►
From YouTube: RATS WG Interim Meeting, 2020-04-28
Description
RATS WG Interim Meeting, 2020-04-28
A
D
C
E
Right,
thank
you
guys
and
thanks
for
the
questions.
Basically,
one
of
the
hard
problems
that
we're
trying
to
figure
out
is
how
fedora
fits
into
the
other
drafts
that
are
out
there,
and
we
thought
about
this
for
a
while,
because
we
have
an
adopted
language
draft.
We
have
a
yang
model
for
TPM
that
Hank
is
going
to
be
talking
about
later,
and
there
are
questions
about
how-
and
we
also
have
I
should
put
on
here
the
use
case
draft
as
well,
and
the
question
of
how
come
we
eat.
Another
draft
came
up.
E
What
this
slide
tries
to
do
is
identify
what
is
in
draft
work
that
we
feel
is
essential
information
for
an
operator
which
wasn't
sufficiently
captured
in
the
other
drafts
that
I
just
mentioned.
Obviously,
there
is
a
use
case
listed
in
the
use
case
document
that
Michael
stewards,
but
there's
a
number
of
thing
about
rib,
which
is
not
well
bull
and
sufficiently
documented
in
the
use
case.
Example,
what
are
the
prerequisites
and
simplifying
assumptions
of
working
with
TPMS
you
and
what
key
exists
in
a
network
environment
that
we
have
to
have
pre-established?
E
What
kind
of
information
might
already
be
set
up
in
the
a
tester
or
the
relying
party,
as
well
as
the
call
flow
and
have
different
types
of
information
or
evidence
might
be
acquired?
All
this
is
legitimate
information
which
bounds
the
profile
for
the
rest
of
the
network
to
operate
now.
With
these
contexts
established,
we
can
go
ahead
and
use
the
yang
model
and
expect
it
to
operate
so
we've
defined
the
operational
prerequisites
for
the
yang
model
as
part
of
the
profile
identified
here.
E
They're
now
independent
this
you
know
way
pan
and
I,
and
others
have
been
discussing
how
to
streamline
the
future
stuff,
but
I
think
at
this
point
it
is
essential
to
go
ahead
and
identify
for
this
use.
Taste.
The
operational
prerequisites-
and
this
is
how
we
feel
this
draft-
relates
to
the
others
that
are
in
the
discussion
right
next.
F
E
E
You
know,
have
mobile
working
group
documents
for
use
case,
and
the
other
option
is
to
include
the
information
in
grid
of
within
draft
era
and
has
the
pro
of
future
a
fewer
working
group
drafts,
but
a
number
of
downsides,
such
as
a
large
document,
the
problem
of
binding
this
profile
to
a
young
parts
of
which
might
be
obsoleted
as
well
as
lat,
less
modularity
I
know
that
there
are
other
people
out
there
that
want
to
build
additional
things
off
this
profile.
That
might
not
require
the
yang.
E
So
our
question
of
the
working
group
is,
you
know
what
is
a
better
way
to
capture
the
requirements?
Is
it
better
to
have
a
separate
profile
and
yang,
or
is
it
set
better
to
have
them
all
together
and
and
that's
really
the
main
question
we
want
to
leave
with
the
working
group
as
part
of
this?
If
there
are
strong
opinions,
one
way
or
another,
we
would
then
try
to
go
ahead
and
propose
working
group
adoption
of
the
requirements
into
one
of
these
two
options.
E
F
F
We
would
prefer
to
support
a
neat
model
for
the
same
youth
case
and
we
think
it's
what's
in
a
stock
mentor
things
that
we
believe
are
testable,
even
if
they're,
not
in
exactly
the
TPM
format.
I
think
we
if
we
were
to
try
to
be
everywhere,
trying
to
try
to
be
compliant
from
a
from
a
wireless
router
perspective,
and
we
would
have
to
essentially
put
forward
something
like
a
firmware
TPM
and
that's
not
going
to
the
website
I,
don't
believe
it
provides
the
same
level
of
assurances
of
what's
being
intended
in
this
document.
G
C
E
B
H
This
slide,
and
so
so
I
was
originally
going
to
ask
a
question
I'm
going
to
ask
now,
but
you've
I
can
guess
at
your
answer.
So
first
I
want
to
say
think
we're
updating
the
title,
because
that
was
what
I
come
as
before.
So
thank
you
for
addressing
a
previous
feedback
right.
The
title
of
the
document
now
reads
and
same
on
your
slam:
deck
TPM
based
Network
device,
remote
integrity,
verification
right
and
which
does
match
the
content.
The
document.
Thank
you.
So
much
for
doing
that.
H
I
was
going
to
it
and
I
got
into
the
queue.
I
was
gonna.
Ask
a
terminology
question
that
I
think
I
now
have
an
opinion
on
the
answer.
The
answer,
but
I
was
going
to
ask
as
you
keep
using
the
term
rib,
and
so
my
terminology
question
was
going
to
be:
do
you
consider
the
term
rib
to
be
inherently
specific
to
TPMS
or
which
it
used
the
term
rib?
If
you
had
network
devices
that
were
not
TPM
based-
and
this
is
what
Ian
and
Kerry
we're
just
talking
about,
I
think
and
so
a
definitional.
H
C
H
We
have
a
network
device
or
somebody
creates
a
network
device
right
that
doesn't
use
a
TPM
users
say
you
know
a
te
e
and
a
still
dice
compliant
according
to
TCG
specs
right.
But
it's
not
TPM.
So
it's
not
going
to
do
this.
Would
you
say
they
would
need
to
use
a
term
other
than
rib
for
their
network
device
attestation
or
oh
I,.
C
H
H
Actually,
half-inch
a
question
but
I
just
want
an
explicit
terminology,
point
about
the
term,
be
specificity,
yeah
or
should
because
right
now
the
document
is
about
TPM
based
network
device
right,
and
so,
if
you
were
to
do
non
TPM
based
rib,
you
can
still
use
the
term
rib
and
your
other
document
with
your
new
title
right.
But
I
don't
know
if
that
was
the
intent.
So
thank
you
I.
Thank
you
Ben's.
My
question.
Yeah.
A
C
Neither
of
those
are
fundamental
to
the
goal
of
testing
the
software
base
on
a
device.
So
if
I
were
to
include
industrial,
you
know
industrial
IOT
equipment,
I
think
it
would
be
basically
the
same
document
except
that,
instead
of
yang,
it
would
use
some
other
protocol
that
was
more
familiar
to
industrial
IOT,
guys.
E
E
That's
not
always
true,
with
PCs
and
others
that,
where
you
don't
uniquely
identify
a
device
in
the
manufacturing
process,
so
there
are
some
simplifying
assumptions
you
can
make
based
on
that
provision
key
type.
Now
in
this
document
there
are
some
definition,
the
key
types
and
I
wouldn't
disqualify
right.
Now
that
the
ease
of
parishioner
maintained,
the
key
types
could
be
made
easier
based
on
the
secure
identity
of
a
device
embedded
as
part
of
manufacturing.
Yes,.
C
A
Was
just
going
to
bring
that
up
because
here
you
are
entering
into
the
provisioning
process
which
might
go
quite
deeply
into
the
whole
supply
chain
and
I?
Don't
know
whether
you
actually
want
to
go
down
that
route.
I!
