,
yeah,
not
anymore
right,
ITF
tools,
yeah,
hey
John,
just
realized
that
you
are
on
the
call
as
well
hello
to
you.
I
posted
the
link
to
the
Repository
into
the
chat
window.
I
hope
everyone
has
seen
it,
but
there's
this
final
merch
yogesh
by
you
is
that
still
what
is
what's
the
status
of
this
one?
F
Should
be,
we
should
be
closing
this.
Actually,
no
I've
looked
at
it
already
I
think
we
have
taken
these
changes
in
our
new
draft,
so
I
think
yeah.
A
Okay,
since
it's
you
are
rpr,
I
think
you
should
double
check
and
then
close
it
just
to
make
sure
that
we
I
don't
have
sort
of.
A
Can
you,
please
repeat:
yeah,
please
have
a
look
at
the
the
BR
and
check
whether
it's
it
can
can
be
closed
because.
F
A
D
Yeah
yeah,
probably
yeah
I,
will
put
it
on
the
list
yeah
some
of
them
they
are
most
likely
outdated
already,
so
I've
ever
cleaned
it
up.
A
Okay,
perfect,
so
I
have
three
items
which
we,
which
we
could
do
I
should
talk
about
today,
and
maybe
there
are
others
I'm
just
trying
to
do
a
little
bit
of
agenda
bashing
here
that
you,
you
suggested
to
talk
about
the
trust
term.
A
L
Should
be
unmuted
now
so
two
things,
one
is
work
back
schedule
to
March
you
and
John
need
to
figure
out
when
you
need
things
and
and
and
how-
and
the
second
thing
is,
should
we
start
refining
on
the
terminology
document
now
that
we're
getting
closer
on
the
use
cases
and
where,
when
do
you,
think
we
need
to
start
spinning
it
back
up.
D
Just
a
small
update,
I
moved
finally
this
year.
Sorry,
the
adopted
architecture
document
to
the
ITF
organization
and
frosted
it
with
ID
template
from
from
Martin
Thompson,
so
that
is
safe,
generating
at
the
moment
and
I
may
be.
I
made
a
small,
some
census
call
between
the
authors.
We
want
to
migrate
all
the
old
history
or
do
we
have
a
clean
slate
start
and
everybody
was
basically
our
Clean
Slate
I
will.
D
D
A
Okay,
what
do
you
have
since
it's
still
an
individual
document?
You
have
a
timeline
in
mind
for
submission,
because
it's
getting
it's
getting
better
and
better
like
content,
wise.
D
Yeah
so
I
think
so
walking
backwards
for
March.
As
what
I
just
said,
I
think
the
use
case
document
should
have
a
ongoing
adoption
call
before
the
March
meeting.
I
think
that
is
realistic.
We
have
substantial
content
that
is
six
star,
Monty
and
Dick's
news
newest
item
and
and
if
and
literally
if
we
have
that
we
have
critical
mass
already.
D
So
if
we
have
that
in
also
and
then
homogenize
the
style,
I
think
that
is
totally
up
for
adoption
call
and
then
we
can
do
this
as
working
group
item
I
mean
the
course
of
procedure,
won't
really
change.
I
think
everybody
is
who
was
involves.
Everybody
a
lot
of
people
are
involved
already,
would
still
contribute
as
soon.
H
Not
derailing
that
bit
because
I,
you
know
I'm
most
motivated
for
us
to
finish
the
the
work
items
in
flight,
but
just
before
I
got
kicked
out
of
date's
track
again.
I
think
the
question
was:
have
we
worked
out
what
we
worked
out
backwards
for
my
ETF
116.?
H
The
two
deliverables
that
we
committed
to
during
the
chartering
process
that
haven't
had
a
lot
of
work
done
on
them,
which
are
due
at
the
same
time,
is
the
security
objectives
and
the
concise
threat
model
which
actually
funny
enough
I
think
are
very
important
to
explaining
why
the
use
cases
are
interesting
and
probably
should
be
embodied
in
the
architecture
document.
So
I,
don't
think,
there's
significant
new
artifacts
to
create,
but
I
I'm
I'm
concerned
that
we're
running
towards
March
quite
rapidly
and
we're
maybe
not
putting
enough
time
into
those
two
aspects.
H
Because
everything
we're
talking
about
was
actually
due
last
December
and
I
think
we
all,
we
all
agreed
that
it
was
sensible
to
to
Target
those
for
116,
but
we
can't
really
slight,
which
shouldn't
didn't
expect
to
slide
much
beyond
that.
So
we've
got
to
take
those
out
of
two
things
into
account.
D
So
I
already
saw
sorry
for
interrupting
that
Kay
was
aggregating
requirements
out
from
the
use
cases.
I
think
that's
worked
towards
the
threat
model
items
I
think
we
should
also
get
somebody
who
is
a
threat
model
Enthusiast
like
Renton
arm
as
a
source
of
wisdom
to
us
here
and
and
then
go
through
his
stand-up
movements.
