►
From YouTube: IETF-SCITT-20230612-1500
Description
SCITT meeting session at IETF
2023/06/12 1500
https://datatracker.ietf.org/meeting//proceedings/
A
A
A
Yeah
we
we
will
do
an
agenda
bashing
in
a
in
a
second
and
then
yeah,
we'll
I.
A
Will
make
some
progress
on
the
registration
policy
topic,
but
if
there's
some
other
topics,
you
guys
want
to
talk
about
happen
to
consider
those
in
during
the
agenda
bashing
as
well.
A
Okay,
I
will
take
some
notes
again
as
always,
but
if
someone
can
help
me,
that
would
be
fantastic
as
well.
Okay,.
F
A
Guess
John
it's
it's
time
to
get
started
right.
G
D
A
Yep
Welcome
to
our
sort
of
weekly
virtual
intro
meeting
for
this
kid
working
group
we've
sent
around
well
last
week
at
last
week's
discussion.
We
concluded
that
we
wanted
to
talk
about.
The
registration
policy
is
at
this
meeting
in
case
you
have
some
other
topics.
It
would
be
good
to
bring
them
up
now,
so
we
can
do
a
little
bit
of
agenda
fine
tuning.
A
Don't
do
anything
or
Ray
do
you
have
something.
D
Been
I
actually
have
been
working
on
this
stuff
in
terms
of
the
endorsement
and
and
then
I
did
get
my
submission
in
so
I.
Guess.
D
D
The
the
protocol
and
and
I'm
looking
at
the
well
I,
don't
need
to
give
a
full.
Let
me
just
finish
this:
that
the
the
air
gap
you
know
protocol
in
trying
to
blend
that
with
TLS,
but
that's
what
I'm
working
on
I.
It's.
A
A
Yeah,
please
post
it
also
on
the
list,
so
I
can
reference
it
in
the
meeting
minutes.
D
Yeah,
okay,
good
I'll
I'll
put
because
I
did
work
pretty
hard
on
this
submission
for
and
I'm
hoping
to
get.
A
cryptography
group
started
on
the
selections
with
nist,
because
they've
shut
everything
down
prior
to
about
two
years
ago,
but
okay,
so
yeah
yeah.
A
It's
actually
quite
a
relevant
topic
for
someone
living
in
Austria,
because
some
of
our
other
editions
messed
up
the
most
recent
elections.
They
made
an
extra
sheet
error
in
accidental
and
switch
the
candidates
as
a
by
doing
so
so
yeah,
so
maybe
maybe
actually.
A
Okay,
cool
good
John
you
are
in
the
queue
is
that
intentional.
F
B
F
That
talk
in
a
minute
to
put
some
links
in
so
there
is
a
branch
in
the
public,
skit
Community
working
group
GitHub
for
my
implementation
of
the
end
to
end
receipts
process
which
people
are
free
to
look
at
and
discuss.
I
just
need
to
update
some
of
the
docs
before
I
turn
it
into
a
real
PR.
But
there
is
a
usable
implementation
and
the
Microsoft
provided
emulator
are
both
up
there
and
and
working.
If
people
are
interested.
A
Okay,
yeah,
that's
a
that's
a
good
good
topic,
because,
a
few
weeks
ago
we
we
made
a
call
basically
to
everyone
showing
interest
in
the
hackathon
preparation,
and
so
so
that
would
be
quite.
A
Put
it
on
the
on
the
meeting
notes
on
into
onto
the
agenda,
so
we
have
the
hackathon
and
the
voting
topic.
A
A
Okay,
perfect
so
capitals.
A
I
see
Neil,
you
joined
as
well
excellent
Charlie.
Also
here
good
Peter.
A
Okay,
so
regarding
the
registration
policies,
so
I
looked
at
the
open
issues,
let's
start
with
this
one,
because
that
was
what
we
indicated
in
the
in
the
official
meeting.
Invite
there
are
a
few
open
issues
in
the
GitHub
issue.
Tracker
and
I
will
post
the
links
to
the
meeting
minutes.
A
So
you
can,
you
can
click
on
those
they
don't
contain
an
awful
lot
of
content,
but
we
talked
about
the
registration
policy
in
the
past,
and
the
architecture
draft
also
contains
a
little
bit
of
content
contains
a
few
attributes
of
that
policy,
but
it's
otherwise,
like
everything,
is
a
little
bit
on
the
on
the
sort
of
not
super
proposed
side.
So
the
question
is
like
for
me.
A
Obviously
we
want
to
make
some
some
progress
on
this
topic.
This
is
one
of
the
bigger
issues
in
the
architecture
document.
The
question
is
I'll,
be
a
little
bit
too
ambitious
here
for
an
initial
version.
Do
we
have
something
like
a
minimal
version
that
we
can
get
out
and
get
away
with
and
then
extend
it
later
on
or
where
are
we
with?
Are
we
with
this
topic
like
what
what's
the
sort
of
like
the
workable
version
that
we
could
put
together
without
going
a
little
bit
overboard
with
these
policies?
A
I
G
And
I
can
talk
hi
yeah
how
to
expediate
this.
We
need
a
functioning
middle
ground
in
specification
for
issue
messages
which
are
sign
statements
and
transparent,
Services
output,
which
is
a
transparent
statement.
That
is
correct.
Registration
policy
is
super
complex
at
the
very
least,
I
think
the
Gateway
function
that
limits
issuers
to
transparency,
service
I
think
should
be.
