►
From YouTube: RATS Architecture Design Team, 2021-04-16
Description
RATS Architecture Design Team, 2021-04-16
A
Okay,
okay,
so
you
haven't
worked
on
any
additional
ones,
but
did
you?
How
are
you
feeling
about
the
ones
we
have.
B
We
can
go
over
them,
but
I
still
have
the
one
that's
assigned
to
me.
That
would
probably
take
me.
You
know
half.
B
C
B
B
A
Okay,
all
right,
let's
give
it
another
minute,
see
who
else
we.
B
B
The
tab
that
you
have
open
right
now
have
you
had
it
open
for
a
while,
because
I
think
hank
actually
responded
to
the
comment
that
I
have
up
yeah.
He
did
in
the
last.
B
A
I
I
think
it's
close
enough
that
I
would
go
with
either.
I
don't
really
care.
I
just
like
to
have
the.
A
A
B
B
A
All
right:
well,
let's
just
continue
on
this
next
tab.
I
have
open.
This
was
the
other
half
of
another
part
of
352
325,
rather.
D
B
No,
I
I
would
keep
one
or
the
other.
I
would
probably
just
keep
379
and
not
have
380,
because
if
you
look
at
the
red
text,
the
red
text
didn't
have
380
380
is
a
sub
case
of
379
right
obtained
from
the
verifier
owner
could
be
across
a
protocol
or
by
manually
typing
it
in
both
of
them
are
different
ways
of
obtaining
it
and
configuring
it
as
one
of
those
two
cases.
So
so
you
either
have
to
change
379
to
be
disjoint
or
remove
380.
A
I
don't
feel
strongly.
I
kind
of
like
the
word
configured,
but
so
you
would
say
or
configured
is
what
you
would
say.
Well,
let's
look.
A
B
B
Yeah,
I
was
gonna
say:
let's
look
at
the
red
text.
If
we
can
okay,
so
the
red
text
says
it
might
be
obtained
from
an
endorser
along
with
the
endorsements
or
via
some
other
mechanisms
such
as
being
configured.
Okay,
so
I'd
say,
there's
two
ways
to
do
it.
B
You
can
either
delete
380,
but
you
kind
of
like
that,
and
so
the
other
way
to
do
it
is
change
379,
to
clarify
that
that
is,
you
know
a
via
some
protocol
right,
because
both
379
and
380
are
getting
it
from
the
same
party
right,
which
is
the
verifier.
C
B
Yeah,
that
would
no
doubt
you
can
keep
the
second
line
yeah.
Oh.
A
B
A
B
B
A
B
I
think
it's
easier
to
just
say,
or
in
all
three
places,
all
three
places,
so
all
three
places
become
or
yeah
that
I
think
that's
what
ned,
which
I'm
sorry
what
hank
was
implying,
and
I
agree
that
that
reads
better.
B
B
I
have
to
refresh
all
right,
so
the
red
only
upper
head
might
be
in
the
tense
and
380
to
381
has
is
so,
which
those
should
probably
all
be
might
be
just
to
keep
the
same
verb
tense.
A
B
A
Now
is
there
here
also,
you
should
say,
via
some
protocol.
B
A
B
The
only
difference
between
the
two
that
I
see
is
379
probably
needs
a
comma
at
the
end
to
match
388
otherwise
yep
they
look.
They
look.
A
A
B
A
A
B
B
B
B
B
Okay,
so
start
addressing
hank's
comments,
hopefully
after
addressing
his
I'll,
be
able
to
review
that
center
understand
the
sentence
better.
A
B
A
A
B
Okay,
but
there's
more
than
one
tested
environment
in
the
evidence,
there's
a
whole
like
well.
A
B
Understand
why
is.
B
Okay,
okay,
now
we're
getting
closer
if
access
to
the
keys
used
for
assigning
evidence.
Okay,
so
all
right
now,
I
think
I
understand
the
intent
of
that
sentence.
That's
helpful!
Thank
you
for
those
fixes
that
was
just
grammar
if
and
was
don't
match.
B
So
I'm
trying
to
find
a
simpler
way
to
phrase
that
it's
either
it
becomes
is
not
well
normally.
It
would
be
if
and
were
right
would
be
the
normal
way
to
do
it.
The.
D
B
B
Simple,
I
wonder
if
we
can
combine
that
with
the
previous
sentence,
for
example,
if
the
previous
sentence,
would
they,
where
the
comma
is
sorry,
what
the
period
is
right
now
at
the
end
of
1313?
B
Can
you
make
one
other?
Can
you
insert
a
comma
before
to
prevent?
I
think
when
I
said
it
out
loud,
I
said
time,
or
at
least
I
meant
to
maybe
I
said
it
at
my
head.
B
A
D
B
Okay,
how
many
issues
we're
down
to
now?
Just
out
of
curiosity,
sir,
hang
on
this
one
just
got
closed.
B
Okay
issues,
all
right.
B
Is
this
the
one
that
we
had
open
comments
on
or
not?
I
can't
remember,
or
is
this
a
new
one
that
I
haven't
reviewed.
