►
From YouTube: RATS Architecture Design Team, 2021-01-19
Description
RATS Architecture Design Team, 2021-01-19
A
B
Dave
your
audio
working
yep,
I'm
here,
okay,
I
have
to
leave
at
quarter
two
okay,
but
I
should
be
good
up
to
that
point.
C
B
Hank
we
talked
about
ticket
248
last
time
and
we
were
just
at
the
end
I'll
pull
that
one
up
just
a
moment.
D
D
B
D
B
All
right
so
I'll
start.
I
did
a
bunch
of
what
I
call
low
hanging
fruit,
and
I
hope
most
of
these
are
are
easy
to
do.
D
B
E
So
the
first
one.
E
Right
because,
okay,
can
you
check
this?
Please
because
I.
E
E
I
may
refuse
to
issue
you
too,
so
yeah.
My
comment
is
still
valid.
I
think
because
here
it
says
the
verifier
may
refuse
to
issue
the
attestation
result,
but
in
fact
it
might
as
well
issue.
Another
station
result
with
a
negative
outcome
right
so.
B
D
D
E
I
agree
and
then
I
had
the
other
comment
which
is
not
on
this
change,
so
I'm
not
sure
that
this
is
important
in
the
context
of
this
pr.
But
it's
just
the
line
below,
I
think
is
say.
E
E
So
the
the
648,
the
third
way
is
when
the
verifier
is
unreachable,
but
I
mean
there
are
many
ways
the
verifier
may
fail
right,
so
you
could
have
an
internal
server
error
or
a
dependent
depending
a
subsystem
that
doesn't,
you
know,
works
as
expected
and
whatever
so
I
I
my
comment
was
I'm
not
sure
why
we
need
this
kind
of
precision
here
that
again
rules
out
other
possible
implementation,
behaviors.
E
Yeah
it
can
it
can't
respond
for
some
reason
right
being
unreachable
is
one
of
the
reasons
right
that
a
network
breakdown
is
one,
but
even
internal
server
errors
are
completed.
E
F
D
D
B
As
yeah
http,
you
know
500
error,
it
means
you
know,
dns
is
down,
and
I
can't
talk
to
it,
even
though
the
machine's
available,
oh
any
any
way
in
which
which
I
can't
get
my
data
through.
That's
what
I
understand
by
unreachable,
but.
D
D
B
B
F
G
B
Weird
okay,
so
I
this
is,
the
suggestion
was
that
we
should
point
at
the
released
version
of
the
architecture
document
rather
than
some
draft
now
this
is
documents
actually
from
november
of
2019,
and
this
is
was
from
2020.
B
So
I
don't
know
whether
that's
works
for
everyone
or
is
good
or
bad,
or
I
don't
know.
D
I
guess
the
only
thing
to
verify
is
the
thing
that
this
is
that
the
text
that's
pointing
to
this
points,
to
something
that's
actually
in
the
2019
version.
Assuming
that's
the
case,
I
did
not
check
that,
but
assuming
it
is,
then
I
think
this
is
fine.
I
think
it's
pointed
to
for
the
for
the
watchdog
discussion.
B
B
D
B
Okay,
so
the
first
comment
was
that
about
whether
this
should
explicitly
talk
about
the
tpm
in
here.
Well
right,
the
next
line-
I
don't
know
if
it
already
read
it
when
the
comment
was
made
from,
but
this
is
the
next
line
already
that
it
talks
about
all
these
things,
which
doesn't
say:
tpm,
okay
and
then
the
related
issue
was
this
one,
which
was
a
complaint
about
that
next
line
anyway,
and.
B
D
Execution
actually
there's
a
key
question
that
he's
asking
in
there
that's
related
to
my
comment
that
we
should
discuss
so
when
you
get
into
the
text
you'll
see
as
to
whether
heart,
yes,
no
the
no
well,
no,
the.
How
do
you
know
if
something
is
capable
of
claims
collection?
Okay,
it's
actually
a
a
loaded
question.
Okay,
all
right,
so
I
need
somebody
else
to
verify
my
understanding.
D
D
Okay,
so
assuming
that's
correct,
then
a
tpm
is
by
definite
so
now
scroll,
move
it
and
read
line
400
to
401
the
green
first.
First,
okay,
an
arbitrary
execution
environment
may
not
by
idea
by
default,
be
capable
of
claims
collection
for
a
given
target
environment.
