►
From YouTube: RATS Architecture Design Team, 2020-06-26
Description
RATS Architecture Design Team, 2020-06-26
A
Greg
you've
been
on
a
bunch
of
calls,
but
you
could
introduce
yourself
again
if
you
like,
not
seen
dave
yet
or
hank.
Oh
hank
is
here.
B
Yeah
I'm
greg
costell.
I
work
at
microsoft.
I
work
with
dave
thaler.
In
the
last
six
months,
I've
been
working
on
the
microsoft
attestation
service
in
azure.
C
But
in
an
entirely
different
area
in
in
microsoft,
research
working
on
security
and
privacy
topics
right
now
within
a
particular
focus
on
iot,
but
it's
industry-wide.
D
Hi,
this
is
bill
solton
with
cisco,
I'm
in
in
our
security
and
trust
group
representing
cisco,
also
at
trusted
computing
group
in
a
couple
of
the
work
groups.
A
E
Here's
an
interesting
fact
about
webex,
which
which
I
believe
to
be
true.
I
I
know
that
people
have
shouted
out
in
the
past,
but
they
kind
of
tweak
the
user
interface
all
the
time.
So
you
don't
get
used
to
it,
and
that
keeps
you
a
lot
more
rare
to.
A
Dave
yet
and
there's
a
couple
other
regular
suspects,
ned
that
I
don't
see
yet
so
I'm
not
jumping
up
and
down
to
start,
but
let's,
let's,
let's,
let's,
let's
start
on
some
stuff.
So
one
of
the
items
that
I
think
was
open
last
time
was
the
hardware
watchdog,
we're
gonna
we're
gonna,
give
people
a
chance
to
read
it.
A
A
A
Good
we're
missing
dave
at
this
point
and
I
I
I
hope
he
understood
we
were
meeting
today,
but
I'm
not
sure
he
did
in
the
end
after
all,
but
let's
try
to
make
some
progress
without
him.
Any
objections
to
the
hardware
watchdog
case.
F
A
I'm
going
to
oh,
we
have
a
conflicting
files
now
all
right,
so
that
has
to
be
remerged.
Okay.
So
let's
talk
about
this
is
that
item?
So
let's
not
talk
about
that.
Those
proposed
checks
is
106.
F
F
So
I
think,
of
course,
yes,
it
is.
This
is
a
little
bit
aligned
with
hannes's
comment.
Do
we
really
need
all
this
and
I
think
dave
and
some
other
participants
established
last
time?
Yes,
that
we
need
that,
but
this
is
a
comment
because
it
was
in
kathleen's
list
of
first
batch
of
yeah
basically
feedback,
so
it's
here,
but
if
it's
not
contested,
I
would
still
assume
that
this
is
needed
and
therefore
the
answer
is
yes.
A
Right
all
right,
so
next
issue.
So
first
let
me
come
back
and
ask
whether
we
have
everyone.
We
need
to
make
some
progress
on
freshness
and
time
reorganization.
I
don't
see
any
up.
If
you
press
e5,
you
will.
F
A
F
The
contentious
stuff
is
actually
the
the
table
above,
so
the
text
is
now
better
using
the
table,
so
there's
additions
to
the
table
in
in
one
of
the
combats
yes,
that
is
it
so
so
this
is
the
contentious
stuff.
There
is
a
test
awareness
year
and
dave
was
not
sure.
If
that
is
required.
F
F
So
the
thing
is
that
he
said
that
everything
that
is
associated
with
the
timestamp
here
is
at
some
point
conveyed
over
the
wire
or
the
internet
or
whatever,
and
that
is
effectively
not
the
case
because
at
the
very
least
value
generation
is
not,
and
so
because
only
it
processed
internally,
it's
also
only
processed
internally,
but
without
him
I'm
not
sure
we
can
move
this
forward.
Actually.
E
Oh
yeah
yeah,
absolutely
you
know
when
you
have
a
central
time
generation
or
a
key
that
can't
be
distributed
until
a
certain
time.
So
this
is
similar
to
tuta,
but
just
the
idea
that
the
attester
can't
become
aware
of
something
because
they
don't
have
any
possible
way
to
get
the
nonce
until
a
certain
date
or
a
certain
time.
F
F
F
Seems
weird
yeah,
so
I
think
I
think
that
is
something
yeah.
So,
for
example,
I
think
also
evidence
relate
is
not
the
terminology
we
use.
I
think
it's
evidence
conveyed,
but
these
are
myths.
These
are
other.
I
think
there
should
be
another
editorial
pass
over
the
table
that
fixes
the
description
language
by
not
altering
its
meaning
and
also
the
names
here
event
names.