Think
looking
at
this
now
with
the
answer
that
it's
rooted
specific
because
it's
because
there's
yang
I,
think
if
you
make
that
use
case,
clear
I
think
this
is
fine,
don't
think
we're.
A
E
C
C
Let's
say
an
assumption
perhaps
well,
which
is
I,
think
explicitly
embedded
in
the
in
the
proposal
as
a
stand
sight
again,
that's
not
necessarily
fundamental,
but
making
Riv
work
in
a
privacy.
Sensitive
application
like
a
PC
would
require
different
stuff.
It
would
be
worse,
it
would
be
harder
than
simply
swapping
out
yang
if
you
want
to
use
this
stuff
in
a
privacy.
Preserving
TPM
obviously
can
be
and
are
used
in
in
that
configuration.
A
I
C
Not
that
we're
preventing
anyone
from
touching
we're
trying
to
avoid
requiring
them
to
touch
so
the
point
the
the
simple
idea
of
forgiving
behind
RIF
is
that
we
can
manufacture
a
box
dropship
it
to
a
customer
and
they
can
open
the
box
and
plug
the
cable
into
the
wall
and
the
rest
of
it
just
happens
and
I
think
one
of
the
things
that
has
caused
a
lot
of
trouble
and
getting
PBM
systems
to
work
is
in
privacy,
sensitive
applications.
That's
not!
Okay,
because
it
wakes
up
an
enemy.
C
You
immediately
tells
its
master,
who
it
is
and
where
is
and
all
kinds
of
stuff
in
router
lamp
that
is
perfectly
acceptable
and
in
fact
required,
but
in
PC
land
that
is
not
so
there's
in
NPC
line.
There
has
to
be
a
provisioning
step
which
is
handled
after
manufacturing
and
before
you
can
actually
use
the
device,
and
that
to
me
does
not
represent
zero
touch.
Okay,.
I
J
I
J
Now
do
you
stop
sharing
so
I
think
the
first
question
is:
there's
currently
a
draft
I'll
call
it
the
rift
draft
because
I
don't
remember
the
whole
title,
and
so
the
question
is:
do
we
believe
that
when
I
took
a
look
at
the
update,
it's
more
than
just
a
use
case,
it
shows
a
profile
for
how
you
would
use
the
TPMS
to
do
the
remote
attestation
and
it
is
still
TM
specific,
but
the
question
is:
do
we
believe
that
this
is
a
useful
draft
or
the
content
is
useful?
That's
the
first
question.
J
J
J
L
J
Okay,
well,
so
we
can
ask
guide
the
authors
of
the
draft
to
take
it
entity
as
well,
but
my
question,
given
that
we're
out
of
time,
given
that
we
have
and
will
confirm
this
over
the
the
mail
list
as
well.
Okay,
so,
given
that
we
have
that,
are
there
objections
to
have
this
drap
be
adopted
as
a
working
group
draft?
H
Clarifying
question
this
is
Dave
the
intent
of
it,
because
usually
an
option
is
a
like.
A
promise
to
publish
is
the
intent
that
the
eventual
work
would
be
TPM
specific
or,
as
was
discussed
during
a
call
that
the
eventual
work
would
not
be
TPM
specific,
and
so,
when
we
say
adopting
this
draft,
which
scope
do
we
think,
is
this
draft?
So
I
don't
have
an
objection.
I
just
want
to
know
what
it
is
that
we're
again.
Okay,.
J
H
M
J
K
L
J
C
N
N
I
have
two
cannot
always
hear
everyone
here,
I'm,
very
sorry,
everything
you
said
I
have
to
read
from
the
notes.
If
you
are
raising
a
question,
someone
heads
I
actually
have
no,
your
reception
from
I
would
have
to
look
into
the
notes.
Just
a
heads
up,
there
might
be
a
small
delay,
sometimes
question
if
there
any,
of
course
also
if
explaining
and
so
I
have
set
of
drafts
right
here
for
some
of
the
drafts.
N
Indeed,
a
trekker
associated
with
rats
and
I'd
like
to
start
with
graph
that
is
called
reference
interaction
model
that
is
a
outdated
friar
named
effectively
it's
the
interaction
model
for
a
challenge
response
based
remote
station.
That
is
what
a
chrome
Chara
is
for.
This
is
not
the
end
module
draft
next
slide.
Please,
like
only
slide
please,
and
we
are
considering
not
actually
two
sides.
We
are
considering
aggregating
the
interaction
models
in
this
form
at
the
moment,
of
course,
there's
Chara
in
there,
basically
just
to
give
an
example.
N
It's
in
general,
there
are
other
ways
to
do
this,
but
in
general
the
challenge
response.
The
Challenger
is
the
verifier
using
a
nonce
and
the
responder
is
the
chesta.
We
follow
ID
with
the
BC
p2o5
relatively
new,
that
is
the
implementation
status
PCP,
because
there
is
a
proof
of
concept.
Implementation,
yeah
I
can
go
into
a
little
bit
of
detail
because
recently
adopted
lawrence's,
Tibor
and
cosy
code,
namely
QC,
bore
and
T
underscore
cosy
in
this
project
here,
I'm
switching
from
tiny
C
bar.
N
So
it's
a
it's
a
very
straightforward
implementation
using
Co,
app
and
SIBO
payload,
and
it
is
literally
to
pinch
our
so.
The
verifier
can
query
a
tester
for
evidence,
evidence
generated
based
on
the
nuns
and
so
on
and
the
as
available
in
the
highlighted
URI,
and
we
tracked
this
implementation.
As
one
of
these
we
have
other
implementations.
Apparently
yang
Chara
is
based
on
this
track.
N
We
have
running
code
in
network,
not
sometimes
not
the
whole
yang
module
but
parts
of
it.
So
we
have
running
code
and
two
places
already,
and
that
is
why
we
have
the
interaction
model
in
a
separate
draft,
because
there
is
only
one
feasible
way:
challenge/response
there
is
a
minimal
set
of
information
information
elements
required
to
do
it
most
prominently,
the
nonce.
That's
why
I'm
highlighting
it
and
but
other
things
like
identities,
and
so
in
order
to
not
do
text
cloning
here
and
with
every
solution
draft
it
uses
the
Chara
interaction
model.
N
You
would
I
think
prefer
to
have
that
in
a
standalone
draft,
but
we
under
the
guidance
to
not
to
create
when
the
informational
draft.
This
apparently
would
be
an
informational
draft
and
therefore
I'm
was
in
the
question
later
where
to
put
this
actually,
but
there
are
to
elaborate
on
this
action
models.
The
second
one
is
the
Tuda
one.
You
are
not
using
announcers
here
you
are
effectively
using
two
types
of
information
groups.
One
of
them
is
assumed.
N
Talkin
binds
global
time
to
a
relative
time
of
a
testing
environment,
and
then
you
lose
a
lot
of
time
streams
correspondingly.
So
this
can
prove
past
states.
So
you
have
a
evidence
that
is
not
conveyed
immediately.
If
you
complete
two
months
later,
you
just
can
push
it
in
the
situation
here
and
it's
still
valid
evidence
without
amounts.
N
To
achieve
that,
you
are
surprised
this
price
is,
you
have
to
somehow
get
a
time,
synchronization
transfer
fee
in
your
security
domain,
just
by
a
global
source
of
time,
tsa
Internet
traffic-
for
that
that's
crazy,
TSP,
the
time
stamp
fastest
times
that
typically,
but
in
any
case
so
that
is
a
second
model-
is
basically
only
firing
in
one
direction.
