►
From YouTube: IETF-SCITT-20230814-1500
Description
SCITT meeting session at IETF
2023/08/14 1500
https://datatracker.ietf.org/meeting//proceedings/
A
A
A
Let's
wait
a
few
more
minutes.
I
expect
light
participation,
giving
the
summer
vacation
period.
A
A
Thanks
for
the
feedback,
Andrew
glad
that
you
joined.
A
Oh
good
point:
yeah
I
have
lots
of
big
meeting
minutes.
We
can
always
do
that
collectively,
so
we
actually
make
some
we
capture
as
much
as
possible.
A
Ahead
of
time,
we,
as
you
all
have
seen
on
on
the
meeting,
is
we
had
to
cancel
last
week's
meeting
because
we
failed
what
I
failed
to
distribute
the
meeting
invite
with
the
agenda
in
with
enough
in
advance
notice,
and
so
we
had
to
cancel
that
meeting
and
then
give
it
another
try.
But
now
John
has
set
up
a
recurring
meeting
in
case.
You
have
seen
that
with
the
from
the
IDF
meeting
website
from
the
working
group
meeting
website
and
so
I
think
that
should
be
a
non-issue
in
the
future.
A
But
if
you
never
know,
but
at
the
end
of
the
meeting
we
are
going
to
spend
the
last
five
minutes
to
just
talk
about,
like
maybe
two
items
that
we
want
to
put
in
the
agenda
for
next
week.
So
we
we
are
safe
on
that
side.
A
John,
do
you
do
you
want
to
say
a
few
words
about
the
agenda
and
maybe
do
well?
We
do
a
little
bit
of
batching,
maybe
some
of
the
folks
here
on
the
call
hi,
Ori,
I,
Hank
I,
can't
see.
C
Definitely
want
to
do
a
call
for
agenda
bashing
and
also
bash
the
agenda.
Bashing
myself,
so
I've
got
an
item.
Does
anybody
else
have
items
outside
of
the
published
agenda
that
they
want
to
talk
to
to
tackle.
B
Yeah
actually
I
have
maybe
a
discussion
for
about
five
ten
minutes
about
how
to
how
to
mold
what
we
saw
from
anyway,
so
yeah
what
we
saw
from
dick
and
what
I
see
above
what
the
structure
that
we
have
now
and
sort
of
that
data
item.
Thanks.
C
Okay
cool
so
sounds
like
that's
the
only
one,
so
mine
I
will
put
a
message
out
on
the
mailing
list
as
well
to
make
all
of
this
very
fair,
but
just
it's
already
time
to
start
thinking
about
118
in
Prague.
The
session
request
tool
is
open,
so
if
anyone
has
any
strong
requirements
or
opinions
on
the
session
for
118,
if
it
should
be
at
the
beginning
of
the
week
or
the
end
of
the
week
or
wants
to
express
Clash
avoidances,
we
if
we
collect
those
early
it'll
be
easier
to
accommodate.
C
Obviously,
Hank.
E
E
Just
coming
back
to
an
item
that
I
heard
before
earlier
before,
which
is
that
this
skit
is
now
reoccurring.
Interim,
at
least
the
data
tracker
tells
me
that's
not
true.
Just.
G
Highlighting
so
I'm
synchronizing.
E
C
A
G
A
Regarding
the
feed
structure,
I'm
talking
a
little
bit
about
the
where
we
are
with
the
feed
structure,
kind
of
progress
on
that.
A
C
G
E
Yeah
so
I
I
added
myself
as
a
reviewer
and
was
then
blocking
or
or
locking
on
on
orange
comment
or
your
question.
What's
the
payoff
for
having
a
yaml
version,
I
can
I
can
reflect
a
little
bit
of
the
sibo
working
group's
opinion
here,
I
hope
constantly
correctly.
If
I
was
wrong
later,
that
Yama
is
actually
a
good
alternative
or
optional
diagnostic
language
possible.
E
So
so
I'm
not
entirely
sure
if
you
want
to
send
it
over
the
wire
because
line
breaks
and
line
breaks
so
I
I
once
before,
sibo
I
once
did
a
base64
encountered
line
of
yaml
to
put
another
base64
encoded
message.
That
is
all
these
lines
of
yaml,
because
it's
line
break
oriented
and
it
was
it
was
a
nightmare
and
and
just
because
it
had
to
go
through
to
some
binary
in
the
end
and
so
yeah
I
think.
E
I'm
not
against
that
as
a
as
a
because
this
is
a
media
type,
a
comment
as
really
putting
that
on
the
Via
I
mean
I,
don't
know,
I,
think
it's
a
representation
problem,
not
a
transport
problem
or
a
encoding
problem.
But
that's
maybe
just
me,
but
I
know
that
the
again
sibo
working
group
is
is
is
basically
in
front
of,
but
never
really
came
to
using
yaml
as
a
diagnostic
representation
for
sibo,
for
example,.
A
What
would
be
the
benefit
of
of
using
Yammer
like
it's
a
for
the
API
right,
we're
talking
about
the
API?
Are
we.
E
Yes,
indeed,
so
this
is
for
the
API
and
and
the
API
will
have
a
control
message
or
the
protocol
messages,
of
course,
and
and
yeah
I
think
the
studio
is
coming
from
Ori.
He
also
gave
a
comment,
but
always
also
here-
maybe
he
can
apply
for
that
if
he
is
listening
in
not
distracted.
Yes,.
F
F
That's
the
ideal
case.
In
my
experience.