There
should
be
understood
how
that
works,
and
then
we
are
good
they're,
not
adding
anything.
G
It's
like
a
trusting
customer
I
assume
so,
which
Gateway
keeps
a
a
limited
number
of
issues
to
the
service,
I
think,
and
if
that
would
be
a
long
enough,
not
enough
flowing
food,
then
you
can
iterate
on
that.
This
is
me
speaking
without
anyone
having
a
stake
and
implementation
next
to
John
here
so
I
would
now
sneakily
put
that
Spotlight
back
keeps
on
and
ask
him.
G
Would
you
see
this
the
same
way
that
we
could
have
registration
policies
that
are
basically
trusted
income
stories
on
transparency,
services
and
again,
maybe
naively
supersimplifying?
This.
F
Trust
anchor
obviously
means
different
things
to
different
people,
but,
following
those
lines,
I
think
is
is
reasonable.
You
know,
there's
a
a
strategic
reason
why
we
chose
registration
policies
for
the
117.
F
Focus
is
precisely
because
we've
got
these
these
various
tentacles
that
are
very
complex,
so
there
are
39
instances
of
the
phrase
registration
policies
across
the
document
so
far,
and
the
vast
majority
of
them
are
using
registration
policies
simply
to
gatekeep
the
registration
of
a
sign
statement,
as
you
said,
and
the
easiest
way
to
do
that
is
to
have
you
know
as
long
as
by
trust
anchor,
you
mean
it
could
be
an
IDP
certificate
for
oidc,
or
it
could
be
some
kind
of
more
direct
device
certificate.
F
F
F
One
is
going
down
the
road
of
formally
specifying
identities,
that's
how
we
got
into
all
the
did
web
and
did
urn
stuff
before
again.
If
people
feel
strongly
that
we
need
it,
I'm
happy
to
go
down
that
road,
but
actually
I,
think
it's
unnecessary
for
the
architectural
description
of
what
a
a
registration
policy
does
and,
more
worryingly,
at
116
we
had
a
bunch
of
conversations
about
how
registration
policies
might
be
much
more
complex
than
gatekeeping
the
requester
and
actually
include
all
sorts
of
other
contextual
abec
style
stuff.
F
Even
I
I,
don't
even
know
it
won't.
My
idea,
so
I
can't
represent
them
Faithfully,
but
there
were
ideas
of
registration
policies
having
some
semantic
understanding
of
the
payload
itself
and
I
wanted
to
make
sure
we
get
that
all
very
clean
and
clear
in
what
the
the
needs
of
the
group
are
because
I
think
that's
you
know,
making
it
more
complex
than
what
you
said.
F
F
As
in
the
group
they're
interested
so
I've
heard,
this
was
from
discussions
with
you
know,
sensible
and
venerable
members
of
this
group,
so
I
think
if
I
heard
him
correctly,
Roy
was
interested
in
things
like
that,
although
I
can't
find
him
now
on
the
on
the
group,
I
wouldn't
want
to
miss,
represent
him,
but
I
think
Roy
is
interested
in
more
powerful
registration
policies
Cedric
as
well.
F
Her
did
quite
a
bit
of
work
around
the
the
spec
at
116
hackathon
to
try
and
deal
with
things
like
that
and
then
Ori,
who
actually
is
here.
Okay,
so
or
you
might
remember,
better
Orion
and
at
least
both
of
those
people
I
think
some
others
were
looking
at
the
implications
of
remembering
and
Reporting
the
registration
policy
that
was
in
place
at
the
time
that
a
statement
was
made,
which
is
a
kind
of
Middle
Ground
I,
actually
quite
like
that
idea,
but
again
it's
more
complex
than
absolutely
strictly
necessary.
F
So
those
are
all
the
edges
to
that
really.
My
motivation
is
just
to
get
the
spec
published
in
a
version
that
makes
sense
where
we
know
what
a
registration
policy
does
and
doesn't
do
and
and
hence
hence
it
being
the
the
agenda
item
for
here.
A
Okay,
cool
I
just
managed
to
get
to
the
top
of
the
queue.
Thank
you,
Hank
I
want
to
briefly
explain
what
I
understand
when
I
hear
trust
anchors.
A
So
when
a
statement,
a
statement
is
signed
and
provided
to
the
transparency
service
it
that
signature
needs
to
be
verified,
and
that
happens
via
in
directly
or
indirectly,
using
using
some
public
key
or
slash
certificate,
and
that's
that's
the
trust
anchor
that
needs
to
be
present
at
the
transparency
service.
F
A
You
know
that's
true:
it
doesn't
need
to
be
an
x509
certificate,
but
conceptually
it's.
For
example,
if
that's
a
some
other
structure
with
a
different
encoding,
but
it
still
reassembles
the
concept
of
a
certificate
or
it
could
be
just
a
a
naked
key
like
Republic
Key,
for
example,.
E
A
The
I
was
primarily
sort
of
like
there
needs
to
be
some
information.
I
can,
let's
use
the
DLS
as
an
example,
so
to
have
fewer
options
like
in
DLS
you.
If
you
get
a
certificate
from
this
server,
you
need
to
have
a
trust,
anchor
store
with
a
trust
with
one
or
more
trust
anchors
that
allow
you
to
do
the
path
validation
to
verify
the
the
signature
of
what
you've
received
through
the
protocol,
and
you
need
something
similar
something
kind
of
equivalent
in
in
this
context
as
well.