So
we
don't
have
to
reinvent
The
View
here
for
the
sake
for
what
works
at
ITF
and
and
make
it
hopefully
concise,
so
I'm
not
sure
how
concise
it
might
remain
over
time.
D
But
we
would
do
this
as
a
working
group
action
anyways,
because
I
highlighted
it
could
be
part
of
the
architecture
and
if
we're
doing
that,
everybody
can
contribute.
So
that
is
not
a
an
issue.
So
I
have
a
ping
him
and
we'll
find
out
when
he
is
not
absolutely
overwhelmed
and
then
try
to
a
car
some
time
out
of
the
schedule.
A
Yeah
I
think
having
the
the
threads
listed
in
the
architecture
document
appears
to
be
a
sensible
approach
rather
than
creating
yet
another
document,
yeah.
That
makes
sense.
A
It's
not
as
probably
as
precise
as
you
would
like
to
see
it,
but
if
we
have
still,
we
have
the
the
terminology
discussions
end
of
last
year,
which
are
the
terminology,
it's
part
of
the
architecture
document,
but
then
we
kind
of
favored
that
a
little
bit
we
move
to
the
use
cases
and
now,
obviously
we
made
some
good
progress
on
the
use
cases
and
now,
at
some
point
in
time,
we
need
to
attractive
to
the
architecture,
make
some
progress
there.
A
L
L
So
you
kind
of
need
to
clarify,
though,
and
give
us
some
room
to
move
the
security
documents
and
so
forth,
just
having
them
out
there
and
and
people
working
against
them
threat
model
is,
is
precisely
what
we
need
to
call
out,
and
you
know
I
agree
with
John
and
Mark's
coming
up
really
quick
and,
of
course,
there's
posters
and
a
whole
bunch
of
other
stuff
that
I
have
to
make
sure
that
the
things
are
out
there.
They
just
don't
come
for
free.
C
L
A
Yeah
well,
I,
guess,
John
and
I
need
to
look
up
the
the
dates
and
and
figure
out
send
out
some
emails
to
everyone
to
see
who
is
actually
planning
to
be
there
in
person
and
who
is
going
to
join
from
remote
the
time
zone.
Difference.
Maybe
a
challenge
for
some.
So
we'll
see
how
that
works,
and
then
obviously
we
need
to
to
get
the
documents
prepared
and
then
submit
it
in
time.
J
Yeah,
okay,
yeah
I'll,
be
brief.
I
just
put
some
links
into
the
chat
with
regard
to
that
new
new
use
case
proposal,
that's
related
to
them
in
this
consumer
software
labeling
recommendations,
but
the
people
are
curious.
You
know
where
this
comes
from.
That's
where
you
will
you
can
find
some
additional
materials
thanks?
Okay,.
A
Yeah
I
was
planning
to
put
you
on
the
spot
on
this
new
use
case,
to
give
us
a
a
kind
of
a
sneak
preview
so
to
say,
because
I
suspect,
not.
Everyone
has
had
the
time
to
read
through
the
emails
on
the
list.
I'm
doing
the
holidays.
J
Yeah
no
problem
happy
to
do
it.
Honest,
okay,
no,
don't
feel
well
I'm
on
the
spot
at
all,
so
so
niss
has
been
working,
I
assume
everyone
I'm
a
witnessed
here.
I
I
want
to
be
sensitive
to
my
colleagues
outside
the
U.S
they're,
our
national
standards
technology
Institute,
but
at
any
rate,
they've
been
working.
J
They've
been
assigned
responsibilities
under
an
executive
order
to
create
cyber
security
recommendations
and
standards,
and
one
of
their
required
deliverables
is
a
is
a
essentially
a
label,
a
consumer
software
label
that
will
help
consumers
identify
essentially
a
level
of
trust
and
software,
and
so
the
link
that
I
placed
into
the
chat
there.
The
recommendation
link,
which
you
see
at
doi.org,
that
contains
the
actual
recommendation
about
the
labels.
J
This
isn't
isn't
coming
out
and
saying
which
specific
type
of
label
they
expect
people
to
implement
but
I
think
what's
interesting.
Is
Microsoft
supplied
some
comments
on
business
labeling
that
it
suggested
that
App
Stores
could
be
a
source
of
information
for
the
use
of
these
labels.
J
So
I
think
this
is
what
it's
referring
to
it's
kind
of
like
the
ability
to
say
you
know
how
much
can
I
trust
a
piece
of
software
in
an
app
store
or
anyone
else
anywhere
else,
and
the
label
is
intended
to
be
some
type
of
indicator
as
to
you
know
how
much
trustworthiness
like
this
with
it
for
a
software
app
in
Rockstar
or
anywhere
else.
So
hopefully
that
answers
the
question.