Most
of
the
time
they
will
misparse
the
binaries
OR
at
some
point
be
making
some
kind
of
binary
parsing
mistakes,
and
at
that
point
they
may
fall
back
to
encoding
the
binaries
as
text
to
move
them
across
API
boundaries.
I
think
that
that
encoding
as
text
thing
is
maybe
not
always
a
great
thing
that
happens
in
apis,
but
at
the
same
time
a
lot
of
API
tooling.
Is
it's
not
really
ready
for
Seaboard
or
cozy?
F
And
so
you
might
want
to
when
you're
building
an
API
plan
ahead
for
the
fact
that,
for
example,
open
API
specification
might
not
handle
cozy
or
seaboor
content
types
as
nicely
as
it
will
handle
string
encodings,
and
so
what
you
can
do
is
you
can
say
you
know,
here's
the
content,
type
for
cozy
or
seaboor,
and
here's
a
Json
or
yaml
representation
of
the
same
kind
of
response
types
and
the
yaml
and
Json
versions
can
be
really
really
helpful
to
implementers.
F
It's
again,
like
you
know,
it's
gonna
make
payloads
more.
You
know
expensive.
It
makes
the
API
interface
potentially
more
complicated.
You
could
have
cases
where
maybe
you're
negotiating
for
Content
Types
on
the
API.
You
know
and
then
there's
different
API
considerations.
If
the
API
isn't
over
HTTP,
you
know
how
are
you
handling
your
different
content
types
Etc
with
all
that
being
said,
my
experience
working
with
cozy
structures
that
we
have
today
with
apis
is
that
I
just
prefer
to
wrap
them
in
yaml
or
Json
before
I.
Do
anything
with
them.
F
I
just
find
it
easier
as
a
developer
to
work
with
API
representations
that
are
like
that.
Maybe
that's.
F
Maybe
that's
just
the
test
or
development
mode
thing
that
goes
away
when
you
get
to
the
production
case,
but
I
think
I
would
be
concerned
about
how
much
adoption
you
might
get.
If
you
stick
to
an
API,
that's
pure
seabour
and
cozy
it
just
it's
difficult
for
developers
to
work
in
that
space.
Sometimes
that's
it.
A
So
it's
I
I
have
to
check
if
it
would
essentially
be
a
way
to
define
this,
so
would
an
issue
a
potentially
use
like
a
Json
representation
of
the
of
the
sign
statement,
or
would
that
still
be
a
binary
person
representation
as
today
and
then
kind
of
behind
the
scenes
on
the
API?
It
would
be.
The
binary
version
would
be
translated
or
transcoded
into
into
sort
of
Json
Style.
F
If
the
response
type
is
seaboor,
then
I
need
to
handle
pure
binary
formats
across
the
wire
consistently,
and
you
know,
maybe
it's
just
that
I'm
tortured
by
living
in
the
web
platform,
but
web
platform
binary
support
is
not
that
great,
and
so
you
end
up
having
to
do
you
know
you,
you
end
up
feeling
the
different
binary
representations
right
at
the
API
boundary
in
a
way
that
is
not
as
comfortable
as
having
a
kind
of
armored
serialization
for
binary.
B
Yeah,
let
me
just
say:
I
I
completely
agree
with
that,
and
the
reason
is
because
you
know
we're
human
beings
and
ultimately,
we
have
to
work
with
this
stuff
and
the
closer
we
can
get
to
making
it
always
something
that
we
can
understand
the
easier
it
is
to
debug
it
time
and
again,
I've
seen
things
that
were
were
very
much.
B
You
know
binary
encodings,
but
eventually
you
have
to
be
able
to
follow
that
you
have
to
be
able
to
decode
it
and
and
put
it
into
a
format
where
you
can
say.
Okay,
this
is
what
we're
working
with
so
that
you
can.
You
can
check
it
all
the
way
through,
indeed,
you
know,
once
maybe
everything
is
locked
down
that
can
go
away,
but
likely
you
know
unless
we
see
a
real
need
for
it.
B
I
I,
don't
know.
I
know
that
you
know
asn.1
was
the
sort
of
precursor
for
packing
things
into
a
really
tight
binary
format
and
that's
sort
of
what
seabor
replaces,
but
that
came
from
a
time
when
computer
memory
and
and
bandwidth
was
really
in
short
supply.
B
Today
we
don't
have
any
short
supply.
Well,
we
have.
Everything.
Is
limited
but
not
to
the
extent
that
it
used
to
be,
and
so
if
we
could
leave
it
in
Json
I,
don't
I'm,
not
a
fan
of
yaml,
so
I'll
just
be
honest
with
you,
it's
the
syntax
is
not
as
clear-cut,
so
I
I
would
promote
Json,
it's
obviously
the
absolute
leader
in
terms
of
interface.
B
You
know
syntax
and
why
not
just
leave
it
in
that?
It's
a
good
question
to
ask
why
go
to
seaboor?
Is
there
a
reason
and
if
there's
not
a
reason,
you
know
it,
you
could
leave
it
the
structure
or
whatever.
It
is
right
now
we're
re-encoding
into
a
Seaborn
and
and
then
encrypting
that
you
could
just
leave
that
in
this
as
a
Json
block
and
and
do
the
same
thing
with
it.
As
long
as
the
Json
was
had
limit.
F
B
Know
special,
and
indeed
there
are
some
fields
that
are
are
going
to
have
to
be.
If
you
put
that
into
an
encoding
that
is,
you
know,
human
readable.
