►
From YouTube: IETF-SCITT-20230116-1600
Description
SCITT meeting session at IETF
2023/01/16 1600
https://datatracker.ietf.org/meeting//proceedings/
A
C
C
C
A
C
A
A
A
A
A
We
knew
that
it
would
be
a
little
bit
more
difficult
to
have
the
meeting
today
because
of
the
holiday
in
the
U.S
and
I
think
in
the
UK,
maybe
as
well,
but
we
I
still
want
to
go
through
a
couple
of
items.
Specifically,
there
are
a
few
a
few
things
to
look
at
the
first.
One
is
a
threat
model.
We
have
use
cases
still
discussions
on
the
list.
Raymond
contributed
a
new
use
case.
G
Yeah,
so
this
is
saying:
hi
everybody
yeah
yeah.
We
have
a
upcoming
meeting
with
a
session
request,
so
I
think
it's
this
prudent
to
what
that
is
mentioned
at
once,
and
then
you
have
in
mind
that
we
have
to
prepare
at
some
point
for
that.
Some
some
people
already
are
working
backwards
towards
more
so
to
speak
and
and
to
have
to
have
something
to
present
there,
yeah
yeah.
B
C
B
On
my
part,
too
start
a
thread
later
today
about
the
terminology
discussion
again
initially,
I
thought
that
we
had
a
kind
of
a
closed
meeting
to
discuss
with
few
selected
who
contributed
actively
to
Red
circuit
architecture.
So
I
thought
maybe-
and
that
was
the
better
way,
but
it
seems
there's
no
response.
So
I
will
try
to.
B
Between
rats
and
skit
and
I
think
maybe
at
the
end
of
the
day,
we
might
have
to
go
turn
with
votes
to
say
what
what
is
the
Community
preference
on
those.
So
we
will
start
that
discussion
thread
and
then,
maybe
after
two
three
days
what
what
the
community
respond,
we
we
can
then
go
for
a
vote
and
make
a
final
call.
Yeah.
A
Cool
yeah
I
submitted
the
the
meeting
for
the
IDF
meeting,
so
we'll
see
how
the
scheduling
goes,
but
hopefully
it
fits
your
if
you're,
remote
participant
your
time
zone
preference
or,
if
you're,
if
you're
there
for
like
for
a
few
days
or
for
the
whole
week,
I
think
that
is
probably
it
probably
doesn't
matter
Hank.
Should
we
start
with
a
quick
look
at
the
architecture
document
and
the
issues
Slash
PRS.
G
G
A
A
B
G
And
which
one,
oh
so
yeah,
so
the
architecture,
the
conciliations
of
the
the
editors,
meet
to
to
get
basically
what
you
just
asked
for
on
Wednesday
to
get
on
the
same
page
again,
there's
something
like
there's
something
we
might
be
even
be
very
easy
to
drop
like
issue
28.
Is
it
28
we
place
TS
the
sketch
yeah,
so
that's
for
both
of
us
are
old.
It
precedes
the
last
ITF
and
I.
Think.
Questions
like
this
are
pretty
much
resolved,
so
we're
going
with
transparency
Services.
G
Yeah
and
then
that's
that
yeah,
so
compact
is
an
open
item.
Changing
some
artifact
is
a
very
open
item.
We
haven't
settled
so
so
I
I,
of
course
understand.
We
are
in
the
chartoscope
of
software
Supply
chains,
but
the
biggest
concerns
come
from
other
Supply
changes
when
you
use
artifact
in
supply
chain
for
software,
artifacts
is
already
they
build
artifact,
it's
not
necessarily
the
code
and
it's
it's
arbitrary.
So
is
it
the
product
or
is
it?
G
Is
it
the
the
the
the
the
item
the
consumer
effectively
gets
delivered
so
so
there
is
a
little
bit
of
a
I.
Think
I
think
this
needs
a
dedicated
session
just
to
get
this
one
done.
I
assume
that
asset
is
also
overloaded.