You
can
realize
Network
diodes
with
it.
As
let
me
do
a
feedback
click
fired.
You
can
just
image
sing
a
unidirectional
message
streams
here
we
have
a
hybrid
of
these
two,
so
to
speak.
N
N
Therefore,
it
is
more
than
that
and
if
you
stuff,
everything
into
the
architecture
might
get
less
crowded
there
at
some
point,
yes,
code,
cloning
is
the
thing
so
text
learning
is
a
thing
and
we
don't
want
to
have
multiple
ways
to
do
the
same
thing
and
written
it
in
different
places.
Always
it
always
causes
confusion
and
has
some
little
differences
in
it
and
therefore
inconsistency.
So
options
are
to
have
a
standalone
document
for
each
model,
which
I
think
it's
overkill.
N
M
N
An
alternative
you
could
select
a
first-come-first-served
solution
draft
and
put
the
interaction
model
there.
Young
Chara,
for
example,
is
the
first
draft
using
Chara
and
we
could
put
the
content
of
the
interaction
model
there
and
every
other
solution
has
to
refer
to
this
solution.
All
of
these
options,
I
think,
are
somehow
viable.
N
O
H
So
I
think
you're
asking
the
right
question
here:
Hank
I
think
I
might
break
it
into
two
separate
questions.
Only
because
I
might
choose
a
different
option
for
the
two
different
questions
depending
or
I'm
Mike
I,
don't
know
if
I
would
so
I.
Think
part
of
the
question
is:
where
do
interaction
models
go
and
I
think
the
answer
is,
it
depends
on
what
the
interaction
model
level
of
detail
is.
H
I
My
question
is:
I'm
not
super
familiar
with
the
draft
yeah
but
but
like
well.
How
would
this
cover
her
interaction
with
Android
attestation
or
things
that
are
kind
of
more
eat
based
and
even
even
some
of
the
vital
stuff
man
I'm,
not
sure
how
that
fits
in
here,
but
I
think
it
if
it
is
a
something
that
is
defining
rats,
interaction,
model,
the
rats,
interaction
model
or
something
like
that,
then
it
needs
to
cover
all
of
those
things
if
it's
just.
N
N
O
N
We
are
not
aiming
to
specify
protocol
here,
most
certainly
but
protocols
in
a
certain
manner
and
again,
the
challenge
responses
are
very
easy
to
grasp
challenge.
Our
provides
dunce.
Fractions
is
proven
by
including
ten
months
in
a
cryptographic,
action
and
giving
back
a
response
at
time.
So
you
can
see
that
this
response
is
based
on
your
months
very
easy.
So
this
is
apparently
not
protocol
specific.
It
is
specific
to
some
protocols
that
we
use
this
model
would
require
some
further
frosting
and
information
events
to
facilitate
it.
So
that
is
my
hands.
I
hope
it
suffices.
N
Chara
is
just
implementation
is
tracked,
yeah
to
show
that
this
interaction
model
works
and
it
provides
creates
a
useful
output.
But
this
is
this.
Implementation
is,
of
course,
a
proof-of-concept
implementation
and
specific,
therefore,
and
just
to
show
that
the
model
has
validity,
and
you
cannot
show
a
model
validity
with
form
a
model
checking
yeah,
but
it's
a
handshake.
So
how
complex
is
that?
So
we
show
in
practice
that
it
works.
O
O
O
N
N
N
That's
a
very
good
point
actually,
today,
models
we
focusing
on
conveyance
of
evidence
say,
must
be
true
for
education
results.
Do
you
get
the
attestation
rather
the
stream
to
you
directionally
the
subscriptions,
or
do
you
create
them
with
challenge
response
same
thing?
Basically
that
would
not
be
covered
today,
and
it
is
a
very
good
issue
to
raise
and
I
think.
Yes,
there
should
be
generalized
in
a
way
that
they're,
basically,
maybe
the
endorser
role,
is
a
small
exception
there,
but
basically
interaction
between
all
of
the
roles
and
not
only
the
the
sun'll
example.
N
Q
N
Problem
so
that
I
was
putting
this
back
to
back
background
already,
actually
was
covered
by
my
guy
quite
well
and
yeah
yang
and
goes
hand
in
hand.
That's
that's
typically
why
this
is
a
network
equipment
scope.
It
is
not
exclusively
so
you
can
run
a
young
server
on
your
cell
phone
if
you
want
so
typically,
you
cannot
find
them
there.
That
is
the
problem.
That
is
why
the
scope
is
limited
by
use
of
young,
mostly
I,
would
say
network
equipment.
N
We
have
also
the
advantage
to
use
existing
stuff.
That's
good!
Also.
The
yang
use
of
young
lads,
many
mentioned
arrays,
as
recommended
in
the
ITF,
if
it's
possibility,
adding
to
the
ecosystem,
so
to
speak,
and
all
the
tools
included
like
RPC
statements
can
be
used,
it's
a
basically
the
main
maymay
construct.
It
is
enabling
Java
and
we
have
also
have
been
used
so
to
speak
already
by.
That
was
a
powerful
in
draft
that
extends
and
considerably
by
pops
up
using
the
telemetry.
N
We
are
a
subscription
to
the
tree
that
we
provides
here
in
the
charmolue
next,
at
least
so,
oh
no.
This
is
the
next
next
line.
Now
that
actually
I'm
sorry
yeah,
so
I'm
missing
some
English
text,
still
the
yang
module,
on
the
other
hand,
matures
quite
well
and
there's
basically
no
of
the
so
called
churn
anymore.
N
We
also
successfully
have
been
adopted
for
other
interaction
models
that
are
based
on
this
Chara.
That
is
actually
very
excellent,
so
we
will
wait
until
the
architecture.
Terminology
is
also
stable,
which
is
I,
think
a
very
near-term
goal
and
then
create
some
usage
text.
What
the
explicit
are
pieces
are
for
what
intended
is
refer
to
interaction
model
or
part
of
the
interaction
model.
Information
elements
are
specialized
here
and
so
on
and
so
on,
and
there
are
some
decision
basically
have
to
be
done
before
that
interaction
model,
about
scope
where
and
why
people's
live.
N
What
is
the
terminology
and
journalist
and
everything
there,
and
if
this
is
done,
we
basically
align
so
we
can
have
a
coherent
set
of
drafts.
That
is
really
really
it's
our
connecting
and
not
confusing
to
the
video
I
hope
we
will
structure
them
well
and
therefore
this
is
basically
the
open
issue.
The
yang
module
itself
has
been
actually
implemented
and
is
proving
to
be
viable,
and
therefore
we
assume
that
without
a
proof
of
contrabass
achill
ii,
assume
that
you
can
go
to
working
group,
that's
called
having
added
that
English
test.
N
Lot
of
prominent
vendors
or
interested
parties
are
contributing
all
the
time,
so
they
have
been
contributing
for
a
long
time
to
this,
and
thank
you
to
all
of
them
and
yeah.
This
is
I,
think
we're
good,
okay,
okay,
okay,
yeah!
Then,
if
there's
nothing
to
be
said
about
this
anymore,
we
can
move
to
the
next
one
in
the
spirit
of
Elliott.