Here's
the
phrase,
execution
environments
that
are
designed
specifically
to
be
capable
of
claims
collection
are
referred
to
in
this
document
as
a
testing
environment.
So
now
we
get
into
the
question
of
what's
claims
collection.
D
My
belief
is
claims.
Collection
is
getting
actual
measurements.
The
tpm
can't
get
measurements,
something
has
to
feed
them
to
the
to
the
tpm
right.
The
tpm
can't
just
go
out
and
measure
things.
So
in
my
definition,
at
least
my
reading
of
the
definition
and
a
testing
environment
is
the
tpm
plus
whatever's
feeding
at
the
measurements,
the
collection
of
those
becoming
a
testing
environment.
The
tpm
is
itself
not
capable
of
being
a
a
test
station
environment
by
itself,
but
needs
something
else
put
together
with
it
to
form
a
testing
environment.
B
So
I
think
it
depends
on
whether
you
referring
to
a
tcg
tpm,
which
has
a
specific
api,
in
which
case
I
think
that
what
ned
said-
and
you
said,
is
correct.
But
my
understanding
is
that
that
there
are
other
inv.
There
are
other
types
of
things
that
are
considered
a
tpm
or
called
that
maybe
incorrectly,
that
can
do
their
measurements
themselves,
particularly
if
they're
a
firmware
tpm,
but.
D
F
D
Is
the
thing
that
does
the
measurement
plus
the
thing
that
does
all
of
the
cryptographic
stuff
on
it
together?
So.
D
D
So
I
think,
going
back
to
guy's
question
is
what
would
disqualify
something
from
being
a
and
a
testing
environment
answer
if
it
does
not
have
a
way
if
it
does
not
do
measurements
and
stuff,
and
so
the
tcgtpm
would
be
an
example
of
something
that
would
be
an
answer
to
guy's
question.
What
do
we
put
into
the
text
here?
I
don't
have
a
strong
opinion
on
as
long
as
it's
not
misleading,
so.
D
D
A
That
it
was
a
reporting
function
there.
So
the
evidence
creator
is
the
gpm.
It
is
a
testing
environment,
even
if
it
is
fed
the
claims,
so
maybe
either.
We
have
to
think
on
the
how
how
do
the
claims
get
into
the
testing
environment
or
are
we
inverse
text.
D
Right
now,
look
at
line
393
hank,
the
testing
environments,
collect
the
claims.
Okay,
that's
an
active
phrase:
it's
not
a
testing
environment
except
the
values.
It's
collected,
values
there's
something
active
there
that,
because
it's
going
to
have
to
vouch
for
them
right,
garbage
and
garbage
out
right.
You
can't
just
say
you're
testing,
a
government
that
accepts
garbage.
F
B
A
D
At
least
the
two
types
of
environments
is
trying
to
explain
that:
there's
a
isolation
boundary
of
some
sort
between
the
testing
environment
and
the
target
environment.
Such
the
target
environment,
can't
lie
and
have
the
testing
environment
vouch
for
it
right
and
so
example,
if
the
target
environment
can
feed
to
the
testing
environment
here
is
anything
that
you,
here's
anything
that
you
like,
and
the
testing
environment
does
no
measurements.
It
just
accepts
the
claims
from
the
target,
signs
them
and
sends
them
off.
Then
the
isolation
boundary
has
no
value.
A
That
is
not
true,
because
we
have
the
evidence
generation
as
the
isolation
function,
which
is,
of
course,
of
value
and
should
be
most
definitely
separated
from
the
target
environment,
and
I
think
that's
actually
the
point,
not
the
claim.
The
claims
collection
might
not
even
be
the
exact
distinguishing
feature
here,
but
it's
the
evidence
generation.
D
I
don't
understand
what
the
point
is
of
separating
evidence
generation
from
from
the
values
if
the
values
can
be
completely
arbitrary
and
spoofed.
A
D
The
tcg
tpm
is
incapable
of
submitting
evidence
unless
it
has
a
way
of
having
trust
in
that.
So
you
put
it
together
within
it
with
a
component
that
feeds
the
correct
value
so,
for
example,
in
boot,
rom
feeds
at
values,
and
you
trust
the
rom
plus
the
tpm
together
and
the
round
plus
the
tpm
together
is
the
first
layer
of
testing
environment.
A
D
A
Is
not
so
so
the
assumption
is
that
the
what
what
net
highlighted
is
the
rgm
is
external,
but
somehow
part
of
the
testing
environment
and
including
composite.