So
this
is
a
very
open
topic
and
maybe
Joshua
Joshua
has
some
cool
ideas
from
the
six
stars
space.
So
we
cannot
conflict
with
that,
for
example,
I,
don't
know,
but
I
think.
That's
again,
that's
an
open
discussion.
We
can't
do
here
today.
Thought
topics.
Unfortunately,.
A
H
A
G
But
most
of
the
all
missions
are
actually
about
terminology
at
the
moment.
Okay,
but
that's
that's,
not
a
bad
sign,
I
think!
Yes,
everybody
wants
to
not
to
talk
past
each
other,
that's
great,
but
but
to
be
honest,
as
we
have
focused
on
software
supply
chain.
I
think
nothing
moved
here
in
the
last
one
and
a
half
months.
A
A
B
B
A
G
G
I
think
that's
one
of
the
first
items
of
the
architecture,
team
design,
team
meeting
I
think
we
will
just
cover
statement,
sign
statement
and
transparent
statement,
and
then
we
can
find
smaller
words
later
and
maps
have
to
claim
again,
but
but
I
think
nobody
is
that
actually
that's
more
than
a
compromise.
It's
like
nobody's
unhappy
with
that,
and
and
just
we
go
from
there.
G
G
Yeah
I
think
this
is
a
red
hiring,
so
Steve
I
said
I,
don't
think
here
you
can't
defend
himself.
So
this
this
is
the
problem.
I
was
highlighting
that
that
evidence
is
basically
sometimes
so.
The
opaque
payload
in
skit
is
sometimes
to
refer
to
as
evidence
coming
from
supply
chain.
So
if
something
happened
in
a
supply
chain-
and
that
can
be
a
a
human
witness
or
a
video
or
a
science
document-
that's
evidence-
that's
that's
that's
conflicting
hard
with
rats
and
I
think
that
is
already
off
the
table
here.
G
F
So
if
you,
if
your
rats
view
of
the
world
you're
generally
be
a
tester
device,
making
claims
back
up
to
the
verifier
or
the
sort
of
the
hosting
and-
and
it's
very
much
my
very
limited
view
of
it-
is
that
when
you
make
a
claim
there,
it's
a
tester
claim
it's
the
and
then
of
the
of
the
device.
So
it's
looking
back
I,
don't
know
how
to
discriminate
between
the
two,
but
it's
a
Upstream
claim
made
Upstream
versus
Downstream,
whereas
skit
the
claims
are
being
made
Downstream
by
a
usually
like.
F
If
you
did
have
a
rats
device
coupled
with
hosting
you
know
service
of
some
kind,
then
the
service
would
be
placing
the
claim
into
the
skit
registry
Downstream
versus
Upstream,
so
maybe
there's
a
way
to
to
discriminate
them
based
on
that,
because
they
do
seem
pretty
different.
So
if
you
say
a
claim,
you
know
in
the
rats
World
being
made
by
that
device
Upstream
it
has
a
different
quality
than
than
the
claims
made
by
say
a
entity
submitting
software
into
the
into
the
skit
registry.
F
A
G
So
and
Ray
there's
a
very
astute
observation,
I
think
you
said
your
point
of
view
is
limited,
but
in
general
you're
correct,
so
so
that,
but
that's
that's
good
is
so
versatile
that
you
could
put
a
skit
instance
as
a
transparency
and
auditing
system
in
between
and
a
test
and
the
verifier
and
it
records
every
evidence
ever
created
that
is
sent
to
that
verifier.
So
you
can
look
back
at
20
years
and
find
everything
in
that
specific
communication
relationship,
for
example,
or
in
the
trust
zone.
G
So
it's
a
huge
domain,
sorry,
where
all
the
testers
record
the
evidence,
for
example,
then
this
Upstream
will
also
be
in
a
skid
transparency
service,
but
that
is
a
very
different
scenario
than
we
are
typically
talking
about
here.
The
use
cases
so
so
by
in
general,
you're,
correct
I
can
I
can
think
of
situations
where
you
kind
of
proof
of
a
counter
proof,
but
but
yeah
I
think
for
for
higher
for
broader
understanding.
