►
From YouTube: RATS Architecture Design Team, 2019-12-17
Description
RATS Architecture Design Team, 2019-12-17
B
B
B
So,
in
any
case,
you're
wondering
we
just
do
here
right
now:
Micra
sent
around
a
link,
an
email,
those
two
links
of
them,
one
of
them
this
vivix,
the
other
one,
is
the
interactive
second
II
which
I
could
share,
but
effectively
everybody
I
could
also
just
join
and
heck
away.
So
either
we
will
put
things
in
PRS
and
issues
on
github
or
on
to
this
list
that
we
are
maintaining
internally.
So
we
will
find
out
the
very
end
up
in
the
end,
but
we
have
all
of
these
options
so.
A
A
B
C
B
Yeah
that's
headphones
on.
My
lifesaver
also
also
net
is
still
missing,
as
anyone
heard
or
read
about
him
not
joining.
Otherwise,
it's
five
after
the
hour
almost
no
doesn't
seem
to
be
a
information
about
that.
Geary
was
here
last
time,
but
I
see
Lawrence
on
the
call.
Lawrence.
Are
you
as
an
eat,
offer
representing
each
I
suppose
so?
I.
A
B
A
A
E
A
E
The
second
problem
is
that
you
see
the
appraisal
policy
for
evidence
comes
from
owner
and
the
appraisal
policy
for
attestation
result
comes
from
no
place
in
those
things.
Well,
it
should
be
the
same
well
well.
Well,
we
should
mechanism
should
be
the
same.
It'll
come
from
the
same
place,
but
I'm
saying
one
is
a
line.
One
is
a
box,
that's
not
correct
about.
They
should
both
be
lines.
Oh
I.
E
A
E
A
A
B
D
B
We
have
started
with
the
very
old
school
known
good
values
and
reference
values,
and
they
were
too
strict
and
they
didn't
encompass
all
the
things
that
could
be
appraised
assessed
by
appraiser
procedure.
So
we
needed
a
super
term,
and
that
is
now
appraiser
policy,
which
includes
reference
values
and
then
we
have
the
endorsements,
and
that
is
in
global
platform.
World
meaning
means
meaningfully
signed.
So
an
unendorsed
table
you
as
an
unsigned
talking
literally
and
in
here
we
mean
something
it's
a
little
bit
and
that
might
be
a
problem.
I
am
Not
sure.
B
B
A
D
A
E
B
I
think
we
had
the
owner
has
to
kind
of
put
this
into
an
email,
some
other
thing
as
a
gateway
function
for
all
available
endorsements
and
actually
maybe
concurrent
appraisal
policies
and
the
hair
they
have
to
be
by
the
owner.
The
condo
controls
all
of
this,
so
it
is
tight.
So
it's
very
policy
what
smell
endorsement
for
this
thing.
E
B
E
Perspective
I
would
disagree
that
the
owner
is
any
type
of
gateway
in
a
data
flow
perspective.
The
owner
may
never
ever
see
endorsements.
The
owner
may
be
a
human,
for
example.
It
was
typing
in
her
policy
in
a
command
line
that
human
will
never
ever
see
the
investment
may
see.
He
may
know
the
format
and
metadata
about
it,
but
maybe
not
the
content
and
the
values
in
there
like
no
idea
what
the
actual
reference
values
are
of
those
retro
user
copied
out
of
an
endorsement
or
something
else,
the
the
owner
is
not
involved.
I
think.
B
E
G
Think
and
I
thought
during
the
thread
we
sort
of
resolved
that
an
owner
could
also
be
an
endorser
and
therefore
months,
even
if
even
if
an
endorser,
what
a
more
even
if
a
vendor
didn't
generate
any
reference
measurements
that
a
owner
could
generate
reference
measurements
and
assert
them
as
endorsements.
That
would
be
correct,
hello,
and
in
so
doing
the
owner
would
be
that
the
entity
that
is
implementing
the
owner
role
is
also
can
also
be
the
same
entity
that
implements
the
endorser
role.
I.
E
See
endorser
and
I'm
trying
to
use
terms
that
I
think
are
because
this
one
hey
so
tell
me
whether
I'm
cuz
this
or
not,
is
and
the
endorsements
are
something
that
is
generally
signed,
and
so,
for
example,
an
endorsement
might
say:
hey
I
am
a
manufacturer
and
I
vouch
that
this
particular
a
tester
device
was
manufactured
by
me.
That's
an
example
of
a
claim
that
that
might
be
signed
in
an
endorsed.
E
The
appraisal
policy
is
the
rules
for
how
to
set
claims
that
come
in
evidence,
and
that
might
be
your
appraisal.
Policy
might
be
if
the
claim
X
has
the
value
Y
and
it's
good.
The
only
example
is
an
appraisal
policy
that,
in
itself
embeds
the
the
a
reference
value.