Some
parts
are
not
going
to
be
right,
so
so
the
binary
you
know
say
signature
is
something
that's
still
very
opaque.
I,
don't
know
you
know
you
can't
read
it
so
that
it
can
be
encoded
in
something
that
is
still
transportable.
B
But
if
what
this
is
a
question,
is
there
I,
I
I,
just
think
that
yeah
I'm,
going
along
with
what
Ori
is
saying
in
that
that
the
apis
should
not
the
thing
that
are
obviously
going
to
be
used
by
human
beings,
which
is
the
apis
to
do
this
should
not
be,
should
maybe
there's
a
way
we
can
have
the
Json
Co
a
standardized
Json
for
everything.
That
is
what
we
mainly
Target
and
then,
if
necessary,
it's
turned
into
to
cozy
and
Seaboard.
B
C
Yeah,
just
a
quick
note
thanks
for
the
previous
comment,
so
I
get
it
now
and
I've
not
resolved,
because
we
didn't
have
that
turned
on,
but
yeah
resolve
my
comment
on
on
the
pr
and
approved
it
I
think
that's
fine
I
think
I
got
hung
up
in
a
similar
way
to
Rey
of
just
wondering
why
we
don't
just
stick
with
Json
but
yeah
everything
else
about
portability
across
the
boundaries
and
readability
and
debugability
makes
a
ton
of
sense.
C
I've
had
to
do
that
in
working
with
the
emulator
and
implementing
this
thing
already
so
I
think
all
that
makes
a
lot
of
sense.
So
thank
you.
E
Yeah,
so
one
reason
to
stick
with
one
thing,
at
least
for
the
authenticity,
and
the
three
part,
of
course,
is
the
homogenicity,
the
the
uniform
method
applied
for
a
signature
checking
so
for
authenticity
checking.
That
makes
a
lot
of
sense.
It's
that's
why
we
decouple
the
statements
media
types
from
the
surrounding
authenticity
representation,
which
at
the
moment
is
cozy
and
there's
good
reason
for
that.
E
So
so
we
have
already
the
Liberty
to
to
render
the
statements
as
ever
we
want,
and
we
can
also
do
the
API
calls
as,
however,
we
want,
we
can
write
proprietary
protocols
to
perform
the
exact
same
actions
as
the
reference
API
and
then
you
create
valid
I,
want
to
say
verifiable
data
structures
now
sorry
not
only
trees
and
and
then
work
on
them,
but
in
order
to
provide
the
insoppability
between
all
the
trees,
sorry
again,
verifiable
data
structures
you
need,
and
this
one
authenticity,
representation
and
and
the
the
the
the
most
useful
common
denominator
we
think
is
cozy,
because
we
can't
be
stuck
in
a
representation
problem.
E
Now
we
will
make
a
decision
for
some
time
into
the
future
here
and
and
going
with
Jason,
which
is
and
I
have
absolutely
feel
you
are
a
little
bit
of
web
platform
problem.
Yes,
the
support
might
not
be
great,
but
again
we
could
also
improve
on
the
tooling
for
the
web
platform
representation
to
debug
things
like,
for
example,
I
heard
from
Ray
I
think
not
so
great
Json,
nice
sibo,
dayak
literally,
is
Jason
with
a
few
things
that
Jason
never
ever
cannot
express.
E
So
it
has
to
be
tinkered
a
little
bit
to
make
it
representable
so
sibo
diagnostic
representation,
basically
is
Json
plus
plus
for
humans
to
read
it
the
C
board.
So
maybe
that's
already
good
enough.
Maybe
that
is
not
highlighted
enough.
Maybe
that
is
not
known.
Well,
that
is
a
co-wg
problem
and
it
should
be
fixed.
E
E
A
Thank
you,
Hank
Neil,.
H
Oh
yeah,
I,
I,
think
I
agree
mostly
with
Hank
I'm
concerned
I
mean
just
having
seen
all
the
problems
for
decades
that
have
happened
in
the
world
of
canonicalization.
The
notion
of
having
kind
of
two
different
ways
to
represent
something
seems
fraud
with
with
problems.
I
mean
I
have
to
say:
I,
don't
haven't
looked
at
the
API,
so
I'm
not
really
sure.
H
What's
going
on,
but
and
I'd
love
some
specific
examples,
but
it
it
seems
that
sticking
to
something
and
I
don't
know
what
it
should
be
is
better
than
having
one
way
that
the
data
shows
up
when
you're
signing
it
in
a
different
way
that
it
shows
up
when
you're
passing
it
around.
A
Okay,
thanks
Nick
yeah
I'm,
so
I
I
can
obviously
understand
sort
of
the
the
desire
to
to
use
also
something
like
a
json-based
version,
giving
the
the
way
how
various
languages
support
json-based
structures
like
you
can
find.
As
a
developer,
you
can
find
hundreds
of
tutorials
for
different
languages
like
Google
or
whatever,
and
how
easy
it
is
to
to
pass
all
that
data
structure.
So
so
I
can
certainly
understand
what
I
would
like
to
avoid
is
having
two
different
encodings,
because
we
can't
decide
so
having
having
post
works.
A
I,
think
that
makes
it
even
worse,
so
we
would
have
to
decide
fairly
soon,
I
think
functionality
wise.
We
could
do
all
the
things
we
want
and
and
the
functionality
we
need
in
Jose
and
in
kosi.
A
So
so
that
shouldn't
be
an
issue
and
at
least
that's
my
understanding,
but
yeah
would
be
good
to
decide
that
sooner
rather
than
later,.