Yeah.
J
A
That's
excellent
yeah
thanks
thanks.
A
lot
obviously
have
to
find
out
on
how
to
put
that
information
in
the
app.
We
obviously
have
a
few
sort
of
paragraphs
already
regarding
additional
information
that
gets
put
into
the
registry
concerning,
for
example,
static,
code,
analysis
and
other
information,
and
so
maybe
that
could
be
additional
information
to
as
a
kind
of
a
reputation
based
scheme
to
give
some
additional
information
about
sort
of
like
the
quality
of
the
software.
So
to
speak,.
J
Yeah
that
that's
an
excellent
point,
harness
and
I
think
that's
what
we'll
need
to
come
through
and
Skip
is
the
specific
information
in
the
the
strategy
Integrity
of
the
process
that
we
need
to
filing
one
of
these
trust
declarations
into
a
trust
registry
that
that
process
needs
to
be
very
high
integrity
and
Incredibly.
A
Concept
thanks
Chinese,
you
raised
your
hand.
A
Oh
you're,
right
yogis,
you
go
next.
F
Yeah
yeah,
first
of
all,
I
wanted
to
ask
intermittently
when
the
many
audiences
speaking
Yeah
I
see
to
seem
to
have
losing
their
voice.
So
it's
the
it's
very,
very
patchy.
Is
it
a
problem
on
my
side?
Do
you
think
or
you
guys,
can
you
hear
consistently
when
others
speak?
F
F
A
F
Have
many
many
day,
yeah
many
users
but
I
shouldn't
have
been
that
problem.
But,
okay,
the
point
is
the
terminology.
Yes,
we
had
a
great
discussions
with
Cedric
and
Anton
about
the
terminology,
part
and
overlapping,
with
rats
and
I.
Think
barring
two
or
three
common
terminology
pain
points.
I
think
we
are
in
a
pretty
good
shape
on
terminology,
so
we
can
quickly
wrap
it
up
this
month
as
one
of
the
open
Action
items
in
the
architecture
before
we
go
to
iitf116.
F
So
that's
that's
something
we
we
will
take
care
and
will
take
forward
the
discussions
and
the
threat
model.
Yes,
we
started
discussing
that
last
year,
but
we
thought
we
should
prioritize
use
case
document
first,
so
we
me
Hank
and
others
started
on
the
use
case,
but
now
it
is
going
in
a
good
shape.
We
can.
We
can
Target
specifically
on
the
threat
model
documents
and
anyone
interested
happy
to
kind
of
collaborate
and
be
working
on
threat
model
would
be
the
next
priority
after
settling
down
the
use
case
document
yeah.
A
F
L
F
L
A
Think
it
would
be
good
to
post
a
mail
to
the
list
to
refresh
everyone
on
where
we
are
on
these
terms.
Okay,
in
which
direction
we
are
going.
I
personally,
am
not
like
I.
Don't
care
about
the
terms
that
much,
except
for
the
trust.
F
F
Me
I'm
just
checked
yeah
checking
where,
where
did
we?
Okay,
let
me
hold
on
put
I,
will
take
an
action
item
to
kind
of
clarify.
Where
are
we
with
the
terminologies
section?
What
are
the
open
issues
and
then
how
to
take
it
Forward,
based
on
what
we
had
concluded
so
far,
so
I
I
will
share
something
onto
the
group
shortly
on
skit
itf.org.
A
Sorry
Choice
now
it's
your
turn.
Okay,.
K
Thanks
so
by
the
way
happy
New
Year
everybody
I
was
watching
the
the
email
thread
pretty
closely
over
the
break
and
I
just
reviewed.
The
document
I
have
I'm.
Sorry,
I
am
catching
up
a
little
bit
here.
I've
got
an
awful
lot
of
stuff
going
on
so
I'm.
Unfortunately
time
slicing
a
little
bit
but
I
did
look
over
the
document.
You
know
in
its
contemporary
State
and
I
think
some
of
the
comments
that
were
made
in
the
email
threads
have
not
been
reflected
in
the
document.
K
At
this
point
and
I
also
had
a
question
on
whether
we
have
decided
whether
we
are
going
to
include
kind
of
evidence
directly
in
whatever
the
skit
data
structure
is
or,
if
we're
going
to
refer
outside
to
that,
and
so
just
two
examples
of
those
issues.
The
first
one
is
that
one
of
the
things
that
I
think
was
mentioned
was
the
term
trust
bond
was
a
little
bit
proprietary
and
not
a
sort
of
a
well-known
term
of
Art,
and
that
we
should
change
that.
K
I
see
that
it's
still
in
there
and
I
do
agree
with
that
change.
So
I
would
recommend
that
if
we
want
to
debate
that
we
should
do
so,
but
the
the
other
one
is
I
think
there's
the
use.
