►
From YouTube: RATS Architecture Design Team, 2020-06-23
Description
RATS Architecture Design Team, 2020-06-23
A
B
It's
about
this
sorry,
we
are
week
last
week
because
TCG
stuff,
there
is
the
thing
that
everyone
has
to
be
protected,
but
let's
it
the
text,
so
it
doesn't
necessarily
have
to
go
into
the
definition.
I
think
Dave
wants
to
have
a
concise.
We
know
the
two
sentences
already
so,
for
the
sake
of
brevity,
I
would
be
okay,
for
I
mean
that
just
simply
in
the
text,
although
I
have
to
cross
check.
If
that
really
really
is
paid,
odd
ones
prominently
so
Dave
do
you
know
anybody
in
the
scored?
Probably
knows
that?
B
Would
yes
would
be
okay,
if
not
is
where
we
have
two
sentences
with
evidence
now
not
state
that
evidence
has
to
be
temper
evidence
not
throwing
it
and
so,
and
so
that's
not
in
the
definition
right
now
and
it's
already
a
little
bit
wordy
because
two
sentences
so
I'm,
okay
with
having
that
in
the
text
somewhere
in
the
body,
but
actually
everything
we
have.
We.
A
C
B
B
C
A
A
A
C
A
D
E
C
A
C
C
B
C
My
opinion
on
topic
is
that
the
conceptual
data
flow
diagram
intentionally.
It
does
not
reflect
that
because
it's
showing
the
particular
attestation
in
the
cases
talked
about
in
the
quoted
stuff.
Above
that's
saying,
technically,
there's
another
type
of
attestation
with
the
verifier
acts
as
a
tester
and
something
else
access
the
you
know,
verifier
or
whatever,
and
so
it's
a
different
instance
of
the
same
diagram.
This.
E
C
C
G
Yeah
I
done
meeting
myself
to
basically
agree
with
that
with
that
comment,
so
as
long
as
the
rest
of
the
document
makes
it
clear
that
that's
possible
I
think,
what's
maybe
confusing,
is
that
that
second
instance
is
really
sort
of
in
maybe
embedded
in
the
first
instance.
So
that
is
before
the
first
instance
of
the
relying
party
to
Trump's
the
ax
tester
completes.
It
has
to
do
a
complete
separate
instance
to
to
trust
the
verifier,
but
yeah
I
agree
with
you.
C
C
B
D
D
Yeah
sure
yeah
yeah
I
mean
oh
and
just
I
haven't
you
know
we
I,
guess
I
think
it
was
Singapore.
We
really
came
to
the
conclusion
that
it
could
be
attestation
results
and
I
haven't
updated.
Anything
in
the
document
since
then
I
put
anything
in
that
putting
anything
in
the
doctrine
about
that.
So
so
so.
C
The
other
part
but
great,
looks
like
he's
saying:
I
there
may
be
a
misconception.
There
is
because
I
think
there's
a
solution.
That
may
not
be
true
that
he's
making
it
sounds
like
in
his
text
here.
Another
topic,
three
he's
thinking
that
the
ability
to
a
test,
the
ability
for
the
verifier
to
attest
to
some
other
entity,
whether
that
entity
is
the
endorsed
sure
by
owner
or
their
line
party,
is
in
the
same
message
as
the
attestation
result
or
the
same
eat.
I.
C
Don't
think
that
assumption
is
true
in
general
that
well
flow
between
them
could
have
multiple
legs
and
the
first
leg,
maybe
test
just
like
it
was
in
our
tester
and
another
leg
would
be
send
another
message:
yeah
you
know
couple
messages
later
could
be
sending
attestation
result.
I,
don't
think,
there's
any
requirement
that
those
be
bundled
into
the
same
one.
Nor
is
there
any
requirement
they
not
that
they
not
be
so
I.
Think
that's.
Why
is
he
saying?
Maybe
it's?
If
embedded?
Would
it
be
invited
or
discovered
answer?
Be?
C
A
H
C
A
And
I
opened
this
ticket
in
the
eat
area,
so
they
won't
forget
it:
okay,
great
okay,
so
forget
topic
3
for
now,
yep
I.