A
Just
specifically,
since
we
have
the
the
sign
statement
coming
to
the
lectures,
slash,
slash,
transparency,
service,
and
so
that
needs
to
be
verified
and-
and
that's
when
I
hear
trust
anchor,
I
think
that's
what
I'm.
E
A
Well,
you
know,
difficulty
is
John,
was
sort
of
previously
saying
that
he
wants
to
sort
of
like
yeah,
push
away
the
details
and
he
called
it
more
complex
or
more
challenging
topics
like
formerly
specifying
specifying
the
identities.
A
But
unfortunately
you
somehow
have
to
talk
about
those
as
well,
because
there
are
subtle
details
on
how
let's
say
it
did
web
did
key
Etc
works
with
relationship
to
these
trust
anchors.
They
all
have
something
equivalent,
because
otherwise
it
won't
work.
But
it's
just
different
terms.
Different
everything.
A
But
I
stopped
now
and
let
already
talk.
C
John
mentioned,
you
know
several
things
that
we
talked
about
and
they
are
kind
of
complicated
details,
but
the
I
think
the
primary
complicated
one
that
maybe
it's
possible
to
to
remove
from
the
discussion
is
the
dependencies
between
different
envelope
formats
as
related
to
a
registration
policy.
So
you
know,
for
example,
if
you,
if
you're,
storing
your
policies
in
the
transparency
service,
and
you
want
to
basically
reflect
the
policies
that
were
in
place
at
the
time
at
which
a
signed
statement
was
made
into
a
transparent
statement.
C
You
can
do
that
by
including
identifiers
in
the
transparent
statement
that
we
returned
and,
as
you
do,
that
you
start
to
build
the
sort
of
like
these
graphs
of
like
well.
This
thing
required
these,
and
these
are
the
policies
that
were
in
place
at
this
time
and
that
can
get
complicated
and
it
can
also
be
allowed
without
us
specifying
it
as
long
as
we,
you
know,
sort
of
describe
that
you
know
these
are
the
extension
extension
points
that
you
can
make
use
of.
You
can
make
use
of
the
protected
header.
C
You
can
make
use
of
the
unprotected
header,
and
you
know
what
you
do
with
those
values
is
kind
of
your
business,
but
it's
not
necessarily
ours.
The
issue
is
that
if
you
want
a
consistent
way
to
refer
to
a
sign
statement,
that's
been
made
transparent
in
a
particular
service.
You
will
have
to
sort
of
describe
some
identifier
scheme
for
that
it
could
be
a
URL.
C
So
that's
just
you
know
a
summary
of
kind
of
what
was
discussed
and
yeah
I.
Think
you
know.
The
important
part
here
is
like
you
have
signatures.
You
have
issuers,
those
are
the
entities
that
are
doing
the
signing.
You
need
to
discover
keys
that
are
authoritative
for
those
issuers.
Every
verifier
relying
party
may
have
their
own
way
of
doing
that,
but
you
won't
be
able
to
discuss
verifying
without
discussing
issue
or
identity
in
some
format.
That's
it.
C
Think
it's
what's
produced.
It
was
to
my
understanding.
It
was
out
of
scope
originally
to
discuss
policy
specific
details,
so
right,
I,
think
we're,
including
a
reference
to
a
policy
by
including
a
URI
or
URL,
is
something
that
you
can
always
do,
but
it
shouldn't
there
shouldn't
be
any
interoperability
impact
from
the
decisions
that
we
make
on
that
now,
if
we
say
actually,
there
are
these
specific
header
properties
that
are
supposed
to
be
used
to
establish
interoperability
around
references,
then
it's
in
scope.
A
F
B
So
I
think,
should
we
just
kind
of
because
a
bit
of
a
registration
policy
detail
could
be
a
very
much
an
implementation
kind
of
a
aspect
of
a
transparency
service.
Can
we
keep
it
at
a
high
level
where
we
say
that
the
minimum
guidelines
or
minimum
registration
policy
requirements
we
should
state
in
the
architecture
and
and
and
leave
it
to
there,
because
otherwise
we're
going
in
a
circle
where
there
is
very
much
tied
to
an
implementation
which
could
lead
to
an
endless
kind
of
circles
there?
B
Something
like
the
registration
policy
is
required
to
validate
the
issuers
with
a
certain
like
uniquely
able
to
identify
the
issuers
unambiguously
and
can
be
recognized
using
some
known
trust
anchors
or
something
like
that
at
a
high
level.
What
is
what
we
should?
The
registration
policy
should
do,
rather
than
how
it
should
do.
A
B
What
what
kind
of
ease
out
our
responsibility
in
a
way
that
we
don't
force
a
specific
way
of
doing
registration
policy,
because
policy
is
very
kind
of
complicated
matter?
And
if
you
lock
down
ourselves
to
a
very
rigid
policy,
then
also
it
reduces
the
scope
of
our
architecture.
I
think
so.
That's
all
I
wanted
to
say.
Okay.
D
Yeah
I
I
agree
with
that
concept
of
trying
I'm,
not
you
know
detailing
it
too
much,
but
I
wanted
to
provide
a
I.
What
I
think
is
a
pretty
powerful
idea.