It
might
also
be
if
the
evidence
contains
a
claim
X
with
a
value
Y,
which
is
which
matches
what
comes
in
an
endorsement
signed
by
the
manufacturer.
That
would
be
an
appraisal
policy
that
doesn't
know
the
value
of
Y.
E
It
just
says:
hey,
compare
the
food
claim
in
evidence
against
the
foo
expected
value
in
endorsements,
and
that
would
be
the
phrasal
policy,
and
so
this
is
when
I
think
Michael
was
responding
in
the
comments
on
the
github
is
saying
it
could
be
either.
If
there's
a
reference
value,
it
could
be
an
endorsement
or
it
could
be
an
appraisal
policy.
That's
absolutely
correct.
I
agree.
E
Why
seeing
whether
reference
values
are
in
endorsements
or
appraisal
policy?
You
can
only
give
examples
right.
You
can't
say
it's
in
one.
You
can't
say
it's
in
the
other.
You
could
say
it's
typically
in
one
of
them,
but
I
think
Michael
was
correct
to
where
he
said
often
appraisal
policy,
but
it
could
be
either
and
that's
why
I
think
our
data
flow
doesn't
say
reference
values,
because
it
could
be
either
right.
Multiple
ways
to
thinking
I
mean
that's
even
in
the
example
we're
using
reference
values,
beginning
right.
G
B
B
I
think
vendor,
for
example,
or
supply
chain
entity,
is
a
typical
instance.
It
could
also
be
a
certification
entity,
something
like
that.
But
I
think
it's
most
important
that
to
highlight
that
in
the
endorsements
are
the
confluence
through
evidence
that
the
attest
I
cannot
create
Speights,
it
might
store
them
itself,
they
have
trust
anywheres
outside,
and
this
will
give
you
the
some
supply
chain
entity
event
or
whatever.
G
From
a
a
what's
being
labeled
a
verifier
owner
mm-hmm
could
also
play
the
role
of
endorser,
so
the
entity
that
implements
the
verifier
owner
role
and
also
implement
the
indica
role
and
I.
Think
that
address
is
a
use
case
where
there
isn't
there
isn't
any
supply
chain
entity
or
vendor
entity
or
manufacturer
entity
that
produces
lames
and
as
but
are
still
relevant
and
necessary
to
verify
evidence.
Therefore,
the
owner
role
could
produce
I'm
sorry,
the
endorser
role
implemented
by
the
owner
entity.
F
I'm
still
very
unclear
on
what
the
owner
is
and
why
there
are
two
owners
in
this
diagram.
It
seems
like
there
there's
the
owner
is
the.
Let
me
feel,
let
me
say
a
couple
more
things
here,
so
it
seems
like
to
me
the
the
verifier
could
be
implemented
inside
the
relying
party.
That's
one
case,
the
verifier
could
be
implemented
by
the
the
device
manufacturer
or
the
verifier
could
be
implemented
by
a
an
intermediate
service
of
some
sort.
F
That's
you
know
not
not
the
relying
party
or
the
device
manufacturer
I
mean
an
aggregator
or
something
like
that
or
you
could
have
a
chain
of
all
three.
Yes,
so
the
fact
that
the
verifier
is
outside
of
the
one
party
box
here
that
that's
that
sort
of
implies
that
the
verifier
is
not
the
relying
party
implemented
inside
the
rolling
party
and
then
Marya
li
don't
understand
what
this
diagram.
What
makes
no
sense
than
this
diagram
to
me
is
why
there
are
why
it's
diagram
has
policy
going
into
the
relying
party?
I
mean
it's.
F
A
It
would
be
so
so
so
Lawrence
just
three
things
here
right.
These
are
roles
not
devices,
and
the
roles
can
be
implemented
in
in
a
variety
of
different
ways.
Okay,
the
second
thing
is
that
the
things
with
asterisks
around
them
are
not
subject
to
standardization
and
the
things
on
the
arcs
are
that
go
down.
The
policies
are
probably
also
not
for
standardization.
F
G
E
Will
give
you
one
example,
but
I
have
to
describe
to
the
viewer.
Fire
is
first,
but
the
the
short
version
is
in
most
respects.
I
would
expect
a
verifier
owner
to
be
the
verifiers
admin,
human,
whoever
the
humans
or
the
tools
that
the
humans
are
using
to
configure
the
verifier.
That
entity
is
the
verifier
owner.
So,
for
example,
the
verifier
is
say
as
your
attestation
service,
which
is
being
posted
on
behalf
of
them
to
pick
a
pennant
by
your
owner.
