►
From YouTube: RATS Architecture Design Team, 2020-10-16
Description
RATS Architecture Design Team, 2020-10-16
A
B
B
B
B
D
C
B
B
C
B
D
B
D
Yeah,
because
if
you
look
at
hinks
point
number,
two
is
closer
to
the
approach
that
we
took,
because
we
augmented
what
other
types
of
verifier
inputs.
There
are
right.
There's
the
appraisal
policy
for
evidence,
there's
the
reference
values,
which
is
an
addition
and
there's
endorsements,
and
that's
what
I
think
that
pr
150
my
opinion
is
that
addresses
approach.
Number
two
and
you
can
see
lawrence-
has
a
slight
preference
for
second
options.
So
my
hope
is.
B
B
B
B
A
B
A
C
D
B
Sharing
yeah,
but
you
know,
I'm
sharing
using
a
firefox
instance
to
share
a
chrome
tab,
because
I've
discovered
that
this
works
less
crappily
and
all
of
this
started
around
chrome
version
84
and
we're
now
at
86,
and
it's
not
getting
better
and
I'm
about
to
about
to
abandon
chrome.
But
anyway,
I
have
learned
that
it's
better.
If
I
have
all
my
browser
windows
on
the
same
workspace,
I
I
think
it's
some.
As
I
said,
I
think
it's
some
big
lock.
B
C
D
D
B
D
E
D
C
Yeah,
it's
both,
so
the
model
typically
will
reside
on
the
verifier
role.
Every
contribution
or
conveyance
of
the
model
itself
to
other
roads
is
a
implementation
detail.
I
assume
anything
else
would
not
make
a
lot
of
sense
here.
To
elevate
honest,
therefore,
I
think
sarah
you
are
here
probably-
and
maybe
you
are
involved
in
the
machine
learning
process
procedure
of
evidence.
Would
you
agree
or
is
it
out
of
scope
of
your
work.
A
A
D
Yes
or
a
policy
yeah
that
that
is
true,
this
is
just
one
of
the
cases
where
that
file
is
more
like
code
than
data
in
a
sense
right.
Yes,
I
mean
you
can
argue
that
the
ml
model
is
data
driven,
but
still
it
affects
the
operations
and
it
basically
controls.
What's
going
to
happen,
so
it's
essentially
like
code
so
so
similar
to
you.
If
the
file
was
say
javascript
running
in
a
browser.
That
would
be
another
app
analogy.
So.
B
D
B
D
D
The
only
thing
I
can
think
of
I
don't
know
if
that
would
help
or
not,
but
at
least
that
would,
as
you
can
see,
does
the
amount,
because
you
can
see
it
can't
come
and
she
mentions
inferences
multiple
times,
but
you
can
see.
I
think
it
would
help
talk
about
inferences
in
the
written
description
which
it
does
well
yeah.
C
D
B
C
C
D
C
D
B
A
B
C
I
think
we
addressed
that
the
identity
is
providing
authentication
for
the
secure
channel
based
on
that
provenance
or
identification
of
the
testing
environments
happens,
and
then
we
go
and
come
to
the
remote
registration
part.
I
think
that
is
the
layout
that
we
included
in
text
now,
and
that
would
address
this
issue
here.
Right.
B
B
E
E
E
E
Right,
yeah
yeah,
so
you're
signing,
so
they
have
this
concept.
You
know
the
tls
concept
of
exported
key
material.
You
sign
that,
but
you
can
sign
that
with
the
word
of
trust
and
if
you're
doing
that,
yeah
my
searching
in
the
in
that
draft,
even
though
it's
not
active
because
token
binding
has
gone,
you
know
gone
away
as
a
as
a
relevant
concept
in
the
industry.
It
was
that,
if
you're
going
to
sign
it
with
the
root
of
trust,
it
makes
no
sense.
E
It
makes
it
it
makes
no
sense
to
whoever
is
the
relying
party,
in
this
case
the
tls
endpoint,
unless
they
can
actually
verify
the
security
characteristics
of
the
signing
entity
which
that
attestation
comes
into
play.
So
I
think
you
know
I
don't
see.
I
don't
see
as
clear
a
distinction
between
the
two
as
he
does
here.