Think.
The
question,
in
my
mind,
is
whether
the
architecture
itself
has
to
go
into
the
recursive
applications
of
itself
or
whether
that
is
actually
more
of
a
whitepaper
applicability.
Note
or
some
other
kind
of
thing
where
someone
simply
says
and
I
can
use
this
architecture
recursively
and
here's
how
I
do
it
I
just
don't
know
if
we
need
to
be
if
this
is
important,
except
it
validates
the
architecture.
I,
don't
think.
C
I
think
topic
2
right
word
for
me.
Maybe
one
sentence
is
sufficient,
I,
don't
know
not
a
whitepaper
or
something
I,
don't
think
that's
necessary.
But
since
I've
already
heard
on
this
call
here
that
that
there
are
two
different
implementations
that
do
it
one
being
Craig's
and
one
being
something
that's
booked
up,
it
was
it's
imperfect
knowledge,
so.
B
B
C
I
think
it's
easy
address,
because
the
reason
why
you
might
want
to
have
attestation
before,
like
you,
I'm
just
looking
at
the
text-
that's
the
second
quote
the
endorser
and
verify
remain.
Do
you
trust
the
verifier
before
giving
the
endorsement
appraisal
policy
to
it?
Our
same
thing?
The
reason
for
that
is
because
it
may
contain
information
that
you
consider
to
be
confidential.
Hey
you
don't
want
to
give
it
to
somebody
unless
you
know
that
they're
gonna
do
the
right
thing
with
it
right.
C
You
don't
just
give
it
to
the
public,
okay,
and
so
one
way
to
say
that
it
is
not.
You
know
we're
cursive
more
than
one
level
is
to
say
out
of
the
two
entities.
Whatever
those
two
entities
are
right,
one
of
them
might
be
public
and
the
other
one
is
private,
and
so
one
might
not
care
who
they
give
it
to
because
you're
a
public
service
right.
So
just
like
when
talking
about
you
know
mutually
attested.
C
I
So
I
agree
with
that
sentiment
and
I.
Think
what
you're
really
trying
to
say
is
that
each
of
these
entities
is
acting
in
accordance
to
some
policy,
whether
that's
an
implicit
policy
or
explicit
policy
and
requirements
of
that
policy
may
say
that
I
need
additional
attestation.
Everman
is
coming
the
other
way
and
I
think
it's
important
to
say
that
in
the
architecture
documents
somewhere,
because
if
it
really
highlights
a
key
concept
that
needs
to
work
yep.
C
D
B
Trust
and
then
you
know
it's
vulnerable,
the
endorsement
is
freely
available
and
you
know
oh
cool
I
can
trick
that
would
of
trusted
being
unreliable
by
because
I
now
know
this
device
has
one
because
it's
always
consuming
this
message.
So
maybe
it
would
be
an
attack
vector
just
construed
from
the
top
of
my
head.
So
some.
I
H
D
I
mean
I,
don't
have
an
objection
to
that
per
se.
What
I
find
odd
is
that
there
is
a
discussion
of
that
that
direction
of
trust
before
there's
discussion
of
the
trust
in
the
other
direction
of
the
verifier.
Trusting
the
endorsement,
the
verifier
trusting
the
endorsement
is
really
fundamental:
I,
don't.
C
D
H
You
get
to
the
once
you
recurse
down
to
the
the
lowest
level.
You
can't
have
infinite
recursion.
Then
then
you're
going
to
be
into
this.
You
know
it
there's
some
fundamental
reasons
for
trusting
the
the
other
part,
the
other
role
and
it
isn't
based
on
a
test
date
and
because,
by
definition,
you
can't
read
yeah.
D
B
B
D
All
right,
I
think
it
bones
in
the
definition
of
the
thing
I'm
after
it
was
just
it,
which
is
the
poor,
requester,
I
wrote
and
we've
been
going
back
and
forth
with
Dave
is
what's
really
clear,
to
be
really
clear
about
what
an
endorsement
is
and
that
it's
the
verifier
has
to
trust
the
endorsement
or
the
endorser.