K
Cases
imply
that
we
are
going
to
I
think
have
evidence
in
the
database
I
actually
personally
favor
that
but
I
believe
Hitachi
is
sort
of
not
in
favor
of
that
so
I'm
kind
of
interested
in
which
way
we
want
to
go
and
I
think
we
need
to
get
that
significant
issue
straightened
up
before
we
get
too
far
down
the
road
here
and
then
just
sorry.
K
Just
one
third
thing
is
that
we
have
a
lot
of
use
cases
now
and
I
recommend
you
kind
of
put
a
pin
in
that
I
think
these
use
cases
are
going
to
be
pretty
good
for
illustrating,
at
least
on
round
one,
what
we're
trying
to
do-
and
we
probably
ought
to
limit
further
use
cases
until
later.
K
So
that
is
my
that's
my
brain
dump
for
now
over
the
over
the
holidays,
and
thanks
very
much
for
for
listening.
A
Good
right,
you
I
think
you
want
to
respond
to
that.
L
Yeah
true
true
the
question
of
whether
the
data
is
stored
in
the
skip
database
or
are
out
I
think
I
can
see
both
happening.
I,
don't
see
anything
including
those.
The
use
cases,
though,
do
we
have
one
that
describes
data
outside
like
I
understand
for
privacy
reasons.
People
would,
you
know,
might
like
to
to
just
have
the
the
hash
of
the
content
in
the
Skip
and
make
it
opaque
to
everybody
else.
K
Oh
I
mean
the
way
I
read
it.
The
use
cases
were
kind
of
implying
that
the
the
evidence
will
be
included
in
the
database
and
we
it's
not
it's
not
100,
clear
or
defined
and
I
think.
Maybe
this
document
is
not
really
where
we
wanted
to
find
that
we
wanted
to
find
that
somewhere
else,
but
it
is
a
thing
we
need
to
kind
of
resolve
in.
K
I
I,
don't
think
any
of
them
are
excluding
one
method
or
another.
Based
on
my
reading.
L
K
I
think
it's
okay
either
way.
I
guess
I
just
want
to
make
sure
we
don't
move
too
fast
there
and
gloss
over
that.
Okay,
thanks.
L
A
Let's
finish
this
up
one,
because
we
have
a
I
guess
those
in
the
queue
probably
want
to
respond
to
this
specific
issue.
Yeah.
H
Okay,
perfect:
go
ahead.
Yeah
there
was
a.
There
was
a
big
flood
of
people
joining
the
Queue.
At
the
same
time
as
me,
I
would
observe
that
this
conversation
was
had
in
common
war.
That
was
quite
in
the
working
group.
It
was
right
about
the
time
we
changed
from
being
above
to
a
working
group,
but
this
discussion
was
clearly
had
and
the
conclusion
clearly
was
that
we
must
have
space
for
payload,
but
we
must
not
require
the
payload
so
I'm
happy
if
we
want
to
have.
H
We
want
to
have
that
sort
of
more
elucidated
in
the
use
cases
and
the
use
cases
are
things
like.
You
know
where
the
payload
is
evidence
or
there's
no
reasonable
way
of
of
transporting
it
out
of
them.
It
makes
sense
for
it
to
be
there
where
you're
actually
looking
at
supply
chain
Integrity,
then
you
can
put
things
like
hashes
and
then
there's
no
necessary
disclosure,
but
there
is
still
transparency
and
Trust
right
so
yeah.
It
would
probably
be
good
for
me
or
Hannah.
H
H
The
the
the
Practical
constraint
as
well
yeah
yeah.
So
it's
a
good.
It's
a
good
point
Charlie,
because
it
comes
up
all
the
time.
We
should
make
sure
it's
written
down
somewhere
clear,
but
the
discussion
was
had
and
the
conclusion
was
we
need
both.
K
I
haven't
made
every
discussion,
but
that
is
a
obviously
critical
architectural
Foundation
yeah.
A
I,
okay,
Steve
you're
next.
E
I
E
It
was
also
the
ability
to
index
so
that,
if
it
leader
doesn't
have
to
describe
it
so
that
the
periods
so
I
think
there's
a
little
bit
of
you
know
life
cycle
capacities
and
balance
of
where
information
is
mixed,
with
the
disclosure
of
information
that
we
should
figure
out
so
I
think
obviously
getting
it
written
down
will
help
with
some
of
this.
Whether
it's
in
the
use
case
or
some
other
requirements
document
will
help.
E
If
you
can
make
it
transparent
to
a
total
or
if
we
can
make
it
an
optimization
for
a
particular
instance
and
how
it
stores
it
that
might
be
one
option,
but
that
also
impacts
on
whether
it's
how
it's
queryable
so
I.
We
definitely
want
to
get
some
stuff
written
down
around
it.
So
two
different
in
the
challenges
is
as
we're:
promoting
content
across
different
instances
does.
Is
that
ability
to
store
it
external
or
in
The
Ledger?