He's
he's.
E
You
know
the
way
lawrence
has
defined
it.
He's
he's
clearly
saying
the
way
I
read
this
is
that
there's
there
are
two
completely
different
things
and
we
should
say:
security.
Security
at
the
at
the
transport
layer
is
not
the
same
as
attestation.
I
think
you
can.
Actually.
I
think
there
are
evidence
of
technology
that
can
be
used
to
enhance
https.
That
would
actually
that
would.
E
B
Ahead,
so
so
I
don't
know
I
I
I
don't
know
what
the
actionable
thing
is
here.
I
I
think
that
you
could
do
token
binding
with
signing
of
root
and
trust,
to
enhance
a
a
client
authorization
to
a
server,
but,
as
you
just
said,
it's
meaningless
unless
you
also
have
the
verifier
to
say
that
this
is
a
this
signed.
Root
of
trust
is
actually,
you
know
relevant
or
useful
yeah.
So
I
don't
see
why
I
would
do
that.
B
I
mean
I,
I
don't
see
in
the
current
ecosystem,
how
I
could
do
that
with
my
bank
until
I
have
industry
standard
verific
verifiers
until
in
other
words,
this
is
like
an
end
point
of
our
of
our
work
here
right.
We
don't
do
this
now,
because
it
because
my
bank
has
no
idea
about
the
about
the
trustworthy
of
my
worthiness
of
my
device
or
vice
versa,
or
vice
versa
right,
but
the
vice
versa
is
is,
is
provided
for
by
a
different
process.
Right
trustworthiness
of
my.
D
Bank
yeah,
but
so
first
of
all,
I
think
I
I
agree
with
gary,
but
I
to
me
I
see
lawrence's
main
points
as
being
the
two
paragraphs
right
underneath
the
bullets,
which
is
the
first
two
paragraphs
on
your
screen.
Right
now,
which
is
technically
it's
not
really
specific
to
hdp.
I
think
the
discussion
of
http
is
kind
of
the
red
herring.
E
D
Normally
he's
saying:
oh,
your
web
browser
doesn't
know
what
the
expected
state
of
the
website
is
and
therefore
it
doesn't
make
sense
to
have
attestation.
I
disagree
with
that
which
he
actually
mentions
the
second
paragraph
up
the
bottom,
which
is,
if
you
have
a
certification
authority.
You
know
somebody
that
signs
that
says
your
bank
bank
of
america
or
whatever
is
actually
trustworthy
and
me
as
a
browser
or
me
as
a
banking
application.
I
only
trust
it
when
that
service
says
that
that
thing
is
trustworthy.
That
thing
is
acting
as
a
verifier.
D
D
To
have
knowledge
of
the
verifiers,
they
trust
correct,
which
is
why
it's
actually
solvable,
and
so
that's
why
he
says
in
the
second
of
the
bottom:
if
it's
a
candidate
for
you
know,
certification
in
either
direction
right,
then
it
probably
lines
up
for
device
attestation,
which
is
what
you
were
just
saying,
michael
completely
agreed,
and
so
that's
why
I
understand
his
concern.
I
just
don't
think
there's
anything
we
should
say
about
it.
So
I
think
this
is
a
won't.
B
D
E
D
D
So
technically
it's
true
that
it's
not
a
replacement
for,
because
that's
a
station
still
requires
a
transport,
an
http.
Maybe
a
transport
that'd
be
like
saying:
tcp
is
not
a
replacement
for
ip
well
yeah!
You
gotta
have
a
transport,
yes
yeah,
but
that's,
but
it
is
an
augmentation
for
right,
because
you
know
you
can
do
attestation
with
https
or
any
other
transport
right
that
can
carry
authentication
material.
B
D
D
B
E
B
B
E
E
B
D
A
And
so
what
are
we
going
to
do
about
that?
So
we
said:
hey,
let's,
create
a
new
role,
we'll
call
it
the
reference
value
provider
and
and
then
and
and
then
we're
done.
But
my
observation
is
that
it
isn't
that
simple,
there's
other
types
of
claims
that
a
supply
chain
entity
might
make
that
we
haven't
articulated
and.