That's
the
basis
of
trusting
data
to
the
tester
and
that
texty,
the
balloons
I
think
in
the
conceptual
message
about
endorsement
or
in
the
trust
model
section,
and
it's.
H
D
B
D
So
so
what
you
could
do
in
the
trust
model
section,
the
response
section
has
some
discussion
about
this
I
think
it's
a
little,
but
but
it
has
this
discussion
about
the
endorser.
Trusting
the
verifier
before
has
the
discussion
about
the
V
or
I
think
the
verifier
trusting
the
endorser
is
is
the
much
more
important
concept,
so
it
should
come
first.
C
I
think
it
might
overlap
with
the
topic
one
on
here,
which
just
assigned
to
me
and
so
I
may
be
able
to
do
it
as
part
of
doing
topic,
one
which
I
said
was
already
about
any
moving
some
text
around
or
something
okay,
cuz,
that's
a
statement
about
the
order
of
text
as
opposed
to
missing
text,
and
so,
as
I
said,
a
gun
goes
along
topic,
one
which
is
about
you
know.
Maybe
some
text
is
in
the
wrong
place,
so
we
don't
have
to
duplicate
it.
D
A
A
D
A
C
Text
in
context
now
Lawrence's
right,
I,
think
minimally
I
have
a
paragraph
that
moved
down
to
get
the
order
point
now
that
won't
necessarily
fix
number
one
but
I
think
Lawrence's
main
point.
I
agree
with,
and
the
first
step
along
that.
Maybe
three
steps
is
to
move
the
particular
paragraph
down
so
I
at
least
know
what
he
means
so.
I
So
one
of
the
things
that
I
think
about
is
that
physicians
are
all
about
inferring
trusts
remotely,
and
so,
when
the
remote
system
is
making
a
decision
to
trust,
there's
a
question
of
what
it
needs
to
do
versus
what
is
wise
to
do.
And
you
know,
there's
a
policy
that
says
I
as
an
appraisal
or
a
relying
party
I'm
going
to
believe
a
certain
set
of
claims
about
evidence
and
this
discussion
about
trusting
endorsements
really
goes
back
to
the
wisdom
of.
I
But
there's
a
difference
between
the
mechanics
of
making
it
work
and
the
wisdom
of
what
you
should
specify
in
your
policy
and
from
an
architectural
point
of
view.
What
we
wanted
to
make
sure
we
do
is
we
have
places
where
these
policies
can
be
put
into
place
and
the
expect
variability
in
that
policy,
because
not
one
size
of
trust
fits
everybody
or
every
situation.
Sometimes.
D
I
Absolutely
and
when
it
comes
to
the
wisdom
that
I
personally
advocate
exactly
what
you're
saying
that
you
need
to
do
this,
if
you,
if
you
fail
to
do
this,
you
really
wasted
a
lot
of
time
doing
this
at
so
stations,
so
I
make
a
decision.
I
argue
distinction
between
what's
wise
to
do
and
what
mechanically
is
possible
to
do.
A
B
B
C
H
C
A
A
C
A
C
A
A
A
C
A
C
C
A
C
C
J
A
A
F
C
So
a
lot
of
the
things
that
you're
talking
about
in
terms
of
the
which
thing
is
which
role
I
think
is
in
the
text.
That's
down
below,
so
don't
have
scroll
to
compare
there.
You
can
see
a
tester
:,
relying
party,
:,
yeah
and
so
there's
gonna,
be
duplication
between
your
text
in
that
text,
but
I'm
looking
for
what
is
it
that's
clear
in
yours
and
of
this
text
and
whatever
it
is,
I'd
pull
it
in
I.
C
C
C
A
So,
let's
look
the
action
on
that
one
I
have
the
action
on
that
one,
so
Kathleen
suggested
and
I
want
to
totally
expand
this
so
that
you
can
see
it
better,
took
me
a
moment
to
find
it.
She
suggests
we
should
use
the
word
hygiene
here.
C
H
C
A
F
A
C
A
C
What
was
the
main
thing
driving
the
demand?
Example,
you
have
a
vendor
of
a
device
that
goes
into
customer
premises.
That
does
a
thing
with
an
ml
model.
Let's
pretend
let's
make
up
something.
