►
From YouTube: RATS Architecture Design Team, 2020-01-28
Description
RATS Architecture Design Team, 2020-01-28
A
B
C
C
C
The
rest
of
you
know:
Paul
Paul,
you
wanna,
introduce
yourself
I,
don't
maybe
you
know
everyone
else
here
you
can't
die,
you
can
die
dialing.
Yeah
I
can't
hear
you
speaking
to
us.
Paul.
F
G
F
F
C
C
H
G
C
Okay,
so
we're
using
a
github.
We
have
a
document
where
this
is
a
where
we're
working
on
the
document
and
feel
free
to
jump
in
oh
and
if
you
need
to
github
URL,
that's
it
so,
let's
just
jump
into
anyone
else.
Have
any
comments
about
Dave's
editorial
pull
request
on
yeah.
D
C
D
Just
give
an
intro
that
the
last
time
we
merged
four
requests,
I,
don't
know
thirteen
or
whatever
it
is
it's
in
the
description
of
this,
but
there
was
still
some
outstanding
discussion
we
had
during
the
meeting
last
week
about
things
we
want
to
change
like
the
people
that
collectively
we
didn't
like
the
term
verifying
environment
as
being
they're.
Not
we
said
claims
collector
was
the
term
that
Michael
put
in
that.
We
were
going
to
suggest.
B
C
Yeah
I
thought
that
way
updated
this
diagram
as
well.
But
your
updates
are
fine
as
well.
I,
don't
see
a
pull
request
with
his
changes,
so
yeah
I
didn't
see
any
changes
from
him.
So
I
just
went
ahead
and
did
it
so
yeah?
Maybe
he
had
them
in
his
repo,
but
maybe
that's
what
the
answer?
Oh,
he
didn't
do
it
in
a
pull
request.
Yet
anyway,
I
think
your
changes
and
his
chances
are
almost
identical.
So
I
don't
think
it
matter
as
much.
The
only.
D
Thing
that
I
didn't
because
I
wasn't
sure
how
we
ended
on
it
was
whether
we
needed
to
define
the
term
composite
a
tester
or
not,
and
so
right
now
I
did
not
do
that.
One,
because
I
couldn't
tell
that
we
actually
had
consensus
to
define
a
new
term,
and
so
I
tried
to
leave
that
one
with
with
Williams
original
language.
Just
talks
about
you
know
final
evidence
and
they
could
be
clear
from
the
diagram.
D
C
D
C
A
thread
on
the
mailing
list
about
the
composite
evidence
and
on
item
really
understand
Ned's,
not
here,
unfortunately,
but
Lawrence's
I
didn't
really
understand
whether
there
was
objection
to
the
concept
that
it
would
be
a
union
of
different
objects
or
whether
there
was
a
violent
agreement
and
that
there
was
just
it
wish.
Someone
wish
to
express
it
differently,
or
the
third
possibility
was
that
it
would
be
an
array
of
evidence
and
that
one
of
the
types
of
evidence
would
be
attestation
results
and
that
there
actually
might
be
a
second
signature
on
it.
Well,.
D
I
didn't
speak
up
on
the
thread,
but
I
agree
with
the
third
one
which
I
think
was
Eric's
point
on
the
thread.
Is
that
what
we
did
talk
about
last
week
was
you
just
have
a
bunch
of
claim
sets
that
are
signed
and
whether
they're
actually
evidence
or
attestation
results
you
might
not
be
able
to
tell
without
looking
at
specific
claims
or
even
then,
since
we
don't
have
the
specific
claims
define.
What's
the
difference,
if
you're
just
going
to
look
at
a
claim
set,
could
you
tell
whether
it's
evidence
or
attestation
result?
D
We
can't
tell
yet
that's
why
I
didn't
make
any
change
to
the
text
here,
but
conceptually
I
agree
with
that.
I
think
was
Eric's
point
that
says
well.
Attestation
results
in
this
case
are
just
another
type
of
evidence,
whether
or
even
distinguishable
or
not.
I
can't
tell
so
that's
why
I
didn't
make
any
change
for
it.
Okay,.
C
C
D
C
All
right,
so
we
seem
to
be
in
it:
I,
don't
I'm
not
attached
to
the
Union
concept.