E
It
would
be
the
tenant
ad
man
who
configures
their
their
policy
for
their
instance
running
an
edger
and
the
verifier
is
say
the
Intel
SGX
attestation
service,
I,
don't
know
if
that's
the
correct
term,
but
there
is
one,
and
that
may
be
Ned
could
speak
to
the
verifier
owner
would
be
Intel
verifier,
the
verifier
is
say
in
the
same
device
as
the
relying
party
and
it's
an
embedded
one.
Then
the
verifier
owner
might
be
the
same
entity
as
whoever
the
admin
is
for
their
relying
party.
Those
are
three
examples,
so.
A
E
E
As
your
attestation
service
yeah,
that's
very
for
your
for
background.
As
your
admins
don't
run
the
Asscher
attestation
service,
it's
something
that
a
tenant
can
opt
into
and
then
it's
the
tenants
service
it's
just
hosted
and
Azure,
and
they
said
hey
make
me
one
of
these
services
and
boom.
You
get
your
own
as
your
attestation.
It's
like
running
your
own
CA
in
a
cloud
or
so.
A
A
E
A
E
E
E
G
E
B
Yeah
and
just
as
a
side
note-
and
this
is
very
super-
nitty
I-
think
all
the
two
terms
here-
the
Asia
inter
station
service
and
the
STX
as
a
station
service,
so
in
general
I
think
this
service
is
a
remote
as
a
station
service.
That's
what
all
this
is
about.
If
the
thing
could
do
it
itself,
it
would
not
be
a
remote
it's
a
remote
at
a
station
service,
and
that
was
the
mystery
box
on
the
top
right.
B
E
E
B
Correct
and
also
same
device
does
not
mean
no
isolation,
necessarily
because
tes
could
give
all
these
domains
separation,
but
there,
as
as
Laurens
highlighted
a
few
times,
you
can
also
combine
them
into
the
same
execution,
environment
being
rich
or
trusted
IRL.
So
it
could
be
also
come
without
isolation,
but
it
is
a
design
choice
in
the
solution.
A
E
A
B
B
H
A
Reason
Lawrence
we
put
it.
There
was
not
because
it
wasn't
obvious,
but
because
we
needed
to
distinguish
the
different
owners
and
their
different
their
different
views
for
it,
such
that
we
know
when
we'll
be
confused
about
where
this
stuff
was
coming
from
and
I
think
we
all
agree
that
it's
it's
may
be
obvious,
but
sometimes
you
have
to
peek
people
over
the
head
with
stuff,
that's
obvious,
or
they
don't
get
it.
F
F
F
At
the
point
of
the
diagram
here
is
to
say
that
a
verifier
takes
in
three
has
three
inputs
and
one
output
and
isn't
the
definition
of
the
policy.
I
know
sort
of
part
of
the
definition
of
the
verifier,
the
appraisal,
policies
and
the
definition
of
the
verifier
kind
of
part
of
the
definition
of
the
appraisal.
Policy.
A
You
jump
to
relying
party,
you
start
talking
about
relying
party
and
then
you
start
talking
about
the
verifier.
So
that's
why
we're
confused
by
what
you're
you?
You
said
they're
in
the
same
they're
in
different
boxes,
but
then
you
said
they
have
each
have
separate
policy,
which
is
exactly
the
point
I
think.
F
G
F
Not
saying
we
will
I'm
just
saying
you
could,
like
you
could
say
you
you
could
you
could
define
some
it's
part
of
some
process,
part
of
the
definition
of
verifying
locations
or
verifying
software
measurements.
You
could
say
here:
here's
the
format
for
evidence
for
these
kinds
of
measurements.
I
can.
D
Add
to
that
I
mean
the
idea
that
you
have
evidence
you
have
to
have
a
at
least
some
common
objects
named
for
the
appraisal
policy
for
evidence
to
be
able
to
apply
to
it.
So
if
we
want
to,
if
we
want
to
identify
the
evidence,
you
have
to
unbel
to
be
able
to
talk
from
the
verifier
owner
in
the
same
language.
E
The
evidence
will
be
completely
vendor
specific
across
four
different
vendors,
and
so
the
verify
needs
to
understand
that
and
if
it's
I
think
you
can't
standardize
it,
which
is
why
I
believe
that
the
way
that
Michael
phrase
did
I
completely
agree
with,
which
is
I,
don't
think
you
might
be
able
to
do
a
particular
one.
So
if
evidence
is
in
each
or
something
like
that,
but
in
general
no,
you
can't
so.
G
We
said
I
think
we
said
the
group
at
least
said
early
on
was
out
of
scope
to
define
endorsements
an
endorser
beautifully
at
the
time
have
the
notion
of
an
owner.
So
we
didn't
have
the
notion
appraisal
policy
for
the
audence
or
raise
a
policy
for
attestation
results,
but
some
as
Lawrence's
guests
believe
that
it
was.