E
Does
that
wind
up
as
a
user
issue,
or
is
it
just
an
optimization
of
a
particular
instance
I
think
that's
part
of
the
details
we
want
to
be
able
to
coordinate.
Is
it's
that
promotion
across
that
really
makes
it
quirky.
G
Okay,
Raymond
yeah,
hi,
yeah
I,
don't
know
what's
coming
up,
Raymond
Minnesota
Ray,
that's
fine!
So
anyway,
the
I.
G
Okay,
as
you
know,
or
you
know,
maybe
not-
is
that
I'm
working
on
this
election
data
use
case
and
I
I
wasn't
really
planning
on
making
that
a
formal
submission,
but
maybe
I
should
it's
sort
of
off
the
beaten
Trail
at,
but
not
too
far.
So
you
know
it's
I,
don't
see
any
reason
why
it
can't
be
accommodated
with
what
everyone's
talking
about,
but
it
does
need
data
outside
of
the
measure,
for
example,
and
also
air
gapping
support
and-
and
maybe
that's
about
it.
G
So
it
isn't
a
lot
of
things
that
I
need
special,
but
I
was
working
on
a
paper
on
this
remote
references
question
that
I
started
working
on
and
then
got
sucked
into
other
issues
and
I
I
didn't
finish
it
yet,
but
it
just
considers
these
four
aspects
that
I
think
should
be
broken
out
or
at
least
considered
when
we
talk
about
remote
references
and
I'll.
G
It's
covered
in
the
paper,
so
maybe
not
take
time
now,
but
I'm
working
on
that
I'm
working
on
that
and
then
I'm
also,
we
talked
about
the
election
data
use
case.
I
want
to
thank
honest
and
a
couple
other
people
on
that.
One
technical
meeting
me
I'll
swing
it
by
the
group
and
see
what
what
everybody
thinks,
how
we
should
how
we
should
handle
that,
but
I
I
don't
mind
not
not
having
it
be.
G
You
know
a
central
point
since
we're
focused
on
software.
It's
it's
kind
of
a
diversion,
maybe
maybe
would
irritate
people
by
to
being
too
far
off
the
off
the
focus.
Okay,.
A
Very
great
but
I
think
it
still
makes
sense
to
even
for
later
to
have
a
few
paragraphs
written
about
it
and
specifically,
since
we
want
to
make
sure
that
we
have
a
generic
solution
covering
various
different
aspects.
So
I
think
since
we
discussed
it,
I
was
quite
I,
didn't
see
any
any
show
stop
us,
but
but
it's
still
useful
to
document
it
somewhere,
even
though
we
could
maybe
put
it
on
hold
for
now
foreign
before
we
include
it.
G
A
G
H
G
Just
me,
and
so
maybe
as
those
people
in
that
group
were,
we
can
work
together
too,
but
yeah.
So
a
few
paragraphs,
maybe
just
a
list
of
requirements.
G
All
right,
all
right,
so
love
to
show
it
to
people.
If
you
guys
are
receptive,
so
I
will
put
something
together:
I
do
have
a
bunch
of
stuff
already
written
so
I'll,
just
I'll
just
slap
it
up
and
see
what
happens,
and
then
we
can
go
from
there.
Thanks.
C
J
So
I
I
want
to
address
what
Charlie
Rays
is
a
concern
about
the
phrase
trust
born
I'll
take
ownership
for
introducing
that
I
didn't
I
couldn't
think
of
another
way
to
describe
it.
I'm,
certainly
not
married
to
those
terms
Charlie.
So
if
we
can
come
up
with
a
better
way
to
describe
the
concept
I'm
all
in,
if
you
would
like
to
say
trust
relationship,
if
you
think
that's
more
appropriate
I'm.
Okay
with
that,
but
anything
you
want
to
say
this,
this
concept
of
needing
to
confirm
the
or
validate
this
relationship
is
pretty.
J
You
know
pretty
well
known
in
fact,
I
sent
a
an
error
message
or
warning
actually
from
gpg
that
describes
this
very
concept
as
a
concern,
so
I
I,
don't.
Hopefully
we
don't
disagree
that
about
the
need
for
this
you
know
or
that
this
concept
is
real.
It's
just
a
matter
of
describing
it
in
a
way
that
we
can
all
agree.
If
that's
what
you're,
referring
to
that
I
I
think
I'm
good
with
whatever
the
group
comes
up
with
thanks.
K
Yeah
I
thought
that
might
push
a
button
dick,
but
the
I
think
the
the
real
issue
is
that
it's
we're
playing
in
a
whole
bunch
of
different
spaces.
Here
trust
bond
is
not
a
term
of
art
right
now
in
a
lot
of
the
supply
chain.
Work
that
I'm
doing.
However,
I
do
agree
that
the
concept
is
important
and
we
need
to
Define
it.