A
F
You
know
the
the
response
from
the
API
can
just
be
the
same
as
the
spec
representation,
or
it
can
be
a
different
media
type
that
wraps
the
spec
representation.
It
can
do
that
and
stay
in
seaboor
or
it
can
do
that
and
cross
media
type
boundary.
So
you
have
a
seaboor
object.
That's
exposed
as
Json
in
as
a
Json
structure,
for
example.
So
the
the
kind
of
question
that
I
have
we
kind
of
come
back
to
what's
the
purpose
of
the
API.
F
If
the
purpose
of
the
API
is
just
to
maximize
the
adoption
potential,
the
API
could
just
be,
you
know
essentially
only
there
to
increase
implementer
experience
and
the
number
of
implementations
it
could
be
there
to
make
it
really
easy
to
test
the
data
structures
that
are
required
by
the
protocol
and
in
that
case,
like
the
API,
isn't
really
meant
to
be
consumed
in
a
production
environment
with
its
representation
sort
of
acknowledged,
as
you
know,
normatively
in
specifications
that
that
kind
of
API
is
just
there
to
help
with
adoption.
F
On
the
other
hand,
there
it
could
be
an
API
that
you
know
you're
expected
to
implement
this
API
exactly
as
it
stated,
and
then
you
really
would
not
want
to
expose
anything
other
than
the
highest
performing
representations
possible,
and
so
I
would
say
if
the
skid
api's
purpose
is
to
actually
be
like
implemented
outside
of
a
testing
environment
and
in
production.
You
know,
high
volume,
critical
security,
critical
infrastructure,
environment,
then
I
would
say.
F
Yaml
and
adjacent
are
completely
off
the
table
and
you
have
to
do
everything
in
seabor
and
you've
got
to
get
your
Seaboard
perfect,
and
you
probably
want
to
register
media
types
and
go
into
some
extra
details
to
make
sure
that
that
production
grades,
git
API,
is
really
doing
a
great
job
for
a
pure
binary
format
because,
as
as
you
know,
apis
for
Pure
binary
formats
are
not
always
exposed
super
nicely.
So
there
will
be
like
a
lot
of
potential
work
you
might
want
to
do
to
make
that
really
comfortable.
F
On
the
other
hand,
if
the
purpose
of
the
API
is
really
just
to
help,
get
you
a
receipt,
and
you
really
want
it
to
be
very
readable
and
it's
okay
for
it
to
be
space
inefficient,
and
you
know
the
expectation
is
everyone's
going
to
go.
Implement
some
higher
performing,
you
know,
potentially
proprietary
or
different
API
after
they
kind
of
use
this
Scrappy
API
to
figure
out
how
to
implement
skit.
F
A
My
expectation
for
the
API
was
that
this
would
be
a
mandatory
to
implement
API
for
the
production
environment.
This
is
not
a
oh
there's,
a
test
application
and
so
on.
So
it's
like
for
interoperability
between
the
issuer
and
the
transparency
service.
You
need
to
have
some
some
form
of
API
and.
A
I,
don't
think
per
se
if
you
like,
Json
would
be
off
the
blade,
as
you
said,
for
such
a
production
level,
implementation
that
that
needs
to
scale,
because
if
you
look
at
like
how
web
services
work
today,
they.
F
A
Like
they
also
production
quality
and
they
they
use
Json
so
so
I,
like
all
the
the
beautiful
web
services
we
use
more
or
less
use
Json,
so
I
wouldn't
dismiss
it
as
as
such,
but
think.
E
Yeah
I
have
to
amend
my
comments.
Obviously
yeah
I
was
talking
about
authenticity,
layer,
I,
think
what
I
heard
is
already
said:
yeah,
don't
don't
touch
that
it's
about
the
protocol,
so
API
here
means
protocol
message,
representation
and
you
can
do
whatever
you
want.
I
I
think
that
is
absolutely
fine
I'm,
not
entirely
confident
that
a
siboa
API
is
mandatory
to
implement.
E
But
it's
a
very
strongly
recommend
then
recommend
it
to
be
a
global
interoperable
in
the
end
and
and
therefore
it
might
make
sense
to
to
have
that
always
in
your
back
pocket
somehow
but
I
I
I
I
see
no
harm
in
in
using
HTTP
1.1
as
the
transport
protocol
implementing
something
in
Json
protocol
messages
that
then
include
a
base.
64
URL,
save
I,
don't
know
represented
Civil
War
to
to
send
that
around
and
to
get
that
get
that
one
validated
work
receipt
with
the
server
Library.
E
So
I'm,
sorry,
my
daughter
is
ringing,
but
this
is
my
my
reply
so
yeah
on
the
on
the
protocol
level,
which
I
think
we
have
to
somehow
check.
Maybe
here
in
this
group,
do
we
mean
the
API
protocol
and
and
on
that
level,
to
do
the
thing
that
moves
the
messages
around
you?
Can
you
can
definitely
use
Jason,
I
think
as
an
addition
to
the
to
the
original
origin?
A
You
you
were
asking
whatever
you're
talking
about
the
payloads
like,
for
example,
the
sign
statement
versus
the
protocol.
The
protocol
doesn't
that
doesn't
have
a
lot
of
Seaboard
to
begin
with
what
sibo
or
what
Json
or
what
whatever
like
a
restful
API,
doesn't
have
a
lot
of
like
it's,
not
like
soap,
where
you
encapsulate
lots
of
messages,
like
all
you,
maybe
when
like
if
the
existing
API
description,
like
it,
has
maybe
a
structure
for
a
response.