So
that's
the
yeah.
You
know
okay
effectively,
it's
two
isolated
environments
that
talk
to
it
doesn't
really
really
well,
but.
D
A
D
But
the
term
a
testing
environment-
I
I
I
claim
is
when
we
use
the
term
a
testing
environment.
This
document,
it's
referring
to
that
combination
of
those
two
pieces
that
trying
to
break
down
inside
of
a
testing
environment
is
not
central
to
this
section.
Unless
you're
trying
to
explain
how
typical
tcg
tpms
work.
A
So
the
remaining
question
is
what
what
this
implicit
information
this
assumption
is
that
inferred
by
a
common
reader
or
not,
and
I
I
am
afraid
it
is
not
yeah.
A
B
So
I
suggest
I
I
propose
that
we
r
we
revert
that
line,
that
I
wrote
that
added
tpm
and
then
come
back
to
the
text
and
see
if,
if
the
other
comment
is
still
if,
if
the
other
fix
is
still
relevant,.
D
Okay,
before
you
go
on
michael,
you
can
see
my
point
number
one
is
just
some
grammar
fixes
that
need
to
be
made.
D
B
B
D
You
either
make
them
all,
be
plural
or
all
be
singular.
I
guess
it
depends
on
whether
you
think
bios
firmware
is
singular
or
plural.
F
But
it's
the
the
word
places
is
actually
a
sort
of
imprecise
reference
to
a
domain,
isolated
environment
and
so
the
examples
that
we're
giving
are
examples
of
domain
isolation
more
than
they
are
examples
of
testing
environments
that
are
that
are
meet
that
meet
the
definition
of
this
document.
F
D
D
What,
if
so,
ned
you're
making
me
think
about
the
word
places
here?
If
you
change
the
word
places
then
inserting
tpms
might
be
doable
if
we
use
the
right
phrase
here
I
mean
so,
for
example,
there's
no
limit
to
a
requirement
on
the
I
don't
know
types
of
I'm
just
I
I'm
gonna
feel
free
to
watch
smith
on
the
fly
here
on
the
types
of
hardware
or
firmware
environments
that
can
be
used
to
implement
a
testing
environment.
Something
like
that.
There.
F
D
F
F
I
think
there's
an
implication
there
that
it's,
it's
only
hardware
firmware.
D
Okay,
you're
right
hardware
or
software.
How
about
hardware
software
I
mean
because
yeah,
especially
you're
right,
the
upper
layers
are
typically
just
software
and
the
lower
layers
are
hardware
or
firmware.
D
Michael
and
a
testing
environment,
for
example,
now
you
can
put
the
stuff
back
in
there
a-t-e-e
and
embedded
secure
element,
a
tpm.
Whatever
the
old
phrase
was
that
was
in
red
and
it
would
be
fine.
D
So
actually,
if
you're
going
to
do
it
all
plural,
michael
then,
the
stuff
inside
parentheses
should
also
be
pluralized.
Like
t
e's,
tpm's
eses.
A
A
Is
it?
Is
it
common
in
the
english
tongue
to
pluralize
an
acronym,
because
the
exercise.
A
D
I
don't
know
annoying,
but
common.
D
I
think
if
you
don't,
the
rfc
editor
will.
A
Yeah,
I
think
they
will.
I
mean
okay,.
B
All
right
so
now,
let's
consider
these
sentences
here.
D
Capable
of
claims
collection
and
do
we
want
to
say
more
there
because
I
think
hank
you
made
the
same
point
that
well,
I
didn't
read
that
into
the
text
kind
of
thing,
and
so
how
do
I
get
that
concept
across?
Well?
Maybe
do
we
think
it's
important
to
get
that
concept
across
and
if
so,
then,
how
do
we
do
it.
D
Oh,
I
think
his
question
is:
what
does
it
mean
to
be
capable
of
claims
collection,
and
this
is
do
we
think
we
need
to
call
out
this
notion
of,
for
example,
I'm
make
something
up
here,
for
example,
a
if
a
component
by
itself
needs
and
I'm
not
suggesting
text-
I'm
trying
to
think
out
loud
here.
If
a
component
needs
another
component
to
send
it
values,
then
the
then
the
sending
component
and
the
receiving
component
together
can
form
a
testing
environment.
So
that's
kind
of
the
concept.
I
don't
know
how
to
phrase
that.
