►
From YouTube: TokenScript Weekly Meeting 20200116
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
So
so
boom
I'm,
sorry
I,
thought
I
knew
can
hear
me.
Yes,
I
can
okay
good
so
because
on
today,
I'm
traveling,
the
not
in
office
and
I-
didn't
prepare
much
for
the
movie,
so
I
basically
want
to
go
through
the
the
gas
station
issue
that
you
were
burning
up.
I
only
I
only
read
and
I
replied
the
first
issue,
the
other
one
actually
having
to
read
so
toe
burn.
It
burn
up
this
issue
that,
without
including
the
public
key
in
the
attestation
in
the
data
object
being
signed,
it's
not
possible
to
recover
the
public.
A
The
the
public
key
of
the
test,
Asian
signer,
photo
signature
alone
right,
yeah
yeah,
and
then
there
are
two
public
keys
that
often
been
talked
in
a
message
being
signed.
So
one
of
them
is
if
this
message
being
signed
is
attestation
to
a
key
holder,
for
example-
and
you
are
testing
that
a
key
holder
has
the
right
to
enter
a
fifa
game
menu,
then
you
need
to
mention
the
subject.
Public
key
and
the
other
is
the
case.
Where
does
the
test?
A
Ation
was
not
supposed
to
be
used
like
by
a
specific
known
person,
but
in
the
game
where
other
participants
can
participate
and,
for
example,
if
you
send
either
if
you,
if
you
send
either
to
someone
by
email,
address
basically
I
say
that
has
station
that
I
will
say
that
object
will
say
and
that
this
data
allows
one
ether
to
be
redeemed.
If
somebody
can
provide
attestation
of
ownership
of
the
certain
email
address,
therefore,
there
will
be
no
subject
public
key
in
such
the
object.
A
So
the
the
issue
here
is:
is
there
any
I?
Had
a
I
had
rough
impression
that
in
XO
509
the
public
key
was
in?
There
are
two
places
for
public
key,
the
signers
public
key
and
the
the
person
being
a
tested,
his
public
key
and
but
I
couldn't
find
evidence
of
that.
So
I
could
have
imagined
the
whole
thing.
A
So
that
is,
that
is
good
to
know.
That
also
means
that
in
encoding
and
hesitation-
and
we
somehow
has
to
encode
a
recovery
key
in
case
the
the
algorithm
is
EDSA.
Of
course,
sorry,
we
have
to
encode
the
the
D
value
the
selector
I
tore.
Let
me
explain
a
little
bit
more,
so
the
reason
that
we
must
encode
a
B
value
instead
of
simply
passing
the
smart
attestation
to
the
smart
contract
and
let
the
smart
contract
figure
out
the
B
value,
which
can
also
be
done.
A
The
reason
we
don't
do
this
is
because,
more
often,
very
often
when
we
pass
data
to
a
smart
contract,
smart
contract
identifies
keys
not
through
a
public
key,
but
through
the
hash,
which
is
the
dress.
You
take
the
hash
and
take
the
first
20
bar,
if
that
would
be
the
address
of
a
theorem
public
key
and
if
there
are
other
smart
contractor
and
the
authors
are
very
familiar
with
identifying
seiner
through
address.
A
C
A
A
So
let's
say
you
get
a
verified
signature
saying
that
I'm
ready
to
sell
you,
the
house
tow.
This
is
a
signature
from
Wei
Wu,
which
says
I'm
going
to
sell
yourself
behalf
my
house
to
you
for
$1
and
you're
quite
happy.
You
have
verified
the
signatures
from
me,
but
this
one
might
fail
validation,
as
it
turns
out
at
the
house
and
selling
for
you
actually
doesn't
belong
to
me
right.
C
B
B
A
A
It
also
breaks
an
atomic
trench
or
transaction.
Because
now
you
cannot
do
a
transaction,
because
transaction
has
to
wait
for
data
from
the
web
server
and
you
know,
blocks
and
transaction
cannot
wait
for
anyone,
okay,
yeah,
okay,
so
so
about
the
attestation
URL
and
about
attestation
itself
and
I
had
this
idea
that
the
attestation
should
be
verifiable
without
blockchain.
A
A
You
should
be
able
to
find
out
who
signed
this
thing,
but
whether
or
not
the
address
of
the
person
who
signed
intercession
but
whether
or
not
he
actually
owns
the
asset
like
I,
send
you
a
house
that
I
don't
own,
this
kind
of
validation
rule
is
elsewhere
and
traditionally
in
x.509.