A
If
there's
an
error
response,
it
has
a
type
and
like
a
human,
readable
text
also,
so
they
are
I.
Think,
like
the
question
about
like
how
should
I
encode,
that
response
is,
is
probably
less
of
an
issue
but
but
maybe
I'm,
seeing
that
wrong.
Ray.
B
Okay,
so
like,
if
you
look
at
the
major
you
know
API
situation
today
like
like,
if
you
look
at
AWS
and
all
of
their
services,
they're
all
Json
interface
and
you
you
know
you
submit,
they
have
a
very
simple.
You
know
submission
mechanism
and
you
submit
some
sort
of
Json
chunk
and
you
get
one
back
and
it
may
be
pretty
extensive.
B
You
know-
and
so
you
know
that's
in
the
idea
that
something
needs
is
a
little
bit
more
capable
than
Json
I
would
say.
Just
whatever
that
capability
is
can
be,
can
be,
can
be
simplified
and
made
into
Json,
because
that's
that's
the
going
thing,
but
I
wanted
to
paint
a
little
similar
picture
to
what
they
did
with
QR
codes
in
Europe
for
the
covid.
B
You
know
document
you
know
card
or
guess
will
you
carry
around
so,
of
course,
a
QR
code
is
something
a
human
can't
read,
but
a
computer
can't
and
you
honestly
don't
care
what
the
conversions
are
until
you
get
up
to
the
point
when
you
can
read
it,
So
eventually,
you've
got
to
be
able
to
read
this
thing,
and
so
what
they
did
was
they
took
a
simplified
Json
structure
with
very
simple.
B
B
B
Eventually,
you
get
back
to
this
human
readable
form
so
that
somebody
can
can
not
necessarily
human,
read
it,
but
you're
going
to
have
some
piece
of
software
that
somebody
has
to
write
and
they
have
to
take
these
fields
and
remember
what
the
hell
they
mean
and
you
know
do
something
with
it.
The
same
is
true
here:
where
we're
going
to
have
people
who
are
going
to
be.
B
You
know
looking
at
the
fields
eventually
in
their
software
after
they
get
through
all
the
API,
and
you
need
to
do
something
with
it
and
at
that
level
it
needs
to
be
unwrapped
from
all
of
whatever
encoding
is
required.
I'm,
not
saying
that
that
we
need
to
change
from.
You
know
even
think
about
changing
from
from
the
structure
of
of
cozy
and
Seaboard.
B
Those
are
cool,
but
once
you
get
up
past
that
and
especially
the
API
of
what
what
you
submit
to
this
thing-
and
you
get
a
thing
back,
that
should
all
be
just
plain:
Jane,
Json
and
I'm,
not
talking
about
a
horrible
amount
of
overhead
here
you
know
the
Json
chunks
are
are,
usually
you
know,
just
a
number
of
hundreds
of
bytes
or
maybe
a
thousand
bytes
or
something
and
they
can
be
trimmed
down
for
iot,
so
it
it's
not.
B
Now,
on
the
other
hand,
I
see
the
need
for,
if
we're
talking
to
Merkle
tree
and
what
goes
in
it
I'm
not
debating
anything
there.
That
should
be.
You
know
very
much
a
minimalistic
kind
of
thing,
because
the
thing
grows
without
bound,
and
so
you
don't
want
to
have
something.
That's
that's
in
there.
That's
very
big,
but
I
thought
I'd
paint
that
picture
to
say
that
that
the
the
the
definitely
the
API
needs
to
be
me,
I,
in
my
view,
I
would
fight,
for
you
know
Json
as
a
way
to
do
it.
B
The
stuff
that
you
pass
in
and
out
you
may
have
you
may
have
you
know
encoded.
What
is
binary,
but
it's
encoded
so
that
it's
something
that
can
be
easily
gobbled
up
by
you
know
a
an
API
in
interface.
A
Thanks
free
hang.
E
Yeah,
just
a
quick
I'm,
absolutely
with
Ray
here
the
European
Union
digital
covert
certificate
is
a
cozy
C
bus
structure
that
is
base
45,
encoded
in
a
QR
code,
a
2d
code
and
and
that's
it
and
then
it
shows
even
text
labels
that
are
two
string
characters
because
they
are
small
enough
to
be
a
human
readable.
So
to
speak,
so
you
do
not
see
a
zero
and
the
one
there.
E
You
see
a
two
letters
that
make
sense
to
you
like
first
name
last
name,
f
and
Ln
and
such
and
so
to
make
sense
in
a
diagnostic
notation
and
and
then
they
have
that
representation
thing.
And
then,
when
you
put
a
show
to
some
scanner
and
scan
the
QR
code,
it
decodes
it
for
the
human
to
be
readable
and
that's
exactly
what's
happening
here
and
I.
Think
on
the
on
the
on
the
payload
side,
we
are
saved
on
Authority
I.
E
Think
we
established,
because
it's
fine
and
I
also
think
on
the
reference
API
we
can.
We
can
have
the
minimum
is
super
one
and
we
can
have
other
ones
and
and
show
how
they
would
be
implemented,
as
reference
I.
Think.
There's
no
harm
in
that
as
long
as
we
understand
that
the
that
the
yeah,
the
the
cost
structures
that
are
defined
by
architecture
and
cozy
IDs
are
all
uniform
foreign.