This
slides
started
as
Murray
rats,
because
Elliott's
much
RFC
is
the
basis
for
this
work.
What
that
means.
Q
N
At
URL,
I'm
typing
your
I,
because
I
was
following
the
draft
for
so
long
that
I
think
sometime,
it's
a
URI
but
typically
is
caught
a
matter.
I'm
sorry
misnomer
yeah,
so
the
mat
URL
can
be.
That
is
pointing
to
the
directive.
That
is
the
mod
file
included,
which
is
very
convenient
at
the
standard,
is
a
specified
in
the
in
the
RFC,
and
we
want
to
make
use
of
that
because
a
lot
of
network
equipment
devices,
for
example,
going
with
that,
but
also
a
lot
of
other
things,
including
cell
phones,
often
have
their
IDs.
N
N
You
can
present
your
dev
ID
to
a,
for
example,
many
of
the
system
or
verifier
and
have
then
a
certification
path
to
a
first
anchor
that
goes
with
the
deaf
ID,
and
if
you
trust
that
Trust
anchor
I
should
probably
be
good.
If
it's
from
a
network
window
that
you
know,
then
the
mattify
that
is
also
provided
by
the
same
and
also
you
can
have
a
list
of
things
in
it.
How
multiple
lists,
actually
that
are
interesting
to
rats?
N
First
of
all,
we
were
looking
at
the
endorsement
documents
that
are
created
by
the
dorsa
in
the
rat
architecture.
Apparently,
these
assign
plane
sets
that
provides
characteristics
that
are
trustworthy
about
the
things
and
a
test.
I
cannot
quite
evidence
about,
and
that's
very
long
sentence
to
say,
root
of
trust
effectively.
Roots
of
trust
cannot
create
evidence
about
themselves,
so
they
have
to
be
endorsed
from
the
outside.
It's
a
very
common
use
case,
and
so,
in
order
to
do
that,
you
have
to
find
the
source
of
these
endorsements.
N
Sometimes
they
are
included
literally
in
the
root
of
trust
themselves,
but
sometimes
they
are
not,
and
therefore
you
need
a
pointer,
and
this
much
URL
would
point
to
a
much
fire
in
which
you
can
find
a
list
of
these
pointers.
That
of
you,
choosing,
probably
in
a
sequence
that
is
from
most
viable
to
least
viable
for
you
for
the
typical
user
same
goes
with
reference
integrity,
measurements.
This
is
a
subset
of
the
appraisal
policies.
The
architecture
is
talking
about.
N
If
you
know
what
software
components
should
be
installed
on
your
device
on
shipping,
or
maybe
even
later
on
after
updates,
then
the
same
endorser
that
creates
these
updates
can
provide
you
with
reference
measurements
about
these.
So
you
can
check
if
these
are
okay.
These
are
apparently
created
over
time.
Again
again,
those
updates
are
created
over
time
and
therefore
you
have
to
find
new
ones
again.
N
N
Hosted
by
the
saw
or
by
another
supply
chain
entity
or
the
distributor
or
the
insula,
or
something
like
that.
This
is
complicated,
because
if
it's
the
end
service-
but
we
not
be
the
original
def
ID,
but
an
AF
ID
traded
by
that
entity
also
can
include
a
match.
So
it
would
be
a
possibility
to
take
that
also
into
account.
This
seemed
quite
forward
and
easy,
and
therefore
we
brought
that
things
with
it
here,
because
he
brought
the
initial
mattify
without
that.
N
I
wouldn't
really
know
how
to
you
in
the
in
the
various
very
kick-starting
moment
here.
So
he
is
aware
of
this
document
and
the
activities
and
let's
try
this
out
by
in
the
last
two
days.
I
already
got
emails
about
this
and
we
have
a
few
more
sets
of
interesting
things
yeah.
Next
to
this,
we
we
will
start
with
free
and
further
write
information
that
are
interesting
and
in
play,
if
there's
consensus,
and
we
hope
that
this
will
be
an
interesting.
But
for
most
of
you
we.
P
So
it
seems
to
me
like
this:
is
a
file,
and
so
there's
I
think
there's
sort
of
chicken
and
egg
kind
of
question
that
I
have,
which
is.
Is
this?
Do
you
need
a
service
that
points
you
to
the
mud
file,
in
which
case
you
had
pointed
out
either
some
actual
documents
or
you're
pointed
to
another
service
which
in
this
case,
is
an
appraisal
service?
As
the
verifier
I'm
curious,
you
know
who
hosts
the
mud
file
in
terms
of
our
canonical
architecture
and
that's
question.
P
One
and
question
two
is:
would
it
make
more
sense
for
rats
to
be
focusing
on
in
terms
of
discovery?
What
would
it
make
sense
to
have
a
discovery
capability
that
goes
along
the
lines
of
if
you're
an
endorser
then
use
the
you
know
this
this
discovery
mechanism
to
identify
the
endorser,
those
those
providing
endorsement
services
and
can
then
host,
for
example,
endorsement
documents
or
reference
integrity,
measurements
which
I
think
are
also
endorsement
documents
as
well
and
then
and
then
that
seems
more
appropriate.
P
Then
you
could
also
talk
about
appraisal
services,
as
let
me
discover
those
verifiers
that
are
providing
verifier
services
or
let
me
discover
other
entities
that
are
providing
whatever
service
is
needed
to
make
the
architecture.
You
know
you
know
to
discover
who's,
providing
what
service
in
this
architecture
I'm
a
little
confused
by
this
idea,
that
being
a
file.
N
Yeah
multiple
commissioned
city,
of
course,
so
I
will
take
the
middle
one
first,
so
yeah
it's
a
fire.
Yes
and
the
fire
is
not
the
thing
itself.
It's
a
list
of
reference.
You
have
to
receive
the
fire,
then
select
an
appropriate
URL
from
there
and
gets
the
actual
fire
from
that
resource.
That's
the
basic
idea!
We
have
to
do
some
first
thing:
yeah,
probably
we
need
some
content
type
and
and
encoding
information.
N
It
goes
next
to
it
so
that
you
can
make
an
informed
decision
because
you
probably
don't
want
to
have
the
XML
reference
measurement
that
might
be
a
little
bit
big
and
and
such
so
that
address
that,
then
the
match
fire
itself
has
to
be
maintained.
Most
likely
you
can
have
also
a
partners
or
contractors
or
other
entities
you
cooperate
with,
but
the
entity
in
charge
is
the
signer
of
the
device
because
that
entity
put
URL
in
there.
N
It
could
also
outsource
that,
of
course,
so
it
doesn't
necessarily
have
to
be,
but
that
is
on
the
authority
of
a
signer.
So
the
signer
points
to
something,
and
maybe
it's
a
service
hosted
by
sayonara
entity
or
another
entity.
That
is
in
charge,
and
then
this
is
not
supposed
to
be
the
one
solution
that
beats
them
all.
It
is
just
a
super.
Simple
lightweight
mat
solution.
So
if
you
have
nothing,
if
you
don't
have
a
global
discovery
service,
which
is
hard
and
very
costly,
you
can
have
this
so
discovery
services.
N
Also,
there
are
a
lot
of
them.
Local
discovery,
services,
trampolining,
staggering
or
they're
called
home
features
and
multiple
flavors
and
all
of
them
tend
to
be
more
or
less
viable
in
some
scenarios,
and
that
is
fine.