D
That
was
helping
me
with
regard
to
the
air
gap
thing,
but
I
think
it
can
be
applied
here,
and
that
is
this
idea
that
the
skit
transparency
Service,
the
registry,
everything
you
know
just
the
core
of
it,
though,
is
acting
like
a
proxy
at
like
a
proxy
agent
to
to
what
would
be
the
other
side
or
what
would
be
one
side
of
a
TLS
connection.
D
So
the
TLs
connection
is
already
well
undefined
and
understood,
certainly
we'll
be
using
that
with
people
communicating
with
the
service
but
I'm
talking
about
if
they
say,
if
you
would
have
communicated
with
me
back
at
this
time,
I
would
have
provided
you
these
things
to
prove
my
my
you
know,
identity
and
so
forth
as
a
certificate
that
I
would
have
provided
to
the
other
side
of
a
TLS
connection
and
the
skit
service
basically
acts
as
a
an
agent
to
to
record
and
and
and
and
and
memorialize
those
things
such
that
you
can
come
back
later
and
say:
okay
well,
I
want
us,
I
want
to
act
like
I'm
at
the
other
side
of
this
TLS
connection
and
by
kind
of
looking
at
it.
D
This
way,
maybe
this
would
allow
us
to
maybe
even
leverage
some
of
the
any
of
the
newer
Concepts
that
would
be
coming
down
for
TLS,
although
I'm
a
little
bit
cautious
about
that,
because
they
don't
all
necessarily
apply
but
anyway,
that
is
the
concept
that
that
we
look
at
okay.
D
Well,
if
we,
if
we
did,
have
to
act
as
a
as
an
agent
and
record
these
things
such
that
in
the
future,
if
someone
could
come
back
and
act
kind
of
like
act
like
they're
there
on
that
side,
then
that
may
be
enough
now,
if
you
wanna,
establish
registration
policies
for
I,
think
that's
up
at
a
higher
level
like
an
application
layer
or
something
where,
where
this
is
more,
if
you
will
a
single-ended
transport
layer
with
with
a
and
this
agent
on
one
side,
that's
not
that
that
could
act
like
anybody
coming
in
later
and
accessing
the
the
artifacts.
D
Just
that
idea,
maybe
that'll
be
helpful
to
to
think
about
this
and
and
I.
It
was
helping
me
with
the
air
gap
thing,
because
what
I
came
to
was
that
it's
going
to
be
really
useful,
just
to
use
TLS
in
some
form,
for
both
sides
of
that
and
and
that
that's
going
to
be
a
another
good,
powerful
idea
that
can
help
thanks.
E
We're
already
talking
about
probably
trees
of
data
to
evaluate
with
the
current
security
posture
is
based
on
cves
and
vexes
and
s-bombs,
and
things
like
this
dealing
with
those
receipts
at
bulk
and
knowing
that
the
configuration
or
the
the
identity
trust
has
changed.
Since
the
last
time
we
audited
is
why
I
was
driving
to
say,
hey,
we
kind
of
need
some
Escape
hatched
here
to
understand
what
the
configuration
is.
There
was
other
thoughts
that
Hank
and
others
proposed
of
hey,
there's
a
feed,
but
not
everybody's,
going
to
be
sitting
monitoring
the
feed
2400
24x7.
E
So
this
is
a
way
to
deal
with
stored
or
air-gapped,
or
things
carried
across
boundaries,
both
you
guess
and
and
rare
correct
that
that
we
could
get
by
with
an
initial
State.
The
question
is:
do
we
want
to
think
about
it
now
because
pretty
soon
we're
going
to
have
to
do
something?
If
we
start
getting
clouds
federations.
A
E
Fair
I
think
from
a
a
product,
that's
built
with
the
skip
building
blocks,
there's
a
different
set
of
policy
outside
of
this
right.
So
you,
you
know
you
could
Envision.
Only
people
that
are
approved
to
be
able
to
publish
to
a
products
cluster
makes
sense,
but
that's
more
of
an
hour
back
problem
that
doesn't
belong
in
the
notary.
Ledger.
Half
of
this
thing.
E
What
really
is
in
the
The
Ledger
portion
of
it
is
what
identity
providers
and
what
sources
are
we
going
to
to
evaluate
and
store
the
information
for,
because
you
kind
of
need
to
know
that
it
passed
some
policy
bar
and
what
that
policy
bar
is
before
you
accept
the
receipt,
the
receipt
isn't,
a
hey,
you
can
go
back
to
The
Ledger
and
go
and
retrieve
all
the
raw
information
and
rebuild
the
certificate
chain,
or
did
document
yourself.
It's
more
of
a
case
of
hey.
It
exists.
E
H
E
A
Okay,
Hank.
G
Yeah
this
is
me
just
being
an
interim
summarizer.
So
what
I
a
true
strippered
is
that
I
think
pretty
much.
Everybody
agrees
that
a
key
list
of
public
Keys
somehow
is
required
to
have
validate
issue
identities.
If
you
don't
have
the
key,
that's
the
Gateway
gatekeeper,
not
in
so
that's
that's
called
this
list
of
public
Keys
wherever
you
get
them
from.
If
it's
a
justification
path,
this
is
basically
the
term
that
you
use
instead
of
a
certification
path.
G
That's
right
certificate
chain
today,
and
so
it
doesn't
matter
where
it
comes
from,
although
where
it
comes
from
the
influence,
the
second
item
here,
so
if
that
is
an
agreed
one,
the
next
step
we
have
to
agree
on.
How
is
that
represented?