F
So
I
mean
just
for
the
sake
of
making
stronger
statements
that
are
potentially
more
triggering
I
would
say
there
should
be
a
mandatory
to
implement
seaboor
API,
and
if
you
implement
this
specification
for
the
skit
API,
you
should
expect
mandatory
support
for
seabor,
and
that
should
be
all
you
you
need.
You
shouldn't
need
anything
else.
F
If,
in
support
of
that
mission,
we
add
optional,
yaml
encodings
for
readability
and
Seaboard
diagnostic
Etc
I.
Think
that
is
nice
to
have
implementation,
detail
that
you
know,
if
someone's
excited
to
do
that,
work,
let
them
let
them
do
it,
but
it
should
be
completely
unnecessary
to
ever.
Ask
for
yaml
or
Jason
from
the
skip,
API
and
I.
F
Think
implementers
should
not
expect
any
interoperability
around
yaml
or
Jason
from
the
skip
API,
so
I'll
make
the
strong
statement,
and,
and
maybe
it
will
sort
of
help
us
move,
move
beyond
the
sort
of
place
that
we're
at
right.
Now,
like
again,
the
data
structures
returned
from
the
API
are
not
always
the
same.
Data
structures
that
protocol
other
documents,
Define
could
be
a
c
board
wrapper
around
a
list
of
you
know
receipts,
for
example.
F
But
if
we
say
that
the
API
is
HTTP
and
the
API
will
only
expose
seabor
resources
for
the
mandatory
to
implement,
endpoints
I
think
that
that
makes
it
a
lot
easier
to
think
about
what
this
API
is
supposed
to
be
doing,
and
it
also
is
gonna
potentially
really
drive
a
lot
of
interoperability
around
consuming
resources
that
are
URLs
to
this
API.
F
So
if
you
know
that
our
content
type
is
always
mandatory,
see
more
by
default,
you
can
build
QR
code
systems
around
that
that
are
going
to
process
that
really
well
any
kind
of
Link
sharing,
you
know,
is
going
to
be
a
higher
degree
of
interoperability.
So
I
think
it's.
You
know.
My
argument
would
be
mandatory
support
for
seabor
on
all
of
the
endpoints
optional
support
for
yaml
and
a
debug
capacity,
and
no
support
for
Jason
whatsoever.
That's
it.
A
Thanks
Ori
and
you
may
have
seen
that
I
closed
the
queue
because
I
would
like
to
would
like
us
to
think
about
those
ideas
and
then
and
John
and
I
may
have
actually
sort
of
sent
a
mail
to
the
list
to
have
a
little
bit
of
a
discussion
on
this
to
make
a
decision
to
see
where
the
group
is
on
this
on
this
topic
on
what
formats
are
preferred
to
what
the
proposal
that
origin
said
is
a
good
one
or
whether
people
have
some
other
ideas,
but
I
think
it's
it's
something
that
we
need
to
think
about
a
little
bit
more
and
we
have
a
few
other
agenda
items
and
I
would
definitely
like
to
get
progress
report
on
the
emulator,
because
we
talked
about
this
during
the
IDF
meeting
at
the
hackathon.
A
We
also
talked
about
that
topic
the
week
afterwards,
when
we
had
our
sort
of
like
wrap.
A
And
then
we
need
to
talk
about
the
gender
topics
for
the
next
week's
call
John.
Can
you
can
you
give
us
an
update
on
the
emulator.
C
Yeah,
it's
probably
a
good
cap
to
the
last
conversation
and
lead
into
the
agenda
writers
for
next
week.
So
I
have
committed
everything
that
implements
the
hackathon
stuff
from
the
last
hackathon
now,
which
is
working
nicely.
C
We
have
highlighted
you
mostly
Ennis,
noticed
that
the
terminology
in
the
emulator
didn't
keep
up
with
the
big
sweep
and
update
of
terminology
in
the
spec
itself
that
we
made
shortly
before
117,
so
I'm,
hoping
that
we'll
be
able
to
get
that
fixed,
maybe
before
the
next
meeting,
certainly
within
two
weeks,
so
that
yeah,
we
use
the
correct
verbs
in
in
the
correct
places
for
people
who
are
watching
the
spec
changes
before
117.
C
The
big
sweep
I
think
that
yogesh
made
mostly
to
correct
things
like
transparent
and
signed
and
stuff
consistently
that
that
wasn't
updated
in
the
code
so
we'll
get
that
updated
in
the
code
very
shortly.
So
it's
in
reasonably
good
shape,
I
would
say
as
far
as
117
goes
but
needs
updating
and
when
that's
ready
for
a
bit
of
a
maybe
a
show
and
tell
the
archivist
implementation
of
that
actually
does
rat
all
the
seaboar
structures
in
armored
Json
for
transmission
across
the
the
the
services
interface.
C
So
we
can
have
a
look
at
the
subtleties
of
of
what
that
means,
so
I'm,
certainly
not
advocating
for
Json
in
the
receipt
or
having
multiple
serialization
formats
as
as
Neil
rays.
That
would
be
a
disaster,
but
for
expressing
how
we
transmit
those
seaboar
structures
between
entities,
I
think
it's
very
useful
and
we've
got
a
new
implementation
of
that.
So
we
can
just
look
at
it
and
discuss
if
there's
anything
else
any
further
to
go.
There.
A
Prince
thanks
John
on
this
issue
on
the
emulator
code.
Apparently
you
have
write
the
permission,
so
you,
if
someone
contributes
code,
you
could
basically
merge
it.
Is
that
correct.
G
Yeah
so
I
Steve,
Ori,
I,
think
Hank.
Maybe.
