►
From YouTube: IETF-SCITT-20230717-1500
Description
SCITT meeting session at IETF
2023/07/17 1500
https://datatracker.ietf.org/meeting//proceedings/
B
A
A
A
A
C
A
A
A
So
I'm
going
to
write
the
notes
again.
Today's
topic
is
quite
focused
because
we
wanted
to
talk
about
the
hackathon
at
the
IDF
meeting,
which
is
approaching
it's
next
Saturday
and
Sunday,
and
so
John
and
I
met
before
this
meeting
to
double
check
on
who
is
registered
already
for
the
hackathon.
You
know,
there's
very
few
of
you
are
actually
registered,
so
I'm
wondering
whether
that
was
intentional
alarm,
but
there
was
a
an
oversight
like
I'm
registered.
A
F
C
A
Do
you
know
that,
like
you
should
register
for
the
hackathon
it
it's
free
of
charge
and
and
so
on
and
so
on?
But
it
may
be
good
to
just
in
case
you
haven't
done
it
yet
just
indicate
skit
as
a
topic.
You
will
be
working
on
and
maybe
you
will
even
receive
some
links
for
some
remote
participation,
but
otherwise
we
will
work,
something
out
which.
B
A
B
G
G
A
D
A
D
A
Yeah,
what
I'm
just
thinking
loud
here
about
what
we
could
potentially
do
is
like
you
up,
probably
unless
you're
really
implementing
something
you're,
probably
not
going
to
sit
in
front
of
the
laptop
and
watch
us
write
some
code
and
so
on
all
day
long.
So
maybe
we
can
schedule
a
meeting
at
the
end
of
the
day
or
so
end
of
the
first
day
and
then
another
one
on
Sunday.
So
you
can
basically
keep
you
up
to
up
to
speed
with
what's
going
on
and
maybe
discuss
some
of
the
issues
that.
D
A
E
E
One
is
to
prove
that
you
can
do
something
useful
based
on
the
building
blocks,
that
skit
provides,
which
means
doing
an
end-to-end
use
case
and
and
what
I
would
hope
to
take
is
the
document
format
from
dick
register
it
through
the
proposed
standard.
Rest
API,
that's
in
the
architecture
into
two
skit
Services,
that's
my
one
that
my
company
builds
and
the
emulated
one
that's
in
the
open
source,
emulator
and
then
it's
verifiable.
So
we've
got
the
end-to-end
use
case
proven,
but
also
from
a
sort
of
spec
and
working
group
progress.
E
Point
of
view.
What
I'd
then
like
to
produce
is
a
nice
diagram,
a
kind
of
simple
box
architecture,
diagram
of
the
things
that
are
happening
in
skipped
components
using
necessary
skit
technology
and
the
things
that
are
happening
in
what
I
think
we
tend
to
refer
to
as
a
system
built
using
the
skitz
components,
because
we
have
a
lot
of
discussions
about
identifiers
and
public
keys
and
access
controls
and
searchability.
E
This
idea
of
being
able
to
look
up
things
in
the
registry
and
what
I'd
like
to
produce
at
the
end
of
the
hackathon
is
yes
working
code,
but
also
help
to
disambiguate
what
is
in
and
out
of
scope
of
skit
in
a
complete
end-to-end
implementation
and
I.
Think
the
coding
might
be
difficult
to
do
collaboratively
over
an
owl,
but
definitely
guiding
the
use
case
and
writing
up
that
documentation
and
layering
diagram
I
think
could
be
very
beneficial
to
work
together
with
people.
G
E
Match
the
standard
so
at
an
interoperability
level
we're
fully
interoperable
with
the
fully
open
source
thing
so
anything
going
into
a
code
integration,
as
in
code
you'd,
put
on
another
tool
to
call
either
register
a
claim
or
get
the
receipt.
Whatever
is
all
open.