F
E
G
A
It's
a
statement,
it's
a
statement,
not
just
true,
but
a
statement
that
Ned
said
based
upon
the
policy
that
he
was
given
insert
policy
that
it
is
true
right,
so
I
wrote
in
the
ether
hack
MD
in
order
for
the
appraisal
policy
to
be
expressed,
the
naming
of
the
evidence
needs
to
be
standardized,
but
the
appraisal
policy
itself
does
not
need
to
be
standardized.
I.
B
Coming
from
the
remediation
point
of
view,
so
if
you
have
12:1
to
have
the
complete
remediation
work
flow,
that
is
pitched
and
teep,
there
has
to
happen
some
standardization
but
I
think
that
the
chances
are
good,
that
we
can
reuse
the
each
format,
be
it
a
CW
TV
or
be
another.
The
CW
t
I,
think
that
is
up
to
discussion
guests
again.
I
think
we
can
reuse
that
one.
But
it
is
important,
of
course,
through
the
scope
of
the
use
case,
so.
E
One
word,
and
that
word
is
the
word
standardized
and
the
evidence
needs
to
be
standardized
I,
don't
think
the
logic
follows
in
order
for
the
appraisal
policy
to
be
expressed,
and
naming
of
the
evidence
needs
to
be
known:
the
appraisal,
policy,
author
and
verifier.
That
does
not
need
naming
that
needs
to
be
standardized.
Okay,
sorry,
actually,
let
me
vendor
specific
evidence.
I
realize
a
crime
folk.
A
E
Understand
that
I
had
the
same
understanding
as
you're,
not
correcting
my
understanding,
I'm
saying
the
syntax
of
the
evidence
does
not
need
to
be
standardized
in
a
standard
sense.
The
evidence
may
be
existing
vendor-specific.
So,
for
example,
it
may
be
intel's
SGX
evidence
that
has
a
shift
right
now.
It
could
be
somebody
else's
evidence.
That's
already
shipped
right
before
rats
has
done
anything.
F
F
E
Results
is
more
than
just
a
boolean,
often
the
attestation
results
may
copy
in
claims
and
a
standardized
values
out
of
the
evidence
out
of
endorsements
or
out
of
out
of
put
in
there
phrasal
policy.
Maybe
it's
a
process
claim
that's
a
summary
of
a
bunch
of
information,
so
an
example
might
be
the
attestation
results
might
have
to
use
the
phrasing
if
they
Michael
had,
which
was
the
anticipation.
Result,
said
hey.
It
was
good
and
here's
a
claim,
that's
the
version
number
or
hash
or
whatever
it
is
of
the
appraisal.
Policy.
E
B
That
might
be
still
out
of
scope
for
today.
F1
important
addition
to
this,
and
it
is
getting
to
Dave's
initial
two
examples
which
are
the
past
part
and
the
background
model,
I'll,
check
scenario
and
I
think
the
passport
version
is
really
relying
on
some
of
those
evidence.
If
the
passport
is
not
standardized,
no
arbitrary
passport
checker,
we
understand
it.
So
in
that
model,
where
you
just
hand
it
off
in
good
hope
that
this
is
makes
sense
to
people,
it
has
to
have
some
standardization,
there
are
the
alternatives
of
the
already
existing
stuff.
B
So
not
every
scenarios
have
to
incorporate
some
I,
don't
know
content
type
thingy.
This
is
like
whatever
is
Jake's
evidence,
for
example,
but
there
has
to
have
been
some,
especially
for
the
I
think
our
comp
use
case.
There
has
been
some
very,
very
defined
evidence
for
the
passport
scenario.
I
would
disagree
with
that.
I.
D
E
B
E
Have
all
that's
required
is
that
the
verifier
understand
the
evidence,
format
of
the
ax
tester
and
that
evidence,
if
that
evidence
format
is
vendor-specific,
you
can
have
a
verifier
that
understands.
You
know
three
different
evidence
formats
and
work
perfectly
fine
in
the
in
the
passport
model.
The
passport
model
just
requires
that
the
attestation
results
are
standardized
in
the
sense
of
whatever
you
get
back.
You
need
to
be
able
to
pastor
a
relying
party.
E
D
Wouldn't
say
vendor
specific
there
I'd
say
that
there
are
youth
cases
where
you
don't
need
to
format
this,
and
there
are
use
cases
where
you
do
so
I'm,
not
saying
that
we
should
refuse
to
standardize
any
variant
of
that
where
it's
required,
but
I
can
see
where
their
use
cases
where
you
wouldn't
want
to
do.
That.
H
G
B
Activity,
if
you
want
to
select
an
arbitrary
remote,
a
decision
service
by
hints
wherever
they
come
from,
that's
a
clue
that
also,
if
you
don't
have
summarized
education
result,
this
will
not
work
as
plug-and-play.
You
will
always
have
to
take
care
to
understand
the
specific
proprietary
attestation
result,
so
there
is
use
to
do
sanitization.