A
B
All
right
so
we're
gonna
leave
this
open
for
now.
B
C
B
184
was
asking
this
is.
This
is
specifically
in
the
this
is
text
from
the
use
case
about
biometric
authentication.
C
A
Hank,
that
is
my
my,
I
think,
that's
the
department
of
redundancy,
relying
party
outputs
attestation
results
are
intended
to
be
that's
the
point
to
do
to
be
easier
to
be
digested
easily
digestible.
That
is
why
sometimes
throw
it
in
when
it
seems
appropriate.
D
D
But
this
isn't
talking
about
evidence
that
easily
digestible.
This
is
saying
the
authentication
data
is
easily
digestible.
D
And
because
you're
trying
to
add,
I
claim
that
you're
trying
to
add
attestation
in
a
in
a
thought,
experiment
ca
in
the
sense
you're
trying
to
add
attestation
to
by
biometric
authentication
case
and
the
biometric
authentication
case
passes
authentication
data,
whether
it's
easy,
digestible
or
not,
is
kind
of
the
the
baseline.
I
don't
know
if
you're
talking
about
that
attestation,
that's
not
easily
digestible.
It's
the
same
problem.
C
C
D
But
it
needs
some
wordsmithing,
so
thank
you
to
whoever
it
is
to
put
one
together
here
I
had
some
additional
wordsmiths
on
the
proposed
text,
but
it's
an
improvement.
D
So
so
all
good,
except
for
the
extended
line
258
all
the
other
changes
above
that,
I
think,
are
great
here.
What
I
didn't
like
is,
it
seems
to
imply
that
the
only
thing
we're
talking
about
is
cases
we
have
a
triggering
sensor
that
causes
an
action
and
the
point
is
actions
can
be
caused
by
many
different
things.
It
could
be
a
triggering
sensor.
It
could
be
a
human
pressing,
a
button.
It
could
be
malware.
We
hope
not.
We
hope
it
could
be
a
policy
change,
because
some
policy
has
changed.
D
It
has
resulted
in
the
best
state
now
being
different
from
what
it
was
before
could
be
a
time
of
day,
because
you
have
a
policy
that
says
every
day
at
5.
00
pm
do
something,
and
so
on.
So
you
need
to
say
something
that
does
not
imply
that
there's
necessarily
a
triggering
sensor,
that's
causing
the
action,
and
so
I
wanted
to
be
less
specific
here
in
line
258.
A
E
I
wanted
more
precision
in
this
case,
and
that
was
my
suggestion,
but
you
know
I'm
happy
if
we
introduced
a
vague
here.
A
Let's
turn
to
that
and
made
it
a
little
bit
more
about
the
picture
that
was
building
in
thomas's
mind
and
he
was
reading
it
so
because
then
it's
an
actual
use
case.
So
I
I
don't.
I
don't
I'm
not
against
being
relatively
arbitrary,
specifically
because
it's
just
used.
D
So
can
you
expand
downward
and
remind
us
what
it
is?
That's
the
definition
of
the
tester
here,
a
tester
is
a
device
or
application
wishing
to
control
physical
equipment.
Okay,
so
you
just
need
to
make
it
be
consistent
with
that,
because
a
device
or
application
a
sensor
is
a
device,
but
not
an
application,
but
this
could
be
either
of
them.
You
know
a
policy
engine
would
be
an
application,
a
human
interface
application.
D
D
How
about
just
changing
the
requester
and
the
triggering
sensor
to
be
the
device
or
application
or
the
the
we
have
to
say
it
needs
a
word
in
front
of
that
the
requesting
device
or
application.
D
D
B
Or
application,
and
how
does
this?
How
is
the
word
triggering
sensor.
B
Okay,
yeah,
no,
I
agree
so
so.
The
the
distinction
to
my
mind
between
the
device
or
application
is
that
you
could
have
a
you
could
have
a
valve
which
is
fairly
sophisticated.
That
pays
attention
to.
You
know
circumstances
that
it
sees
may
be
multicast
and
acts
on
its
own,
but
you
can
also
have
this
application,
which
is
this
hybrid
of
things,
many
things
right,
which
includes
operating
systems
and
whatever.
Obviously
the
device
has
an
operating
system
too.
But
the
point
is,
it
may
just
be
an
application.
F
So
in
right,
since
this
is
trying
to
be
a
infrastructure
control
use
case,
you
can
use
terminology,
that's
common
and
you
know:
sensors
and
controllers.