We
we
writing
that
in
a
separate
repository
under
MIT
terms,
the
folks
like
Microsoft
have
also
committed
to
we're
not
donating
our
back
end.
E
The
object
is
just
hard
to
say
something
that
was
not
proprietary
and
open
it
up.
But
it's
based.
Everything
that
you
need
to
rely
on
is
based
on
fully
open
consensus,
Merkel
tree
implementation,
so
yeah
we're
donating
everything
on
the
client
side
and
everything's.
Not
actually
open,
is
verifiable
by
open
source
things
and
we're
moving
more
towards
the
standard,
but
it
takes
takes
time
to
take
things
that
already
exist
and
open
them
up,
but
everything
new,
we're
writing
is
open.
B
I,
do
honest
I
just
want
to
make
the
comment
that
the
materials
that
will
be
provided
by
Rea
is
actually
an
open
source.
Xml
schema
called
the
vendor
response
file
and
I've
been
talking
with
Hank
about
how
we
can
go
ahead
and
gift
that
over
to
the
ietf,
so
that
you
know
you
can
you
can
take
that
on?
As
you
know,
materials
owned
by
the
ietf,
so
that
would
be
donated
as
well.
If
there's
any
interest
in
in
having
that
available
thanks.
A
B
A
B
A
The
other
things,
because,
obviously
that
would
also
be
valuable
if
we
have
just
a
number
of
different
independent.
Let's
say:
client-side
implementations
like
people
using
different
cozy
libraries,
different
receipt,
libraries
and
so
on,
passes
and
creators,
and
so
on,
and
so
on.
I
think
that
would
also
be
useful
if
we
could
actually
play
around
there
as
well.
That
would
be
the
interoperability
test,
essentially.
E
A
Okay,
thanks
thanks
dick
for
the
link,
okay,
perfect,
so
I
think
we
have
a
couple
of
spreading
blocks
already
and
we'll
obviously
try
to
put
these
things
together
and
if
we
are
lucky,
everything
works
out
great.
My
experiences
that
there's
still
a
little
bit
of
gluing
work.
That
needs
to
be
done
so
that
will
have
to
follow.
A
I
A
A
A
Okay,
actually
one
of
both
of
us
are
going
to
be
there.
Okay,
cool
yeah
so
in
in
I.
Think
John
and
I
will
have
a
a
discussion
about
how
we
best
schedule
some
sessions
for
the
remote
participants,
because
even
if
we
provide
the
possibility
for
you
guys
to
like
contact
us
at
any
point
in
time,
I
think
it
would
be.
It
would
be
useful
to
do
kind
of
a
short
status,
update
and
yeah.
A
I
J
C
A
J
But
for
sure,
if
you
set
up
something
like
the
the
one
time
meeting
or
like
discussion
for
final
architecture,
that
one
for
sure
would
be
helpful
for
me
and
maybe
also
my
other
question-
was
regarding
admission,
not
admission
policy
but
I,
don't
remember
the
name
at
the
moment.
Sorry
yeah
registration.
Yes,
thank
you.
Registration
policy.
If
it's
something
like
included
I
did
not
really
got
it
from
John
idea.
Let's
say
if
it's
something
we
wanted
to
push
this
arcaton
or
not.
Personally,.
A
Okay,
okay,
this
at
this
hackathon
like
we
will
set
up
the
like
the
demo
that
dick
described
or
like
that
use
case,
and
then
we
will
see
what
what
we
actually
need,
what
pieces
are
missing
and
whether
we
need
to
well-
maybe
maybe
everything
is
there
and
we
are
just
happy
at
the
end
of
the
day.
That
would
be
good
good
to
know
as
well
right.
J
A
J
A
A
E
Yeah
here
we
go
so
let
me
share
that
PowerPoint
with
everybody
yeah,
because
when
I
hear
the
the
question
that
was
just
asked,
I
think
registration
policies
certainly
was
I.