I
I
wrote
it
down
because
I
thought
that's
what
I
wanted
to
clarify
things:
I'm
very
happy
with
an
array
of
evidence,
some
of
which
happens
to
be
attestation.
Results
and
I
actually
also
see
the
point
that
it
may
be
meaningless
to
have
an
attestation
result,
which
is
not
also
endorsed
but
may
be
the
wrong
word
by
the
ax
tester
signed,
yeah,
yeah,
countersigned
I
guess
is
this
in
your.
G
C
So
so
that
the
the
the
example
I
think
that
I
gave
in
the
email
was
the
verifier
needs
to
make
sure
you
have
the
correct
number
of
wheels
and
you
it
wants
to
make
sure
that
you
haven't
claimed
someone
else's
wheels
as
your
own
perfectly
valid
wheels
they're.
Just
not
yours,
remember
you're
allowed
to
race
or
whatever
fly
in
space
or
whatever
it
is,
and.
C
A
D
So
I
say
a
nonce
is
not
sufficient
only
because
it's
going
to
use
a
Michael's
car
terminology
right,
so
somebody
sends
me
and
nods
I
sent
it
over
to
the
other
car,
get
back
to
notes
from
his
tires
and
I
include
that
nonce
and
my
results
right.
That
doesn't
give
you
the
binding,
but
it
still
tells
you
that
that
it
was
signed
recently,
but
it
still
wasn't
signed
by.
Do
you
think
attached
to
my
car.
D
B
D
D
Agreed
so
so
the
sub
mod
or
whatever,
conceptually.
What
your
to
binding
that
you
want
in
this
in
this
example,
is
you
want
the
lead,
a
tester
to
be
able
to
attest
as
far
as
its
we
call
it,
the
testing
environment
it
needs
to
be
able
to
assign
that
this
other
ID
of
the
target
environment
is
a
bound
to
the
lead
environment
right.
I
D
F
D
I
I
D
I'm
surprised,
because
the
the
trust
mechanisms
you
described
is
exactly
the
same
as
extrinsic
claims,
and
so
like
GPS
coordinates.
It's
going
to
be
exactly
the
same
thing
you
saying,
I,
get
it
from
this
particular
source.
I
trust
that
source
either
identify
the
source
right,
dote,
it's
anything
it's
just.
These
are
just
another
example
of
extrinsic.
Evidence
is
just
kind
of
require
if.
I
That's
fine,
you
don't
want
if
you
don't
really
need
to
say
any
more,
give
any
more
details
like
the
you
know,
details
from
the
signature,
verification,
if
you
don't
want
to
give
any
of
that
those
those
kind
of
details
on
or
who
the
adjuster
was
or
where
the
verifier
was.
Then
yeah,
then
we'll
fine.
But
if
you
do
want
to
give
those
details,
we
probably
have
to
have
something
to
eat
which
gotcha
so
I
guess.
D
I
D
D
I
C
D
Think
that's
not
sufficient,
because
you're
not
getting
your
time
of
day
from
a
hardware
device,
unless
you
actually
have
a
an
atomic
clock
on
board
right,
usually
of
getting
it
from
something
like
secure
NTP
and
you
have
to
be
able
to
say
what's
your
time
source
is
it
secare?
Is
it
not
secure
did
I
get
it
from
not
so
I'm,
just
a
regular
NTP,
not
secure
NTP,
then
I.
Don't
really
trust
it.
C
I
Let's
go
back
to
the
GPS
example
for
a
minute,
so
I
mean
I,
believe
eat
is
only
capable
just
a
second.
It.
C
C
D
C
C
I
Oops
I'm
not
reviewing
too
much
in
detail
here,
but
one
one
thing
I'd
like
to
see
is
that
the
something
like
a
complicated
thing
like.
C
C
D
Correct
so
right
now,
Williams
original
text
was
something
like
lower
case
final
evidence,
because
it's
all
in
the
context
of
the
composite,
a
tester
and
so
he's
using
the
layman's
term
lower
case
final
evidence
as
perfectly
like
a
line
coming
out.
The
top
so
I
just
kept
it
as
what
he
had
before.
Okay.