K
I
would
just
say
trust
or
trustworthiness
would
be
a
decent
substitute
for
the
use
case
and
then,
as
we
go
through
the
use
case,
we
can
Define
exactly
how
to
Implement
that
in
a
very
specific
way,
and
if
we
want
to
call
that
trust
bond,
that's
fine
too,
but
the
other
thing
I
would
say
is:
if
we're
going
to
use
any
terms
of
art
here
that
we
expect
to
become
generic,
we
have
to
be
also
very
careful
that
they're,
not
proprietary,
and
that
is
I'm,
not
sure
dick.
K
If
you
guys
are
using
this,
if
you
get
a
trademark
on
it
or
anything
like
that,
the
trust
score
is
another
one
that
I
think
is
going
to
be
a
little
bit
problematic.
So
we
want
to
be
a
little
bit
cautious
there
and
make
sure
that
we're
being
extremely
you
know,
Swiss
in
our
neutrality.
J
So
let
me
reply
to
that
Charlie.
We
certainly
are
not
claiming
any
intellectual
property
rights
over
trust.
The
phrase
trust
fund,
it's
used
in
other
areas
to
mean
different
things,
but
if
we
want
to
change
it,
I'll
go
with
the
group
I
honestly,
if
you
I
mean
if
we
all
agree
that
the
concept
is
important,
then
we
can
just
call
it
whatever
we
want
and
describe
it
accordingly.
K
Yeah
I
think
the
thing
about
the
use
case
is
the
way
it's
described
is
kind
of
assumes
that
if
you
go
to
you
know
Miriam's,
you
can
look
it
up
and
see
what
it
is
and
I.
Don't
think.
That's
actually
the
case
right
now.
We
would
probably
be
defining
it.
You
know
in
a
like
a
definite
way
for
the
first
time,
at
least
in
my
experience,
I
haven't
seen
the
term
used
in
other
in
other
documents.
K
Besides
this
one
and
it's
not
that
it
hasn't
been,
but
I've
been
around
the
block
a
little
bit
on
this
and
I
just
haven't
seen
it
so
just
let's,
let's
ensure
that
our
terminology
is
neutral
and
accessible
and
well
understood
by
the
reader,
and
if
we
need
to
Define
new
terms
to
do
that,
that's
certainly
within
our
purview.
J
So
I'll
go
on
the
record
as
officially
withdrawing
the
use
of
the
term
trust
bond
with,
with
the
with
the
agreement
that
we
will
have
something
something
to
replace
it
with.
Is
that
okay,
I.
K
K
D
Yeah
so
my
hand
is
a
little
bit
old,
some
slight
reverbs
yeah,
so
we
were
talking
about
data
in
structure
that
are
outside
of
structure.
Therefore,
just
having
a
reference
baked
into
the
structure.
D
That
is
also
touching
on
two
other
topics
that
are
probably
aligned
but
actually
separate
use
cases,
and
please
excuse
me
to
project
a
little
bit
into
solution
space
here,
but
we're
always
talking
about
the
statement
coming
from
supply
chain
entities
is
opaque.
You
do
not
have
to
understand
it.
We
are
talking
about
the
authenticity
of
that
statement.
So
now
this
statement,
if
it's
a
reference,
is
not
opaque
anymore,
it's
well
understood.
It's
actually
well
known,
it's
probably
standardized
the
same
way.
The
original
sign
statement
is
standardized.
D
All
right
support
going
to
be
standardized
now
so
and
and
that's
a
certain
semantics
of
a
non-opaque,
a
well
understood
statement
that
we
provide
the
frame
for
it's
like
here's,
a
URL,
here's
the
hash,
whatever
you
know
a
reference
to
the
thing
where
you
can
find
it
or
a
mad
URL
or
whatever
some
something
like
that
along
along
those
lines,
and
that
is
touching
to
another
topic,
which
is
another
set
of
non-opaque,
well-known
statements
and
that's
how
you
deliberately
might
relate
statements
in
a
standardized
way
that
is
very
known
and
again,
not
opaque.
D
That
might
be
another
layering
of
of
envelope
inside
the
Cozy
envelope.
I,
don't
know
again,
I'm
not
trying
to
project
into
a
solution
space
too
much
here,
but
I
think
these
are
somehow
interconnected
and
I
think
these
are
all
non-opaic
statements
and
that's
that's
that's
a
design
thing
we
have
to
take
into
account.
That
is
not
to.
This
will
not
be
addressed
by
the
use
case,
but
I
just
wanted
to
point
out.
All
of
these
things
are
then
the
first
non-opaic
statements
yeah,
that's
basically
it
okay.
A
Okay,
thanks.
Thank
you
Roy,
you
have
your
hand
up
yeah,.
