►
From YouTube: RATS Architecture Design Team, 2020-09-29
Description
RATS Architecture Design Team, 2020-09-29
A
Yeah,
I
was
just
talking
to
the
mute
as
button
as
well,
so
I
was
just
listening
to
friday's
recording,
which
I
had,
which
I
found
on
youtube.
It's
already
moved
off
of
webex
the
secretariat.
I
don't
know
if
they've
scripted
it
now
or
something
but
they're
quite
fast.
Now,
so
I
was
listening
to
it
on
two
times
record
playback
and
it's
so
much
fun.
Everyone
sounds
so
peppy
in
that.
A
A
B
Hank
yeah,
so
the
potential
wording
issue
that
I
have
is
just
that.
I
don't
think
that
tls
authentication
establishes
trust.
What
it
does
is
establishes
that
the
identity
is
somebody
that
you
think
that
you
that
you've
chosen
to
trust
it
doesn't
actually
establish
the
trust
right.
It's
like
it's
similar
to
saying
I
have
to
trust
a
public
key
before
I
put
it
into
my
trust,
anchor
store
right
and
then
authentication
just
verifies
that
somebody
has
the
private
key
that
corresponds
to
the
public
key
that
I
trust,
but
it
doesn't
establish
the
trust.
A
B
And
then
it
has
a
leap
of
faith
that
says:
okay,
I'm
assuming
that
it
hasn't
been
compromised,
the
time
that
the
other
thing
happens,
which
attestation
is
much
stronger,
and
so
in
that
sense
it's
a
it's
not
so
like
737
is
also
a
possible
solution.
The
context
of
that
sentence
is
establishing
trust,
and
so
I
don't
think
that
wording
is
right.
B
C
A
B
Yeah,
it's
not
a
possible
solution
to
the
same
problem,
at
least
not
by
itself.
Right.
You
have
to
have
something
that
establishes
the
trust
which
the
authentication
itself
is
not,
and
so
you
either
need
another
paragraph
to
explain
that
it
goes
together
with
something
else
like
a
leap
of
faith
or
whatever
to
have
that
possible
solution.
It's
a
building
block
that
can
be
used
to
build
a
possible
solution,
but
by
itself
it's
not
a
solution
to
that
same
problem.
B
D
B
Question
does
not
give
you
trust.
What's
that
authentication
does
not
give
you
trust,
authentication
gives
you
identity,
yeah,
all
right.
Those
are
apples
and
oranges,
trust
and,
and
identity
are
different,
are
apples
and
oranges.
You
may
use
identity
as
a
piece
of
a
solution
to
get
trust,
but
identity
itself
is
not
trust.
B
D
Yeah,
okay,
I
under
I,
I
kind
of
understand
the
the
point
there.
The
the
point
of
this
pull
request
is
that
an
out
of
state
you,
you,
the
the
the
basis
for
establishing
trust
between
the
relying
party
and
the
verifier
is
not
just
an
attestation
protocol
or
an
attestation
based
thing.
It
could
also
be
performed
using.
B
A
B
B
I'd
say
technically,
I
would
say
those
are
two
thirds
of
the
solution.
The
last
solution
is
the
decision,
although
you
know
it's
kind
of
a
leap
of
faith,
but
the
decision
that
trust
at
the
time
that
you've
established
it
is
still
continues
to
the
time
of
authentication
right
where
attestation
does
the
trust
establishment
at
the
time.
Based
on
the
evidence,
this
mechanism
assumes
that
there
has
not
been
a
change
and
so
that
that
there's
an
assumption
there
that
there's
no
evidence
of
you're
just
taking
that
as
a
leap
of
faith,
and
so
someone's.
F
The
trust
establishment
also
has
has
already
taken
place.
I
think
the
trustworthiness
description
is
then
created,
so
that
is
something
that
is
more
in
line,
but
the
trust
anchor
is
also
pre-established
right
and
without
that
the
signing
here
it
would
be.