How
do
we
represent
that
list
of
public
keys
that
are
coming
from
things,
for
example,
pkx,
certification,
Brands?
G
Then,
if
you
know
how
to
represent
it,
then
you
have
to
understand
where
to
find
it.
That
of
course
relates
to
bad
stored.
We
have
this
appendoli
log.
You
can
store
things
in
there.
I
heard
that
feed
might
not
be
the
only
thing,
because
you
have
to
monitor
that
and
or
have
an
understanding
of
at
least
when
last
you
monitor.
G
That's
your
current,
no
understanding
of
what
the
registration
policy
probably
looks,
fine
and
if
you
know
where
it
start,
how
to
point
at
it
from
a
receipt
that
is
basically
the
representation,
the
identifier
also,
if
you
are
just
not
needing
that,
so
so,
I
think
these
four
items
we
have
to
agree
on
somehow
in
in
sequence,
maybe
maybe
in
parallel
I,
don't
know,
and
then
we
can
progress.
Everything
because
then
have
a
baseline
registration
policy.
G
Nowhere
to
find
it
know
how
to
deal
with
it
and
how
to
establish
trust
into
it
or
not
and
I.
Think
that's
that's
how
I
would
summarize
it,
maybe
that's
again
a
little
bit
oversimplified,
but
we
have
to
move,
and
that
would
be
something
I
at
least
I
understand.
A
Perfect:
okay!
Repeat
that
again:
Hank
Okay.
G
So
first
decision
populist
with
all
the
where
it
comes
from.
Yes,
no,
if
yes,
then,
what's
the
representation
of
that
trust.
F
G
G
So
what's
the
representation
of
the
identifier
here,
the
lookup
or
resolve
whatever,
and
so
we
had
for
the
for
the
where
to
start
I
heard
some
concerns
that
feed
might
not
be
good
enough
and-
and
that
is
something
we
have
to
discuss
then,
but
I
think
these
four
decision
points
you
have
to
pass
and
then
from
there
we
can
write
text
pretty
fast
and
do
all
the
minimal
required
things
here
and
then
we
can
progress.
I
think
that's
my
naive
point
of
view.
Maybe
there's
some
caveats
there
yeah.
J
J
J
J
With
you
know,
the
set
of
Stein's
sign
statements
to
work
with,
and
then
you
know
so
I
see
Sig
store
still
as
a
great
example,
I
think
it
is
making
very
simple
decisions
about
a
lot
of
these
things
and
I
think
that
people
are
going
to
have
to
deal
with
the
realign
parties
are
going
to
have
to
deal
with
these
things
so
I'm
trying
to
picture
our
registration
policy
that
would
actually
help
relying
parties
and
I
I
wonder
if
even
the
notion
of
restricting
statements
to
certain
issuers
is
going
to
do
enough.
J
In
other
words,
you
know
this
notion
of
a
trust
anchors
in
a
list
of
keys
kind
of
way,
because
I
think
we
all
know
that
over
time
any
given
issuer
might
be
compromised.
So
a
relying
party
can't
just
trust
all
the
statements
that
make
it
into
a
particular
instance,
because
going
back
perhaps
some
arbitrary
amount
of
time
you
might
say
wow
that
that
issuer
was
actually
compromised
and
you
can't
trust
it.
So
relying
parties
still
already
have
to
deal
with
that.
J
So
you
know
from
from
a
volume
standpoint,
it
can
help
to
reduce
the
number
of
people
that
are
actually
publishing
in
a
given
instance,
but
not
necessarily
from
a
trust,
standpoint
and
I.
Think
I
I
I
saw
a
brief
mention
of
tough
the
transparency.
J
Yeah
yeah
the
upward
framework.
It
provides
some
great
ways
to
deal
with
compromise
and
key
rotation
and
so
on
and
and
I
think
that
incorporating
that
into
the
inner
works
of
things
is
going
to
be,
in
a
sense,
more
helpful
than
trying
to
add
even
lots
of
issuing
party
registration
agreements.
So
I
don't
know
just
some
some
random
thoughts,
but
it
the
more
complexity
and
the
more
optional
stuff
and
the
more
opaque
stuff,
the
less
possible
it's
going
to
be
for
people
to
make
trustworthy
decisions.
You
know
to
make
actually
valid
decisions
thanks.
A
The
point
you
mentioned,
tough
I
thought
that
you
are
arguing
for
not
describing
any
policy,
basically
leaving
everything
kind
of
open.
But
then
you
mentioned
tough
and
I
happen
to
have
looked
at
it
in
Concept
in
context
of
firmware
updates
and
it's
actually
a
super
complicated
system.
J
Well,
I
mean
I,
so
what
I'm
saying
is
that
as
a
relying
party
I
would
want
to
understand
things
like
tough
and
I
would
be
happy
working
with
people
who
sign
statements
using
keys
that
they,
you
know
assert,
are
using
tough,
but
that's
in
a
you
know
that
isn't
trying
to
make
I
I,
don't
know
they.
They
have
thought
through
a
very
you're
right
in
the
sense
that
they
have
thought
through
a
very
carefully
designed
set
of
policies
for
delegation
and
for
key
rollover
and
and
ultimate
trust
and
so
on.
J
J
A
lot
of
people
are
having
good
luck,
promising
that
that
they're,
using
tough
and
and
letting
relying
parties
know
that
they
that
they
should
expect
that
and
and
I
guess,
you'd
call
that
a
registration
policy
again
I'm
not
up
to
speed
so
I
think
it's
it's
a
good
way
to
frame
it
thanks.