A
If
we,
if
we
try
to
articulate
them,
would
we
we
identify
them
and
then
then
say:
hey,
there's
this
there's
these
other
kinds
of
endorsements.
Do
we
need
to?
Does
that
mean
we
have
to
create
yet
another
role
for
them,
so
that
seems
like
a
slippery
slope
and
so
to
avoid
that
it
makes
sense
to
just
have
a
single
role
which
can
have
multiple
types
of
of
you
know,
clusters
that
it
asserts,
and
then
it's
that
allows
this
set
of
messages
that
that
could
be
generated
from
the.
E
D
But
I
think
that's
because
things
like
each
are
intentionally
following
what
this
does
so
we
set
the
precedent
and
they're
supposed
to
match.
That's
fine.
I
mean
we're
not
trying
to
match
what
the
other
ones
do.
The
other
ones
should
be
using
it.
This
should
be
saying
how
they
match
the
architecture.
D
B
D
Right,
one
of
your
points
in
email
was
that
it's
possible
that
a
role-
and
maybe
it's
the
endorser-
I
can't
remember-
without
checking
your
mail,
you
could
supply
claims
about
the
a
tester
that
are
to
be
added
into
the
attestation
results
so
whenever
it
never
came
into
the
into
the
evidence
or
something
like
that-
and
you
had
some
statement
like
that
or
whatever-
and
I
couldn't
my
question
is
just-
is
this:
what
you
is
this
the
topic,
or
is
this
on
a
different
topic?
The
issue
that
we're
talking
about
now.
D
A
Thread
that
I'm
referring
to
was
basically
observing
that
there's,
you
know
four
three,
three
or
four
types
of
claims
that
and
a
I'll
call
it
an
asserter
would
want
to
make
and
we've
we've
not
spent
much
time
sort
of
exploring
the
space,
partly
because
it's
out
of
scope
for
the
working
group,
but
by
defining
by
defining
an
endorsement
and
reference
value.
The
way
we've
done
it.
A
B
E
A
Sort
of
said:
hey
the
architecture,
even
though
it's
out
of
scope
for
the
working
group,
the
architecture
is
not
going
to
be
constrained.
It's
going
to
describe
this
other
this
other.
You
know
corner
of
the
diagram
because
it's
relevant
and
important
okay,
so
we
said:
okay,
let's
define
two
things
and
let's
not
worry
about
the
third
and
fourth
thing
right
which
wasn't
the
goal.
It
was
no,
we
want
to
open
it
up
and
say
there
are.
There
are
things
over.
B
A
B
B
B
A
B
A
Right
so
so
I
so,
I
originally
said
this
is
about
the
testing
environment's
capabilities,
which
we
all
agreed.
But
then
we
said
we
can't
use
that
wording
because
we
haven't
introduced
it
yet
yeah,
which
may
or
may
not
make
sense,
but
then
we
changed
it
to
a
tester.
And
now
the
question
is
well.
What
is
the
scope
of
the
attester?
Is
it
the
the
the
testing,
all
the
testing
environments
and
the
target
environments
given
a
composite
device,
or
do
we
are
we
just
waving
our
hands?
We
really
actually
meant.
E
B
The
thing
about
that
is
that
the
design
requirement
right,
it
kind
of
says
you'll,
do
x,
y
and
z
and
that's
all,
whereas
a
function
requirement
says
you'll
do
at
least
xo,
I
and
z,
and
if
you
do
something
else,
that's
great
as
long
as
you
don't
compromise,
x,
y
and
z,
right
and
and
so
so,
not
my
mind.
I
don't
think
that
doors
are
ever
closed.
That
way,
it's
always
open
to
vendors,
extending
things
and
just
a
question
of
whether
they
want
to
extend
them
in
in
or
or
protocols
protocols.
B
Yeah,
so
so
it
can
extends
blah
blah
blah.
So
so
in
that
mind
I
I
always
say:
unless
we
say
you
must
never
do
a
then
you
could
always
do
age.
It's
not.
It's
just
not
might
not
be
standard,
and
so
that's
why
I'm
I'm
worried
where
you
say
it
closes
the
door
whether
we
have
in
fact
closed
the
door.