I
don't
know,
is
it
the
same
same
same
case.
B
B
But
the
authentication
one
who
says
a
much
wider
time
delta,
which
is
the
time
that
you
inserted
a
a
say,
a
public
key
into
your
trust,
anchor
store.
If
that's
what
you're
using
and
the
the
time
doing,
the
authentication
which
could
be
you
know,
months
or
something
so
as
opposed
to
you
know
seconds
or
milliseconds.
G
G
D
Not
secondary
trust,
this
is
primary
yeah.
This
is
to
to
me.
This
is
just
b
b:
authentication
trust
standard
off
the
shelf
stuff.
It's
nothing,
there's
nothing
magic
about
it
or
unique
to
attestation.
It's
just
two,
two,
certain
two
services
that
want
to
trust
each
other,
so
standard,
b,
to
b
stuff
off
the
shelf,
and
typically
everybody's
gonna-
do
that
with
tls.
A
A
A
G
D
G
B
B
A
B
Yeah
because
it's
only
two
sentences
and
it's
on
the
same
topic:
okay
and
then
the
last
wording,
change
that
I
might
make
just
make
it
read
better.
I
would
replace
come
to
trust.
Sorry
come
to,
I
would
say,
can
establish
instead
of
come
to
establish
trust
in
or
something
like
that.
Let's
try
to
make
it.
B
B
B
F
B
H
B
B
B
F
B
I
think
now
that
we've
explained
it
there.
I
think
all
the
other
ones
are
clear
enough
in
context.
So
although
my
preference
would
be
to
keep
the
ordering
of
the
examples
the
same
and
so
where
it
says
tls,
authentication
or
attestation,
that
would
swap
the
order
just
so
it
keeps
in
the
same
order
as
the
first
two
examples,
and
I
guess,
because
the
attestation
is
a
little
bit
stronger
than
tls
authentication's
procedure
only
because
the
time
window
is
smaller.
C
B
That
tls
authentication
or
is
it
a
tls
authentication
procedure
because
there's
a
two
other
pieces
of
it?
So
maybe
we
leave
it
as
the
other
one
tms
authentication,
remote
action,
p
procedure
anyway,
the
one
that
wants
to
be
pedantic
and
say
it's
a
deal,
authentication
procedure,
it's
still
there.
So
I
would
I
I
I
removed
my
suggestion
to
switch
the
order.
A
B
A
B
A
Want
to
remind
you
what
what
I
was
trying
to
replace.
Actually,
I
think,
okay,
so
it
was
mostly
this
paragraph
here
that
I
was
trying
to
get
at.
I
didn't
attempt
to
deal
with
this
other
part
at
all,
because
I
actually
still
can't
understand
that
the
difference
and
I
wouldn't
change
the
text,
I
think,
is
what
I
would
say,
but
we
can
come
back
to
that
if
that's
still
an
issue
so.
D
D
A
D
A
F
F
A
A
A
D
A
D
D
We
don't
have
any
other
kind
of
technology
of
doing
it
local,
you
know,
then
you
can
do
it
without
key
material,
but
if
it's
remote
it
just
has
to
be
key
material,
and
that
really
is
the
focus
of
so
much
of
what
we're
trying
to
do
here.
So
I
think
it
is
all
quite
reasonable
to
to
base
this
on
material
same.
F
G
The
key
the
keys
identify
the
principles,
principles
say
things
so
when
we
say
it's
all
about
keying
material,
we're
saying
it's
all
about
establishing
principles
right,
but
the
path
station
is
what's
being
said.
So
when
we
say
we're
establishing
trust
with
quotes
around
trust,
which
is
ambiguous
term.
We're
saying
that
we
are
identifying
a
principle
and
that
he's
going
to
say
things
that
we're
going
to
believe.