I
Whatever
your,
let's
keep:
what
I'm
early
afters
keep
the
simple
use
case
simple
and
make
sure
that
there
is
a
simple,
simple
diagram
in
the
that
the
reader
will
encounter
first
digest.
First,
and
then
you
know
three
months
later,
when
they
have
to
think
harder
about
it,
then
they
can
go
back
and
read
the
section.
That's
later
on
about
all
those
opposite
stuff
that.
D
Is
the
current
case
when
the
wind
did
is
Plurk
west?
However,
the
two
sections
that
were
discussing
are
actually
adjacent
instead
of
you
know,
three
months
later
in
the
document,
and
so
prior
to
this
section
is
the
simple
diagram
that
has
nothing
to
do
with
the
composite
a
tester
and
it's
immediately
followed
by
the
section
and
composite
tester
is
working
started
and
so
I
didn't
change
that
part
with
merge.
Last
week,
I
have.
E
No
problem
moving
the
this
section
back
I
do
think
that
there's
a
reason
to
have
composited
evidence
in
the
in
the
document,
because
we
have
to
be
able
to
identify
different
parts
of
evidence
coming
different
parts
for
from
different
parts
of
the
tester,
because
we
can't
make
that
Association.
We
can't
make
any
conclusions
on
the
relying
party
so.
D
I
will
say
that
I'm
not
going
to
have
an
opinion
on
that
point
yet
until
after
we
have
the
disk
have
texture
review
about
the
Laird
attestation,
because
that
will
inform
my
opinion
on
whether
composite
evidence
actually
applies.
To
that
case,
your
wot
and
so
personally,
I
would
want
to
defer
any
discussion
of
of
whether
we
use
the
term
composite
evidence
until
after
we
have
text
or
weird
events.
Ok,.
E
E
D
A
D
C
G
D
G
E
Yep
and
Hank
I'm
happy
to
chat
with
you
about
that.
The
thing
that
reason
I'm,
not
so
good
as
I,
haven't
done
as
much
as
some
of
you
guys
on
TCG
and
one
of
the
attesting
one
of
the
things
I
need
is
verifier
component
to
evidence,
because
in
the
use
case,
I
showed,
with
the
with
the
multiple
components
being
sent.
I
had
a
layer
where
we
had
a
chip
in
there,
a
TPM
as
one
set
of
evidence.
We
had
the
time
dimension
and
the
last
dimension
was
the
verifier
also
signings
thing.
E
G
C
I
have
a
question:
I,
don't
quite
understand
what
what
you
guys
are
discussing
at
this
point,
but
I'm
happy
to
suspend
my
disbelief
until
I
see
the
text.
Explain
it.
So
that's
okay,
but
I
want
to
know
is,
is
should
we
have
a
stronger
connection
between
the
combination
here
in
55.3
and
the
composite
a
tester?
Is
there
some
relationship
here
because
they
feel
similar
in
earth?
Is.
E
The
verifier
is
signing
the
verifier
evaluation
and
returning
it
to
the
attest
er
as
part
of
the
as
part
of
the
passport
mod
already.
So
we
already
have
verifier
returned
results
and
then
do
you
append
anything
to
that?
That's
the
question
and
I'm
saying
that
if
you're
signing
something
in
the
verifier
and
you're
adding
something
new,
there
is
a
task
to
assemble
stuff
and
pass
it
to
the
ruling
party.
So.
D
C
D
B
D
D
B
What
are
those
relationships?
Is
it
trying
to
say
that
a
and
B
are
part
of
the
monitor
and
that
bolita
tester
attest
to
that?
Yes,
there's
another
claim
here:
that's
not
explicitly
pulled
called
out
out
and
to
do
that
it
has
to
sign
something
yep.
So
during
though
I
don't
know
if
the
text
is
saying
it.
D
B
Or
all
the
sisters
don't
submit
a
claims.
Collector
is
the
thing
right
that
doesn't
make
sense.
If
it's,
if
the
claims
collector
isn't
an
a
tester,
then
it's
a
predator
and
there.
D
Go
get
an
adapter
right
now.
If
you
look
at
the
bigger
boxes,
labeled
lead
a
tester
a,
but
the
whole
thing
is
the
ax
tester.