That
is
all
not
to
the
point
here
right
now.
I
think
it
is
more
about
the
contested
contentious
content.
F
That
is
a
a
and
I
think
there
is
a
use
case,
and
I
think
eric
was
agreeing
with
that
right
now,
but
but
so
most
certainly,
I
think
that
it
is
sometimes,
for
example,
for
boot,
integrity
and
runtime
integrity,
but
times
between
value
generation
and
evidence
generation
is
is
huge,
and
that
has
an
impact
on
the
meaning,
of
course.
F
A
Well,
I
don't
have
a
problem
with
putting
tags
into
the
document,
particularly
now
that
we
think
we're
going
to
need
in
in
in
a
protocol
definition,
but
it
turns
out
if
it
turns
out,
we
don't
need
it
well,
we
take
it
out
of
the
document
at
a
in
a
future
revision.
A
That's
the
difference
between
proposed
standard
and
internet
standard.
After
all,
so
I
don't
have
a
problem
with
with
it
and
if,
if
I
hear
a
couple
people
saying
that
they're
happy
with
the
that
thing
with
having
it
there,
if
the
text
is
not
perfect,
I
think
we
should
still
merge
it
at
this
point.
A
Fix
it
again,
and
we
have
a
working
group
last
call
that
has
to
start
very
soon
so
that
if
someone
really
objects
to
it,
then
that
will
come
out.
A
A
F
That's
super
quick,
I'm
actually
helping
ben.
Sometimes
so
that's
funny,
yeah.
Okay,
I
think,
for
the
sake
of
the
time
we
can,
if
there's
no
objections
here,
we
can
merge
it
now,
but
I
don't.
I
think,
because
I
wrote
it,
but
there's
any
opinion
about
this.
So
literally
that
would
be
like
bro.
A
Let's,
okay,
so
what
about
freshness
can
we
do
anything
with
that
today?.
F
A
F
But
I
think
it
right
now:
we
text
you
scroll
by
a
comment
from
thomas.
Maybe
we
go
back
up
and
address
that.
F
A
H
Here
think
I
I
don't
think
the
second
is
very
good.
I
went
to
cause
the
remote
attestation
protocol
initiator.
Is
it
well
well,
this
be
too
complex.
G
A
I
I
really
don't
quite
understand
the
problem
in
the
first
place,
so
I
think
that
the
point
was
that
the
attester
can't
cover
the
case
where
the
relying
party
sends
the
nods-
and
he
says
you're
right-
it's
not
limited
to
the
attester,
but
the
solution
doesn't
seem
to
be
right,
so
he's
offering
us
two
solutions
and
might
be
suitable.
For
example,
in
the
case
the
attester
does
not
have
does
not
have.
I
guess,
then
it
goes
to
relying
have
a
reliable
clock.
F
This
is
not
basically
to
the
point.
H
I
think
the
second
part
is
isn't
from
my
my
comment.
The
first
part
can
the
first
situation.
You
know
he
suggests
to
add.
For
example,
I
think
this
can
address
my
comment
and
the
second.
I
don't
think
it's
from
my
comment.
I
think
it's
his
own
comment.
F
A
Most
right,
so
so
it's
just
puts
in
the
the
the
first
point
is
we
just
put
in,
for
example,
I
I
understand
that
now
it's
very
hard
for
me
to
see
that
that's
all
he
did
on
there.
The
second
phrase
where
it
says
solely
on
the
praising
it
either
verifier
or
evidence
solely
on
the
remote
attestation
protocol
initiator,
so
he's
suggesting
that
instead
of
saying
the
the
verifier
that
we
have
to
say
this,
and
I
think
it's
not
an
improvement.
A
Okay,
so
just
do
do
you
want?
Does
anyone
want
a
chance
to
read
through
this
block
of
text,
or
do
you
think
we've
been
through
this
enough
times.
F
F
Actually
match
this
gift,
I
think
capture
the
example
proposal
of
thomas
in
one
item
here,
because
it
will
be
lost
in
close
pr
space,
just
merchant
or
so
raise
another
issue
on
this
item
after
we
have
merged
it,
so
that
we
can,
we
will
not
and
thomas
is
a
propos,
an
example
here.
H
F
Here
today,
that
is
really
we
tried
to
somewhere.
I
don't
know,
there's
someone
from
microsoft
here
that
is
working
with
with
dave.
Do
you
know
why
it's
blocked.
G
F
A
A
A
F
Something
is
lawrence
on
the
call,
I
think
so.
Okay,
then
lawrence
the
cpr,
probably
we
gonna
do.