A
A
B
B
A
I
thought
we
had
a
conversation
during
a
working
group
meeting
or
something
like
this.
Okay,
and
we
had
the
the
discussion
about
whether
or
not
these
handles
had
confidentiality
requirements
or
even,
if
I
wasn't
even
sure
if
they
had
integrity
requirements.
B
Here
my
comment
was:
I
think,
that
the
section
that
I
linked
to
already
discusses
those
things
and
the
question
is:
were
there
any
gaps
in
that
section,
because
I
think
when
it
came
up
during
whatever
reading
it
was,
it
might
have
been
the
teat
meeting.
I
don't
remember,
we
didn't
have
that
text
on
the
screen,
and
so
it
could
be
that
all
the
comments
are
things
that
are
already
addressed
in
the
document.
B
A
B
A
Kind
of
find
annoying
that
browsers,
don't
tell
you
when
they
can't
find
that
they
just
drop
you
at
the
top
of
the
documents.
When
there's
no
valid
in
document
link.
B
Okay
is
now
the
section
is
called
epic
id
based
attestation.
The
link
changed
when
we
did
the
handle
the
epic
id
rename.
B
B
And
so
the
third
paragraph
was
the
one
that
says:
integrity
is
important,
so
does
the
fourth
one
unless
should
be
at
least
integrity
protected,
and
there
is
no
discussion
of
confidentiality
because
we
never
had
a
reason
to
mention
confidentiality
of
them.
They
could
be
public.
A
B
A
A
That
didn't
work,
oh
I
see
so
look.
I
have
the
section
here
and.
A
B
B
A
A
B
Okay,
so
if
you
give
me
two
or
three
minutes
here.
A
A
D
D
Yeah
several
right,
multiple
prepositions
and
then
is
necessary
in
order
to
you
know
it's
just,
and
I
don't
know
what
it
is.
D
A
A
So,
for
instance,
let's
say
that
you
there's
a
phone
going
down
an
assembly
line
and
there's
a
key.
That's
been
that
that
the
manufacturer
has
to
sign
in
order
for
the
the
which
will
be
used
as
an
attestation
key
right.
A
So
the
key
from
the
testing
environment
is
being
signed
and
the
attacker
is
able
to
substitute
another
public
key
whose
private
key
they
can
control,
which
then
means
that
they
can
make
up.
Evidence
about
the
device
which
will
be
will
be
believed
because
it's
been
signed
by
the
manufacturer
right.
A
D
A
B
A
B
Okay,
so
the
top
comment
on
your
screen
is
that
we
have
like
four
paragraphs
on
the
case
where
it's
constructed
outside
the
device
and
provision
in
this
in
the
device
and
then
suddenly
we
start
talking
about
the
case
where
it
comes
out
of
the
device
and
it's
not
clear
that
we're
transitioning
into
a
second
case
there
right
where
the
red
text
said
another
way
to
provision
key
material
was
kind
of
the
the
bridge.
So
we
needed
something
like
that,
or
else
we
need
to
create
two
different
subsections,
which
might
be
clear.
B
I
I
would
much
rather
make
it
be
more
obvious,
because
I
think
an
astute
reader
should
be
able
to
conclude
for
themselves
that
having
it
be
generated
by
the
device
itself
is
inherently
more
secure.
A
There
are
people
that
actually
dispute
that
point
and
that's
because
of
the
based
upon
their
com,
their
their
their
their
skepticism
as
to
the
random
the
quality,
the
random
number
generator
and
there's
apparently,
evidence
come
from,
for
instance,
taiwan,
where
they
had
several
million
private
keys
compromised
due
to
random
number
buttons.
So.
B
I'm
not
suggesting
we
create
any
value
statement
in
here
right,
but
I
just
wanted
to
make
it
be
obvious
that
we're
actually
covering
two
different
mechanisms
that
there's
different
paragraphs
about.
A
B
A
B
Okay,
we
just
walked
through
a
bunch
of
stuff
and
when
you're
doing
that,
then
blah
blah
is
like
well,
no
we're
talking
about
something
else.
Now.
B
B
Okay,
keep
scrolling
up,
keep
scrolling
up,
keep
scrolling
up.
I
say
you
have
to
expand
upwards.
Okay,
all
right,
beginning
of
the
section
here:
okay,
one
way
to
provision
chemistry,
1327
right!
So
that's
what
introduces
there.
So
we
can
either
create
a
another,
deeper
section
heading
right
there,
because
all
the
text
from
1327
down
to
the
line
that
I
commented
on.
B
B
B
Okay,
because
I'd
done
comments
on
the
old
version,
and
I
have
to
try
to
find
them
so
I
can
see
if
the
new
version
addresses
my
comments.
I
can
call
it
up
on
my
machine.
B
What
what
was
the?
What
was
this
line?
Number
you
guys
were
editing,
1342.,
okay,
thirteen,
forty
two
okay,
so
I
had
comments
on
yeah.
D
A
B
A
D
A
D
A
Think
so,
yeah,
I
don't
think
and
and
and
there's
also
the
hybrid
case
when
what's
actually
generated
on
device,
is
a
symmetric
key,
which
is
these
deterministically
to
generate
the
other
pieces,
and
that
has
some.