The
claims
collector
in
this
picture
is
a
piece
of
an
ax
tester,
and
so
it
is
the
whole
thing,
isn't
a
tester,
and
so
yes,
the
evidence
of
compositive
tester
is
signed
by
Lita
tester,
a
right.
C
G
G
To
start
at
claims
collector,
otherwise
you
don't
know
what
the
chain
where
the
tin
is
ending.
So
there
is
some
a
little
bit
of
a
lack
of
I.
Don't
know,
there's
something
missing
here,
I,
probably,
and
that
the
arrow
that
is
evidence
of
composited
history
simply
starts
at
the
wrong
point
issue
right.
D
D
G
G
B
D
B
G
D
And
I
agree
that
the
current
diagram
can
actually
say
that
within
text.
So,
for
example,
you
have
an
environment
inside
the
WETA
tester
right
that
collects
claims
from
the
target.
Acquirement.
Okay,
I'm
just
going
to
point
to
the
tet2
the
picture
here
right.
So
if
one
of
the
claims
is
collected
from
the
target
environment
inside
the
Leda
tester
is
a
claim
that
says:
I
am
bound
that
target
environment
in
Leda
tester
a
is
bound
to
a
tester
B
and
here's
the
idea
of
a
test.
Repeat:
that's
one
of
the
claims
that
comes
back.
D
I
D
D
D
C
Yeah
so
thats
collecting
claims
on
the
target
environment.
The
attesting
environment
is
collecting
claims
on
the
target
environment,
providing
evidence
of
the
lead,
a
tester
into
the
claims
collector,
and
maybe
it
needs
to
be
a
claims.
Concentrator
I,
don't
know
what
the
right
right
where
it
is,
but
I.
I
Would
I
would
reverse
the
arrows?
The
the
the
claims
go
from
the
target
environment
to
the
attesting
environment,
the
tester
be
beads
into
a
testing
environment.
The
tester
C
feeds
into
the
testing
environment
and
the
output
of
the
intesting
environment
goes
to
the
verifier,
so
the
claims
collector
is
gone.
I.
D
D
D
Yeah,
you
see
one
of
the
diagram
simplifications
that
I
did
is
on
the
left
side.
I
have
the
parentheses
s
in
there,
where
William
had
multiple
boxes.
Just
like
a
tester,
be
a
test
received
on
the
right
had
the
same
thing
on
the
left
and
I.
That's
not
the
main
point
of
this.
The
main
point
of
this
is
the
right
side,
and
so
I
collapse,
those
in
the
parentheses
s
just
to
simplify
the
diagram
and
put
the
viewers
attention
on
the
right
side
of
the
diagram.
D
C
D
D
C
D
C
C
D
G
D
I
D
D
B
C
D
G
C
E
A
A
D
Is
showing
a
picture
where
there
is
one
a
testing
environment
singular
measuring
are
collecting
claims
from
multiple
target
environments;
plural.
What
he
had
before
was
multiple
attesting
environments,
each
collecting
from
a
single
target
environment,
and
so
what
was
losing
is
the
fact
that
we're
saying
in
this
example,
because
it
what
you're,
showing
an
example
here,
I
just
like
a
tester,
BC
and
dadada-
is
an
example
right.
There's
only
one,
a
testing
environment
and
a
bunch
of
targets,
that's
different
from
what
William
originally
had.
D
We
could
have
multiple
testing
environments,
but
I
like
the
picture
as
it
is
I
think
it's
simple
in
it,
because
the
point
is
to
express
relation
is
part
of
your
point
that
this
hat
should
have
a
plural.
No,
what
I'm
saying
is
that
once
you
have
plural,
but
a
claims
collector
was
just
one
of
the
attesting
environments,
we're
saying
no,
you
wanted
to
combine
those,
and
so
that's
the
difference
between
the
change
that
we
just
made,
because
we're
saying,
albeit
Esther,
BC
and
DA,
are-
are
done
by
the
same
thing.
D
That
does
the
signature
over
the
composite
evidence,
which
might
include
individual
things
that
are
individually
signed
by
their
things,
and
so
here,
if
you
only
have
one
a
testing
environment,
then
you
don't
have
sort
of
nested
signatures
per
se.