C
We
we
all
definitely
have
kind
of
reviewer
and
and
write
permissions
to
that
I'm
happy
to
open
it
as
well.
It's
just
it's!
It's
a
hangover
from
earlier
organization
that
it's
a
relatively
small
group.
A
Okay,
so
that
that's
excellent,
because
I
think
it's
it's
definitely
a
useful
activity
to
have
that
reference
implementation,
so
that
anyone
sort
of
particularly
those
in
working
in
the
group
could
showcase
something
to
their
to
their
friends
and
peers
and
whoever
have
a
kind
of
running
code
type
of
example.
Of
course,
this
is
a
this
is
sort
of
like
a
a
playground
rather
than
a
full-fledged
production,
quality
implementation,
but
I
think
it
it's.
It
serves
the
purpose.
A
Well,
so
thanks
thanks
for
doing
the
work,
so
that
was
faster
than
I
thought
Ray.
Do
you
want
to
briefly
mention
or
you
you
want
to
withdraw
your
agenda
item.
B
Well,
I
was
thinking
okay.
Well,
if
there's
any
time
I
guess
I
can
just
mention
it.
B
Here's
the
deal
so
what's
happened
is
the
skit
machine
has
has
kind
of
been
pushed
down
to
a
lower
level
where
we
have
minimal
descriptions
so
like
if,
along
the
lines
of
what
dick
provided
in
the
vendor
submission
file,
I'm
changing
it
from
vendor
response
file,
where
we
have
a
description
of
the
vendor,
we
have
a
description
of
the
data
and
a
link
back
into
skit
to
the
data,
which
is
kind
of
a
little
bit
of
a
wrinkle
I
didn't
expect,
but
essentially
everything
is
in
the
block
and
I
had
previously
done
a
little
bit
of
research
when
I
first
started
with
this
group
on
data
packaging
trends
and
a
lot
of
the
trends
are
now
I.
B
Guess
kind
of
represented
is
not
quite
the
same
Trend
that
I
wanted,
but
the
open
container
initiative,
which
has
a
little
bit
more
than
than
I,
wanted
in
the
in
the
packaging.
But
essentially
you
know
a
lot
of
that.
Information
is
in
there.
So
if
we
take
a
look
at
what
dick
dick
had
where
there
was
a,
there
was
sort
of
a
header
of
the
of
the
vendor
information
and
so
forth.
B
Maybe
even
the
public
key
of
the
vendor,
maybe
even
a
lot
of
things
in
there
that
that
would
be
possible
to
put
at
this
high
level,
including
references
to
data
artifacts,
maybe
many
of
them,
but
somewhere
else.
And
so
there's
this
chunk
of
data.
And
that
thing.
G
A
Are
you
so
like
dick
proposed
that
structure
yeah
a
few
months
back
and
are
you
suggesting
to
create
a
different
structure
or
you
are
working
on
a
structure
that
you
plan
to
submit
to
the
group
or
where
you
do.
B
Skit
is
right.
Now
it's
very
minimalistic
in
terms
that
there
it's
just
like
a
hash
value
of
signed,
hash
value
of
something,
and
that
goes
into
a
miracle
tree
and
so
climbing
up
above
that,
my
current
thinking
was
to
Branch
off
of
what
Dick
had
done
in
a
very,
very
heavy
way
in
terms
of
adopting
kind
of
like
what
he
was
saying
and
and
yes,
including
a
lot
of
that
stuff
in
every
single
one.
B
So
maybe
there's
a
lot
of
redundancy
where
you
say
well,
we're
just
going
to
identify
the
person
in
full
and
each
one
of
these
not
suitable
for
every
application,
but
certainly
suitable
for
things
such
as
source
code
and
stuff,
where,
where
size
is
not
an
issue,
if
you're
talking
about
via
data
item
being
a
s-bop,
so
I'll
tell
you
what
I
don't
have
anything
like
prepared
yet,
but
that
was
kind
of
the
direction.
A
B
Subject:
yeah
on
the
other
subject:
I
I
posted
a
link,
the
one
we
were
just
discussing
and
I
brought
up
the
Json
seabor
cozy
zlib
base
45
conversion
chain
that
they
use
for
the
EU
QR
code
for
covid
and
also
a
link
to
that
which
describes
you
know
actually
why
they
made
their
decisions
and
and
had
to
actually
come
up
with
the
space
45
encoding.
I
guess
to
do
it
and
you
know,
QR
codes
are
usually
used
for
URLs,
but
they
don't
have
to
be.
B
They
can
be
any
kind
of
binary
data
and
it's
better
to
make
them
non-binary
so
that
you
can
actually,
you
know,
shine
a
cell
phone
on
it
and
read
it
and
see
what
it
is
sort
of
but
they're
either
they
don't
have
any
restriction
and
so
what
they
did
there
was.
They
just
had
this
change
so
I.
A
Thought
I'd
bring
right,
I
need
to
cut
you
short
because
otherwise,
but
but
are
you
working
with
the
conduct
document
because,
ideally,
we
would
like
to
have
something
in
front
of
us
to.
B
A
Okay,
dick
you
have
three
minutes,
then
we
need
to
talk
about
the
agenda.
I
Okay,
thank
you
hanas
and
thanks
Ray,
for
taking
a
look
at
that
I'm
I'm,
all
in
favor
of
anything
we
can
do
to
improve.
You
know
what
I
call
the
brf
one
thing
I
do
want
to
point
out,
though
some
reasoning
behind
the
particular
structure
of
that
vrm.