B
B
Yeah,
so
basically,
what
I'm
trying
to
say
is
that
an
entity
X
registers,
initially
with
the
transparency
service,
to
say
that
hey
I
am
entity
X
and
it
it
has
an
identity
which
is
corresponding
to
entity
X,
but
it
is
using
for
five.
It
has
five
products
and
it
it
signs
these
five
products
with
a
different
identity,
but
it
produces
an
identity
X
as
part
of
the
transaction
when
it
is
registering
with
the
transparency
service.
So
the
transparency
service
identifies
that
this
is
a
guy
X.
Who
is
issuing
these
statements?
B
E
E
We
don't
even
talk
about
the
authenticated
connection
portion
of
this.
What
really
matters
is
the
signature
on
the
statements
themselves.
Those
are
the
things
that
are
validating,
whether
it
comes
over
a
a
pipeline
that
comes
from
a
factory
or,
let's
say,
AWS
or
or
cool,
has
a
build
service
they're
just
a
way
to
get
into
the
system
they're,
not
making
any
claims
of
of
the
product
or
whatever.
It's
the
statements,
identity
that
we're
talking
about
here
and
has
nothing
to
do
with
the
authentic
connection.
E
Correct,
but
it's
based
on
the
identity,
it's
similar
to
you-
can
have
your
wife
go
and
take
in
your
signed
contract
with
a
notary
on
it
from
from
from
Ontario
as
long
as
it's
Ontario
notary,
that's
understood
the
fact
that
your
wife
brought
it
in
doesn't
matter.
It
doesn't
change
the
statement
that
the
notary
backs
your
your
signature
right,
the
transport
mechanism,
how
it
got
to
to
the
notary
is
not
as
important
as
the
actual
contract
and
the
notarization
stamp.
E
D
Yeah,
but
this
will
be
a
really
good
example
of
a
registration
policy,
because
the
notary,
like
a
real
notary,
has
to
witness
the
actual
signature
of
the
person
signing
it
and
they
have
to
sit
there
in
real
time
and
verify
the
ID
and
so
forth
of
that
person.
So
the
idea
that
I
don't
think
they
allow
the
wife
to
bring
in
a
science
document
that
they
don't
witness.
That's
a
policy
of
what
you
would
be
the
you
know,
I.
H
Just
have
one
sorry,
I
just
have
one
comment
to
yogesh's
point:
I.
H
I
totally
agree
with
that:
we're
really
spending
a
lot
of
time
on
you
know,
notaries
and
receipts
and
that
sort
of
stuff,
but
if
I
know
the
party,
if
I'm,
Hitachi
and
I'm
Contracting
with
I,
don't
know
you
know
Mitsubishi
for
part,
we
have
a
long-standing
relationship.
I,
don't
need
a
bunch
of
verification
on
that.
H
My
concern
is
mostly
that
we
can
track
Mitsubishi's
performance
on
delivery
and
all
that
stuff,
and
so
I
really
would
caution
us
about
getting
too
far
down
the
road
with
the
various
metaphors
of
you
know:
notaries
in
the
real
world
and
so
forth.
The
important
thing
here
is
the
payload,
not
so
much
the
you
know
the
the
various
pieces
of
administration
around
it,
which,
in
my
opinion,
are
you
know
optional,
additional
things
that
help
the
functionality,
not
vice
versa.
D
Yeah
well,
that's
true.
I
mean
that
the
point
there
is
that
you
can
and
what
I
actually
wanted
to
bring
up
was
was
how
let's
encrypt
used,
what
what
they
did
was
they
they
look
for
actual
evidence
on
the
domain
to
prove
that
the
domain
was
operated
by
the
you
know,
vanity
that
was
claiming
to
own
that
domain,
so
that
you
know
if
you,
if
you're
a
big
entity
like
Hitachi-
and
you
know
the
rest
of
these
big
companies,
then
certainly
you're
going
to
have
already
a
certificate.
That's
that's!
D
You
know
formal
certificate
and
there's
no
problem
509
certificate,
but
within
the
software
like
open
source
software
World,
you
don't
have
these
necessarily
established
entities,
you
may
have
people
submitting
it
and
the
the
idea
would
be
that
you
could
maybe
leverage
the
concept
of
how
what's
encrypt.
Does
it,
where
what
you're
doing
is
you're
having
a
skit
machine,
just
witness.
Okay,
look:
I
went
back,
and
this
guy
proved
that
he
has
this.
D
You
know
private
key
that
is
associated
with
the
public
key
at
this
time
and
and
so
then
the
skit
machine
is
witnessing
that
that
may
be
so
so
it
may
be.
The
policy,
though
Charlie
that
that
you
say
well
look
I,
need
a
wet
signature
on
things
or
I,
don't
like
I,
I'm,
I'm,
okay,
with
with
just
getting
you
know,
claim
that
they
have
this
private
key
or
or
that
they
have
the
the
artifact.
D
So
the
artifact
issue
is
another
one
where,
if
somebody
walks
in
and
says
here's
a
hash
value
and
and
I
have
this
artifact
on
my
side,
I'm
not
going
to
actually
let
you
see
it,
but
I
claim
to
have
it
well,
you
have
to
substantiate
that
claim
by
by
you
know,
give
giving
it
maybe
a
a
random
number
and
say
well
now
hash
it
with
this.