Of
course,
we
don't
have
to
do
use
the
mod
5
for
Ed's,
but
it
is
a
very
simple,
straightforward
solution
that
is
actually
easy
to
deploy.
So.
N
Think
architecture
by
providing
the
modifier
would
become
a
very
tiny
endorser
already,
because
mod
files
can
be
signed
there.
It
can
be
a
little
pointer
to
a
CMS
encoded,
a
signature
of
the
modifier
that
signature
has
to
come
from
someone,
probably
the
signer
of
the
dev
ID.
That
would
make
very
much
sense
and
so
yeah
I
would
agree
with
that.
I
think
adding
my
comments
today.
Ok.
B
H
A
favor
comment
and
question
that
are
separate
things
comment.
The
term
I
would
recommend
aligning
with
the
terms
that
were
that
we
have
in
the
architecture
document.
In
other
words,
I,
would
recommend
replacing
reference
integrity
measurements
with
reference
values,
because
some
of
the
reference
values
are
not
measurements.
Hopefully
we
can
agree
on
that
one.
H
Otherwise,
we
can
take
it
offline
into
the
Tector
document
discussion,
but
I
want
to
get
to
my
question
and
my
question
is
fine
if
you
want
to
answer
it
in
the
next
version
of
the
document,
as
opposed
to
taking
up
time
here,
the
question
is
I
know
this
is
draft
0-0.
The
security
considerations,
section
is
largely
vacant
right
now
and
so
I
think.
The
key
question
here
by
the
way,
I
think
that
this
notion
of
using
the
mud
file
to
get
information
like
this
is
useful.
H
So
thank
you
for
starting
on
this,
but
the
question
is:
how
do
you
know
that
you're
getting
the
correct
mud
file
from
the
correct
location
with
the
correct
content
right,
because
that's
where
your
security
comes
down
to
new,
especially
since,
like
the
bottom
point
on
here,
is
about
how
you
might
learn
a
verifier
service
right?
If
you
can
replace
that
with
an
attackers
version
of
a
verifier
service,
then
you
can
it's
a
nasty
things
right,
and
so
it's
really.
H
N
We
always
anticipate
a
planned
to
do
reference,
integrity,
measurements
or
effectively.
They
are
a
reference
very
used
for
software
components,
components
and
we
want
to
do
this,
both
coasts,
which
was
being
finished
in
our
seats.
Soon
we
go
to
last
for
in
second
right
now
on
Friday
there's
the
next
second
meeting.
N
So
much
I
spent
that
allowances
comment.
So
we
add
to
that
Co
Smith
is
let's
really
literate
with
extension
points
by
on
purpose,
because
we
anticipated
room
work
on
this
back
in
the
days
was
called
room.
I
assumed
this.
In
this
context,
this
acronym
is
fine,
but
we
will
revisit
the
reference
value
question
here
as
well.
N
So
what
we
do
here
is
we
take
the
original
definition
of
Co
suite
and
use
certain
extension
points
to
add
for
the
moment
in
this
draft
to
scheme,
so
to
speak,
how
to
model
reference
integrity,
measurements,
I'm,
skipping
with
this
term
and
the
scope
of
the
of
the
presentations
right
now
so
day.
So
one
of
them
is
H,
IRS,
I,
think
just
done
by
NSA
and
Doody
so
ongoing.
The
thing
is
here:
there's
an
ongoing
software
development
that
is
based
on
a
TCG
specification,
also
highlighted
here.
N
The
public
version
is
I,
think
available
still
and
there
will
be
a
published
off
very
soon
as
a
published
document
very
soon.
This
is
basically
adding
certain
elements
to
evidence
and
then
have
the
exact
counterparts
and
identification
of
counterpart
in
this
room
format
so
that
you
can
match
them
easily
and
find
them
easily,
and
there
is
basically
it's
basically
metadata
for
the
reference
values
that
you
will
require.
That
is
very
far
out.
It's
more
about
the
runtime
and
start
up.
As
you
can
see,
runtime
is
a
tad
bit
the
more
difficult
and
start
up.
N
Most
of
the
items
in
the
list
today
are
about
sada,
but
I
would
recommend
to
reach
the
corresponding
TCG
specification.
For
the
moment
we
will
draw
in
more
exposition
of
text
soon.
Then
we
were
very
happy
to
have
perfected.
As
a
co-author,
he
provided
a
very
small
lightweighted
scheme
for
rpm
versions
coming
from,
but
it's
basically
practically
using
in
other
distributions
and
method
to
other
packaging
formats
as
well
and.
N
N
There
was
a
fourth
interest
party
now
incoming,
providing
us
with
how
linux-based
systems
and
firma
based
business
systems
would
work
in
the
realm
of
network
equipment,
and
that
is
also
very,
very
calm,
so
expect
way
more
intense
soon.
This
is
the
original
draft
and
please
try
to
look
at
it.
The
CD
is
complete,
but
the
description
of
the
CD
is
still
lacking
again.
This
is
a
zero
zero
to
have
to
find
people
who
are
interested
in
this
box,
worried
by
right
now
at
the
Q
and
Lawrence's
comment,
I.
N
See
so
that's
a
comment
so
and
there's
no
Q
are
there?
Are
any
questions
live
otherwise
I?
Just
the
reports
and
my
recommendation
is,
if
you're
interested
in
doing
the
whole
circle
here.
This
is
an
interesting
document.
To
maybe
latch
on
course,
would
also
we
or
is
effectively
also
used
in
the
niste
in
this
effort.
That
is
s
cap.
This
is
a
to
automation,
protocol
version
2.0,
it's
replacing
the
CPE
concept
there,
okay,
moving
on
to
endures
beneath
you,
this
is
basically
self-explaining
again
mud
fire
points
to
endorsements.
N
We
need
7,
12
mins
to
find
out.
Others
works
that
are
not
located
in
the
root
of
trust
itself,
so
we
are
basically
stealing
from
other
specifications
claims
that
are
interesting.
We
think
to
describe
the
things
that
cannot
create
evidence
by
their
own
today.
These
endorsements
are
provided
by
the
endorses
of
the
root
of
trusts.
N
This
here
is,
to
be
honest,
a
text
string,
but
it
is
used
in
two
different
solutions.
Basically,
and
therefore
before
maybe
a
lightweight
component
manufacturer
identifier
is
also.
Okay.
Same
goes
with
version
and
model.
These
are
typically
used
to
identify
a
half
a
compound
and
uniquely,
and
then
we
have
some
characteristics
already
included
like
if
it's
the
root
of
trust,
actually
immutable
or
not.
Mewtwo,
probably
an
attesting
environment
also
and
be
quite
mutable
if
it's
in
a
tve,
so
is
it
field
upgradeable
or
not?
N
How
is
the
secret
created
that
are
then
stored
in
the
testing
environment
to
sign
evidence,
for
example?
So
sometimes
you
have
happened
like
like,
like
puffs,
that
fall
into
place
when
been
being
used
or
you
have
a
random
generator
nominated,
as
has
higher
entropy
and
therefore
can
generate
a
secret
that
you
actually
never
see.
F
N
Only
operate
on
in
the
testing
environment
itself,
or
is
it
imprinted
from
the
outside?
So
this
is
an
origination
claim.