Think
we've
made
lots
of
improvements
in
the
last
two
weeks,
but
it
was
a
big
topic
to
cover
and
I
think
covering.
It
is
still
a
good
idea,
but
I'm
I'm
not
in
a
great
position
to
complete
an
implementation
of
something
there,
whereas
I
am
in
a
good
position
to
answer
some
of
these
system
level,
questions
that
have
been
raised.
E
E
That
okay,
the
mission
denied
no
good
okay,
I'm
gonna,
try
and
just
explain
it
because
I
can't
share
my
screen
and
I.
Think
we
can't
put
images
into
the
chat.
Can
we
so
so?
The
basic
layout
that
we
have
today
is
the
emulator
in
in
the
skit
Community
GitHub
essentially
makes
two
different
binaries.
It
there's
a
thing
called
flask
for
anybody
who
knows
python
things
so
there's
a
little
flask
that
sets
up
a
server
and
it's
all
local.
E
So
you
can
run
it
on
a
very
simple
Dev
machine
or
laptop,
but
it
creates
a
service
that
sits
on
the
far
end
of
a
socket.
So
it's
as
though
it's
a
cloud
service
or
Ledger,
and
then
there's
a
client
that
you
can
use
to
make
well-formatted
rest
commands
for
for
skit
and
that
obviously
both
of
those
pieces.
The
the
client
sender
and
the
service
receiver
are
based
on
the
messages
in
the
proposed
rest
API
in
the
architecture
document
today.
E
The
code
is
the
same,
no
matter
what
and
it's
a
matter
of
configuration
on
an
instance
which
of
the
registries
you
go
to,
and
obviously
you
can
even
change.
You
can
go
to
one
registry
for
one
type
of
type
of
information,
a
different
registry
for
different
types
of
information
and,
as
we've
discussed,
you
know
maybe
for
certain
important
or
very
globally
or
long-lived
things
you
might
send
things
to
both.
E
So
it's
a
nicely
sort
of
client
API
level
interoperability
there
and
then,
when
you
send
these
things
and
get
the
receipts
back,
whether
it's
the
archivist
back
end
or
whether
it's
the
the
the
CCF
emulation,
the
receipts
are
fully
verifiable
offline.
So
you've
got
complete
and
consistent
Merkel
tree
inclusion
proofs
for
your
claims
that
you
can
verify
with
the
regular
open
source
cozy
end
in
my
case,
consensus,
Merkle
tree
code.
So
that's
the
state
of
the
art
today.
It's
nicely
separated.
E
It's
got
nice
interfaces,
it's
got
good
interoperability
and
it's
got
client
standardization.
So
what
I'm
hoping
to
be
able
to
demonstrate
and,
as
I
said
sort
of
make
some
progress
on
the
spec
at
the
same
time
as
code
is
to
answer
some
of
those
questions
about
things
like
searching,
The,
Ledger,
recovering
receipts
that
you've
lost
querying
indexes
for
the
latest,
one
whatever
the
latest
one
might
mean.
E
So,
specifically,
I'm
not
not
to
touch
registration
policies
per
se,
but
to
be
able
to
discover
things
like
what's
the
thing
in
this
feed
with
the
highest
SVN,
because
the
security
version
number
stuff
is
has
been
interesting.
So
what
I'm
hoping
to
prove
with
that
is
to
show
what
things
are
not
needed
to
ever
be
in
the
skit
specifications,
because
they're
not
building
blocks,
but
they
can
be
added
on
top.
G
G
That
seems
to
be
kind
of
a
relatively
low
hanging
fruit
and
we
were
always
a
little
bit
on
the
edge
on.
Do
we
really
want
to
use
the
web?
Do
you
want
to
need
our
own
and
then
and
and
I
think
the
consensus
was
reused
as
much
as
you
can,
and
now
that
already
provided
this
all
this
text
that
says
yeah
well
resolution
and
dereferencing
is
not
the
greatest
specification
ever,
and
so
we
have
to
rephrase
something
here.