Random
number
is
the
same
way.
Hmap
does
and
then
you
do
it
two
times.
So
you
give
a
void
so
forth.
D
So
then
you
get
a
value
back
and
anyone
else
who
gets
that
could
do
the
same.
Here's
that
random
number
and
I
can
validate
that
when
they
got
the
guy
does
have
it,
even
though
we
didn't,
we
didn't
actually
exchange
it
or
actually
ever
see
it,
but
bringing
this
back
around
the
registration
policy.
I.
Think
the
question
in
my
mind,
is:
is
it
just
a
matter
of
of
how
well
we
check
the
certificates
and
so
forth?
D
Like
Charlie
says
we
already
know
these
entities,
we
don't
have
to
check
too
much
as
long
as
they're
in
our
list
or
we
have
to
have
wet
signatures,
or
is
it
more
than
that
on
saying
it
has
to
follow?
It
has
to
be
a
spdx
s-bomb
submission
before
I
accepted
and
so
forth.
That's
getting
kind
of
too
far
in
the
weeds
I
would
think,
but
that
I
think
is
a
question.
That's
good
to
talk
about
thanks.
A
I
I
really
I
lost
you,
but
specifically
we
talked
about
policies
that
related
to
the
content
of
what
is
being
registered,
but
they
at
that
point
we
said
we
are
not
going
to
do
that.
So
in
that
sense,.
I
C
I
F
I
Just
wanted
to
bring
a
point
like
I
understand,
Neil,
of
keeping
like
it's
simple,
but
I
also
see
a
lot
of
use.
Cases
where,
like
maybe,
for
example,
in
iot
or
stuff,
we
don't
have
the
power
to,
for
example,
verify
the
same
policy
with
the
same
concept,
not
for
like
the
same
level
of
security.
So
as
like
I
was
mentioning
also
like
right.
I
For
example,
if
we
want
to
I,
do
not
verify
that
the
private
Keys
Kept
Secret
inside
the
like
it's
completely
secret
and
stuff,
we
might
go
further
in
the
check
of
policies,
but
at
runtime
we
may
just
need
to
verify
that
it
was
not
later
on
invitated
or
removed
as
a
public
key.
So
I
feel
like
still
having
the
the
policies
there.
Something
can
fasten
up
once
we
we
are
run
time
without
removing
trust
or
without
moving
security.
I
I
would
say
so
if
you
like
I'm,
not
saying
that
you
should
be
inside
every
envelope
or
stuff
like
this.
It
might
also
be,
as
someone
suggested
directly
inside
The
Ledger,
that
we
can
query
and
check
which
policy
were
applied
or
how
were
the
policies
but
I
feel
that
removing
them,
let's
say
as
a
national
as
like
yeah
removing
them
completely
would
remove
some
use
cases
where
we
might
don't
want
to
reproduce
the
whole
policy,
but
maybe
just
check
the
validity
of
the
key
itself.
Still
so
now
we'll
move
the
stuff.
A
I
think
things
yeah
I,
don't
think
the
idea
is
to
remove
like
the
policy
functionality
all
together,
but
I
think
it's
just
a
question
of
what
is
coupled
at
what
stage
like.
Is
it
something
that
is
implementation,
specific,
both
standardized?
And
how
far
do
you
need
to
go
with
standardization
at
the
beginning
when
it
comes
to
sort
of
the
initial
version
of
the
protocol?
I
think
that's
that's!
Where
I'm
trying
to
make
a
judgment
of
what
the
group
wants.
I
Yeah
yeah,
nice-
sorry,
maybe
I
didn't
express
it
well,
but
yeah.
The
point
was
I
feel
we
need
to
standardize
still
how
we
what
we
applied.
Let's
say
it
so
that
I
can
avoid
reapplying
completely,
but
maybe
checking
a
sub
Justice
subsection
of
the
policies
or
these
kind
of
things
so
I
feel
I
would
need
completely
the
information
about
what
was
done
in
my
opinion,
so
that
I
don't
have
to
report
to
replicate
it
completely.
But
I
can
just
script.
Some
minor
points,
let's
say.
D
A
Wonder
how
this
could
work,
but
maybe
maybe
you
can
sort
of
explain
on
the
list
on
how
you
think
this
could
actually
be
done
like
technically.
A
H
Can
you
hear
me
sounds
good
I
think
I
see
my
little
bars
Rising
here,
so
the
basically
the
you
know,
the
use
case
we've
been
talking
about
are
parties
that
don't
know
each
other
and
parties
that
have
no
exchange
of
hard
Goods
for
the
most
part,
we're
talking
about
I
think
the
major
use
case
that
a
lot
of
people
are
having
in
their
minds
here.
Maybe
it's
unstated,
but
it's
you
know
webcommerce
or
web
web
authentication,
and
things
like
that.
H
I
have
a
totally
different
use
case
and
I'm,
just
not
hearing
that
much
attention
to
it
and
that
is
I
have
a
device
say
a
medical
device
or
something
that
has
hardware
and
software
in
it
and
I
have
to
be
sure
that
I
know
the
suppliers
and
that
there's
a
way
to
track
their
performance
and
a
way
to
you
know,
understand
their
ownership
and
so
on
and
so
forth
and
I'm
going
to
be
basically
maintaining
that
or
some
authoritative
third
party.