Your
your
point
of
view
is
a
good
one.
F
No,
no
I
I,
don't
I,
think
we're
in
agreement
there.
In
other
words,
I'm
not
saying
that
the
the
UPS,
the
Upstream
claims
from
on
a
tester
device
can't
be
placed
in
the
skit
registry.
But
the
type
of
thing
that
you're
placing
in
that
claim
is
different
in
quality,
from
a
claim
that
would
be
made
by.
G
F
Yes,
yeah,
so
that's
why
the
two?
If
you're,
going
to
use
the
word
claim
for
everything,
then
you
you
do
start
to
get
into
trouble,
because
the
quality
of
those
two
things
is
quite
a
bit
different
and
you
could
call
them.
You
could
say
Upstream
claim
from
an
a
tester
device
and
just
not
suggesting
that,
but
lots
of
adjectives
to
mean
that
it's
from
this
device
and
it's
sort
of
a
simplified
claim
that
you
you
need
to
really
check
versus
a
claim.
I
don't
know.
F
Okay,
the
claims
could
include
these
other
things
of
a
downstream
claim
and
maybe
they're
about
the
same,
though
it's
a
good
point
that
you're
making
that
that,
even
though
that
the
rats
but
I'm
just
thinking
that
between
skit
World,
which
includes
both
types
within
our
concept
of
claim,
that's
different
than
what
rats
does
and
maybe
rats
should
be
responsible
for
adding
adding
an
adjective,
not
sure
but
I
just
wanted
to
say.
While
I
have
the
floor
and
I
don't
mean
to
divert
the
attention
of
what
we're
doing,
I
did.
F
E
B
Your
first
yeah
I
mean
I'm,
failing
to
understand
the
issue
itself,
where
it
says
change
statement
to
evidence.
Evidence
is
something
which
can
be
verified
and
that's
precisely
the
rats
is
doing
because
evidence
is
a
signed
set
of
claims
in
rats
statement
is
just
a
statement
which
saying
I'm
saying
this,
but
once
it
becomes
a
sign
statement
or
a
claim,
then
it
goes
into
the
skit.
So
I
don't
know
whether
this
is
a
valid
request
coming
from
Steve
or
what
was
the
intent
behind
requesting
this
I'm
still
struggling
to
understand
this.
A
But
if
you
don't
want
to
call
that
information
that
goes
in
there
before
it
sign
like
it,
and
it
has
some
name
better,
have
some
name
too
and
like
in
this
case
in
the
terminology
section,
it's
called
statement
yeah
and
the
software
bill
of
material
is,
is
referenced
but
yeah.
So,
like
it's
really
a
question
like
how
do
you?
How
do
you
want
to
call
that.
G
G
Yeah,
so
there
is,
this
thing
called
build
evidence
I,
think
that
is
a
domain
specific
term
that
is
very
common
in
software
creation
and
therefore
evidence,
but
there's
conflicts.
Now
this
was
a
proposal
to
change
to
that
domain.
Specific
language
we
I
think
we
assessed.
That's
not
the
way
we're
going
to
do
this.
We
will
probably
use
more
qualifying
words
or
substitute
words
at
some
point,
and
that
will
be
a
process
definition
first.
H
Yeah
I
always
view
the
fundamental
Ledger
or
Journal
portion
of
skid
and
the
underlying
rats
discussions
as
building
blocks
for
the
rest
of
the
system
having
them
squat
on
terminology
when
it
becomes
just
the
Bri
air,
we
breathe
a
little
bit
problematic,
which
is
why
I
propose
writing
up
the
use
case
terminology
and
then
defining
it
from
there
and
then
coming
back
to
the
lower.
We
don't
talk
about
letters.
We
don't
talk
about
words.
B
H
But
you
are
very
generic
in
nature,
yeah,
but
just
think
about
it.
The
government,
the
US
government,
has
already
said:
hey,
there's
evidence
and
there's
build
evidence,
so
we're
not
going
to
move
that
800
pound
gorilla
off
where
they're
sitting
right.