Where
does
the
secret
effectively
come
from
and
who
knows
it
clarify
and
in
the
end
we
have
a
common
criteria.
Sometimes
things
already
certified
and
you
probably
want
to
know
which
specific
criteria
document
includes
that
certification,
so
you
can
look
it
up
and
check
that,
so
these
are
first
candidates,
I.
Think
most
like
me
more.
N
These
are
already
relatively
very
defined
and
would
be
another
set
of
each
claims
that
would
go
into
the
endorsement
flavor
for
its
having
said
that,
it's
not
on
the
slide
here,
I,
assume
and
I.
Think
Lawrence
is
inclined
to
agree
that
we
will
have
to
put
specific
claims
into
eats
that
specializes
them
like
an
evidence.
It's
an
endorsement
each
or
in
a
tesselation
attestation
result
each
for
example,
but
Lawrence
might
have
a
comment
on
that.
N
So
basically
I'm
addressing
ya
doing
the
presentation,
so
we
can
better
understand
what
each
purpose
of
the
ETS
not
having
to
skim
through.
All
the
claims
find
a
unique
one
for
poor
folks,
a
endorsement
here
and
then
oh
I
know.
Finally,
this
is
an
endorsement
and
maybe
then
it's
again
not
I,
don't
know.
Maybe
you
can
reuse
this
claim
/
later
on.
So
that
is
my
report
on
this
0-0
draft.
That
is
an
incubator
and
Lawrence.
Thank
you.
P
N
Encoding
Metis
in
so
far
I'm
I'm,
going
from
vector
and
sorry
encoded
medicine
so
far
that
basically
working
with
each
actually
here
in
order
to
create
a
document
that
you
can
discover
at
some
point,
so
we
want
to
have
early
solution
fast
prototyping,
and
it
is
very
convenient
for
that.
So,
at
the
moment,
this
draft
is
relatively
it's
specific,
but
as
Laurence
laurentz
created
it
raft,
oh,
it
was
molded
over
time.
It
uses
CDA
for
information,
I
mean
definition.
This
is
also
done
here
and
therefore
we
can
have
the
information
model
semantics.
N
Also
you
can
derive
other
encodings
from
that.
This
goes
hand
in
hand
as
it
does
with
each
for
the
application
of
the
new
claims.
Are
they
valid
and
for
claims
for
evidence?
Maybe
I
am
not
sure
if
a
root
of
trust
create
evidence.
Therefore,
I
assume
this
is
an
endorsement
claim,
because
it
just
cannot
be
evidence.
That's
the
whole
point,
because
a
root
of
trust
cannot
create
evidence
about
itself
or
a
corresponding.
Let's
call
it.
It's
referred
to
the
march
in
return.
N
P
Think
that
there
are
corner
corner
cases
where,
for
example,
and
a
testing
environment
could
observe
a
target
environment
where,
for
example,
a
debug
state
is
a
full
permanent
disabled
state
and
report
that
as
evidence,
it's
also
reasonable
that
a
endorser
could
say
I
manufactured
this
device
with
a
full
permanent
debug
disabled
property,
and
so,
regardless
of
whether
you're
a
Runa
trust
or
some
layer
somewhere
else
or
some
other
component.
There
are,
you
know
their
debug
features,
disabled,
both
I,
you
know,
there's
an
argument
for
we're
saying
both
both
are
meaningful.
Oh.
N
Yeah,
okay,
that
is
a
very
good
point.
I
was
only
talking
about
applicability
of
these
claims
in
evidence.
Yes,
I
think
some
of
the
evidence
are
applicable
here
because
you
basically
are
providing
evidence.
That's
vouched
from
the
outside
for
the
a
testing
environment.
So
what
about
a
test
environment
and
therefore,
yes,
I-
think
evidence
claim
could
be
included-
could
become
endorsement
claims
in
this
direction.
D
I
My
only
real
coming
here
is
to
is
I,
think,
there's
a
fair
bit
of
work
to
do
to
sort
of
figure
out
the
model
here
and
how
these
sit
together
and
and
and
I'm,
not
sure
we
can
draw
a
bright
line
here.
So
this
seems
like
a
good
start,
but
I
feel
like
there's
some
work
to
do
here.
Then
I
wanted
to
just
on
the
come
in
on
coast,
with
my
census
that
coast
wood
is
going
to
be
sort
of
a
sub
claim
in
E,
so
I
mean
you
know.
I
P
P
Statement,
if
we're
talking
about
reference,
no
endorsement
of
values,
then
is
it
possible
to
have
an
endorsement
assertion
that
is,
that
is,
it
begins
with
with
cows,
would
and
may
may
not
be
wrapped
by
eat,
and
that
may
be
as
a
as
also
may
be.
A
sub
part
of
that
question
is:
do
we
rely
on
something
like
mud
to
be
the
starting
point
of
how
the
different
structures
can
be?
You
know
or
identify
where
you
were
to
start
I.
B
In
the
interest
of
brevity
I'm
going
to
just
express
my
own
opinion,
but
no
hat
on
which
I
think
Ned
had
no
hat
on
either
so
I
think
we'll
wind
up
meeting.
Both
these
Swit
combination
in
an
8
plus
use
the
use
of
the
extension
and
there's
going
to
be
different
use
cases
and
implementations
that
dictate
what's
what's
best
and
I.
Think
next
in
queue
is
Jiri.
F
I,
hopefully
you
can
hear
me,
I
guess
know
why
I
understand
endorsements
when
the
architecture
document
that
I'm
going
to
admit
the
day
that
I
may
and
yes
understand
it.
I
would
have
thought,
and
we
turned
these
certain
manufacturers
who
are
already
able
to
support
endorsement
to
me
at
5:09
chains
and
if
that's
the
case,
I,
don't
even
think
he
would
need
an
eat
to
convey
that
I.
Think
you
can
I
think
you
can
just
take
codes.
I
did
with
the
fire
with
the
standards
track.
F
509
extension
extension,
that's
job
specification
progress
and
it
can
just
use
that,
as
is,
if
that's
the
case,
we
I
mean
I
mean
D.
Well,
actually,
I
should
have
you
out
there
hanky,
you
agree
and
if
not,
what
would
be
the
advantages
of
conveying
jest
at
5:09
chain?
It's
in
a
neat
format
versus
you
have
two
cows
a
day.
N
We
were
actually
thinking
about
using
concise
identities,
which
is
basically
in
X
F
when
I
and
expressed
in
native
cwg,
the
cosy
container
rounded
and,
having
a
very
let's
call
it
a
fresh.
We
start
for
the
things
once
upon
a
time
called
extensions.
Then
their
claims
or
claims
its
we're
thinking
about
that,
and
this
still
might
go
that
Lane
I
am
not
married
through
to
eat
here.
N
I
think
it
is
first
of
all
convenient
for
let's
call
it
it's
not
mandatory
to
implemented
in
our
domain
yeah,
but
eat
I
mean
it's
a
CW,
it's
very
easy
to
compose
and
it's
very
easy
to
Paris
and
there
are
a
lot
of
benefit
we
use
into
registry.
So
that
is
my
problem.
Was
my
first
take
at
it?
Yes,
you
could
make
it
a
pop
key
certificate
and
therefore
concise
identity
or
even
the
old-school
x.509
thing
possible.
We
don't
know
if
these
semantics
are
really
required
here
again.