Here
is
the
next
step
at
some
point,
but
I
think
it
is
not
necessarily
required
and
the
necessary
g2
gave
some
framing
and
some
some
minimal
standardization
for
evidence
is
very
much
more
important
at
this
point
of
time.
B
A
Don't
know
no
it's
because
I
set
the
WebEx
for
90
minutes
on
the
book
so
that
we
don't
get
kicked
off
by
mistake.
Okay
I
see
so
so
that
doesn't
doesn't
imply
that
everyone
committed
an
hour
I,
don't
mind
continuing
myself,
but
it
was
just
a
time
check.
So
let
me
ask
if
you
wanna,
if
everyone
is
interested
or
able
to
continue
the
first
question
and
do
we
want
to
continue
I
wanted
to
and
I
just
pasted
in
the
hawk
and
II
want
to
get
to
the
definitions
that
were
in
this
branch.
A
G
A
G
A
E
G
E
That's
what
Laurence
or
Ned
was
saying
about
that
and
they
were
saying
about
the
bowtie
picture.
That's
said
at
IETF,
and
so
I
agree
with
that.
Now,
there's
cases
that
I'm
interested
in
standardizing
and
there's
that
other
people
are
interested
in
standardizing
and
there's
multiple
possibilities.
Part.
A
A
G
A
A
C
A
D
A
I
I,
don't
think
any
sentence
is
exclusive.
The
point
is
to
say
why
we're
doing
this,
that
that
motivates
this,
so
I
mean
I,
don't
mind
the
word
at
least,
but
I
don't
find
it
useful,
because
I
think
we
always
can
say
have
other
requirements
that
this
will
lead
to
convergence
of
passport
check
like
systems
or
passport
check
model
systems
in
the
future.
Yes,.
B
B
A
In
the
document
are
you
I
I
am
proposing
a
statement
that
we
might
want
to
use
in
the
document,
but
I
don't
know
where
it
would
go
or
how
would
you
stay
say
it
is
point
okay,
the
the
I
want
to
ask.
The
question
is:
does
the
background
check
model
create
a
similar
or
equivalent
set
of
requirements,
different
Senate
requirements
standard?
We.
D
Jump
off
that,
can
we
undelete
at
least
I-
think
that
there's
a
lot
of
value
in
in
this,
because
passports
do
not
just
not
just
a
paper
to
sign.
Whoever
has
this
is
good.
You
have
to
often
have
some
matching
to
other
sources
of
evidence,
so
I
think
that
a
lot
of
people
will
get
something
from
at
least
here
I.
D
E
B
E
E
A
B
A
I
also
thought
that
was
true,
that
that
the
attestation
results
did
not
need
to
be
standardized
as
as
clearly
in
the
background
check
model,
but
that
the
evidence
needed
to
be
standardized.
That's
why
I
was
my
understanding.
One
of
the
clear
distinctions
between
the
two
processes
is
that
we
can
quite
easily
live
with
a
proprietary
attestation
result
because
the
verifier
is
well-known
to
the
relying
party,
whereas
the
tester
is
not
in
the
background
check
model.
So.
E
Don't
disagree
with
the
way
that
you
phrased
it
Michael
and
certainly
in
the
case
where
it's,
the
verifier
and
relying
party
or
collapsing
of
the
same
entity.
The
net
gestation
result
ins
kind
of
know
out,
because
it's
not
a
message
per
se,
but
the
way
that
you
phrased
it
is
you
know,
the
well-known
worse
is
not
well
known.
I
agree
that
in
a
stronger
I
still
think
that
there's
cases
but
I
don't
disagree
or
the
way
that
you
phrased
it
so.
A
So
what
I'm
trying
to
get
at
it
by
by
stating
this
is
that
if
the
utility
of
these
two
model,
the
utility
of
these
two
models,
was
I,
thought
that
it
it
it.
It
Shawn
light
on
the
different
parts
of
the
and
it
took
me
a
while
to
realize
what
the
bowtie
diagram
is
now
I.
Remember
what
it
is
that
it's
Shawn
light
on
different
parts
of
that
diagram
is
saying.
This
is
the
part
that's
transmitting
over
the
network
and
therefore
we
have
to
standardize
among
different
vendors
different
verticals
to
get
some.
E
A
It's
about
standardized
thing,
that's
not
a
thing!
It's
about
it's
about
different
entities.
If,
if
they're
all
SGS
enclaves,
then
we
agreed
there
was
no
standardization
necessary
Intel
can
do
it
all
right.
It's
when
one
of
those
entities
now
is
no
longer
within
that
space
that
we
need
to
have
a
standardized
statement.
Okay,
and
so,
while
I
understand
that
we
have
solutions
that
work
in
all
things
that
are
our
verticals
that
work
in
a
particular
space.