We
have
to
live
with
the
terminology.
The
verticals
are
using
normal
to
call
not
call
a
compiler
a
compiler.
Just
because
we
sat
on
the
word
compiler
right.
We
have
to
take
into
account
where
the
use
cases
are
already
sitting.
B
H
B
Yeah
but
I
I'm
little
nervous
about
that
kind
of
thing,
because
what
we
have
is
our
ecosystem.
The
state
ecosystem
and
skit
ecosystem
defines
artifact
means
like
this,
and
it's
very
clearly
written
in
bold
in
architecture.
So
when
you're
reading
the
architecture,
then
you
should
try
to
relate
the
concepts
based
on
the
definitions
which
we
are
defining
in
the
architecture,
not
trying
to
say
what
10
other
industry,
people.
H
That's
exactly
your
guess:
that's
exactly
how
we
got
into
this
problem,
we're
saying:
hey
rats
and
Skip
intersect
with
each
other.
Therefore,
there's
the
800
pound
girl
that
we
have
to
solve
and
I'm
going
in
the
grand
scheme
of
things.
It's
not
I'm.
Your
your
opinion
is
your
opinion.
My
opinion
is
mine,
so
we
need
to
figure
out
get
the
documents
out
there.
Let's
have
a
discussion,
let's
have
a
vote.
I
don't
but
I
disagree
with
looking
at
specifically
by
saying
hey,
rats
and
skit.
Are
there,
therefore
they
dictate
the
terminology
for
everybody
to
use.
G
Yeah
I
I,
don't
think
it's
a
show
blocker
so
like
they
said,
qualifying
things
first,
then
it's
big
evidence
and
it's
a
big
artifact.
Let
me
started
with
that
and,
if
then
over
to
mains,
you
realize
that
if
you
do
I
don't
know
very,
very
construction.
Artifact
is
unfortunately
also
very
important
and
with
something
entirely
different
again,
you
have
to
have
it
call
it
a
very,
very
RTF
effect.
Then
we
have
to
qualify
things
I'll
bring
it
in
context,
so
that's
the
only
thing
being
a
tool.
G
Luckily,
for
now
we
have
to
only
think
only
somewhat
ahead,
and
that
is
the
hardware
supply
chain
that
was
relatively
close
to
the
software
I
think
these
there
are
a
lot
of
con
attendees
waiting
for
that
step
and
I
think
the
concerns
from
from
those
from
those
that
application
domain
should
be
the
loudest.
Now,
of
course,
I
heard
governments,
evidence
and
nist,
yes
bring
them
into
context.
G
They
have
a
software
assurance
and
such
terms
already
and-
and
they
have
also
the
the
use
of
the
term
attestation,
which
is
really
funny
and
so
yeah,
so
so
yeah.
This
is.
This
is
something
we
can't
as
hard
ever.
There
will
be
an
abstract
on
overlap
of
terminology,
ritual
bodies,
and
then
we
will
highlight
we
will
qualify
them
if
in
doubt,
and
then
in
text.
I
hope
that
this
will
be
a
comprehensive
and
intuitive.
E
Thank
you
Johannes,
so
I'd
like
to
say,
I
agree
with
what
Roy
is
stated
about,
focusing
on
use
cases,
because
getting
those
use
cases
established
will
help
us
understand
the
problem
space
that
skit
needs
to
address,
and
until
we
know
what
those
use
cases
are
we'll
always
be
debating
what
what
the
boundaries
and
scope
will
be
of
skit.
So,
let's
my
suggestion
is,
follow,
follow
it.
Roy
is
suggesting
get
the
use
case
document
Define,
and
then
we
can
focus
on.
B
B
G
G
So
at
March
13th
we
must
have
submitted
something,
so
we
should
at
least
be
a
week
before
that
because
I
think
that's
a
Monday,
so
the
Monday
before
that
Monday
we
should
have
agreement
on
all
issues
or
push
into
the
next
iteration.