This
validation
is
done
by
the
upper
level
certificate.
Let's
see
a
certificate
right,
so.
A
C
Yeah
I
mean
usually
you
have
the
issuer
field
of
whatever
experimental
certificate
you
have,
and
then,
on
top
of
that,
you
have
a
certificate
for,
for
that
issue.
A
field
that
designed
by
something
else
all
the
way
up
to
the
root
certificate,
which
is
you
know,
stored
in
the
browser
locally
on
the
system.
A
C
A
Be
revoked,
so
replication
is
similar.
I
think
the
relocation
is
similar
to
the
situation
that
I
sell.
You
a
house
that
I
don't
own
like
whether
or
not
I
sell
the
house
that
I,
don't
own
or
I,
sell
a
house
that
previously
I
owned,
but
by
the
calm
you
want
to
transact
the
house.
It's
already
not
there's
no
longer
owned
by
me,
therefore
revoke
revoked
or
that
the
land
office
is
decided
that
actually
it
was
not
a
job
we
do
so
here,
so
he
revoked
my
ownership
of
the
house
entirely.
A
A
Contract
walnut,
yeah,
they're,
very
good
question,
in
fact,
and
I
think
in
the
future,
attestations
were
not
made
by
attestation,
will
not
no
longer
be
made
on
the
subject
public
key.
Instead,
it's
made
on
the
subject
virtual
contract
a
subject
contract
which
is
a
contract
that
can
be
created
if
the
user
loses
the
key
or
the
current
contract
has
already
been
created,
so
that
user
can
reclaim
a
third
contract
rule.
A
So,
let's
say:
there's
a
contract
that
says
that
with
a
lawyer's
attestation,
you
can
regain
your
identity
or
that
you
can
lock
your
contract,
making
it's
not
possible
to
transact
anything
by
having
two
friends
sending
a
transaction
without
a
contract.
You
can
lock
it
for
30
days
and
you
can
get
a
lawyer
to
make
to
attest
your
new
key
and
then
this
contract
instead
of
your
subject.
Public
key
will
be
attested.
A
A
A
A
A
So
I'm
thinking
that
there
are
two
ways
to
solve
this
one
is
we
have
an
additional
verification
key
in
the
test:
ation
URL.
Sorry,
sorry,
not
verification
key
selector
in
the
key
selector
in
the
URL,
which
is
very
porticoes
dependent
or
that
we
encode
the
verification
key
in
the
bit
message
to
be
signed,
but
that,
if
you
feel
that
is
clumsy,
then
maybe
it
is.
C
A
So
let
me
try
this
okay,
so
so
well,
I'm
not
terribly
good
at
terminology,
but
let
me
try
this.
So
let's
say
we
define
verification.
As
you
know,
who
is
the
signer
by
his
address
yeah
you
can
assert.
Who
is
the
sign
there
by
his
address
like
he
has
you
can
see?
0
509
signed
this
position,
so
there
are
two
ways
to
get
0
509
at
the
theorem
address.
Now
there
are
two
ways
to
get
it.
One
way
is
that
the
signature,
the
URL
the
intestinal,
contains
any
the
value,
the
Dalek
value,
but.
C
C
C
A
C
A
C
But
then
it
means
that
you
know
that
the
public
key
needs
to
be
of
the
signer
needs
to
be
included.
It
needs
to
be
be
somewhere
and
not
just
not
just
the
V
value
like
the
whole
thing,
like
oh
I,
think
a
friend
at
least,
or
something
something
like
that.
Otherwise
it's
not
possible
to
verify
the
signature.
I
mean
this
is
from
the
signature.
C
A
On
yes,
so
you
you,
as
the
person
who,
let's
say,
I,
give
you
a
gift
all
by
either
by
sending
assigning
attestation
and
tall.
Has
it
and
Hall
wants
to
redeem
when
either
by
product,
by
putting
that
one
on
the
blockchain
and
the
redeem
it
from
my
wallet
right
from
where
was
Warner,
and
he
has
to
have
the
confidence
that
the
wallet
will
not
throw
up
and
says
that
this
message
is
not
signed
by.
We
will
yeah.
D
C
A
C
D
C
I
mean
it
doesn't
even
need
to
be
the
whole
publicly.