A
All
right,
so
we
need
to
figure
something
out
all
right,
so
I
believe
dave
did
figure
out
that.
Oh,
we
have
other
changes
to
freshness
crap.
A
A
B
I
raised
number
92
a
handful
of
three
weeks
ago,
or
so
I
don't
know.
If
there's
any
discussion
on
it,
I
was
not
around
for
any
meetings
where
there
were.
A
Conversation
with
you,
yeah,
hey.
We
talked
about
this
actually
on
tuesday,
so
I
remember
what
we
did
with
it.
What
do
we
talk
about
this?
This
became
a
okay,
so,
first
of
all
we
did.
We
did
create
an
issue
in
eat
based
upon
this
text.
It's
somewhere.
A
I
I
guess
I
get
confused
by
this.
My
michael,
why
are
these?
If
so,
would
is
so?
Would
the
verifier
create
an
attestation
on
behalf
of
its
own
security
state
and
just
happened
to
append
the
attestation
evidence,
along
with
it
or
just
be
carrying
devastation
evidence,
as
kind
of
like
a
a
blob,
a
an
opaque
payload,
fully
signed
and
on
to
the
relying
party
you
know,
for
you
know
as
part
of
this,
it
wasn't
really
clear
to
me:
what
was
the
intention?
B
I
I
I
created,
I
created
the
issue,
not
responded,
or
I
wasn't
present
when
all
the
responses
happened.
B
A
D
B
I
I
was
looking.
I
was
essentially
looking
for
a
little
more
ammunition
before
I
went
to
eat
I
wanted.
I
was
looking
for
the
architecture
spec
to
clearly
state
that,
if
appropriate,
right,
you
know
that
verifiers
may
have
to
act
as
attesters
to
relying
parties
and
once
that
was
clearly
stated,
then
go
to
eat
and
say
you
know:
do
you
have
any
guidance
on
on
how
we
want
this
to
kind
of
be
standardized
or
not?
I
mean
that's
a
very
real
thing
that
we
do
in
that.
A
And
I
think
that
that's
where
we
took
your
topic
one
and
two
right:
we
understood
that
that
was
maybe
the
case,
and
then
we
sought
thought
the
topic.
Three
was
more
about
the
the
mechanics
of
how
does
this
work.
I
Yeah
and
so
okay,
so
just
kind
of
as
a
meta
comment,
you
know
it's
one
thing
where
they,
where
the
attester
communicates
and
attestation.
Sorry,
not
the
the
verifier,
communicates
an
out
of
state
station
token
on
its
own
behalf
to
the
relying
party
and
that's
fine,
I
think,
that's
a
perfect
legitimate
use
case.
The
verifier
is
basically
verified,
confirming
its
security
state
to
the
relying
party,
so
the
lying
party
can
trust
it.
I
It's
another
thing
when
the
test
of
when
the
verifier
conveys
the
attestation
evidence
from
whatever
the
remote
device
is
in
the
context
of
an
eat
into
to
the
relying
party
that
almost
seems
like
embedding
a
protocol
on
top
of
the
within
the
attestation.
Token,
that's
not
that's,
maybe
a
little
bit
beyond
scope,
I
would
say:
yeah
go
ahead.
E
E
So
I
think
that
that
if
you
want
an
example
of
how
that
is
relevant,
then
you
know
I'll
post
it
here
to
the
to
the
issue
as
well.
But
this
is
an
example
of
how
to
how
a
vector
from
attestation
results
might
include
the
information
being
described.
In
this
example,.
I
All
right,
I
mean
I'll,
take
a
look
at
that
error.
I
think
that
I
think
the
thing
you
know
I'm
like
I
I
assume
one
model
would
be
that
the
verifier
would
first
convey
its
security
state
to
the
relying
party
and
then
the
verifying
relying
party
would
establish
a
secure
channel
between
the
between
each
other.
Then,
after
that,
the
verifier
would
just
send
out
a
station
evidence
by
itself
over
to
the
over
to
the
lying
party,
but
yeah.
E
There
could
be
other
ones
yeah,
there
are
other
models,
and
one
of
the
reasons
you
might
do
this
is
the
attestation
results
might
be
a
one-time
event
which
gets
signed
and
then
stored
on
the
attester
to
be
forwarded
over
later
to
the
to
the
relying
party.
So
the
idea
of
having
to
build
a
secure
channel
later
either
might
not
be
an
option
or
it
might
not
be
scalable
for
the
solution.
E
So
the
idea
of
adding
extra
information
on
the
attested
results
that
includes
some
of
the
original
evidence
is
a
valid
means
to
scale
the
verifier
quite
well.