Actuators
are
common
sort
of
terminology.
D
But
sensors
don't
cause
actuator
changes,
a
control
loop
of
some
sort
does,
and
so
the
sensors
get
fed
into
some
control
loop,
which
may
be
on
the
same
device
as
the
sensor,
maybe
on
the
same
device
as
the
actuator
or,
more
typically,
it's
on
a
different
device.
Even
if
even.
D
B
D
The
thing
that's
connected
to
the
physical
equipment,
so
in
this
case
the
relying
party
is
not,
you
know
a
cloud
service
or
something
like
that.
It's
not
it's
not.
You
know
the
the
human's
phone,
the
humans,
workstation
or
the
humans.
You
know
hmi
device.
That's
a
touch
panel
thing
next
to
some
machinery.
It's
the
thing.
That's
actually
is
the
machinery.
B
All
right
am
I
going
to
commit
this,
I'm
okay
with
it
now.
D
D
I
guess
I
will
leave
that
to
others.
So,
michael,
do
you
have
a
preference,
so
we
have
the
one
pull
request
that
I
claim
is
hard.
I
mean
it's
going
to
be
time
consuming
for
us
to
talk
about.
Do
you
want
to
be
for
that?
In
other
words,
should
we,
I
suspect
that
we're
not
going
to
finish
it
in
15
minutes
and
that's
going
to
require
changes
by
next
week
anyway.
So
the
question
is:
do
you
want
us
to
discuss
that
without
you.
D
B
To
discuss
other
tickets,
please
please
go
ahead
and
discuss
this
without
me:
yeah
yeah
and
I'll
stop
sharing
all
right.
E
D
That's
the
other
type
that
I
think
would
be
useful
to
discuss
because
it's
been,
you
know
I
picked
two
of
them
or
in
this
case
michael
took
a
couple,
so
we
could
divvy
them
up,
but
we
could
say
who
actually
has
time
to
take
some
next
week.
So
I
guess
ned.
Do
you
want
to
spend
some
time
talking
about
that
on
the
call
or
not.
D
D
So
I'm
going
to
share
my
screen
and
I
will
go
to
the
tell
me
if
it's
telling
me
when
I'm
actually
sharing
my
screen
here.
F
F
Yeah
so
it
looks
like
there's,
you
know,
39
or
so
open
issues.
It
seems
like
it
keeps
getting
larger
when
we
get
close
to
closing
them,
and
so
I
think
we've
been
people
been
sort
of
cherry
picking,
the
ones
that
they
want
to
go
work
on,
and
I
don't
know
that
we're
making
progress
on
everything.
F
D
So
right
now,
I'm
going
to
guess
that
the
assignee
person
is
the
current
owner,
and
so
the
ones
of
potential
concern
are
the
ones
that
have
nobody's
icon
there,
and
so
it
looks
like
maybe
half
of
them
might
have
an
order.
Let
me
see
second
page
see
what
this
one
looks
like.
D
Okay,
I
think
that
okay-
and
of
course
some
of
these
are
already
labeled
as
won't
fix,
and
so
those
are
already
been
done.
They're
just
not
closed
per
se
because
they
require
an
email
response.
So
if
we
ignore
maybe
minus
label.
D
Okay,
now
we're
at
35,
okay,
oh,
I
guess
that
one
I
need
to
change
to
be
won't
fix.
This
is
so
weird
consistent
labels,
okay,
but
still
we
have
I'd,
say
probably
half.
Overall,
we
have
a
sign
yeah.
What
do
you
think.
D
Doesn't
know
hank's
got
some
william
has
some
and
we
have.
D
D
For
some
of
them,
if
because
some
of
them
were
found
like
guy,
none
of
them
were
kind
of
guy,
I
did
a
review
but
he's
not
doing
text,
and
so
I
don't
think
that
we
have
to
necessarily
expect
a
filer
to
have
to
generate
a
text
for
it.
They're
welcome
to
so
like
I
love
it
when
if
thomas
has
suggestions,
but
if
you
know
guy
or
somebody
else,
anybody
should
be
able
to
submit
issues
without
being
willing
to
to
or
claiming
to
know
what
the
fix
is.
So.
D
Yes,
and
so
it
looks
like,
for
the
most
part,
the
ones
that
were
previously
assigned
to
michael
and
me,
those
two
more
assigned
to
michael
most
of
those
have
already
been
acted
on
and
merged.