B
And
I
can
imagine
other
weird
hybrids
like
on
the
factory
floor.
You
actually
have
an
additional
entropy
source
by
you
know
attaching
some
entropy
source
to
a
pin.
You
feed
it
a
random
number
and
then
it
generates
a
key.
That's
different
from
your
random
number
and
just
uses
that
as
one
of
the
seeds
right,
and
so
you
never
get
the
a
private
key
out
of
there.
But
you
have
an
external
source
of
entropy.
That's
not
chipped!
Right.
D
D
A
A
Which,
which
row
are
you
on?
Well
I'm
trying
to
to
add?
I
was
trying
to
add
a
header
heading
here
which
had
to
go
up
here,
which
I
couldn't
edit.
Whatever
you
did.
It
says
refresh
now
at
the
top.
Oh
it
does
that
took
it
a
while
to
there
we
go
yay.
A
I
was
just
listening
to
a
talk
yesterday
about
from
a
github
person
about
issues
they
have
with
writing,
with
delays
between
right,
sending
updates
to
their
writing
shard
and
the
replication
to
their
reading.
Shard.
A
A
B
A
B
A
The
concept
is
that
that
an
attacker
managed
to
get
a
public
key
that
they
control
signed
by
the
manufacturer
rather
than
or
in
addition
to
a
key
which
is
actually
properly
protected
in
the
device.
Okay,.
D
A
B
So
it's
not
quite
integrity
of
the
chain
of
the
of
the
public
key.
It's
not!
I
think,
that's
probably
the
wrong
phrase,
because
you're
not
trying
to
say
there's
anything
wrong
with
endorsing
that
public
key.
What
you're
trying
to
prevent
is
endorsing
additional
keys
all
right
well,.
B
A
On
the
other
hand,
you
can
you
maintain
the
integrity
of
the
channel,
which
is
a
different
concept,
but
has
the
same
effect.
D
A
But
that's
not
not
if,
if
what
you're
saying
is
that
there
is
a
a
challenge
response
process
within
the
signing
process,
then
that's
that
can
be
the
that
can
be
a
useful
way
to
do
it.
But
the
problem
is
that
the
public
key
is
not
was
never
trusted.
In
the
first
place,
all
right,
I've
read
this
three
times.
B
A
A
D
Yeah,
it
makes
sense
to
think
about
it,
but
yeah.
It's
fine.
B
It's
a
question
right
now.
It
says
most
ensure
that
only
attestation
key
material,
that's
generated,
is
established
in
a
testers
right
now.
It's
worded
as
if
every
use
case
inherently
must
have
an
endorser
role.
Someplace
and
my
question
is:
I
wonder
if
that's
too
strong,
if
there's
some
use
cases
that
you
still
put
attestation
keys
there,
even
though
you
don't
have
an
endorser,
and
I
don't
know-
and
so
I'm
just
wondering
if
we
want
some
wiggle
room
here.
C
B
Right,
yeah
you're
right
and
we
actually
do
cover
that
in
a
sentence
elsewhere
in
the
document
right.
So
if
you're
like
a
a
maker-
and
you
only
make
six
devices
and
you're
going
to
use
them
in
your
own
facility,
exactly
you
don't
need
an
endorser.
You
just
put
all
six
of
the
public
keys
in
your
verifier
and
say
I'm
gonna
trust
just
those
six
keys.
So
I
don't
need
an
endorser.
So
it's
right.
B
B
What,
if
you
just
say,
only
valid
attestation?
Key
material
is
established,
in
other
words,
you
put
the
word
valid
after
only
and
then
delete.
The
that
is
phrase
would
be
my
suggestion
that
only
valid
attestation
key
material
and
then
that
is
and
so
validation
key
material
is
established
in
the
testers.
B
B
A
B
A
About
one
that
one
sounds
good:
okay,
so
we're
going
to
meet
next
week.
C
C
A
Well,
since
I
haven't
read
it
in
at
least
a
month,
I
mean
either
I'm
going
to
suggest
that
we
we
we
take
that
as
a
to-do
item
to
either
dismiss
it
or
finish
it
for
by
next
week,
and
so,
if
you
think
that
we
need
to
do
something
with
it,
then
let's
please
have
some
comments
about
it.
A
I'm
remembering
that
that
part
of
the
issue
was
that
you
look
at
the
pull
request
related
to
it,
that
we
had
a
problem
with
the
extent
to
which
it
was
rewritten
and
that
it
was
not
laurent,
because
it
missed
some
things,
and
it
was
not
lawrence's
intention
to
admit
to
remove
those,
but
he
he
also
hasn't
added
the
pieces
back
in
that
we
thought
we
needed.
So
I
would
say
that
either
somebody
rewrites
it
with
his
with
adding
whatever
it
is.
A
Some
people
that
thought
that
that
there
was
no
problem,
that
he
wasn't
fixing
a
problem
and-
and
I
only
liked
it
because
it
added
more
blank
lines.
A
B
C
A
better
informed
opinion
about
this
next
time
and
then
you
can
make
that
go
away.