G
G
G
A
E
C
About
tls
or
something
like
that,
what
we're
saying
is:
okay,
there's
a
certain
kind
of
trust
that
you
get
from
using
pls
that
you,
which
is
better
than
having
not
used
tls,
but
tls
itself,
is
not
going
to
be
trustworthy
without
the
idea
that
you
can
trust
the
endpoints
that
are
doing
it
and
the
keys
in
the
establishment
of
the
keys
and
a
whole
lot
of
other
things.
And
so
the
question
is
from
a
at
the
station
policy
point
of
view.
C
D
Yeah,
so
so
the
text
I
wrote
on
sunday,
I
think
captures
that
it's
not
being
shown
right
now,
but
the
text
I
wrote
on
sunday
does
refer
to
a
refreshed
and
then
says:
go
look
at
security
considerations
for
to
understand
how
secure
you
know.
What
that
understand,
how
secure
that
root
of
trust
is
so
like
with
725
and
726
was
724.
25
26
was
the
text
I
had
to
that.
This
describes
that.
C
D
D
F
F
A
I
was
speaking
into
a
mute
as
well,
so
sorry,
so
you
saw
I
fixed
the
key
pair
there.
So
I
think
that
that
that
the
two
texts,
so
I'm
trying
to
address
some
of
the
complaints
against
lawrence's
text
with
respect
to
endorsements
and
this
kind
of
thing,
but
lawrence
goes
a
little
bit
further
than
I
did,
and
I
didn't
have
a
chance
to
do
all
of
that.
D
Yeah,
I
mean
I
mean
I
I
I
just
said
some
conveyance
of
key
material
from
the
tester
manufacturer
to
the
verifier
and
not
trying
to
mention
even
whether
it's
a
trust,
anchor
or
not
a
trust
anchor
or
what
the
form
is.
It's
just
so
there's
some
key
material.
I
mean
that
is
conveyed
that
is
used
for
verification,
yeah.
B
G
A
C
B
B
I'm
reading
the
other
sentence
that
we
edited,
and
I
think
the
instead
that
I
had
suggested
is
incorrect,
because
if
you
look
at
the
eg
and
it
starts
in
765
the
beginning
of
756,
says
a
manufacturer
signed
certificate,
that
eg
is
actually
part
of
what
767
is
talking
about.
That
is
one
example,
as
opposed
to
just
an
asymmetric
key
pair
with
no
certificate.
You
know
using
raw
public
key
which,
which
is
another
way
to
do
it.
That
does
not
have
an
endorsement.
A
B
G
B
D
B
B
B
D
B
C
G
A
B
B
A
B
B
B
G
A
D
F
G
If
you
don't
have
a
ca,
then,
but
you
trust
a
provisioning
service.
The
provisioning
service
can
trust.
Can
provision
pairwise
trust
anchors?
If
you
will,
I
think
trust
anchor
is
the
wrong
term,
but
it's
a
pairwise
public
key
and
and
some
people
use
the
word
pinning
right,
but
it's
it's.
It's
still
checking
against
a
list
of
trusted
public
keys.
F
I
A
I
was
looking
through
it
at
29.49.
I
like
the
way
they
did
the
dollar
at
the
beginning
of
every
term,
because
they're
always
so
embedded
especially
trust
anchor.
That's
a
real
brutal
one
to
search
for,
because
it
happens
it's
on
every
page
three
times
with
with
another
term
in
front
of
it
right
or
something
like
that
when.
A
B
G
G
B
Yes,
trust
model
and
then
there's
a
subheading
for
each
party
and
each
section
talks
about
who
that
particular
party
trusts
and
how
and
why
or
how
okay.
So
what
I'm
wondering
is
if
we,
if
you
can
get
the
green
text
and
the
verifier
section
on
the
screen
at
the
same
time,
because
what
I'm
wondering
is
if
this
can
just
move
into
the
verifier
section
or
if
I
duplicate
something
in
there.
B
G
A
A
G
B
But
it's
not
about
the
trust
model
of
the
attester.