I
think
those
two
are
still
in
progress
from
michael,
but
I
could
probably
take
another
couple.
D
F
F
F
A
Yeah
unless
we
define
a
authority
right
now
that
assigns
we
will
again
pick
up
what
we
like,
but
we,
I
think,
should
commit
to.
We
pick
some
up
and
then
we
can
see
next
time
and
see
that
there's
no
response
items
have
to
be
responded
by
and
for
and
yeah.
So
I
guess
one
round
off.
Please
pick.
Some
up
is
okay
for
a
week,
but
next
week
we
will
then
start
pushing
items.
Participants.
F
D
Everybody,
the
method
that
I
was
using
to
cherry
pick
things
is,
I
would
personally,
I
would
typically
look
at
the
rows
that
have
nothing
on
here,
meaning
not
assigned
and
no
comments,
which
means
maybe
nobody's
looked
at
it
yet,
and
so
I
would
try
to
pick
those
first
for
the
for
the
ones
that
I've
been
doing.
They've
been
typically
the
ones
where
nobody's
commented
on
them.
Yet,
just
because
I
want
to
make
some
progress
and
say:
oh
well,
somebody
else
is
commenting
on
that.
D
F
E
D
So
it
sounds
like
the
answer.
Is
anybody
whose
name
is
this
is
an
editor
is
expected
to
do
it?
Anybody
else
is,
of
course,
welcome
to
do
it
and
we'll
thank
profusely,
but
it's
not
expected
to,
but
it
will
be
bonus
points
that
can
be
cashed
in
for
the
credits
or
whatever
cool.
F
D
D
And
I
do
not
expect
us
to
be
able
to
finish
this
one,
but
we
can
at
least
start
on
this
one
and
maybe
resolve
some
of
the
comments
and
heard
some
things
so
by
merging
things
I
mean,
you
know
collapse
some
of
these
by
committing
some
suggestions.
So
all
right,
so
I
had
one
comment
that
appears
in
here
twice
once
here
and
then
once
I'm
just
gonna
jump
down
to
wherever
it
was
so
someplace
passport.
Next
time
passport
appears
in
here
so
between
the
top
okay
here.
D
This
is
example,
three
example.
One
has
a
sentence
that
starts
like
that
example.
Two
is
a
sentence
that
starts
like
that
example.
Three,
that
sentence
occurs
like
couple
paragraphs
down
and
all
the
stuff
at
the
beginning.
Here
is
not
something
about
this
example.
It's
about
talking
about
handles.
Okay,
now
this
here
you
see
this
is
a
backwards
reference
to
freshness,
and
so
I'm
just
going
to
expand
down
freshness
here
for
a
second,
because
there's
a
couple
lines
that
I
pointed
to.
Okay,
you
can
see
this
section
about
clocks,
there's
a
section
about
nonsense.
D
That
section
but
paragraph
I
should
say,
and
then
here
these
lines
right
here,
I'm
just
going
to
read
this
out
loud.
So
you
can
understand
my
context.
This
is
back
in
the
question
section
in
another
setup,
where
all
roles
share
the
same
broadcast
channel.
The
non-spaced
approach
may
be
used
to
anchor
all
parties
to
the
same
relative
timeline
without
requiring
synchronization
clocks
by
having
a
central
author
and
central
entity,
emit
nonsense
at
regular
entities
and
have
the
current
knowledge
included
in
the
produced
evidence
or
attestation
result.
Okay.
D
Other
people
have
the
same
impression
that
that's
what
that
text
is
actually
referring
to
yeah,
okay,
so
now
I
can
now
with.
That
is
the
context.
I
can
now
go
back
down
here,
so
I
claim
that
the
first
couple
of
these
green
paragraphs
here
up
until
that
sentence,
that
was
the
it
was
this
one.
D
Everything
above
this
line
right
here,
is
not
about
the
example
it's
about
handle
distributors,
and
so
I
claim
that
the
text,
all
the
way
down
to
green
1454,
should
actually
be
merged
back
into
that
previous
one,
which
never
used
the
term
handle
distributor.
It
didn't
even
use
the
term
handle
used
nonces
for
this
case,
and
so
it's
a
little
bit
of
a
disconnect,
and
so
I
would
take
the
green
text
here
and
merge
it
back
and
replace
that
previous
paragraph
that
I
write.