L
L
Of
what
they
Expo
expect
to
be
exposed
during
the
audit
of
the
The
Ledger
or
the
registry
data
right,
so
that'll
help
some
of
this
there's
both
data
that
gets
stored
on
The
Ledger,
which
is
for
other
purposes,
and
then
there's
data
store
in
storage
or
external
that
can
be
in
a
completely
different
database.
So
hopefully
people
are
thinking
through
both
those
as
different
storage
units.
L
A
Okay,
monkey.
B
Yeah
I'm
gonna
go
back
to
the
I,
guess
the
terminology,
the
long
cue
here
do
we
have
oftentimes
I
find
if
I
could
go
six
point
of
view.
Another
I
have
a
definition
before
you
come
up
with
a
word
or
term
for
it
do
so
it
might
be
just
having
a
few.
What
do
we
mean
by
this
term
and
then
come
up
with
a
term
associated
with
it?
Otherwise
you'll
end
up
arguing
over
semantics.
So
do
we
have
a
clear
place
to
put
a
few
draft?
B
A
Have
that's
a
very
good
point
this?
This
was
also
what
I
suggested
to
focus
on
in
my
review
on
the
list
before
to
to
describe
more
precisely
on
what
we
mean
in
terms
of
what
actions
need
to
be
done
to
like
have
that
relationship
or
whatever
you
want
to
call
it
or
verify
that
relationship,
etc,
etc.
A
So
I
think
that
will
typically
help
to
to
make
it
clear
what
what
we
mean
by
that
and
maybe
then
also
to
find
out
whether
that
matches
an
existing
concept
already
and
I
posted
a
link
to
a
glossary,
a
security
glossary
which
contains
numerous
terms.
So
maybe
maybe
there's
something
new
that
we
need
to
come
up
with,
but
maybe
there's
something
that
we
can
for
you.
B
A
Yeah
but
I
think
the
best
way
would
be
to
look
at
the
document.
The
use
case
document
which
talks
about
the
read
through
that
paragraph
or
that
use
case,
and
then
maybe
it
gives
you
enough
information
already
to
say
like
hey.
This
is
actually
relates
very
much
to
that
other
term,
that
I'm
used
to
seeing
in
I,
don't
know
Community
x
and
that
that
would
be
good
feedback.
B
Okay,
I'll
I'll
see
if
we
can
get
that
done
this
week,
thanks.
F
A
Okay,
Steve,
you
were
actually
next.
E
I
was
gonna
well
one
I'm,
just
looking
at
the
clock
and
we're
gonna
be
actually
get
to
terminology,
because
I
was
gonna,
pause
and
just
kind
of
say.
We
want
to
focus
there.
I
think
the,
but
just
the
one
teasing
of
this
conversation
of
the
storage
is
just
to
think
about
Access
Control
right,
it's
the
just
because
it's
external
that
Maybe
not
maybe
public.
It
may
be
not
public
information
depending
on
the
scenario.
A
Okay
before
you,
so
we
managed
to
get
through
the
queue
and
have
a
few
minutes
left
and
so
I
wanted
to
use
that
time
to
also
suggest
in
preparation
of
the
the
six
door
use
cases
Etc.
Let
me
post
a
link
to
the
mailing
list
or
not.
A
That
amazing
is
to
the
chat
window
and-
and
hopefully
someone
else
has
had
a
chance
to
look
at
the
link
that
Tracy
sent
around
right
before
Christmas,
so
you
may
have
missed
it
and
it
it's
a
bunch
of
write-ups
on
different
use
cases
there
by
different
companies.
So
there's
there's
a
lot
of
additional
context
that
comes
with
the
use
cases,
but
I
believe
there's
some
key
aspects
in
there.
For
example,
the
air
gap
scenario
is
cabatia.
A
There's
the
link
to
attestation
there's
a
point
that
you
sort
of
like
the
use
cases
with
Docker
images,
for
example,
there's
also
pointers
or
sort
of
a
hint
that
key
management
is
quite
important
and
also
identity,
reusing
existing
identity
infrastructure.
A
So
if
you
haven't
had
a
chance
to
read
through
this,
these
use
cases
yet
take
a
look
at
that
email
and
click
through
the
through
the
links
and
then,
ideally,
since
those
obviously
software
use
cases,
we
want
to
double
check
whether
we
cover
them
covered
some
of
those
aspects
already
or
or
most
of
it,
and
whether
we
can
beef
up
the
existing
text
with
this
additional
information.
I
think
that
could
be
could
be
quite
useful.
A
This
is
Ramada
and
then
I
took
also
some
notes,
as
as
next
steps
for
the
next
meeting.
I
will
remind
all
of
you
who
promise
to
actually
take
some
action
so
that
we
have.
We
can
put
together
an
agenda
for
next
week's
call
and
then
make
some
progress
on
on
the
architecture,
slash
terminology
and
and
so
on.
I,
don't
I,
don't
know
if
hanky
will
have
the
possibility
to
schedule
your
one-on-one
with
others
during
this
week.