A
G
B
A
E
A
B
A
C
E
I
personally,
like
all
the
ones
that
are
in
here,
I,
don't
know
if
other
people
pick
on
them,
but
the
ones
that
are
not
on
here,
because
I
saw
that
you
removed
attestation
and
we
do
not
have
the
owner
on
the
list.
And
so
if
people
wanted
to
merge
the
ones
that
we
have
consensus
on
and
keep
working
on
any
additional
ones
and
a
separate
per
request.
That's
okay
with
me,
but
I'd
like
to
start
merging
the
things
that
we
do
is
even
if
we
separate
them
out
of
this
BR.
Okay,.
B
They
stating
in
a
draft
whatever
draft
ever
that
we
are
creating
an
attestation
for
something
I,
don't
think
that
should
happen
anymore.
That
is,
that
is
my
conviction,
actually,
because
it's
very
confusing,
so
we
will
also
always
prefix
or
postfix
that,
with
some
context
to
better
convey
the
the
intent
of
what
we're
doing
here.
That
is
that
it
was
my
main.
The
last
discuss
my
main
comment
on
the
standard
law
and
definition
of
attestation
and
I
think
there
was
some
content
for
the
definition
itself
comments
also,
but
I
actually
don't
remember
them
from
superfluous
Hank.
B
Hank
talking
to
Ramona,
that's
a
moot
mirrors,
yeah
I
think
it's
very
fine
to
you.
Call
it
remote
dissertation.
Yes,
and
still
we
have
to
revisit
the
texts.
I,
don't
think
that
we
will
be
able
to
do
this
today,
but
then,
let's,
let's
look
how
the
result
will
be
when
all
this
is
now
like
in
this
structure
yeah
with
remote
at
the
station
and
then
look
at
the
definitions
if
they
all
suit
us
in
the
next.
B
E
B
G
I
think
I
don't
know
it
seems
like
it
would
be
useful
to
have
a
definition
of
the
words
that
we're
using
and
so
I'm
uncomfortable
with
the
idea
that
we
just
assume
that
everybody
understands
what
the
word
attestation
means.
We
just
define
it
or
reference
somebody
else
that
defines
it
and
some
some
acceptable
way,
but
also
saying
that
it
also
opens
the
door
for
a
whole
conversation
around
the
different
flavors
of
attestation,
whether
it's
remote
or
local
or
implicit
or
explicit,
or
you
know,
there's
lots
of
you
could
like
spend
a
lot
of
time.
G
A
My
proposal
is
that
my
proposal
is
that
we
don't,
as
Hank,
suggested
we
don't
ever
use
the
term
ourselves
that
we
need
to.
We
need
to
have
the
term
defined,
but
that
we
shouldn't
bother
defining
it.
We
should
instead
say
there
are
these
nine
definitions
and
we
avoid
the
term
because
we
don't
wish
to
pick
between
them.
E
Proposal,
okay,
I
think
we
should
define
the
term
were
about
attestation
and
I
think
we
should
have
a
definition
that
we
agree
on
and
I
would
start
from
the
definition
that
I
had
the
original
per
request.
Unless
people
have
issues
with
that,
I
also
paste
it
into
the
our
comments.
This
morning.
The
Wikipedia
definition
which
I'm
also
okay
with
well
I,
think
it
should
be
to
take
Hanks
point
that
we
don't
define
the
word
attestation.
We
only
define
the
term
cata
station
and
that's
the
term
that
we
use
I'm.
A
Completely
consistent
with
what
you
just
said:
okay,
okay
III,
because
you
turn
you
you
wanted
to
find
the
word
remote
attestation
and
I'm
and
that's
consistent
with.
We
should
use
a
term
which
has
a
qualification
of
the
word:
that's
not
station
always,
but
that
somewhere
is.
We
need
to
say,
there's
all
these
other
definitions
and
we
didn't.
We
didn't.
You
can
go,
read
them,
but
but
we're
not
we're
not
gonna
we're,
not
gonna
touch
them,
we'll
define
our
own
term
thanks.
I
do.
E
Not
think
that
we
need
a
station,
but
in
the
terminology
section
to
do
that,
I'm
sure
whether
we
should
do
that,
but
I
don't
think
we
should
have
an
attestation
part
of
Hanks
point
that
I
agree
with.
It
led
me
to
believe
that
we
should
not
define
attestation
the
terminology.
We
should
only
define
remote
attestation
if
we
want
to
have
a
sentence
simply
saying
there
are
other
definitions
of
attestation
and
we're
just
going
to
use
remote
a
test
station
I
would
not
object
to
that.
I.
Just
don't
think
it's
necessary.
E
B
C
E
A
Didn't
open
it,
we
didn't
open
a
ticket
which
was
nine
about
the
word
about
this
about
exactly
this
point
and
that's
why
we
opened
the
ticket
and
I'm
sorry
I'm,
trying
to
find
your
text
in
the
comment.