D
A
D
I
think
I'm
I'm
more
and
more
of
a
fan
of
it
now
right.
Originally,
we
did
it
because
it
hadn't
been
reviewed
and
stuff
not
now
that
we're
actually
expanding,
because
you
can
see
previously
in
the
red
text
it
starts
off
with
the
stuff
about
this
about.
Well,
maybe
not
the
red
text
was
also
bad,
so
never
mind.
D
D
I
have
no
preference,
but
it
is
a
little
bit
tighter.
We
can
also
say
it's
part
of
a
different
pr.
That's
okay,
too.
I'm
just
saying
two
of
my
comments
are
actually
about
that
as
I'm
realizing.
This
section
would
be
more
consistent
if
it
didn't
have
to
give
the
handle
distributor
background,
and
we
kind
of
already
gave
it
right
here
without
even
using
those
terms,
so
I
would
be
fine
making
this
be
more
blessed
now
by
moving
it
back
here.
Get
to
your
point.
D
A
D
I
can
just
make
part
of
that
change,
and
then
this
can
be
rebased
to
only
be
about
the
example
stuff.
All
I
do
is
I
because
my
stuff
will
will
of
course
not
touch.
The
example
section
will
only
touch
this
paragraph,
but
it
would
touch
it
with
text
that
you
put
in
green
down
here,
yeah,
because
I
can
do
that
for
next
week.
If
that's,
what
people
would
prefer.
D
D
So
all
right!
So
now
we
get
into
one
of
the
technical
points.
So
this
one
I
commented
on
last
time.
This
one
is
actually
easier
if
I
cover
things
slightly
out
of
order.
In
other
words,
if
I
cover
a
second
comment
later
on
and
then
come
back
to
this
one,
this
one
will
be
easier.
I
think
this
goes
okay
and
because
we
only
have
five
minutes,
so
I'm
gonna
go
into
an
easier
one,
and
if
we
get
back
to
this
one,
that's
great.
D
Let's
get
down
to
one
in
particular.
Just
because
I
know
we
can
talk
about
it
in
the
interest
of
time
here.
D
Okay,
so
one
of
the
things
that
we've
used
in
one
of
the
documentation
rules
that
we've
used
in
the
example
section
so
far
is
that
in
the
diagrams
we
only
put
times
that
are
actually
used
either
in
a
message
like
here
where
it's
conveyed
like
here
time:
vg
is
in
there
right
or
in
an
inequality
in
the
text.
D
Like
I
don't
know,
where
is
the
inequalities
in
the
text,
for
example
like
I'm
looking
for
one
of
them
here,
there's
several
of
them
here
like
where
the
relying
party
does
a
test
and
and
accepts
it.
If
it's
within
a
particular
thing,
I'm
looking
for
one
of
the
pieces
of
text
just
to
point
out.
D
And
I'm
probably
going
to
pulling
block
out
here
here.
You
know
the
in
the
red
text.
I'm
just
going
to
use
this
one,
the
red
text,
the
relying
party
accepts
it.
If,
if
this
inequality
is
true,
okay-
and
so
you
can
see
this
one
references,
time,
hr
and
time,
eg
and
so
on,
so
then
putting
those
on
the
label
on
the
labels
on
the
diagram
is
clear,
because
you
can't
understand
this
inequality
without
understanding
what
point
the
diagram
is.
D
Okay,
so
one
of
the
things
in
the
green
text
that
that
does
not
follow
that
rule.
D
Is
this
one
time
ht
is
labeled
there,
where
it
never
appears
in
a
message
or
in
any
text,
that's
an
inequality.
It
is
used
here,
okay,
but
no
place
else
uses
that
convention.
That
just
says
something
is
transmitted
at
a
particular
time.
So
if
you
look
at
when,
like
evidence,
is
transmitted
right
or
sorry
any
other
messages
in
any
of
these,
unless
they're
used
like
your
time,
eg
was
used
right
here
right
and
so
by
the
time
eg
is
not
used.
Then
of
course,
then
it
would
not
be
labeled
on
here.
D
You
see
the
line
coming
out,
and
so
this
one
is
pure
editorial,
but
please
follow
this
because
we
followed
every
place
else
is
a
way
that
if
you
remove
all
references
to
something
between
contents
and
inequalities,
then
we
should
remove
the
label
here
too,
and
so
that
applies,
I
think,
to
this
edition
of
time.