G
G
A
F
F
But
you
know
the
specifics
of
how
you
get
to
a
skip
receipt
or
still,
and
it
there's
sort
of
two
parts
to
that
in
skit,
and
both
of
them
need
to
make
use
of
cozy
envelopes
in
some
way.
So
you
need
the
rest
API
to
support
the
Cozy
envelopes
and
then
you
need
the
client
to
construct
the
transparent
statements
from
what
it
gets
from
the
rest.
Api.
A
Right,
I'm
thinking
up
like
basically
circling
a
little
bit
back
to
the
early
discussion
like
we
obviously
have
the
code
and
the
skip,
skip.
Api
emulator
repo,
but
that's
sort
of
like
one
specific
implementation
and
I
was
wondering
whether
there
are
other
libraries
that
we
could
kind
of
drop
in,
for
example.
A
Instead
of
let's
say
the
the
client,
as
you
said
like
like
for
the
client,
consists
of
multiple
different
pieces,
but
maybe
someone
else
has
the
different
pieces
in
a
different
language,
and
so,
for
example,
like
there
are
many
implementations
out
there
of
cozy
for
cozy
sign,
for
example,
but
when
it
comes
to
passing
the
the
new
work
that
you've
been
doing
on
the
on
the
on
the
receipts
and
with
the
Cozy
proofs
draft.
That's
a
different
story
right
and
you
that's
new
work.
So.
A
F
I
guess
because
it
was
it
ate
a
lot
of
time
in
the
last
hackathon
like
a
kind
of
preliminary
discussion
about
identifiers
for
artifacts
identifiers,
for
my
parents,
statement,
mind
statements
and
policies
because
we
spent
a
lot
of
time
at
the
last
hackathon
talking
about
that
and
so
I
wonder
you
know,
are
we
going
to
do
that
again?
Is
there
have
we
found
a
kind
of
good
Edge
for
that
box?
F
Do
we
want
to
just
leave
that
box
as
it
is
and
and
spend
our
time
on
other
things,
this
hackathon
and
you
know,
come
back
to
that.
Eventually,
if
we
try
and
do
too
many
things,
we
won't
make
great
progress
on
any
of
them
so
potentially
coming
up,
and
then
we
could
have
like
a
several
very
hard
topics
that
we're
trying
to
address
all
at
once.
C
C
A
Good
good
point:
yeah
I
almost
forgot
the
discussion
with
John,
but
then
I
forgot
about
it.
Yes,
we
need
to
like
for
those
people
who
are
there
and
at
the
moment
it
seems
like
we
are
talking
about
Ori
Hank
John.
Is
there
Mike
Brooke?
Is
there
and
I
think
in
this
kid
session
in
person?
Nobody
else
is
that
is
that
correct.
A
The
use
case
document
hasn't
seen
an
update,
so
that's
another
topic.
We
should
be
talking
about
whether
that's
essentially
finalized
and
and
we
don't
need
to
to
do
further
work
on
it
or
maybe
we
need
to
do
it,
but
haven't
had
time
because
we
all
our
energy
was
with
the
architecture
document.
So
it's
it's
really
up
to
you
guys.
C
H
B
A
H
A
But
I
definitely
haven't
forgotten.
It
I
read
through
the
email
discussion
it
was.
There
was
a
lot
of
good
good
material,
India
Point
us
to
what
other
groups
and
organizations
are
doing
so
so
really
interesting,
but
yeah,
I
I,
don't
know
I,
don't
have
the
answer
right
now,
so
I
I
need
to
talk
to
others
who
work
in
that
space
or
worked
in
that
space
in
the
past.
H
So
the
reason
I
bring
it
up
is
that
if
you're
going
to
use
pgp
keys,
then
potentially
the
configuration
of
what
identifiers
to
trust
will
change
the
identity,
registration
policy
on
the
skits
on
The
Ledger,
quite
often,
which
means
this
identifier
and
how
to
track
it
in
the
receipts
becomes
much
more
important.