I'm
not
really
happy
with
github
conversations
and
comments
you
just
have
to
be
so
on
top
of
it
or
you
just
lose
everything.
E
E
B
E
E
Saying
this
is
what
we
should
use
as
a
starting
point:
either
number
one
or
number
two
and
wordsmith
appropriately
like
if
we
need
to
add
to
where
we
wrote
in
there
or
something
like
that.
That
would
be
fine.
Those
are
the
two
that
were
definitions
of
the
term
attestation
and
the
either
of
which
I
think
are
fine,
and
if
we
want
to
now
define
a
term
promote,
attend
station
I
think
we
should
start
from
walk
or
the
other
or
combine
them
or
whatever.
And
then
the
word
remote
in
there
somewhere
and
reading.
B
The
Charter
is
like
obsessing
on
in
the
video
ball
of
it's
not
of
a
trust
trustworthiness,
so
evidence
somehow
is
about
trustworthiness
and
so
remote
at
the
station
about
establishing
a
and
have
nobody
liked
that
sentence
ever
so
I'm
fine
with
removing
it,
but
from
a
semantically,
remote
Association
about
establish
trust
in
the
trustworthiness
of
a
remote
peer
you're.
Talking
to.
E
Right,
so
that's
why,
in
definition
of
a
war-
and
it
talks
about
assesses
its
trustworthiness,
so
you
can
see
it
just
a
finite
word
yeah.
The
word
remote
in
here
as
a
wing
ample
to
say
how
we
might
define.
So
if
we
had
the
word
remote
right
in
here
then-
and
we
uncapitalized
it
right,
then
definition
number
one
would
be
the
remote
station.
G
B
Non-Variable
and
we
were
creating
the
time
based
unidirectional
stuff.
We
realized
this
wound
up
always
did
standardization
with
IP
based
protocols
for
TF,
so
we
introduced
the
meta
to
interconnect
which
could
be
IP
and
ever
protocols
or
a
GL
pin
or
a
socket
or
whatever
it
just
conveyed.
Somehow
via
the
interconnect.
Interconnect
was
a
as
a
term,
that's
used
by
bluetooth
and
USB
a
lot,
and
that
was
our
best
effort
attempted
to
say
there
is
some
secure
channel,
but
I
don't
know
if
we
I
did
the
ITF
here.
A
F
So
I'd
like
to
talk
about
the
the
trustworthiness
thing
a
bit.
The
problem
with
this
sentence
is
the
trustworthiness
is
kind
of
set
in
an
absolute
sense
and
I
that
swear.
It
always
goes
wrong
for
me
is
when
you
try
to
make
trust
absolute
or
you
know
the
same
for
two
different,
relying
parties.
So
it's
fine
for
a
relying
party
to
decide
whether
it
trusts
something
or
not,
but
another
relying
party
may
come
to
a
different
conclusion.
F
So
as
long
as
the
wording
is
relativistic
to
the
relying
party,
you
can
use
the
word,
trust
and
trustworthiness
if
you
try
to
say
in
an
absolute
sense,
this
is
trustworthy
by
all
known
relying
parties
in
the
known
universe.
Then
that's
where
this
this
all
goes
wrong.
I
think
you're,
right,
they're,
saying
that
I
don't.
E
Remote
entity,
so
it's
up
to
that
particular
road
entity.
It
has
doesn't
say
anything
about
more
remote
entities
as
a
single
one,
says
trustworthiness
and
it
can
come
to
whatever
conclusion
it
wants.
It's
silent
on
any
of
the
things
that
you're
worried
about
yeah,
there's
two
integers
that
you
could
read
it.
G
F
B
That's
a
far
stretch
I
see
my
I
see
you
worried
I'm,
not
as
worried
as
you
about
this,
but
I
can
see
a
point
or
what
you
mean
and
and
Trust
is
something
and
proving
that
as
trustworthy
are
different
things.
That
is
something
I
would
be
worried
about.
So
I
would
really
keep
trustworthiness
and
set
of
trust.
F
G
That's
I
get
that
the
point
is
someone
reading.
The
other
definition
could
read
into
it
the
same
way
that
someone
reads
into
the
definition
of
the
word
trustworthiness,
but
because
it's
the
word
integrity,
people
have
are
less
likely
to
read
into
it,
because
it's
used
in
different
context
and
in
spoken
language,
so
I,
don't
I,
don't
see
that
I.
Don't
see
that
there's
the
concern
you
have
is
really
one
that
is
going
to
be
universally
felt.
G
B
E
Gonna
look
at
line
95,
which
has
our
charter
text,
which
has
very
similar
wording,
a
level
of
confidence
in
the
trustworthiness
ever
wrote,
system,
components,
I.
