►
From YouTube: RATS Architecture Design Team, 2020-07-07
Description
RATS Architecture Design Team, 2020-07-07
A
A
Yeah
I
think
it
might
be
because
I'm
logged
in
this
time
to
WebEx
I,
don't
know
general.
If
you
login
to
WebEx
it
breaks,
don't
log
into
weather
depend
depending
which
version
you're
using.
If
you
want
to
turn
your
camera
off,
you
should
push
the
button.
So
it
goes
red
or
don't
push
the
button.
So
it
goes
blue
I.
A
A
A
Yeah
there
was
a
there
was
a.
There
was
working
group
whether
it
was
a
big
debacle,
because
there
was
no
attendance
cap
on
on
the
design
team
meetings
and
there
was
a
lot
of
claims
that
certain
things
were
ignored
and
anyway,
a
number
of
papers
were
written
about
how
the
product
the
protocol
as
described,
couldn't
work
and
quite
a
number
of
people
said,
but
I
have
it
running,
and
so
it's
like.
A
A
Window
so
Dave
I
saw
that
you
reviewed
the
example.
Three
pull
requests
that
I
made
and
I
think
you'd
asked
split
that
up
and
so
I
just
merged
that
I
think
it
was
early
this
morning
and
then
I
rebased,
the
other
one
that
Hank
and
I
have
been
working
on,
which
was
supposed
to
have
that
one
removed,
but
because
the
way
it
does
it
stuff
it
looked
like
it
included
it
twice.
B
A
A
D
I,
because
we
talked
about
last
time
anyway,
we
had
a
conversation,
I
said
requires
a
suitable
reference
on
the
addition
of
it,
and
so
I
think
the
cleanest
thing
to
do
is
remove
it
and
leave
it
in
a
separate
branch
like
in
what
23
or
whatever
and
then
merge
123
once
there's
a
working
or
document
or
something
that's
a
side
of
a
reference.
That's
that
was
my
proposal.
This
shouldn't
be,
do
I
think
we
discussed
that
at
the
end
of
last
time,
but
that's
yeah.
A
B
A
D
A
And
and
then,
and
then
that
lets
us
put
up
a
document
that
has
only
sites
working
group
documents
or
other
stable
documents
and
then
Hank
I
think
you
want
it.
You
have
a
document
which
you
said:
what's
the
one
that
you
think
you
wanted
to
cite,
which
is
the
reference
interaction
Chara,
and
so
that
needs
to
be
on
the
agenda
to
be
adoptable
to
be
adopted
as
what
I
think
you're
telling.
B
E
F
C
A
D
A
A
10:57,
but
we
need
to
remove
it
from
here
yep,
maybe
it
understand,
so
you
just
want
me
to
remove
the
the
word
there.
Yeah,
okay,
I,
understand,
I,
understand,
I,
didn't
I,
just
I
I
thought
you
wanted
the
whole
line
to
go.
Nope
I
just
trying
to
put
the
line
back
the
way
it
was
before.
Okay.
So,
basically,
just
like
this
yeah,
you.
A
A
C
D
Yeah,
okay,
all
right
so
Williams
commas
seems
to
agree
with
Elliott's
comment
where
the
me,
during
the
calm
during
that
meeting,
that
we
had
last
time
which
isn't
the
new
text
is
incorrect
and
Elliott
had
suggested
an
alternate
wording.
But
why
don't
you
rephrase?
It
sounds
like
Williams
agrees
with
Elliott's.
A
D
A
G
G
D
D
A
G
A
Was
there
our
line
card
chassis
that
act
as
if
they're
multi
chassis
is
because
each
line
cards
essentially
stand
alone,
but
not
everyone?
Not
everyone
has
that
level
of
disconnection.
I
don't
know.
If
that's
the
right
word.
Autonomy.
I
guess
maybe
is
the
right
word
between
the
line
cards.
Some
are
line.
Cards
are
very
integrated
right.
They
they
they
don't
you're.
G
It's
the
problem,
the
reason
that
multi
line
card
still
matters
is
signing
from
a
TPM
isn't
gonna
matter.
If
it's
a
multi
line
card
or
multi
chest,
you
could
trust
a
thing
is
still
the
TPM.