We
just
haven't
made
it
obvious
that
it's
open.
B
B
D
B
Unless
we
say
do
not
do
it
right,
we
say
it's,
it's
verboten,
okay
to
do
something!
Then
it's
always
allowed.
It's
always
permissible
to
extend
the
architecture
either
in
a
subclass
as
as,
as
dave
so
eloquently
said,
or
in
some
other
specification
or
protocol
to
say,
and
we
also
do
blah
blah
okay,
but
that.
D
D
D
The
reason
for
the
reference
provider's
reference
value
provider
is
because
you
could
have
an
entity.
You
know
a
implementation
that
does
what
that
says.
Without
doing
what
the
endorser
part
says
or
is
that
that
was
the
also
part
it
says.
Well,
if
you
do
something
else
instead
and
not
also,
then
you're,
not
an
endorser,
if
you
don't
do
the
endorsing
part
you're
just
providing
reference
values,
you're,
not
endorsing
any
indian
tester
right,
you're,
saying
implementations
of
of
you
know:
sgx
are
supposed
to
look
like
the
following,
but
I'm
not
endorsing
anybody
else.
D
If
you
do
not
do
what
an
endorser
does
by
its
current
wording-
and
you
do
not
do
what
a
reference
value
provider
does
and
you
do
something
else,
that's
neither
of
those.
It's
not
like
you're
doing
one
of
those
in
something
else
too
you're
only
doing
something
else,
that's
neither
of
those.
Then
you
would
need
another
row.
I
agree.
B
E
B
B
To
do
it
in
this
document
at
this
time
in
this
working
group,
so
you're
allowed
to
go
and
violate
any
one
of
those
three
things
you
can
do
it
in
another
document
in
another
working
group
at
another
time
you
can
recharter
rats
to
do
this
later
right.
The
point
is
that
we're
trying
to
say
this
is
the
mouthful
that
we
want
to
bite
off
and
that
that
there's
significant
value
in
at
least
standardizing
those
two
interactions
between
those
three
parties
without
worrying
extensively
about
what
happens
behind
the
scenes
in
those
parties.
B
So
we
spend
a
lot
of
time
worrying
about
how
the
verifier
gets
its
world
set
up,
and
we
need
to
write
down
those
expectations
that
it
is
set
up
and
blah
blah
blah,
and
there
are
certain
things
we
can
do,
but
that
there's
many
ways
of
getting
there
so
a
certain
extent.
This
is
again
going
into
the
non-normative
text
of
how
do
you
know
verifiers
get
data
that
they
can
you
know
validate
or
how
do
they
know
what
to
validate
what
their
policy
is?.
A
Yeah,
so
it's
it's
help.
It
ends
up
being
it
ends
up
making
writing
your.
You
know
documents
a
little
bit
more
difficult
because
there
isn't
one
term
that
just
says
that
describes
the
that
you
can
use
to
refer
to
the
the
the
set
of
entities
that
might
exist.
The
supply
chain
chain,
you,
you
kind
of,
have
to
say.
B
B
A
B
A
A
You
know,
like
the
you
debug
state
claims.
If
those
claims
are
asserted,
if
they're,
if
they're
unchangeable
and
asserted
by
the
by
the
manufacturer,
then
you
wouldn't
expect
verify,
I
wouldn't
expect
to
just
to
have
a
matching
evidence
claim
for
it.
You
know
you
know.
Where
does
this?
It
seems
like
that
no
longer
fits
now.
We
could
someone
could
argue
well
if
you
sort
of
parse
this
very
carefully
and
okay,
so
you're
getting
back.
B
Into
what
I
just
said,
this
is
not
a
design
spec
right.
So
so
I
don't
know
how
the
verifier
works,
and
I
don't
think
it's
our
job
to
define
it
right.
We're
saying
the
verifier
is
expected
to
do
certain
things,
but
we're
not
telling
it
how
it
does
it,
and-
and
that's
where
I
that's,
where
we're
getting
into
the
the
thing.