Think
right
now.
Line
90
is
at
least
consistent
with
line
95
in
the
Charter.
With
respect
to
the
use
of
the
word
trustworthiness,
I
would.
F
G
F
F
G
F
B
G
A
The
TCG
people
know
what
they're
saying
but
I,
don't
think
the
people
that
are
outside
the
TCG
looking
into
this
ECG
understand.
That
is
the
subtlety,
so
I
understand
Lawrence's
view
that
of
relativism.
I
would
also
ask
whether
the
word
the
its
trustworthiness,
the
its
is
perhaps
somewhat
ambiguous
to
some
people.
I,
would
rather
say
the
testers
trustworthiness,
but
that's
an
ear.
That's
you.
B
B
A
G
B
E
E
E
A
E
D
E
E
B
A
E
Only
question
you
could
ask
I'm,
okay
with
it
as
phrased
right
now,
Michael,
because
now
that
we've
used
in
the
capital
letter
terms,
when
you
talk
about
the
validity
of
information
about
an
ax
tester,
it
would
be
equivalent
to
saying
the
validity
of
attestation
results.
I
like
it
the
way
that's
phrased.
But
if
somebody
else
cared,
then
you
could
say
it's
equivalent
to
saying
the
validity
of
attestation
results
again.
A
F
B
B
E
B
B
E
E
G
F
H
G
E
B
A
Have
a
good
solution,
but
as
you
type
in
probably
you've
seen
this
when
I'm
typing,
but
the
letters
actually
appear
out
to
the
right
of
your
cursor
and
then
the
cursor
moves
over
on
my
screen.
It's
kind
of
ghostly
yeah
and
then
he
authorised
to
configure
appraisal
policy
for
evidence
in
a
verifier.
It's
very
introspective
but
I'm
I'm.
Happy
I
can't
disagree
with
the
definition
I'm
trying
to
think
how
to
put
the
word
administrator
in
an
entity
such
as
an
administrator.
Maybe.
A
E
E
A
F
Figure
those
things
so
the
the
the
parent
company
decides.
It
doesn't
trust
this
other
parent
company
and
it
tells
its
subsidiary
to
not
trust
those
guys
anymore
and
to
trust
these
guys.
They
tell
the
subcontractor
and
they
tell
the
other
sub
subcontractor
so
who
actually
tells
the
guy
the
poor
guy
in
the
basement
that
actually
has
to
type
in
the
you
know
and
an
x.509
certificate.
I
mean
I,
don't
see
how
you
just
seems
like
he
it's
very
confused
and
when
you
try
and
talk
about
all
that,
so
it's
why
I'm
I'm.
A
Not
trying
to
talk
about
that
I'm
trying
to
say
that
that
I
feel
that,
unlike
in
the
case
of
the
appraisal
policy
for
evidence,
which
I
think
is
quite
detailed,
okay,
I'm
saying
the
appraisal
policy
for
attestation
results
may
be
quite
high
level
and
I.
Think
I'm
agreeing
with
you
Lawrence
I'm,
just
saying
that
I
feel
that
there's
a
qualitative
difference
in
the
level
of
detail
and
if
you
were
to
tell
me
that
these
protocols
have
ever
standardized
looked
entirely
different
I
would
be
not
surprised.
G
But
I
think
that
the
relevant
point
in
terms
of
why
we
have
two
different
owners
is
because
and
different
a
different
entity,
and
it
you
know
we
can.
We
can.
We
can
talk
about
an
entity,
can
delegate
to
another
entity,
can
delegate
to
another
entity
and
so
forth,
but
it's
still
it's
still
within
that
that
same
delegation
chain.
But
the
point
here
is
that
that
we're
trying
to
draw
out
is
there's
two
delegation
chains
in
and
we
don't
want
them
to
get
inflate
it
into
one.
Just
because
the
name
because
we
say
oh,
that.
F
It's
sort
of
understood,
but
I
would
be
you
think,
relying
party
and
they're
from
there
you
to
me
you
apply
all
of
that.
So
I
I'm,
more
in
favor
of
just
removing
those
two
things
and
maybe
having
some
notion
some
some
notes
about
what
a
relying
party
in
a
verifier
are.
I
can
live
with
it.
However,
you
want,
but
this
year
I
just.
B
G
B
One
compromise
is
a
gray
zone
in
between
that
a
single
term
is
defined
in
a
chapter
very
early
on
and
the
rest
is
defined
in
the
terminology,
because
this
is
rats
and
it's
the
remote
attestation
yada
yada.
So
having
that
term,
somehow
separate
from
all
the
other
terms,
I
think
is
okay.
It
is
a
little
bit
inconsistent.
Even
from
my
point
of
view,
it
would
not
pass
I
Triple
E,
but
in
the
IDF
it
might
be.
Okay,
I,
don't
know.