So
fine
with
the
current
text,
I,
don't
know
if
it's
just
people
understand
it's
also
multi
line
hard,
but
it's
you
know:
I
have
no
problem,
including
an
or
multi-line
card.
You
just
make
sure
people,
let's.
A
Let's,
let's
go
forward
like
this,
and
and
let's
see
if
we
get
if
we
get
some
reviewers
who
are
not
among
this
group
who
then
say
well
dresses
apply
to
multi
to
line
card
scenarios,
then
we'll
come
back
and
assume
that
that
we
need
to
be
explicit.
Is
that
seem
like
a
reasonable
approach,
because
I
think
that
any
one
of
us
that
read
it
read
it
again?
We're
gonna
go
well.
Of
course
we
know
what
we
mean
right,
and
so
that's
where
I'm
I
just
kind
of
I
kind
of
want
to
avoid
I.
D
D
There's
a
couple
different
things:
diffuse
yeah.
If
you
look
in
Constantine's,
you
can
see
it
that
it
has
advanced
protocol
includes
right.
So
what
elevators
should
or
elevated
that
sometimes
to
a
must
and
agriculture
Pete
it
a
couple
things
like
you
know,
between
the
first
list
and
read,
96
and
the
bullets
are
repeated.
I
think
were
the
main
ones
that
the
main
technical
change
was
the
elevation
of
a
sometimes
to
unlost.
A
C
A
D
D
Some
redundancy
like
I,
had
both
confidentiality
and
privacy
protection
in
red,
and
that
is
now
just
an
encryption,
which
was
Kathleen's
term
right
and
things
like
integrity
is
the
one
that
we
said
was
problematic
in
the
old
text,
because
it
duplicates
line
995,
we're
talking
about
integrity,
protection
and
96,
hasn't
also
right.
So
it's
an
integrity
and
also
integrity.
So
that's
not
in
the
bulleted
list
right,
okay,
Kaleigh
Kathleen
did
add,
fine-grained
access,
controls
and
logging
in
line
with
current
threat
models
as
you're
at
those
two
architectures.
Those
are
Kathleen's
bullets.
A
B
D
D
C
A
A
D
D
The
reason
that
I
removed
authorization
is
because
I
think
the
whole
point
of
attestation
itself
as
a
type
of
authorization,
and
so
the
fact
that
it's
being
used
for
for
attestation
is
already
authorization
and
the
authorization
didn't
need
to
be
in
the
often
also
needs
to
support,
because
it's
got
a
little
point
of
it
is
to
do
an
authorization
check
and
which
is
what
anyway,
that's
my
rationale
for.
Why
do
we
did
that
bullet
so
so.
A
D
E
D
I'll,
repeat
my
rationale,
but
if
you
want
it
in
there,
you
can
put
it
back
in
I'm
just
explaining
why
I
out
as
it
this
list
isn't
a
list
of
often
also
so
it's
not
the
mandatory
list.
The
mandatory
list
is
the
is
the
first
one
which
is
integrity,
replay
and
integrity,
protection,
replay
prevention
right.
That's
the
two
mandatory
things
that
every
conveyance
protocol
has
to
do
that
or
it's
just
not
going
to
work
for
any
conveyance
mechanism
or
a
solution.
It
won't
work
for
a
remote
and
attestation.
D
The
authorization
is
a
decision
that
you
make
about
a
particular
action
right.
You're
you're
authorized
to
do
that
actually
or
not
authorized
to
do
that
action
I,
couldn't
think
of
anything
that
that
applied
to
other
than
whatever
it
was
that
you
were
trying
to
use
attestation
for
and
or
to
make
that
decision
turning
station
to
make
that
decision.
It's
not
in
the
also
list,
its
part
of
the
inherent
mandatory
lists
and
so
I
didn't
have
a
bullet
on
it.
So
it's.
A
D
D
D
A
But
the
point
is
that
that
you're,
you
may
be
looking
at
the
conveyance
protocol.
You
made
the
the
attestation.
The
evidence
may
be
signed
by
something
that
you
know
and
that
Ascenta
gates
it,
but
that
the
the
right
to
send
the
evidence
would
it
sell
is.