So
I
would
say
the
meeting
on
March
6th
will
be
the
meeting
where
we
should
decide.
What's
in
or
what's
out,
and
it's
of
discussion
for
the
ITF
meeting
in
Oklahoma.
A
H
Yeah
well
I
one
thing
we
had
finished
them,
which
is
why
I
wrote
the
other
document
on
the
terminology
saying
hey.
This
is
how
I
view
this
vertical
and
I
was
asking
for
other
verticals,
so
we
can
all
put
them
together.
I,
don't
think
we
have
to
have
a
Signed,
Sealed,
Delivered
use
case
list
to
say
here's
the
proposed
terminology.
E
And
then
I
would
go
further
Roy
and
say
it
doesn't
have
to
specify
every
single
possible
use
case.
That's
fit
might
be
used
to
solve,
but
at
least
needs
to
give
us
a
starting
point.
A
Direction
with
maybe
just
I,
wouldn't
even
go
past
five
use
cases
I'd.
Keep
it
limited
for
this
first
go
around
to
make
sure
that
the
pi,
the
end
number
we
choose
is
is
going
to
help
us
set
the
stage
for
what
skit
actually
can
do
in
practice.
I.
H
G
The
queue
yeah
I
still
exactly
so
so
why
I
understand
that
we
want
to
have
a
crisp
and
five
sounds
like
a
awesome
number
set
of
use
cases.
I
think
we
cannot
do
this
for
IDF
116.
I
I.
What
I
would
like
to
do
for
16
is
a
Target,
and
this
is
why
I
was
replying
the
way
I
did
because
dick
was
asking
they
said.
G
Do
we
have
a
Target
completion
State
for
the
use
case
document
and
one
completion
stage
I'd
say,
is
having
all
the
use
cases
that
are
known
and
openly
worked
on
today
in
a
style
and
structure
and
comprehensiveness
that
is
comparable
and
therefore
uniform,
and
then
we
can
go
from
there.
Then
we
can
try
to
merge
two
of
them.
We
I
still
have
to
schedule
the
the
events
with
Joshua
that
I
promised
last
week,
but
I
could
only
to
do
do
two
of
the
boxes
in
one
week
last
week.
G
I
don't
didn't
have
time
for
more,
but
now
I
can
do
case
studies
with
Joshua,
for
example,
and
we
can
walk
through
the
item.
I
present,
oh
by
the
way,
an
offline
email
to
you.
After
this
meeting
yourself
and
and
I
can't
I
would
not
Target
five
use
cases
for
your
grammar.
That
would
be
a
taking
away
a
bit
about
this
discussion
of
the
in
the
room,
especially,
is
this
enough?
Is
this
too
much?
How
can
we
optimize
this
I
think
that's
a
room
discussion.
A
E
A
Okay,
so
what
I?
What
I
get
from
this
discussion
about?
The
terminology
of
the
architecture
document
is
that
first
of
all,
there
are
a
number
of
issues
related
to
terminology
like
easily
easily
five
issues,
and
some
some
others
may
may
need
to,
or
have
to
be
closed,
because
they
are
already
a
little
bit
too
old.
But.
A
A
I
know
you
thank
you.
You
are
still
on
to
the
discussion
with
Monty
on
the
iot,
a
sort
of
firmware
use
case,
so
that's
taken
care
of.
We
had
Ray
present
his
or
post
his
use
case,
and
then
Joshua
also
wants
to
contribute.
The
use
case
Joshua
remind
us
what
that
specific
use
case
was
about,
or
was
it
multiple
use
cases.
I
A
I
G
E
I
E
And
honest
I
would
say
your
email
to
the
list
this
morning
was
very
insightful.
You
pointed
out,
there
are
term
there
are
terms
in
the
use
cases
that
exist
now
that
don't
exist
over
in
the
architecture
document,
so
I
I
think
this
is
doing
these
use
cases
first
will
flush
out
some
of
those
issues
so
that
we
can,
you
know
ensure
we
do
have
alignment
between.
What
the
use
case
says
is
in
scope.