If
you
think
it's,
it's
very
slow,
changing
you've
got
some
room
to
to
maneuver,
but
if
we
think
we're
having
identities
at
it
on
a
high
rate,
we're
going
to
need
to
cross
this
bridge
sooner
than
later,.
A
A
B
E
Yeah
so
I
think
the
right
way
to
do
it
would
be
we
push.
You
know
I,
obviously
I'm
happy
to
do
most
of
the
lifting,
but
anybody
who
wants
to
participate
and
and
actually
push
code
we
should
just
be
making
very
regular
commits
to
a
branch
on
the
current
repo
and
then
we
don't
need
any
special
network
connections
because
it'll
just
work
from
from
wherever
you
are
I'll.
A
I
B
Yeah,
that
would
be
great
John
if
we
could
do
some
testing
beforehand.
You
know
I
can
give
you
a
payload
that
would
roughly
equate
to
what
an
FDA
medical
device
manufacturer
might
submit
for
s-bomb
in
particular,
and
then
I
can
do
the
consumer
side
the
FDA
side
and
draw
that
material
down
from
the
registry.
E
A
G
Other
things
yeah,
so
the
there's
a
different
working
group,
chartering,
that's,
which
is
Keith's
friends
I,
want
to
bring
that
up.
I
I
think
a
lot
of
us
think
that
We've
overlapped
to
some
extent
I
assume
from
the
newest
Charter
text.
They
will
Define
three
algorithms,
for
example,
or
any
kind
of
transparency,
algorithms
in
any
case,
so
so
that's
interesting
to
us.
There
will
be
overlap
if
there
is
a
representation
as
a
formal
overlap
and
I
think
that
is
something
we
want
to
do
at
the
hackathon.
A
Yeah
I
think
this
is
a
very
good
idea,
as
you
have
seen
from
my
frustration
a
little
bit
on
which
I
shared
on
the
mailing
list.
These
various
attempts
that
we've
made
to
reach
out
to
them
and
to
have
them
participate
that
one
of
our
calls,
which
are
obviously
happening
frequently.
So
there
were
a
number
of
opportunities
to
to
discuss
this
that
didn't
work
out
so
so,
hopefully,
the
IDF
meeting
itself
provides
the
next
opportunity,
or
particularly
the
hackathon
itself,
because
clearly
there's
an
overlap.
A
And
I'm,
seeing
that
positive
in
in
both
ways
that
I
think
there
is
something
for
them
to
reuse.
But
maybe
there
is
also
something
for
us
to
to
benefit
from
because
they
have
some
additional
privacy
requirements
which
may
be
may
not
exist
in
in
many
other
areas.
But
it's
still
maybe
useful
to
see
how
this
gets.
Incorporated
foreign.
H
A
I
Not
necessarily
on
the
overall
app
but
on
what
we
can
do
at
at
the
next
ATF,
so
I
think.
Can
you
wait
to
discuss
with
Keith
hunt
during
that
question
would
be
great,
but
we
need
someone
on
site
to
be
able
to
do
that.
Otherwise
we
can
be
at
the
official
recession,
but
the
bandwidth
will
be
more
limited.
A
Okay,
so
maybe
maybe
we
need
to
organize
a
site
meeting
for
those
who
are
there
in
person.
We
maybe
need
to
schedule
a
site
meeting
with
them.
So
I
put
that
into
the
meeting
minutes
to
to
see
because
I
my
quick
search
didn't
lead
to
a
success
on
the
hackathon
participants,
because
the
topics
the
topics
are
also
listed
when
you
search
when
you
go
through
to
the
hackathon
registration
page,
you
can
see
who
is
registered
already
and
you
can
and
there's
an
indication
of
course
that's
not
completely
filled
out.