It
just
needs
to
be
the
etherium
address,
because
I
can,
from
the
signature,
can
compute
the
the
two
possible
public
keys
and
I
can
hash
them
to
get
the
ephyra
mattress
corresponding
and
I
can
verify
whether
one
of
them
matches
what
is
in
the
issue.
Our
information.
Yes,.
C
A
C
A
C
Yeah
I,
my
gut
feeling,
is
that
it
should
be
part
of
the
excitation
III
see
how,
like
external
situations,
will
ensure
that
I
generally
know
it,
but
we're
trying
to
make
something
very
modular
that
is
it's
gonna
work
in
a
whole
bunch
of
different
contexts
and
I
will
not
be
surprised
if
some
developers
find
a
way
of
misusing
this,
and
we
end
up
in
situations
where
it's
not
possible
to
verify.
Yeah.
C
C
I
always
get
so
again.
Let
me
just
pass
this.
I
can
always
get
the
signers
that's
a
station.
That's.
D
D
C
A
So
yeah
so
to
address
that
we
produce
a
certificate
chain,
but
it
seems
that
it's
more
popular
to
do
this
on
some
smart
contract.
So
what
you
do
here
is
you
ask
a
smart
contract?
We
meet.
What
is
the
dress
that
is
relevant
to
this
transaction?
What
is
the
sign,
a
dress
that
is
relevant
to
the
transaction?
You
are
relevant
to
a
transaction
you're
conducting.
You
know
that
you
pass
the
entire
attestation
to
a
smart
contract
and
get
a
binary
result
that
whether
or
not
this
signer
is
relevant
to
what
you
are
doing.
Yeah.
C
A
That
would
be
yeah,
so
if
you
have
an
imagine,
you
have
a
certificate
chain
and
imagine
that
that
the
rescue
me
a
name
komodo.
For
example,
your
motto
will
be
a
smart
contract,
then
you
will
only
receive
the
website
certificates
and
whether
or
not
is
signed
by
Komodo
is
done
by
get
current
signing
key
from
Komodos
smart
contract,
which
will
assume
that
they
are
managing
Wow
yeah.
C
C
C
D
C
A
A
C
Don't
think
I
think
it's
more
of
a
question
if
we
want
the
contract
to
be
standalone,
because
whether
we
include
the
metallic
value
or
or
not,
I
mean
it's.
Basically,
it's
just
as
far
as
I.
Remember
it's
just
a
sign
of
like
the
x-axis
of
the
elliptic
curve
representing
the
public
key
which,
as
far
as
I
know,
is
gonna,
be
I
mean
it's
not
gonna
collide
with
in
your
other
public
keys,
except
with
I.
Don't
know
if
it's
impossible,
if
it's
just
very
small
probability,
but
I
mean
it
it
shouldn't.
C
C
A
B
A
It
mostly
just
right
laughter:
we
have
to
look
up
two
balances
and
the
other
is
some
smart
contract
author
may
choose
not
to
may
choose
not
to
return
the
address
of
the
trusted
signer.
So
imagine
that
a
komodo
Komodo
smart
contract
choose
not
to
implement.
Who
is
who
is
the
witch,
which
is
the
key
that
you
can
use
to
sign
website
certificates.
Imagine
this.
A
A
C
A
C
Agree
with
that,
so
why
I
think
like
both
because
of
that-
and
it
makes
a
lot
of
sense
and-
and
that's
also
because
of
as
I
mentioned
earlier,
like
the
usage
of
this
access
station,
because
we
don't
know
how
how
these
things
are
going
to
be
used
by
my
developers,
which
is
why
I
also
believe
that
there
should
be
it.
They
should
be
verifiable
if
not
I
mean
they're
not
valuable
on
their
own,
but
they
should
be
verifiable
unknown.
So
I
do
think
that
that
we
should
include
the
public.
C
It's
hard
to
imagine
all
the
only
use
cases,
but
I
mean
it
proves
basically
that
it
shows
what
the
address
is
in
itself
without
you
I
actually
having
to
do
some
computation,
which
is
also
easier.
If
you,
if
you
look
at
the
answer
station,
you
can
see
the
address
itself
and
look
it
up
in
other
cases
in
morte.
Instead,
if
you
want
to
cross-reference
and
then
just
very
verify
it
afterwards,
I
don't.