You
just
have
one
flat
signature
over
a
bunch
of
target
environments.
So
it's
a
different
picture.
I.
Don't
that
may
be
sense.
I
D
I
D
I
D
D
I
D
G
D
B
There
is
an
additional
claim
that
says
that
that
the
testing
environment
is
as
assembling
become
the
site
claims
from
these
other
environments
into
a
composite
evidence
structure,
but
there's
there's
a
there's,
an
additional
claim.
That's
added
to
the
claim,
set
that
says:
I'm
doing
the
assembling,
that
everybody's
agreement,
everybody's
understanding,
that's.
B
D
D
What's
the
next
step,
on
the
other
one,
the
ads
drama
and
text
about
freshness,
poor
request
that
we
just
last
time,
I
did
a
minor
change
and
I
didn't
know
if
we
want
an
emerges
want
to
assign
somebody
else,
an
action
item
for
the
next
step,
the
feedback
that
we
talked
about
last
time
other
than
gosh.
It
would
be
nice
to
add.
You
know
the
following
topic
or
whatever
it
was.
We
wanted
the
title
change
back
to
freshness
which
I
did
and
we
wanted
the
security
considerations.
D
Section
talk
about
replay
protection
and
all
I
did
was
I
added.
A
one
sentence
that
mention
replay
protection
can
be
done
using
freshness
as
discussion
for
their
section,
and
so
those
are
only
changes
that
I
did
I,
wasn't
sure
what
to
do
in
response
to
all
the
other
things
and
so
I'm
wondering
if
somebody
else
wants
to
take
the
next
action
item
and
if
we
I
would
propose
that
we
merge
unless
there's
any
new
objections
to
the
text,
that's
in
here
and
then
do
any
changes
as
another
pull
request.
B
I
could
be
okay
with
that
I
want
to
take
I.
Have
the
conversation
about
how
a
precious
nonce
is
handled
in
in
a
composite
the
tester
scenario,
or
do
we
want
to
wait
until
we
get
layering
as
well
to
have
I.
G
Think
it's
more
important
to
capture
what
we
think
is
right
for
the
moment,
and
you
can
have
this
deep
discussion
on
layer
next
time
and
then
revisit
this
if
it
doesn't
match.
But
I
would
agree
with
days
that
we
can
pull
this
in
for
now,
because
it's
an
improvement
in
any
wow
in
any
case
and
sorry
I'm
driving,
and
so
this
is
I.
Think
good
idea
and
we
have
stable
environment
of
the
text
is
visible,
but
everybody's.
Looking
at
any
branch,
every
branch.
D
Want
me
to
pull
to
merge
this.
That
is
my
proposal,
since
I
did
the
things
that
people
had
problems
with
and
other
things
were
just
oh,
we
should
cover
X
or
I
to
and
I
didn't
do
the
cover,
X
or
Y
to
you.
I
didn't
know
what
to
say
there,
but
as
far
as
the
things
that
people
had
problems
with
that
fix,
those
I
would
propose
you
go
ahead
and
Marg
it
now
and
anything
else.
People
are
welcome
to
submit
new
requests
for.
G
G
C
I
If
it
was
there
a
second
ago,
the
composite
diagram,
the
parenthetical
via
internal
links
or
network
connections,
yeah
I-
don't
think
the
network
connections
belongs
there.
I
I
D
I
guess
the
labels
now
isn't
vigilance.
Is
it
internal
parenthesis,
links
or
network
connections
or
is
it
internal
links
or
network
connections.
D
I
I
That's
really
based
on
hardware
like
these
guys
are
on
the
same
bus
or
they
are
running
on
the
same
processor
and
they're,
just
different
processes,
or
something
like
that,
and
in
a
situation
where
the
attesting
environment
can
know
something
about
the
the
source
and
it
can
know
it
from
either
it's
the
hardware
or
the
system,
software
that
it's
running
and
those
the
only
things
that
the
testing
environment
can
know
about.