Let's
say
it
has
a
video
camera
and
it
does
I,
don't
know.
Maybe
it's
a
face,
detection
in
an
airport
or
maybe
it's
a
something
watching
things
going
down
the
assembly
line
and
trying
to
distinguish
between
things
that
are
defective
or
just
things
that
came
out
good,
okay,
so
you're
kind
of
quality
control
thing
it's
using
an
ml
bottle
to
do
that.
C
So
you
have
this
device,
that's
meant
to
do
this,
video
processing
and
spit
out.
You
know
good
or
suspect
you
know
needs
further
inspection,
whatever,
okay
and
so
that
ml
model.
It's
considered
intellectual
property
by
the
device
vendor
and
what
they're
trying
to
protect
against
is
somebody
that
buys
the
device,
cloning,
the
device
and
being
able
to
create
their
own
that
because
they
consider
all
the
work
and
coming
up
with
a
male
model
to
be
their
intellectual
property.
So
they're
trying
to
protect
your
natural
property
for
getting
stolen
right.
D
D
C
C
Download
the
last
ml
model
when
you
turn
the
thing
on
and
it
cuts
up
or
whatever
it's
gonna
one
grab
the
latest
one
with
the
latest.
You
know
learning
from
the
cloud
the
manufacturer,
whatever
it
is
and
apply
that
and
the
manufacturer
does
want
to
give
it
out
unless
it
knows
that
device
hasn't
been
tampered
with.
Aren't.
Thank
you.
Yeah.
C
I
think
she's
talking
about
something
else,
because
she
says
like
in
the
question
she
says:
does
the
relying
party
hold
the
ml
model
or
knowledge
of
expected
inferences?
So
it's
clear
that
in
her
mind
those
are
two
different
things
which
they
are
to
me.
Inferences
are
the
outputs
of
what
the
ml
model
then
spits
out
right.
So
the
amount
model
is
like
a
type
of
a
program.
It
has
some
inputs
and
some
outputs
and
the
expected
inferences
are
the
outputs
of
that.
A
We
need
to
reply
to
her
and
make
it
and
make
it
clear
that
I
think
she's
going
a
meta-level
beyond
where
we
had
right,
because
I
think
she's
imagining
that
the
ML
model
is
going
to
produce
evidence.
That's
what
I'm
think
you
just
said
and
I
think
that
no
it
produces
inferencing
inferences
yeah,
but
I
thought
that.
Maybe
we
want
to
use
that
as
as
evidence
is
the
concept
and
maybe
she's
thinking
that
there's.
F
C
I
mean
to
if
they're
saying
think
that
this
is
a
case
where
maybe
we
don't
provide.
Maybe
we
don't
change
the
text.
We
just
reply.
An
email
I
would
be
ok
with
that
I
think
to
me
the
main
justification
for
not
going
into
it
in
any
detail
as
a
thing
driving.
The
use
case
is
the
desire
to
protect
the
intellectual
property
in
the
ml
model,
and
that's
what
it's
trying
to
focus
on
is
the
main
customer
requirement
of
the
main
device
vendor
requirement.
If
you
want,
customers
are
wrong
words
that
the
provider
right.
H
C
C
C
Suspect
the
tech
she's
commenting
on
was
probably
texted
I
originally
authored.
Although
I
don't
know
if
some
of
it
was
originally
in
Michaels
use-cases
document,
but
if
it
was,
it
may
have
come
from
me
and
the
wordsmith,
my
Michael,
but
I'm
saying
that
I'm.
If
nobody
else
wants
to
respond
to
Kathleen
I
can
probably
do
it.
Since
I
have
some
ownership
of
that
little
subsection.
A
B
C
A
F
Hank
I
always
point
some
comments,
but
the
the
main
thing
here
is
still
still
pending
so
sent
anyway.
Last
week
you
know
trying
to
create
all
the
context
needed
to
take
a
decision
on
the
main
on
the
main
point.
Maybe
we
can
we
can
take
this
offline
and
you
know
and
resolve
it
on
via
email,
because
it's
really
one
single
point
at
this
controversial
here,
which
is
Dave
they've
comment
on
teaching
a
couple
of
para.