B
E
B
So
so
we're
trying
to
enable
those
other
verticals
and
that's
why
it
seems
like
it's
murky
that
that
we
don't
know
what
it
does,
but
that's,
okay,
because
we're
expecting
them
to
to
write
something
else
there
and
the
problem
is
usually
when
people
think
try
to
treat
this
as
a
design
spec
and
they
get
into
trouble
because
they
realize
there's
things
that
aren't
standardized
and
they
they
and
we
can't
standardize
them.
So
I
want
to
leave
this
issue
open
ned,
because
I
want
to.
B
I
want
to
let
you
think
about
it
and
come
back
to
us.
Okay,
maybe
during
working
group
last
call,
maybe
it
will
be
a
good
conversation
as
to
whether
whether
it
belongs
here
or
whether
it
belongs
in
another
document,
and
I
I
would
like
to
have
that
conversation
on
the
list.
I
think
ideally-
and
I
wonder
if
we
can
close
the
other
get
to
the
other
tickets
before
we
lose
dave
in
three
minutes.
A
E
A
B
Here,
I'm
going
to
add
this
new
label.
True,
but
another
document
there
we
go
since
we've
done
this
more
than
once.
Okay,
so
I'm
just
going
to
leave
this
open
for
now
and
try
to
get
conclusion.
This
was
this.
Was
this
reference
values
we
discussed
and
now
we
have
two
issues
open
three
issues
open,
so
one
that
one
from
ned
and
two
from
lawrence.
So
what
I
would
like
your
blessing
is
to
format
the
document
as
it
is
and
post
it
this
afternoon.
D
E
No,
it's
very
asymmetric
gary
yeah,
please
I
I
I
started
a
blast
on
a
call
at
random
like
this
from
for
my
favorite
issue,
but
I
know
we're
going
to
last
call,
and
this
is
something
that
come
up
internally,
my
in
my
organization-
and
I
want
to
make
sure
that
we're
very
clear
that
the
document
says
it
gives
the
proper
guidance.
I've
had
a
lot
of
requests
to
overload
what
I
would
consider
attestation
evidence
with
what
I
think
belongs
in
more
generic
protocols
such
as
you
know
that
that
aren't
necessarily
related
to
security.
E
E
C
E
Especially
just
the
root
of
trust,
but
I
don't
know
if
the
independent
reader
necessarily
necessarily
come
to
that
conclusion.
So
right
now,
the
fido
alliance,
when
they've
tried
yeah
what
they've
done
is
they've
actually
included
additional
data
that
they
call
client
data
into
the
challenge
data
that's
presented,
for
instance,
through
tpm,
which
is
fine.
E
I
think
you
can
put
anything
you
want
to
in
the
challenge
data
as
long
as
it
does
as
long
as
it
prevents
a
replay,
but
I
don't
think
I
don't
think
that's
really
the
same
thing
as
saying:
oh
well,
I'm
extending
attestation
evidence
arbitrarily
you're,
not
you
know:
you're
you're,
just
you're,
just
refining
the
challenge
data.
So,
but
I
don't,
I
do
think
like
adding
claims
that
are
way
beyond
what
we
would
consider
attestation
evidence
you
know.
Is
you
know
we
to
me?
E
Okay,
let
me
let
me
put
it
to
you,
yeah,
okay,
let
me
see
if
I
can,
let
me
see
what
it
can
give
you
exactly.
Okay,
the
atta
the
attester
has
been
given.
You
know
a
a
time
stamp
is
a
time
stamp
related
to
that
that's
been
obtained
from
a
sub
system
that
has
nothing
to
do
with
the
target
of
attestation.
It's
basically
just
a
time
stamp
obtained
over
the
internet
somewhere,
but
it
says
I
want
to.
I
want
the
I'm
the
attester.
B
E
E
E
E
B
A
E
Here:
here's
what
I'm
saying
evidence
is
a
set
of
claims,
and
this
is
what
it
says
right
now
in
the
latest
draft
evidence
to
set
a
claims
about
the
target
environment
that
reveal
operational
status,
health,
configuration
or
construction
that
have
security
relevance.
That
last
phrase
is
important
to
me
that
have
security
relevance,
so
that
means
that
if
it
doesn't
have
any
security
relevance
like
your
example
of
like
okay,
is
it
a
full
moon
today
or
is
it
or
is
it?