A
C
Yours
that
whoever
made
this
has
the
private
key
and
I
mean
if
we
just
constructed
reconstruct
the
public
key
I
mean
you
could
have
like
included
a
fake
signature
or
whatever
it's
it's.
It
just
seems
more
robust
and
complete.
So
well,
you
do
small
advantages
as
I
mean
these
few
small
advantages
I
mentioned
of
it,
which
might
not
ever
have
any
specific
relevance,
but
they
could
have
that,
like
a
small.
A
couple
of
small
advantages,
also
I
think
semantically.
A
Also
imagine
that,
although
in
order
to
do
a
transaction,
you
have
to
use
ECDSA,
but
in
order
to
do
attestation,
maybe
you
can
use
RSA
as
well
or
maybe
even
others,
timing
algorithm.
You
know
you
can
see
that
only
in
we
can
say
that
the
verification
is
always
included,
so
you
can
at
least
verify
that
attestation
before
validating
it.
Thank.
A
A
C
A
C
C
Making
some
notes
here:
okay,
I-
guess
we
still
need
like
to
specify
when
we're
using
ECDSA.
So
this
still
includes
having
to
include
the
Oh
perfect.
C
The
signature
not
or
just
the
address
just
the
address,
but
also
I,
mean
we
need
to
include
the
OID
in
the
signature
field,
our
signature,
algorithm
field,
the.
A
All
I,
don't
remember,
being
very
detailed,
but
I
do
remember
that
I
think
the
attestation
has
this
structure
that
first
inside
attestation
there
is
the
sound
message
to
be
signed
section
and
there's
a
signature
and
in
the
to
be
science
section
there
is
that
object,
plus
a
few
other
stuff.
So
I
guess
the
address
is
in
other
stuff
section
right.
A
C
C
A
Number
is
not
in
object
class,
but
it
seemed
to
be
to
be
signed
out.
Therefore,
it
is
Laird
yeah.
A
C
A
So
sorry,
so
there's
no
reason
to
put
wait
a
moment.
If
we
put
it
outside,
then
we
cannot
shorten
the
URL
in
ECDSA
case,
because
if
you
have
ECDSA
signed
attestation
and
the
signer
address
is
at
the
place
where
serial
number
is,
then
you
can
verify
the
signature
and
there's
only
one
way
to
verify
the
signature.
And
then
you
will.
You
will
be
able
to
know
for
sure,
which
is
the
correct
address,
but
if
you
put
it
outside
then,
unless
you
specifically
mention
that
in
the
URL
making,
you
are
quite
long.
C
But
I
mean
so
the
URI
is
basically
I
mean
it
needs
to
be
based
on
the
Dan
coding
of
the
answer
station,
which
is
based
in
509
Pacific
't,
but
we're
cutting
out
a
few
things
which
are
not,
which,
which
could
then
be
be
be
deduced
from
from
the
context
so
yeah
it
would
be,
it
would
be
longer,
but
I
mean
is
that
is
that
a
problem?
That's
why
I
read
up
on
it
and
basically
like
it
should
be
like
specification,
wise,
URI
and
URL
should
be
a
to
be
unlimited
and
practice.
D
A
Know
we
made
a
big
effort
to
make
the
core,
maybe
maybe
effort
to
make
the
data
object
visible
to
the
naked
eyes
and
make
the
singing
should
be
a
hobby
after
it.
If
you
his
into
Keylong,
then
you
probably
wouldn't
start
even
currently,
it's
already
not
very
good,
because
it's
three
lines
long
and
that
object
is
in
first
line.
C
A
C
C
A
C
C
A
That's
interesting,
so
you
look
at
TBS
certificate
to
be
signed
certificate
section.
There
is
a
issue
here,
country
simply
say
that
the
issue
you're
instead
of
using
a
name
because
we're
not
using
issue
you're
rdn
as
well
anyway,
can
we
can
we
simply
issue
your
instead
of
name?
We
put
the
you
seem
interested.
Yes,.
C
A
C
C
A
A
C
C
A
A
Yeah
and
the
hacker
an
adversary
can
randomly
combine
attestation
with
a
different
contract
and
is
up
to
the
token
script
of
that
contract
being
trusted
by
the
user
to
decide
whether
or
not
this
session
is
usable.
So
let
me
say
that
speak
that
slowly,
any
adversary
is
able
to
end
American
Pie
change,
the
association
of
attestation
and
a
smart
contract
yeah.