H
That's
part
of
that
supply
chain
will
be
maintaining
that
and
the
honestly
this
you
know
the
all
this
talk
of
receipts
and
and
policies,
and
things
like
that
are
kind
of
you-
know,
side
effects
to
that
use
case
and
I.
H
Think
if
you're
talking
about
a
strictly
software
use
case
you're
in
similar
situation,
because
you
know
you
know
identification
and
receiving
and
a
whole
bunch
of
those
things
are
just
you
know,
they're
all
self-attested
right
now
and
that
is
more
or
less
okay
to
start
so
I
would
Advocate
spending
less
time,
as
I
said
earlier,
on
the
superstructure
and
more
time
on
the
payload
and
how
that
how
that
could
be
stored
and
manipulated
in
volume
over.
Thank
you.
H
Yes,
what's
the
data
structure
that
we're
going
to
use
to
store
an
s-bomb,
for
example?
How
does
that?
How
does
that
relate
to
how
do
I?
How
do
I
store
characteristics
of
you
know,
suppliers
and
their
ownership
and
countries
of
origin
and
other
areas
of
concern?
H
You
know
named
individuals
all
those
things
that
I'm
going
to
have
to
be
worried
about
when
The
Regulators
come
knocking
right,
so
yeah,
so
those
are
important
and
I
also
want
to
be
able
to
track
my
own
quality,
so
I
need
to
track
the
quality
of
suppliers,
and
it's
going
to
be
a
way
that
I
can
store
that
and
evaluate
it
in
real
time
for
the
most
part
or
periodically,
and
those
topics
just
haven't
gotten
any
attention
at
all.
So
I'm
concerned
that
we're
over
specializing
here.
A
Thanks
Charlie,
we
have
four
minutes
left
and
and
two
people
on
the
on
the
in
the
cube.
We
will
definitely
John
and
I
will
definitely
have
to
put
something
the
next
steps
on
the
mailing
list.
We
had
a
couple
of
good
things
brought
up
already,
so
we
will
sort
of
come
up
with
an
idea
on
how
to
move
forward
with
this,
but
Ray
and
and
Roy.
You
guys
still
have
the
the
floor.
D
Yeah
I
I
know
that
certainly
the
payload,
like
the
application,
specific
payload,
like
shooting
out
from
what
Charlie
said,
is
something
that
maybe
is
better
I,
don't
know,
if
maybe
it's
better
done
in
something
like
a
schema.org
type
thing
where
you're
working
on
the
exact
schema
of
the
content.
For
that
for
that
use
case.
D
But
I
just
wanted
to
give
you
this
quick
idea,
which
is
to
maybe
use
what
rats
did
and
say.
Okay,
we're
going
to
have
a
registration
policy
verifier
up
front
here
and
and
then
we
can.
D
We
can
basically
provide
the
mechanism
for
for
people
to
for
something
to
sort
of
review
things
before
it
goes
into
the
this
get
machine
and
and
yet
not
have
to
have
us
detail
out
exactly
how
it's
done
above
and
beyond
exactly
what
we
need
to
maintain
the
the
basic
certificates
and
so
forth
for
who's
putting
it
in
and
how
we
verified.
That
and
I
think
that's
the
basic
register.
D
You
know
the
basic
core
registration
I
think
we're
already
handling,
but
above
that
the
I
think
that
that
may
be
a
good
way
out
is
to
just
say:
this
is
a
somehow
put
that
defer
that
how
rats
did
they
said,
there's
a
verifier
that
does
a
registration
verification
thanks.
H
E
Just
want
to
point
out
that
the
definition
of
of
s-bombs
and
Vex
and
cves
are
being
done
in
the
discussion
with
sisa
and
open
ssf
and
a
whole
bunch
of
other
committees.
The
relationship
of
those
documents
and
the
format
of
those
documents
is
being
defined
outside
the
ietf
and
that,
that's
perfectly
understandably,
acceptable
is
from
where
we're
seeing
because
there's
just
so
much
movement
between
various
governments.
At
this
point,
the
the
conversation
of
rats
and
how
it
does
things
invalidate
the
relationships
up
front.
I
have
no
problem
with
the
problem.
E
Here
is
how
do
you
detect
when
something's
changed
in
a
CCF,
confidential,
compute,
Foundation
sort
of
scenario
with
rats?
If
the
hardware
changes,
then
the
next
layer
is
not
going
to
run.
How
do
you
detect
in
this
case
is
exactly
the
same
thing
that
configuration
or
a
new
identity
provider
has
been
changed
since
the
last
time?
E
D
H
Yeah
I
too
I'm
happy
to
participate
in
that
Roy
and
Ray
I.
Just
think.
You
know:
we've
defined
that
I'm
involved
in
s-bomb
and
Vex
and
csap
and
all
kinds
of
other
crap
here
and
I'm.
So
I'm
very
familiar
with
all
that,
but
we
haven't
spent
any
time
on
how
we
would
you
know,
provide
a
utility
to
use
those
and
I,
which
I
think
is
the
the
essence
of
skit.
So
that's
that's
where
I'd
like
to
spend
a
little
more
time,
if,
if
possible,
so.
E
Make
sure
we
have
each
other's
thoughts
and
ideas
captured
correctly
then
we'll
I
sure
back
on
the
aliens
right
now
I
think
we're
missing
some
details
and
we're
talking
across
purposes
so
I'd
rather
have
an
author.
All
three
of
us
submit
something
into
the
mailing
list,
but
let's
get
it
clear.
First.