I
B
Yeah,
I
I
think
from
my
perspective,
the
the
the
first
part
was.
I
was
just
looking
for
text
and
I
still
haven't
seen
it
in
the
doc
that
basically
use
the
word.
You
know
when
talking
about
establishing
trust
with
the
relying
party
you
know
use
the
verbiage
of
of
of
giving
it
no
I'll
miss
my
terms
here,
the
the
let
me
find
my
architecture,
diagram.
B
The
evidence
right
the
that
attempt
that
a
tester
would
give
and
yeah.
Thank
you,
the
so.
The
the
the
text
in
the
in
the
trust
bottle
section
of
the
dock
when
it's
talking
about
establishing
trust
between
the
verifier
and
the
relying
party
never
uses
that
term
acting
as
an
attester
or
providing
evidence.
It
talks
in
more
vague
terms.
Yet
when
it's
talking
about
establishing
trust
between
the
verifier
and
the
endorser
or
verifier
owner,
it
does
speak
in
those
very
specific
terms.
B
So
I
I
I
don't
understand
why
the
the
terms
being
used
aren't
the
same
essentially.
A
A
Yeah,
well,
your
choices,
your
your
your
choices
are
to
email
text
to
send
a
pull
request
and
it
goes
down
to
with
github.
Now
you
can,
literally,
you
can
literally
click
on
this
document
and
hit
this
edit,
this
file
thing
and
it
will
create
a
pull
request
for
you.
C
A
I
B
I
I
can
certainly
do
that
if,
if
you
know,
if
that's
what's
appropriate
to
the
next
step,
absolutely
okay.
A
A
A
F
Because
of
outdated
issue
yeah,
this
is
not
on
my
radar,
I
have
to
admit.
Okay,
you
have
to
look
if
it's
outdated.
A
So
message
lawrence,
we
assigned
it
to
him,
signed
it
to
him,
preferred
serialization
format.
I
think
we
did
something
with
this.
Didn't
we
maybe
I
dropped
the
ball
on
that
one.
What
are
roll
compositions.
A
We
ned
did
drop
out
of
the
call
didn't
he
yeah
okay,
so
we
can't
bother
him
to.
I
know
what
he
just
said:
there
not
a
very
successful
grouping
here:
security
considerations
for
implicit
trust
model.
I
wrote
that
note
to
myself.
I
haven't
done
anything
with
it
that
was
greg's
confusing.
That
was
a
question
or
responding
with
question.
Freshness
may
not
be
inclusive
enough.
That's
the
one!
I
just
opened!
Okay!
Well,
that's
about
it!
I
would
say
three
days
ago,
open
three
days
ago:
oh
wait
a
minute.
Okay,.
F
Oh
yeah,
that
is
the
text
day
for
past,
with
creating.
F
A
Just
slips,
so
I
had
only
one
problem
with
it,
which
is
that
he
created
this
term
verifying
relying
party,
and
I
just
felt
that
we
should
put
a
slash
or
something
in
it.
F
It
would
be
an
appraising
party,
verifying
is
good,
so
it
would
be
an
appraising
or
relying
party
if
we
want
to
stick
with
our
terminology
or
focusing
it
back
on
roles.
So
you're.
F
F
We
also
re-verify
on
the
probably
not
really.
A
Means
all
right,
so
I'm
just
going
to
write
here.
F
F
That
is,
I
think,
a
document
global
policy.
Unfortunately
dave
used
the
term
test
again,
so
I
like
to
have
that
in
the
document
with
this
choice
of
terminology,
meaning
is
good,
so
semantically
defined
with
everything
here.
F
F
Oh,
that's
a
difference.
Okay,
that's
nothing!
The
wrong
test,
so
a
test
main
first
test
here
here
this
one
and
then
I
verify.
A
F
Yes,
pure
interesting,
so
because
the
the
remote
attestation
is
the
whole
thing
and
then
the
verify
it
tests.
This
hurts
assume
what.
F
No,
not
no,
no,
no,
no,
not
in
all
cases,
because
if
it's
just
asserting
it,
I'm
not
sure
what
what
powerfulness
means,
maybe
maybe
the
maybe
the
relying
party
has
to
be
an
attacher
here
and
it
creates
evidence
about
it.
So,
but
I
assume
that
this
is
correct.
I
don't
have
to
have
another
look
at
this
means
literally
to
correct
evidence
about
this
as
a
relying
party
which
would
make
render
the
blind
party
also
taking
on
role
of
a
tester
here,
which
we
already
had
as
another
topic
here
today.