I
You
know
I
work
pretty
extensively
in
the
software
supply
chain,
and
so
one
thing
we
see
a
lot
is
this
concept
of
systems
integrators
and
they
are
vendors
who
provide
multiple
software
packages
and
so
that
vrf
was
really
designed
to
be
set
in
many
ways
to
accommodate
that
reality
that
we
face
and
and
so
the
the
things
that
you
will
see
in
there,
like
all
the
the
vendor
data
at
the
top
basically
represents
what
could
be
a
systems
integrator
and
then
all
the
products
that
they
would
provide
within
a
contract.
I
So
that's
some
of
the
reasoning
behind
the
structure
that
you
see
just
just
so
you
aware
of
what's
happening
there.
Thank
you
guys.
B
Dick
I'm
going
to
contact
you
probably
in
this
week,
so
we
can.
We
can
have
a
pow-wow
about
that.
Thanks.
A
Good,
okay,
yes,
usually
takes
us
a
little
bit
longitude
discuss
items
understandably,
because
there
are
so
many
different
viewpoints.
So
we
didn't
manage
to
get
through
all
the
open
issues
or
to
get
to
any
of
missions,
but
at
least
the
ones
in
GitHub,
so
agenda
wise.
What
should
we
put
on
the
plate
for
next
Monday
I
I?
Think
some
discussion
on
the
feed
structure
would
be
appropriate.
A
I
also
added
some
new
issues
to
the
GitHub
issue:
tracker,
in
the
hope
that
we
could,
maybe,
during
the
week
resolve
them
I
can
only
create
bias
if
I
understand
what
the
direction
of
the
group
is,
because
it
always
takes
a
lot
of
time
to
write
the
text
and,
if
I'm
on
the
wrong
track,
then
it's
words
for
nothing.
A
J
E
Yeah
I
would
agree
with
that.
Sorry,
yeah
I
think
that
one
dedicated
session
that
looks
that
does
a
screen
share
and
and
we
can
go
through,
closing,
updating
or
actually
handling
issues.
Nprs
is
a
great
idea,
because
I
think
we
are
always
kind
of
skipping
that
and
therefore
we
have
to
consciously
deliberately
still
deserve
some
time
for
that.
A
Thank
you
Hank,
not
that
any
other
views,
dick
yeah.
I
Very
quickly,
just
I'd
like
to
see
if
we
could
focus
on
the
API
just
to
be
able
to
wrap
up
what
comes
back
after
putting
a
payload
into
a
registry
and
then
that
URL,
hopefully
it's
a
URL
and
that
can
be
distributed
for
others
to
pull
that
data
out
of
the
registry.
So
I'm
hoping
to
focus
on
the
API
a
little
bit
more
thanks.
Yeah.
A
Okay,
that's
perfect,
yeah!
We
didn't
go
too
far
today
on
the
API
topic,
but
yeah.
That
sounds
excellent,
so
we
have
already
like
kind
of
three
items
already
I.
Think
that's
good
enough
for
next
week
and
I
would
send
a
a
pointer
to
the
GitHub
issue
track
again
with
some
of
the
new
issues
that
I
that
I
added.
Maybe
someone
of
you
has
some
views
about
this
and
I
would
also
like
to
remind
you
that
you
promised
to
do
some
some
work
at
the
last
IDF
meeting
or
around
it
before
the
submission.
A
So
please
look
at
that
and
and
help
us
make
progress
so
that
we
also
during
the
the
summer
vacation
period,
actually
Advanced
the
documents
accordingly.
A
C
Thanks
Roy
yeah
mine's
super
quick.
Thank
you
Hank
for
pointing
out
the
meeting
issue.
I
found
the
bug
and
from
this
point
forward
it
will
be
a
recurring
weekly,
so
I'll
stick
that
new
agenda
in
and
we'll
start
it
from
there.
J
Right
I
want
to
raise
my
concerns
here.
We're
still
skirting
the
charter
very
closely
here.
The
API
we're
talking
about
for
the
The
Ledger
and
for
the
for
transparency
statements
is
a
submission
or
an
audit
capability.
If
you
want
query
and
storage,
we're
gonna
have
to
reopen
the
charter
right.
There
is
no
ad
hoc
query
capability,
Against
The
Ledger,
as
it
sits
today.
A
Yeah,
that's
true,
but
we
we
wanted
to
extend
the
API
to
use
the
feed.
At
least
that
was
my
collection
to.
J
Dip
into
them
I
understand
the
feed.
I
have
John
and
I
have
talked
about
this
before,
but
you
know
talking
about
the
specifics
of
software
supply
chain
and
the
document
formats
and
so
forth,
which
are
being
controlled
by
sisa
and
nist,
and
a
bunch
of
others
is
getting
into
a
couple
of
gray
areas
where
we're
not
chartered
for
so
I
just
wanted
to
bring
that
out.
A
Okay,
thank
you.
Yogish.
D
Hi
I,
just
kind
of
I
won't
take
too
long,
so
I
sent
a
link
in
the
skit
working
mailing
list
where,
like
CPU
government
organizations
in
uscisa
and
department,
National
cyber
director
of
Technology
and
other
organizations
are
asking
how
to
secure
open
source
software
they're
asking
for
a
feedback.
So
maybe
it's
good
time.
We
have
a
good
amount
of
time
to
prepare
something
and
suggest
something
and
kind
of
advertise
kit
in
a
way
that
suits
us
as
well
and
them
as
well.
So
just
one
thing
I
wanted
to
mention
that
here,
I.