The
point
is
that
do
you
need
to
authenticate
just
be
allowed
to
send
the.
D
Evidence
so
I
was
erring
on
the
side
of
minimal
change.
You
can
see
red
nine
on
a
seven
was
also
in
the
in
mini
use
case.
You
can
see
additional
means
of
identification
or
authentication
was
not
in
the
previous
part,
and
so
I
erred
on
the
side
of
there
was
a
good
reason
for
it
before
it
seems
right
to
me
so
I
didn't
change
it.
When
I
did
the
merge
between
teeth.
A
Anyway,
you
know,
if
there's
additional
things
that
somebody
discovers
they
need
in
a
particular
use
case.
They
obviously
can
add
it
I
think
that
that
the
point
is
that
that,
if
someone
is
looking
at
conveyance
protocols,
they
need
to
ask
these
questions
right
here
and
if
there's
other
questions,
they
have
to
ask
fine.
But
if
it
fails
these
questions,
then
you
probably
should
be
saying.
Am
I
doing?
Am
I
in
the
right
place,
yep,
okay,
so
DNS
DNS
would
not
work
well
as
a
conveyance
protocol
based
upon
this
criteria
right.
F
D
D
D
D
A
D
D
Okay,
so
issues
so
I'm
gonna,
propose
109,
looks
like
it's
simple
I
haven't
right
at
all,
but
it
looks
like
it's
so
short
and
it's
just
dead
change.
This
words
to
these
words,
I,
don't
see
in
line
in
the
pull
request.
Well,
it's
so
simple.
It
seems
like
we
ought
to
be
looking
through
it
in
five
minutes
or
less.
D
B
D
E
D
E
B
D
D
It
says
if
I'm
look
at
the
right
paragraph,
a
second
approach
places
the
onus
of
timekeeping
and
that
that's
what
goes
before
the
dot
dot
yeah
and
that's.
This
is
the
right.
It's
that
one
using
nonces,
so
the
nonce
approach
places
the
onus
of
timekeeping
solely
on
the
appraising
it
easy
to
verify
thirty.
This
is
saying
you
that
the
supplying
entity,
meaning
whoever
supplying
the
evidence
you're
supplying
the
attestation
results
verify
relying
party
does
not
need
a
clock
at
all,
even
a
relative
clock,
necessarily
in
the
nonce
example
and
the
protocol
initiator.
D
Since
we
don't
make
any
comments
about
the
protocol,
the
protocol
could
be
initiated
from
either
direction
right
so
like
in
the
yang
mechanism,
that's
initiated
by
the
let's
say
the
verifier,
for
example,
right
and
not
fought,
and
it's
not
initiated
by
the
wrong
card
according
to
tester.
So
the
original
paragraph
was
trying
to
be
agnostic
as
a
conveyance
protocol,
because
different
conveyance
protocols
are
initiated
by
either
aunt.
So
we
can't
say
which
one
is
the
initiator
right.
A
E
A
So
one
of
the
one
of
the
things
as
always
make
a
pull
request
rather
than
an
issue,
because
then
we
can
see
that
you
could
put
some
text
around
the
whole
thing.
Okay,
so
this
is
as
far
as
I
got
I
think
it's
a
correct,
I'm,
sorry
that
the
I
guess
I've
reformatted,
some
things
that
I
didn't
need
to
so
I
might
be
able
to
undo
that.
D
D
B
D
G
D
Green
text
I
think
it's
wrong
because,
because
in
many
conveyance
protocols
right
the
protocol
initiator
is
the
ax
tester
and
the
whole
point
is
that
there's
no
burden
on
the
attesa
of
having
a
clock
in
the
first
place,
because
the
tester
doesn't
generate
any
ounces,
it
only
consumes
nonces
and
repeats
them
back.
So
doesn't
it
o'clock,
and
so
it's
a
protocol
initiator
and
it
has
not
having
any
time
keeping.
So
that's
what
I
mean
by
drinking
so.