N
It
would
be
in
theory,
an
attribute
certificate
that
then
has
an
holder.
That
is
the
pop
key
certificate,
because
these
are
attributes.
This
is
not
an
identity
document,
and
if
you
want
to
do
it
right,
it
should
be
a
first
of
all
an
x.509
pop
key,
but
the
next
everyone
it
should
actually
birth
certificate
which
again
creates
over
hatch
in
you
need
PKI,
which
you
probably
need
in
any
case,
if
you
want
to
validate
the
signatures,
be
a
certification
parts.
N
So
yes,
yes,
similar
infrastructure
required
and
we
assume-
and
that
just
goes
like
me-
there
is
no
good
answer
yet
this
is,
and
we
first
try
to
draw
that
imitation
line
that
bright,
not
blind
that
we
don't
know
if
it
really
exists
or
maybe
just
highlight
with
each
claim.
This
is
used
for
endorsement,
never
uses
an
evidence
or
all
of
these
evidence
claims
are
also
interesting.
So
having
lied,
a
little
bit
of
macking
might
be
interesting.
N
Okay,
then
we
can
switch
to
the
final
one.
Sorry
for
my
monologue
today,
it's
the
document
is
called
yeah.
This
is
a
new
draft.
It's
called
the
unprotected
CW
claims
sets.
We
had
a
lot
of
discussions,
I
think
and
some
very
fruitful
about
how
and
when
it
is
okay
to
convey
something
that
is
in
each
not
sign,
which
is
a
problem,
because
a
seed
ability
must
find
there's
no
way
around
it.
Otherwise
is
not
a
CW
t.
N
There
was
a
lot
of
discussion
was
just
sorry,
kept
like
revisiting
CW
t
and
make
that
work,
so
we
don't
have
to
take
care
of
it,
and
then
there
were
other
ideas
flow
to
it.
This
is
only
about
the
Sieber
Ram
I
have
to
highlight,
but
we
are
using.
Cdi
in
theory
could
be
Connor
and
somehow
at
some
way,
I
don't
know
permutated
somehow
Jason.
N
This
draft
defines
SIBO
tech
for
the
very
defined
CWT
claims
set.
There
is
very
less
clunky
eye
cream
comes
from
its
defined
in
CWT
and
spacing
it's
it's
the
content.
That
is
then
the
map
with
the
claims
in
it.
That
is
then
wrapped
by
the
cozy
container,
and
this
map
has
a
specific
tag
and
then
goes
into
a
coach.
N
It's
the
most
synergy
with
existing
browsers.
That
is,
we
just
created
a
second
tag
for
this
map.
If
the
second
tag
is
found
in
front
of
the
map,
don't
expect
is
cozy
and
proper,
rounded,
and
then
we
had
to
talk
about.
When
is
this
okay,
because
just
conveying
something
about
a
signature
is
like?
Did
you
see
if
you
don't
have
a
so-called
secure
channel
in
place?
And
now
the
title
kicks
in
this
secured
channel?
Somehow
and
there's
some
certain
prerequisites
requirements
and
environmental
factors
has
to
be
as
good
as
the
signature
we
just
omitted.
N
If
that
is
the
case,
it
is
okay
to
convey
this,
that
there
is
ongoing
work,
and
that
is
why
there
is
Jeremy
on
this
presentation,
rhasta
yeah,
who
will
become
a
co-author
in
a
one,
and
there
is
work
in
goal
of
a
platform
that
has
specifying
exactly
that
platform.
Sometimes
and
each
don't
have
to
be
signed.
It's
a
very
CPU
intensive
its
overhead,
and
you
can
you
if
the
surrounding
gender
is
good
enough
works.
So
so
this
text
now
has
to
grow
and
is
currently
growing
very
much.
N
But
it's
not
visible
in
this
0-0
about
the
discussion
of
these
characteristics,
these
these
situations,
when
it
is
okay
and
while
I
was
preparing
again
the
slide.
I
got
more
for
more
feedback
than
from
the
four
people
here
on
the
roster
already
included
here
about
how
to
maybe
convey
other
items,
and
so
if
this
proves
to
be
valid,
you
include
that
included
in.
But
at
the
moment
discussion
we
would
like
to
spark
is:
when
is
it
okay?
We
will
provide
an
update,
I
hope
relatively
soon.
N
We
have
a
next
design
meeting
Monday
with
the
office,
and
then
I
can
give
you
more
food
for
discussion.
I
think
this
was
deemed
to
be
necessary.
It's
basically
reach
out
who
global
platform
to
address
their
corner
case.
Maybe
it's
not
even
Connor
case
every
it's
a
prominent
case
actually,
but
that
was
prohibited
to
be
addressed.
He
an
ITF
right
now
because
see
biaggi
had
to
go
must
be
signed
and
therefore
there
was
no
way
forward
yeah.
P
Yeah,
so
is
the
scope
of
this?
Really
it
is
it.
Is
it
narrowly
scoped
to
address
the
global
platform
usage
scenarios
where
you
know
the
some
some
use
case
involves
a
secure
channel
or
is
it
more
broadly
scoped
to
identify
all
the
places
where
an
unsigned
set
of
claims?
For
example,
the
reason
for
UCCS
might
fit
in
a
in
any
kind
of
conveyance,
whether
it's
a
certificate
or
a
signed
eat
or
a
signed
coast
would
or
a
signed
something
else
you
know.
What
would
you
say
is
the
scope
of
this.
The
intended
scope
with
us.
N
The
scope
is
intended
to
address
all
conveyance
methods,
even
secured
bus
locally,
not
even
using
Internet
Protocol.
That
would
be
a
secure
channel.
By
definition,
we
assume
if
they
are
pro
correct,
endorsements
in
place.
Let's
say
yeah.
This
is
the
case,
for
example,
or
you
can
create
evidence
beforehand
and
then
something
is
set
up
appropriately.
N
Even
do
some
authentication
is
taking
place
and
therefore
some
security
guarantees
can
be
appraised
that
might
also
be
already
starting
to
allow
for
your
uses.
Yes,
so
yes,
I,
quick
answer,
our
current
thinking
is,
we
assume
the
secure
channel
to
be
manifold.
We
want
to
cover
a
lot
of
this
discussion.
Yes,
so.
P
Second
vector
for
scoping
is:
is
it
specific
to
UCCS,
which
is
an
unsigned
no
token,
or
does
it
also
include
unsigned,
coastward
and
unsigned?
You
know
something
else.
Whatever
is
you
know
whatever?
Whatever
other
thing
we
determine
is
appropriate
of
you
know,
structure
for
capturing
claims,
there
can
be
an
unsigned
version
of
whatever
that
is
and
is.
Are
those
other
things
considered
in
scope
for
this
draft
as
well.
N
But
unsigned
Coast
words
already
allowed,
because
Coast
words
can
have
different
natures,
for
example,
they
can
be
evidence
defined
by
ISO.
That
way,
and
therefore,
if
you
are
creating
as
an
interesting
environment
as
close
with
as
a
as
a
report
about
like
like
claims
very
very
specific
claim
is
as
long
as
highlighted
about
software
components,
then
it
is
enough
to
sign
to
eat
and
you
don't
have
to
also
sign
the
coast.
Wait
it's
just
redundant
signing
if
you
have
the
same
sign
now
used
to
having
a
separate
signature,
of
course,
but.