What
the
architecture
says
is
in
scope
and
what
the
terminology
is
that
relates.
B
H
E
Yeah
and
I
can
Rea
can
commit
to
providing
some.
You
know
support
in
that
space
to
helping
with
the
use
cases,
so
you
just
need
to
know
what
what
kind
of
timeline
everyone's
looking
at
and
what
the
scope
is
in
terms
of
you
know
how.
How
far
do
we
want
to
go
with
the
use
case,
but
we
stand
ready
to
support
this
effort
fully
thanks.
A
F
E
B
F
F
At
the
end
of
the
day,
is
not
yeah
hey
I've
get
down
here
to
the
end
and
essentially
talk
about
after
the
election,
then
you
know
things
need
to
be
combined
and
I
have
a
separate.
You
know
thing
about
this,
a
separate
document
about
the
use
case
for
how
they
might
be
combined
and
then
because
there's
a
lot
of
in
this
case
it's
a
lot
of
data
and
that
there's
individual
zip
files
that
are
each
very
big.
F
F
So
today
these
loading
machines
are
all
in
one.
So
you
have.
The
scanner
is
usually
bought
from
some
other
vendor
inside,
but
conceptually
you
know,
there's
one
computer
that
handles
everything
and
it
is
valid
aware
so
there's
a
bit
of
a
security
concern
that
I'd
like
to
split
this
concept,
so
that
so
that
the
tech,
the
scanner
is
not
combined
either
inside
the
machine,
have
them
be
separate
and
and
then
have
a
separate
core
that
would
be
able
to.
F
A
Fast
one
question
for
you
related
specifically
about
the
big
or
the
huge
amount
of
data
is
like
that
appears
to
be
one
of
the
requirements
for
for
skit
for
a
skit
based
architecture
that
it
has
to
deal
with
kind
of
these
external
data
items.
So
to
speak
in
instead
of
lumping
everything
together
in
a
in
one
data
structure
and.
F
F
So
a
lot
of
data,
different
files
that
are
already
zipped
up
that
have
you
know
that
need
to
be
handled,
but
then
grouped
together
as
a
logical
group
and
by
a
single
entity,
and
then
you
know
submitted
to
skit
and
locked
in
all
right
and
then
the
other
requirement
is
they.
They
may
want
to
submit
the.
That
is
it's
a
timing
thing
so
when,
when
the
when
these,
when
I
was
down
here,
when
the
ballots
are
scanned,
they
need
to
be.
F
What
we'd
like
to
see
is:
is
that
the
hash
values
of
the
signed
hassle?
The
concept
here
is
inside
the
scanner.
There
is
a
private
key,
that's
each
one
of
the
images
gets
secured
with
that
private
key
and
signed
either
individually,
which
was
preferred
for
some
reasons
and
and
then
as
a
whole.
The
whole
thing
signed
right,
so
everything
is
signed
by
this
private
key.
It
comes
back,
but
then
those
individual
cozy
blocks
probably
are
then
posted
okay
in
skit,
so
that
and
and
by
the
way,
this
whole
thing
is
air
gapped.
F
F
This
that
doesn't
happen
that
everything
is
air
gapped.
We
have
a
very
limited
time
to
send
data
back
and
forth,
so
it's
an
air
gap
situation,
and
so
when
those
images
come
back
that
we
would,
we
would
be
able
to
post
just
the
the
security
information
the
signatures
to
skit
rather
than
than
everything,
so
it
might
be.
It
might
be
a
some
way
to
have
laughs
an
eventual
yeah.
F
Everything
is
there
and
available,
but
in
time
there
would
be
an
initial,
a
post
of
something
that's
incomplete
and
it
kind
of
I
I.
Don't
I'm
not
worried
that
this
thing
won't
be
satisfied
because
it
appears
in
the
software
world.
That's
also
going
to
be
a
requirement
because
a
lot
of
the
tests
come
later,
and
so
you
want
to
post
something
and
then
maybe
have
tests
that
take
time
that
are
added
later
and
then
maybe
test
houses
that
might
test
the
software.