It's
about
something
you
do
with
your
tester
in
order
to
provide
in
order
to
allow
the
verifier
to
do
its
trust
decisions.
So
it's
it
makes
sense,
but
it's
not
a
place.
Is
what
I'm
saying
so?
Do
you
want
this
at
the
beginning
of
the
verifier
trust,
so.
B
B
Yeah
you're
right,
I
would
have
the
same
comment
on
this
text,
which
is
about
outbound
rather
than
inbound
right,
because
you,
you
have
lots
of
pairs
where
one
side
has
to
trust
at
their
side,
and
so
how
do
you
organize
that
into
text
and
right
now?
The
organization
is,
if
a
needs
to
needs
to
assemble.
B
You
know
if
a
needs
to
trust
b,
then
it's
in
the
section
on
a
rather
than
the
section
on
b,
and
so
here
the
verifier
needs
to
trust
the
attester,
using
the
mechanisms
that
laurence
is
writing
about,
and
so
that
would
be
in
the
verifier
section
in
the
way
that
their
other
text
is
written
because
it
could
go
in
either
way.
It's
just
for
consistent.
You
have
to
pick
one
side
of
the
other,
so.
B
B
D
Yeah
but
verifier
can't
trust
firmware
software
verify
in
a
remote
way.
It
can
trust
it
in
a
local
way,
but
not
in
a
remote
way.
The
only
way
the
verifier
can
know
anything
about
the
the
firmware
or
software
is
that
it
got
some
trust
based
on
key
material,
and
then
it
got
some
com
claims
about
the
the
the
firmware
or
the
software
either
opens
it
or
explicit.
A
B
A
A
A
B
B
B
B
C
A
A
A
B
A
Seems
to
read
well
because
we're
talking
about
the
top
we
get
into
the
the
possibilities
of
hypervisors
and
blah
blah
blah,
but
that
we
say
ultimately
there's
a
root
of
trust.
Okay
and
then
we
talk
about
how
do
we
get
the
the
the
keying
material
to
trust
that
that
those
testations,
I
think
that's
good.
A
I
I
always
prefer
that
security
considerations
list
the
threats
that
you
have
avoided
by
doing
things
in
the
text
and
that
that
you
should
never.
You
should
never
have
to
read
the
security
considerations
to
learn
about
some
aspect
of
the
security
you
should
always
be
just
reminded
of
what
it
was
that
you
what
the
security
was.
F
So
I
would
agree
with-
and
I
think
we
said
this
before-
that-
the
if
it's
vouched
by
hardware,
that
is
a
security
consideration
thing
that
the
stuff
is
layered
and
we
only
have
two
layering
examples
here.
The
hypervisor
and
the
firmware,
I
think,
is
as
exemplary
and
the
the
the
point
here
is
that
this
is
layers.
So
so
I
guess
I'm
fine
with
keeping
hypervisor
here,
but
I
think
we
already
agreed
on
that.
The
level
of
assurance
sentence
is
not
placed
well
here.
F
D
It's
just
because
there's
you
you
could
you
could
build
it
in
and
you
know
you
could
build
in
and
eat
implementation
in
pure
hardware.
If
you
wanted
to
that's,
that's
certainly
possible
or
somebody
might
be
doing
at
a
station
with
just
by
sticking
a
key
in
a
obfuscated,
android
app.
I
mean
there's
a
whole
range
of
range
here.
G
B
G
B
G
A
D
E
A
A
A
Oh,
I'm
sorry,
I
misspoke,
I
can't
do
it
on
10
o'clock.
On
on
friday.
Forget
my
suggestion.
I'm
sorry,
I
thought
I
thought
my
son's
appointment
was
at
2,
but
it's
at
10..
Sorry,
I'm
glad
I
checked
so
forget
that
friday
I
can't
do
friday.
If
you
want
to
meet
without
me,
I
can
provision
for
I
can
I'll.
I
can
make
that
happen.
It.