So
we
can
already
discuss
the
outcome
of
this
but
yeah.
F
Yeah,
just
to
add
for
terminology
I
I
found
the
issue
which
we
were
discussing.
You
were
saying
that,
as
far
as
it
was
not
linked
to
sorry
not
really
Roy,
it
was
not
linked
to
the
use
case,
but
there
were
few
only
two
or
three
open
issues
on
terminologies
which
there
was
an
overlap
with
rats,
I,
recollect
and
I
shared
that
in
the
chat
window,
if
you
scroll
up
because
it's
gone
down
at
437
timestamp
437.41.
F
A
Okay,
yeah
Zachary.
If
you
have
some,
for
example,
some
text
suggestions
for
use
case
document
based
on
the
the
work
you
have
done
in
your
in
your
group.
That
would
be
great
too.
C
I
I
was
just
about
to
come
into
that
effects
that
I
will
I'll
work
on
integrating
aspects
of
the
six
star
use
cases
and
case
studies
into
the
skill
use
cases.
I
can
can
take
that
one.
A
G
Question
about
the
technical
meeting:
is
that
still
going
to
be
occurring
and
does
it
go
through
meet
echo
or
is
anyway,
can
you
just
post
an
email
to
the
working
group
or
something
each
time?
It
would
really
help
me
know
which
week
it
is
and
if
it's
happening
or
not,
because
I
just
get
lately
just
trying
to
find
everything
scrambled
around
I
appreciate
it.
Thanks.
A
Yeah,
so
officially
we
have
one
group
meeting
this.
This
is
the
one
the
official
meeting
per
week
and
and
we
have
all
the
tools
and
so
on.
If
we
need
additional
meetings,
like
Hank
was
proposing
these
101s
and
and
for
example,
this
other
meeting,
which
was
supposed
to
be
the
purpose
of
it,
was
more
to
discuss
topics
which
are
a
little
bit
outside
of
the
working
group
like
add-ons
like
software
stuff
and
so
on.
That's
perfect
too,
but
it's
it's
not
something.
A
The
only
those
who
are
interested
in
discussing
those
I
think
should
be
should
be
involved.
It's
not
something
like
everyone
can
discuss
with
everyone
they
like,
and
they
should,
of
course,
but
there
officially
there's
only
one
one
meeting
this
one
and
I
will
remind
everyone
and
send
a
link
and
try
to
update
or
not
try
we'll
distribute
an
agenda
every
time
so
yeah.
A
The
reason
for
this
was-
and
maybe
this
was
confusing
to
some,
but
we
had
this
often
meeting
invite
around
but
I
couldn't
cancel
it
because
yogish
created
it
and
and
as
as
you
yogish,
you
went
on
sabbatical.
It
was
kind
of
hanging
there.
So
at
the
beginning
of
this
conference
call
series
of
meet
Echo.
We
had
some
confusion
consequences,
but
I
think
we
have
passed
that
coin.
So,
thanks
for
cleaning
up
our
sort
of
Outlook
invite
list.
L
So
we
we
were
having
spin-off
meetings
on
deeper
technical
issues
that
we
said
we
were
going
to
cancel
until
we
had
a
more
in-depth
agenda.
The
whole
point
was
to
to
work
on
the
documents
that
would
bring
back
to
this
meeting
as
a
group
as
a
way
for
us
to
all
to
work
together.
But
right
now
we
have
nothing
on
the
agenda
for
any
other
spin-off
meetings.
J
A
Well,
I
hope
that
the
group
is
able
to
finish
it
a
little
bit
earlier
to
be
honest,
I
understand,
there's
still
some
content,
but
give
them.
What
I
heard
today,
with
the
volunteers
and
and
Hank
sort
of
like
spending
some
extra
time
with
with
conference,
calls
so
I'm
hoping
that
we
get
there.
We
have
the
document
in
a
good
shape
already
by
the
end
of
the
month,
so
at
least
mid-February.
J
Yeah
and
I'm
willing
to
commit
to
meeting
whatever
timeline
we
agreed
to
so
whatever
that
is,
you
know,
I'm
prepared
to
you
know,
participate
and
Achieve.
That
goal
thanks.
Awesome.
A
No
mid
I,
I
think
I
think
it's
it's
getting
there
like
it's,
and
if
people
really
sort
of
do
what
they
just
promised
during
the
meeting.
I
think
that
that
looks
fantastic
right.
Okay,.
A
Okay,
people
are
dropping
we're
already
over
time,
so
I
think
we
should
stop
here
and
yeah
get
back
to
work
so
to
say,
thank
you
all
for
joining
and
speak
to
you
soon.
A
It's
it's
automatically
recorded
and
thanks
for
the
me
taking
meeting
minutes,
okay,
it
was
a
lot
of
discussion
so
very
complicated
to
capture
all
this
stuff.
Yeah.