F
That's
added
on,
oh
by
the
way,
all
of
this
software
s-bomb
and
and
security
thing
that
we're
working
on
can
be
applied
to
the
election.
You
know
segment
as
well,
because
they
do
have
software
in
these
machines.
It
needs
to
be
secured
in
the
same
way,
so
I'm
interested
in
all
that
as
well,
but
I
I,
just
I
wanted
to
point
to
this
one.
F
One
thing
as
you
read
through
this:
if
you
ever
have
time,
I
just
need
to
settle
this
public
key
claim
that
I
did
not
find
in
the
rats
literature
about
how
how
to
stand
a
public
key
back
from
the
device
and
have
it
be
be.
You
know
basically
I'm
I'm
thinking
that
it's
this,
this
element
that
that
exists
called
the
election
management
system,
where
it
would
maintain
a
database
of
public
keys
to
be
that
that
are
used
by
the
scanners
in
the
election
and
that's
what
I
need
to
to
sort
of
resolve.
H
So
Ray,
you
should
probably
take
a
look
at
the
confidential
compute
framework
that
Sylvan
and
his
team
have
pushed
out
they're
using
rats
to
make
the
claims
of
how
the
device
boots
up
and
then
you're
starting
to
get
into
a
cross-section
here
with
the
Drone
community
of
long-live
cert
identities
on
devices
as
a
way
of
identifying
who
actually
signing
content.
So
there's
some
intersection
with
these
other
technologies.
That
sounds.
C
F
Match
so
if
there
is,
why
don't
you
just
send
me
that
so
I
can
review
that,
but
basically
I
was
trying
to
I,
see,
there's
no
problem
with
using
this
entity
attestation
token
from
from
rats,
but
I
I
couldn't
find
out
how
to
do
this
public
key
claim
and
if
there's
some
way
to
do
that
and
another.
You
know
technology
or
something
then
fine,
but
but
what
I
was
saying
is
that
here
likely
the
way
to
do
this?
F
If
you,
if
there
was
such
a
thing
in
rats,
is
that
that
when
the
scanner
is
provisioned
by
use
by
the
EMS,
which
is
the
election
management
system,
then,
and
in
a
secure
configuration
like
in
the
election
office,
then
it's
initialized
using
the
flash
memory
device.
So
the
flash
memory
of
dice
would
be
plugged
into
the
machine
and
powered
on
and
it
would
initialize
that
memory
and
then
follow
the
passport
operational
model.
F
Where
then
the
device,
once
it
had
its
initial
information
it
formats
and
initializes
it
and
provides
the
initial
information
and
then
blah
blah
blah,
then
it
would.
The
EMS
would
review
the
from
that
and
and
then
write
the
certificate.
I
mean
this
is
this
is
just
a
wild
guess
on
my
part,
because
I
haven't.
A
Implemented
this
great
a
question
you
mentioned
at
the
ad
Gap
scenario,
which
is
another
one
of
the
requirements
that
we
discussed
in
in
previous
meetings
at
what
point
is
the
is
the
device
air
gapped?
Is
that
like
because
because
after
all
like
at
some
point
in
time,
you
need
to
upload
something
to
the
skid
registry,
and
you
also
from
the
flow
that
you
just
mentioned.
You
obviously
need
to
get
some
data
provisioned
onto
the
device
and
maybe
off
off
the
device
as
well.
F
Okay,
so
the
the
election
officers
are
required
to
be
completely
air
gap.
They
can
have
an
internal
LAN
to
talk
to
scanners
that
might
exist
internally
like
well
what
they
call
Central
scanning
operations,
where
this
large
scanners
are
are
land
connected
to
their.
You
know,
typically,
sometimes
very
large
computers
that
handle
the
tabulation,
but
then
they
so
their
air
gap
and
the
machines
in
the
field
are
air
gapped.
F
F
F
You
know
pretty
much
at
all,
and
so
these
are
hand
carried
and
then
that
then
they
essentially
what
we
want
and
and
what
we
want
is
to
have
essentially
assigned
hash
value
for
every
image.