Q
P
Was
just
scoping
in
terms
of
whatever
this
group
determines
is
the
is
a
reasonable
way
to
express
claims.
There
can
be
an
unsigned
representation
of
that,
and
so
it
sounded
like
your
I
think
your
answer
was
yeah.
It
includes
it
pretty
much.
Any
this
group
determines
is
a
way
to
express
a
claim.
Yeah.
N
N
N
Is
true,
there's,
for
example,
a
topic
we
are
discussing.
Currently,
that
is
the
meaning
of
signature.
So
what
does
it
mean
if
three,
you
see
CSS
nested
in
a
neat
and
then
it's
signed,
this
signature
imply
meanings
of
the
you
CSS,
or
do
they
have
to
bring
their
own
meaning
and
form
of
claims?
Why
do
we
trust
the
unsigned
portion?
Is
it
from
a
part
of
the
device
or
what?
So?
What
does
all
this
mean?
What
do
I
gather?
I
I
have
a
couple
of
comments
and
questions
on
scope.
Hair
well,
I
mean
this
discussion
that
you're
having
I'm,
not
sure
where
it
is.
It
seems
like
it
should
be
on
the
rats
mailing
list
because
or
at
least
I'm
not
saying
it
seems
like
it's
generic,
but
but
maybe
even
it
should
be
on
the
ACE
mailing
list
because
believe
this
draft
is
applicable
to
all
of
CWT.
So
even
the
the
original
CW
use
cases
would
be
involved
here
so
because
you're
just
saying
unsigned,
CW
T's
you're
not
signed,
saying
unsigned
eats.
I
So
this
would
apply
to
any
use
of
CW
t
right
and
let's
say
we
came
up
with
another
use
of
CW
t
called
drink
or
are
we
have
another
use
of
CoV
T,
for
you
know
replacing
x.509
service
or
something
like
that?
This
draft
would
apply
to
CTBT,
no
matter
what
the
context
is
which
doesn't
then,
but
it
over
push
it
over
to
the
ACE
working
group.
I
I
N
N
I
I
N
My
assumption
is
that
we
need
claims
that
imitate
this
if
you
may
be
residing
in
the
statement
of
source
or
either
method
self
being
each
or
uses
yes,
but
I,
don't
we
don't
know
yet
I
I,
most
certainly
don't
know.
Yet
we
have
assumptions,
that's
all
and
yeah
I
think
other
to
to
find
out.
If
this
is
ace
material,
you
have
to
put
all
the
stuff
in
there.
This
might
also
be
a
little
bit
rats,
agnostic
and
then
massage,
maybe
the
rats
out
of
the
contents
to
make
it
ace.
N
At
the
moment,
because
we
want
to
provide
you
with
the
starting
point-
we
had
this
draft
created
to
start
kick
start
the
discussion
with
global
platform
and
now,
as
we
consolidated,
that
I
think
we
should
go
with
online
discussion
very
very
soon,
maybe
not
necessarily
starting
the
days,
but
but
considering
the
a
slain
later
on,
and
we
have
to
have
the
options
for
secure
generates
a
little
more
meat
on
the
bones.
So
there's
this.
N
That's
not
really
much
meat
on
that
domain
at
the
moment,
so
we
to
provide
at
least
four
user
scenarios
which
will
be
currently
working
on
this
should
be
finished
in
one
or
two
weeks.
We
will
submit
these
one
zero
and
then
you
can
have
a
full-fledged
discussion
on
this.
If
that
is
okay
with
you
going
on
with
with
the
sausage-making
text
right
now
is
probably
not
very
useful.
You
have
to
bring
it
into
a
readable.
P
So
again,
I
think
the
the
conversation
needs
to
be
held
more
broadly
and
I.
Think
there's
a
big
difference
between
what
your
yourse
and
I
say,
providing
a
high
level
assurance
versus
what
the
intended
goal
of
their
rat's
rolls.
Architecture
which
is
to
describe
who
is,
is
saying
what
what
assertions
are
being
claimed
by
the
entity.
That
is,
that
is.
P
Them
and
the
the
notion
of
a
digital
signature
around
claims
I
think
the
intent
of
the
architecture
is
that
it's
trying
to
capture
this
notion
of
this
entity.
You
know
this
roll
roll
/
entity
is
making
these
assertions,
which
is
different
from
there
is
a
there's
a
you
know,
a
a
key
that
is
providing
some
some
level
of
integrity
protection.
P
N
We
assume
that
there
is
more
than
we
know
and
we
want
to
just
have
a
polished
set
of
certain
points,
and
then
we
can
add
to
that
everything
that
is
viable
accepted
by
this
group.
Well,
certainly,
and
we
will
not
just
equate
these
conditions,
there
might
be
very
different
ways
to
come
to
the
conclusion.
Yes,
it
is
as
good
as.
N
How
much
do
we
have
to
talk
about
the
secure
Channel
and
at
least
the
the
for
individuals
that
are
the
office
agree
a
lot?
It
is
really
important
to
provide
guidance
here
because
otherwise
is
very
unresponsible
to
let
you
see,
CS
go
wild
I
mean,
apparently
it's
done.
Sorry
just
to
do
it
and
I
don't
know
TCP,
apparently,
maybe
even
with
the
HTTPS
is
probably
never
okay
just
doing
it.
N
So
there
has
to
be
the
great
set
of
prerequisites
and
and
I
think
it's
vital
to
highlight
that
you
cannot
use
this
just
at
your
leisure
is
obvious
to
most,
but
to
some
it
might
not,
and
therefore
we
need
more
exposition
text
on
this
and
there
has
to
be
security
considerations.
Otherwise
this
could
be
dangerous.
I.
N
P
Know
just
you
said
it
earlier:
we
need
to
be
clear
about
what
the
semantics
of
signing
means
or,
in
the
context
of
a
of
a
higher
level
protocol,
look
what
are
the
semantics
of
inclusion
of
claims
in
the
payload
for
protocol?
Well,
you
know,
what's
what
are
the
semantics
that
should
be
attributed
to
that
action?
Oh.
M
M
P
P
F
K
My
only
feedback
was
I'm
super
excited
about
all
the
directions
that
the
work
is
taking.
What's
not
necessarily
apparent
to
me
because
again,
there's
there's
a
lot
to
kind
of
review.
Here's
how
many
distinct
documents
we're
talking
about
I,
don't
fully
understand
kind
of
the
merging
of
some
of
the
documents.
We're
talking
and
I
knew.
K
The
workgroup
needs
to
decide
that
I
would
just
advise
as
we're
thinking
about
all
of
this,
just
to
double
check
with
the
scoping
on
the
Charter
text
to
make
sure
we're
kind
of
staying
inside
what
we
said
we
would
do
and
if
we
need
to
go
a
little
further,
we
have
a
conversation
about
recharter.
Oh
absolutely,.
B
P
B
Into
any
decisions
in
terms
of
what
we
adopt
Newark
presented,
doesn't
necessarily
mean
it
will
be
adopted.
This
is
this
is
a
really
hot
area
at
the
moment
in
industry,
so
we're
bound
to
see
lots
of
different
proposals,
whether
or
not
we
can
take
them
on
right.
So
even
there
was
a
AB
off
session
that
touched
with
some
overlap.
So
it's
a
hot
area.