Ht
it
either
needs
to
be
used
in
something
which
is
one
of
those
previous
comments
that
I
said
I
was
going
to
come
back
to,
or
it
should
not
appear
in
here
so
well
that.
A
Is
that's
always
technically
correct,
but
I
can
see
the
use
for
homogeneity
like
like
a
unification
of
layout.
I'm
not
sure
if
it's
applicable.
D
So
here
is
where
the
correct
of
the
so
that
is
the
prerequisite.
This
is
the
brexit
thing
and
if
we
run
out
of
time,
because
we've
only
got
two
minutes
here-
the
receiver,
like
relying
part,
let
me
talk
about
this
from
the
relying
party
right.
Let's,
let's
say
that
we're
talking
about
the
case
where
the
relying
party
is
using
handles
to
do
its
freshness
check
if
you're
like
party,
okay,
the
relying
party
or
the
receiver
has
no
clue
when
time
ht
is
unless
time
ht
is
in
a
message
well
time.
D
Ht
is
not
any
message,
and
so
there's
no
way
for
the
receiver
to
use
the
delta
time
h
or
minus
h
t
for
anything,
and
so
the
overlap
phase
can't
be
tested
at
the
receiver
based
on
this
inequality
right
beside
based
on
this
delta,
because
those
two
things
are
from
unrelated
clocks
right,
subtracting
things
from
unrelated
clocks
gives
you
garbage
not
so
much.
E
D
What
it
is
for
me,
so
I'm
saying
right
now:
I
can't
even
understand
what
this
is
talking
about,
because
it's
subtracting,
two
clocks
that
are
unrelated
meaning
may
have
no,
since
there's
no
synchronized
clocks
or
whatever.
This
could
be
time
since
boot.
So
time
sends
boot
on
one
entity
and
it's
time
since
boot
on
a
different
device
is
a
unusable
number.
E
Basically,
this
is
the
latency
of
the
network
right
and
you
know.
D
E
Conditions,
congestion
and
so
on
and
so
on.
D
A
E
D
The
old
equation,
or
the
old
inequality
here
is
one
that
I
completely
understand
the
old
one
and
the
text
is
saying
you
are
the
the
the
way
that
things
work,
because
there's
no
race
conditions
right.
The
receiver
always
keeps
the
current
epic
number
or
the
current
epic
handle,
plus
the
previous
epic
handle.
D
The
transmitter
always
uses
the
current
one.
The
receiver
always
accepts
both
the
current
and
the
previous
right,
that's
how
it
was
previously
described,
and
so
you
have
no
race
conditions
and
because
you
always
retain
two
on
the
receiver's
side
and
use
the
latest
on
the
sending
side,
and
so
that's
where
this
inequality
came
from,
which
only
subtracts
things
on
the
same
entity
right
so
hr
is
on
the
same
entity,
gold
and
new.
You
know
new
minus
old
and
on
the
other
side
you
know
new
minus
sold.
D
So
you
just
have
the
time
deltas,
and
so
you
can
play
games
with
any.
You
can
do
correct.
You
know
subtractions
based
on
deltas,
so
this
one
I
understood,
but
this
one
seems
to
imply
you
only
keep
the
current
one
and
you
use
propagation
delay
or
something
like
that,
and
I
didn't
understand
that
because
that
sounded
like
it
was
much
more
fragile,
as
opposed
to
just
keeping
too
epic.
So
current
plus
across
previous
yeah.
E
That
computation,
I
didn't
understand
so
well,
maybe
I
need
to
go
back
and
think.
D
D
As
I
understood
it
was
the
receiver
keeps
the
current
epic
plus
the
last
epic,
and
so
it
doesn't
matter
what
the
propagated
delay
is
and
that
in
that
implementation
I
mean
this
is
just
an
example
right,
so
you
can
pick
any
particular
implementation
right,
but
the
the
this
this
one
was
intended
to
be
independent
of
prop
delay,
doesn't
matter
whether
it's
going
across
a
satellite,
so
it's
absolutely
huge
or
it
could
be
very
tiny
because
it's
co-located
or
whatever
it
doesn't
matter,
because
pop
delay
doesn't
figure
into
here,
just
current
plus
previous
or
correct
and
previous
to
store.
D
D
Cool
all
right,
but
yeah
thanks
for
putting
this
together
and
I
will
liberally
take
the
appropriate
text
and
move
it
back
into
the
or
in
another
section
in
a
pr.
So
for
next
time,.