Okay,
so
for
Central
scanning
operations,
they
also
have
this
problem.
Where
and
there's
been
Papers
written
on
this
I
have
one
in
here.
That's
called
unclear
ballot
where
they
at
they
go
in
and
hack
the
image.
A
F
F
That's
that's
could
be
one,
but
then
if
it
was
just
one,
there
would
need
to
be
the
list
of
what
it
means,
but
essentially
all
of
these
results
would
be
on
a
jurisdiction
website
or
another
post.
Other
posting
Service
A
lot
of
times
they
do
use
a
different
posting
service
because
of
just
size
you
know
their
their
website
doesn't
handle
it
in
cost.
So
like
a
really
good
jurisdiction.
F
That
is
an
example
of
San
Francisco,
where
they
post
everything
and
they
they
they're
pretty
big
too,
so
they
and
they
post
their
their
ballot.
Images
on
I
think
it's
called
sync.com,
but
then
they
have
just
a
simple
file
which
is
made
with
this
tool
called
half
easy
hash,
or
something
like
that,
and
and
basically
it
gives
the
Sha
512
hashes
for
every
zip
file
that
they
have
of
all
of
their
images
and
then
all
of
their
cast
Vault
record
files.
F
Everything
is
in
that
that
you
know
this
is
this
is
a
not
a
standard
way
of
doing
it,
which
is
sad
because
I
want
to
drive
it
in
that
direction,
so
that
so
that
I
can
go
to
anyone's
website
and
find
the
same.
You
know
listing
of
what
their
items
are.
Now
that
could
be.
That
could
be
part
of
the
skit
definition.
Perhaps
I
know
that
within
things
like
the
the
open
container
initiative,
they
have.
F
You
look
at
things
like
the
nfts.
You
know
they
have
a
similar
thing
where
they
use
something
like
skit
to
manage
the
nfts
and
they
they
have.
You
know
references
to
remote
data
which
might
be
pretty
large
and
they
don't,
you
know,
put
the
data
into
the
into
the
registry,
so
that
would
be
great.
That
would
be
the
other
issue.
A
D
Yeah,
so
thank
you
Ray
for
the
for
the
use
case
that
was
very
useful.
Looking
forward
to
reading
that
document,
yeah
I
just
want
to
make
a
quick
announcement.
We
are
we're,
performed
a
new
skit,
Community
I'm
sure
some
of
you
are
aware
of
it.
The
skit
Community
will
be
complementary
to
the
existing
skit
ietf
working
group.
The
working
group
is
focused
on
specification
development
building.
D
So
as
I
as
is
iitf
itself
points
out
right
that
Force
us
something
to
become
a
standard,
we
need
to
at
least
two
or
more
interoperable
implementations,
so
skip
communities
role
is
to
sort
of
facilitate
that
really
help.
The
help
with
the
adoption
of
these
specifications
that
we're
developing
here
within
the
working
group,
right
it
is
open
to
public
new
members,
are
invited
to
join
I,
will
send
out
out
an
email
to
our
working
group
with
all
the
links,
and
you
know,
resources
and
everything.
D
A
It's
good
that
you
guys
sort
of
like
want
to
gather
the
those
who
are
developers
who
want
to
work
on
early
prototypes
of
what
we
are
doing
in
the
in
the
group.
So
that's
that's
excellent!
So,
obviously,
for
those
people,
that's
the
right
type
of
meeting
while
we
are
making
progress
with
the
standards
activities
here
in
the
group
of
two
specifications.
D
Absolutely
yeah
the
I
getting
our
you
know,
use
case
document
architecture,
dark
radius.
You
know
as
rfcs.
That
would
definitely
be
the
goal
for
ietf
116
right,
that's
the
primary
goal.
The
implementation
is
just
to
you
know,
I
think
we're
at
a
point
where
we
can.
We
can
start
collaborating
sooner
than
later,
and
you
know
work
on
all
those
interoperability
items
right
so
that
that's
a
big
goal
for
the
community.