A
A
A
A
G
Well,
I
can
always
serve
as
this
is
saying:
I
can
always
serve
fall
back
of
course,
I'll
be
on
site
and
I'll
be
talking
to
I,
guess
all
the
work
parties
and
and
I'm
if
there's
already
a
a
a
set
of
content
being
prepared
before
the
hackathon.
That's
super
great
I'll
be
basically
in
transit,
starting
tomorrow
or
tomorrow.
I
will
just
skip
out
of
day
job
and
then
and
then
fly
out
and
then
we'll
re-manifest,
three
subdivate
and
and
San
Francisco
on
Friday.
G
A
Yeah
yeah
we
and
we
could
potentially
also
split
out
different
topics
and
have
also
involved
some
of
the
remote
presenters
and
and
definitely
have
you,
hang
I
could
also
Imagine
Ori.
If
you
have
a
chance
to
speak
about
the
text
that
you
added
in
the
in
the
pr
I
think
that
could
also
be
useful
for
some
of
the
participants,
because
that
topic
hasn't
been
discussed
for
too
long.
So
I
think
that
may
be
useful
too
I'm.
A
I'm
also
guessing
that
the
numbers,
a
number
of
people
are
new
to
the
group,
so
giving
them
a
little
bit
of
a
sort
of
a
abstract
or
introductory
description
of
what
what
we
are
doing
also
in
light
of
the
the
hackathon
exercise.
So
maybe
that's
also
an
outcome
of
the
hackathon
that
we
have
some
a
kind
of
a
description
of
a
complete
scenario
on
how
so,
if
the
different
entities
interact
and
how
the
different
pieces
of
the
work
fit
together,.
E
A
B
A
link
in
the
chat
to
an
article
I
wrote,
you
know,
there's
a
the
national
cyber
security
strategy.
Implementation
plan
came
out
last
week
and
the
first
Milestone
deliverable
is
on
iot
cyber
security
labeling,
and
that's
due
that
work
is
due
in
in
September
by
September
30th
of
this
year.
So
I
I
point
to
point
out
that
I
trust
registry
could
also
be
useful
in
that
context
as
well.
Thanks.
A
B
A
A
D
Implementation
and
I
haven't
gotten
to
it
yet,
but
I
do
imagine,
there
are
a
bunch
of
supply
chain
things
in
there.
That
could
be
useful
I'm.
Pretty
sure,
though,
that
the
Finland
system
is
probably
not
going
to
be
the
one
that
strikes
me
as
more
intended
for
sort
of
Renewables
and
we're
looking
at
something
kind
of
different
I.
Think
for
the
iot
side
in
the
U.S
again
just
my
impression
without
a
lot
of
detailed
reading
so
far,
but
I
still
think
Dick's
point
is
well
taken.
D
There
is
a
great
opportunity
here
for
skit
to
be
implemented.
If
we
can,
you
know,
gather
the
data
that
is
needed
for
the
supply
chain,
Integrity
initiatives
and
store
it
in
one
place.
That
to
me
is
the
huge
value
and
just
one
editorial
comment:
I,
don't
know
if
we
have
looked
at
that
closely
enough
the
operation
of
skit
and
how
it
would
work
in
real
life.
We've
spent
a
lot
of
time
on.
You
know
the
encryption
and
the
pki
substitution
certification
receipts.
All
that
stuff.
D
B
A
D
It's
envisioned
right
now,
so
we've
got
a
different
kind
of
use
case
that
we've
made
skit
ideal,
for
it
can
be
adapted
to
this
supply
chain
and
labeling
concept
and
should
be
in
my
opinion,
but
I
think
we
do
need
to
start
thinking
about.
How
do
we
get
the
data
in
there?
How
do
we
print
it
out
so
that
it
can
be
pasted
on
the
side
or
some
representation
of
it?
Can
we
paste
it
on
the
side
of
a
camera
or
an
elevator
or
whatever?
It
is.