I
B
If,
if
we,
if
the
architecture
assumes
two-month
much
about
how
that
evidence
was
put
together,
and
so
it's
almost
sure
what
value
is
being
at
the
end
of
the
day,
what
value
does
this
bring
to
the
verifier,
knowing
that
it
arrived
over
a
bus
if
it
can't
conclude
that
it
didn't
come
over
a
network,
but
it
couldn't,
it
can't
conclude
that
actually
so
what's
the
value.
So
if
you.
B
A
B
I
Yester,
the
ax
tester
can
talk
to
the
USB
driver
and,
if
it
trusts
the
USB
driver
in
a
then
it
consists
some
things
about
the
you
know
what
is
coming
over
USB
but
the
ax
testing
environment
only.
It
only
can
trust
the
USB
driver
and
when
I
talk
about
bus
I'm,
not
talking
about
pluggable
bus
I'm,
talking
about
a
bus,
it's
like
internal
to
a
CPU
or
internal
to
a
circuit
board
card,
or
something
like
that.
I
That's
not
pluggable,
and
that
that's
why
this
connection
type
is
really
kind
of
important,
because
you
need
to
understand
the
characteristics
of
that
connection.
You
know
how
easy
is
it
to
attack
that
connection
or
spoof
that
connection,
so
USB
is
kind
of
easy
to
spoof.
Ip
connections
are
very
easy
to
spoof.
You
don't
know
what
you're
what's
on
the
other
end,
unless
you've
got
some
sort
of
signing
cryptographically
signed
system.
So
what
you
really
have
to
be
doing
is
thinking
about
talking
to
things
that
the
interesting
testing
environment
can
really
understand
and
know
something
about.
I
G
E
Really
investor-
you
can
also
worry
about.
What's
coming
where
it's
coming
from
like
self-driving
cars,
you
might
have
evidence
coming
in
from
their
internal
network,
which
might
have
certain
assumptions
about
it
that
better
be
coming
in
from
that
particular
bus.
So
I
think
that
the
assertion
that
that
there's
something
implicit
about
the
attest
errs
connection,
even
if
it's
signed
or
not
signed,
does
matter
to
the
attesting
environment
and
it
isn't
being
generated
by
the
ax
tester.
It's
relevant
to
the
connection
different
connection
types
can
have
different
trust
profiles
with
them.
The.
B
E
E
B
E
B
E
G
I
Attesting
environment,
I'm
not
I,
don't
understand
what
you
start
my
layering
yet,
but
the
I
think
the
in
testing
environment
has
to
be
able
to
evaluate
how
its
evidence
is
coming
in.
That's
to
understand
something
about
how
its
evidence
is
coming
in
and
including
at
a
stations
from
added
station
evidence
or
output
of
other
a
testers.
So
it
has
to
understand
that
that's
just
part
of
what
an
ESD
have
to
do.
It.
I
B
G
I
think
I
have
to
jump
to
another
call
I
should
at
least
but
this
is
typically
more
important
and
sorry
for
being
so
unprepared.
This
week,
I
was
literally
all
the
time
bound
by
a
stupid,
off-loaded
project
that
I
have
to
do
it
so
next
week.
That's
why
I
was
not
a
little
bit
careful
I'm,
promising
extra,
but
I.
Think
I
can
do
the
layout
thing
with
help.
This
is
the
case
and
thank
you
for
the
time.
On
my
side
at
least
thank
you.
I.
C
C
D
C
Still
has
the
term
claims
collector
in
line
two
of
to
the
nice
pics?
Okay,
there
you
go,
I'll
fix
that,
but
I
termite
I
think
maybe
controversial
is
the
lead,
a
testing
environment.
Maybe
I
agree
that
that
Navy,
controversial,
cuz
I,
don't
know.
One
would
agree
with
that.
But
we'll
see
oh
I
don't
know,
but
that's
that
one
is
that's
where
I
would
like
to
know.
He
said
it'll
be
on
the
call
next
week,
so
they're
back
on
Friday.
So
let's
leave
this
for
next
week.
C
C
Proposing
that
so
let
me
see
so
next
week
next
week
we
have
our
meeting
at
the
nort
regular
time
and
then
we
have
a
rats
virtual
interim
committee
of
the
whole
the
following
day.
At
the
same
time,
I'm
not
mistaken,
and
it's
going
to
the
Lawrence
Show.