D
A
D
E
D
E
A
A
A
B
D
D
Okay,
maybe
she
just
I,
think
I
didn't
write
this
text,
but
I
say
what
it's
trying
to
say:
cuz
this
isn't
the
two
types
of
environments
right
says:
there's
a
testing
and
target
environments,
and
it
just
starts
off
talking
about
execution,
environments
right
and
she's,
saying
that
you
can't
just
assume
that
you
can
do
it,
but
once
you
can
do
it,
then
you're
called
in
a
testing
environment
does
the
intent
right,
and
so
it
says:
well
an
arbiter.
You
know
an
arbitrary
one.
D
It's
not
necessarily
capable
of
you
know,
measuring
something
else,
but
things
that
are
are
called
in
testing
environments,
those
the
ones
that
are
specifically
designed
to
do
the
measuring
right.
That's
the
intent
of
that
text
as
I
understand
it
and
she
finds
the
wording
confusing
and
maybe
there's
a
clearer
way
to
say
that.
B
D
A
D
A
D
A
D
A
E
B
D
D
The
testing
environment
is
a
place.
These
and
other
processors
were
not
necessarily
designed
with
claims
in
mind.
If
you
can
help
to
explain
the
testing
environment
better
outstations,
the
following
text
is
a
little
confusing,
in
particular
the
last
sentence,
and
so
then
she
quotes
two
sentences,
and
so,
when
she
says,
is
a
little
confusing
in
particular,
the
last
sentence
right.
A
A
D
A
D
B
D
D
A
D
B
B
B
Software
identities,
the
scope
of
escape
2.0
escape
as
the
security
content
automation
protocol,
as
advocated
by
the
US
government,
so
Rowley
is
literally
an
atom
roll
and
it
has
some
filters
to
it
and
there
are
some
new
interaction
qualities
to
it.
But
it
is
not
a
full-fledged
protocol
for
remote
no
station.
You
can.
B
B
B
A
D
A
A
D
Yeah,
it
can
be
any
new
in
this
diagram.
The
protocol
between
them
can
be
any
new
or
existing
protocol,
HP
yeah,
so
yeah
right
so
in
the
eg
htps
coeptis
aims
to
annex
OPC,
way,
etc,
and
in
this
sector
last
10.
It's
common
formats
include
j
WT
ce
WT
s
next
to
an
certificates,
I,
don't
know
which
one
of
those
two
is
she
referring
to
is
I.
B
D
D
B
D
D
That
the
figure
talks
about
a
relationship
to
which
remote
access
Asian
is
that
I
was
hired
to
be
added.
This
is
showing
without
attestation.
It
looks
like
this.
Oh
sorry
and
then
it's
saying
and
then
you
can
add
it
by
doing
X,
Y
or
Z
or
whatever,
but
this
is
like
the
before
picture,
not
the
after
which.
D
D
G
A
D
Profile
systems,
as
well
as
the
user
behind
that
system.
Alright,
the
first
sentence
and
the
privacy
considerations
says
the
conveyance
of
evidence,
nodes
open.
The
annotation
results
revealed
a
great
deal
of
information
about
the
internal
state
of
a
device
right,
and
so
you
could
say
something
like
about
the
internal
state
of
a
device
as
well
as
potentially
about
the
user
running
on
that
device
user.
You
know
the
user
is
using
that
device,
for
example,
as.
B
B
D
B
D
I
think
your
point
Hank
was
about
what
application
you
may
have
installed.
So,
for
example,
if
I
attest
that
your
phone
has
a
glucose
tracker
application
on
it,
right,
I
can
identify
information
about
the
user
right,
diabetes
or
something
right
and
then
I
can
narrow
down
what
you
heart
is
sorry.
Okay,.
B
E
But
it's
I
think
it's
the
case
that
that
the
target
environment
is
the
is
where
your
it
is.
Where
all
of
these
use
case,
consideration,
play
and
they're
already,
they
already
have
whatever
their
privacy
implications
are,
but
well
attestation
is
doing,
is
providing
greater
assurance
that
the
target
environment
is
doing
what
it
is
doing,
and
so,
if
it's
authenticating
the
user,
because
it's
a
tight
binding
between
the
user
and
the
device,
its
authenticating,
that
that
it's
improving
the
assurance
that
that
is
the
case.