# Review Synthesis

## Blocking findings

- Add an explicit conformance rule that portable trust assertions require authenticated origin and integrity protection; unauthenticated portable assertions must not be treated as conformant input.
- Tighten stale-data handling so clearly expired assertions are rejected rather than merely "downgraded" at implementer discretion.
- Define a firmer minimum portable data shape for trust assertions, including explicit model identification.

## Major findings

- Clarify whether trust-event interoperability is core to the document or whether trust events are primarily feeder objects for portable assertions.
- Strengthen the handling of negative assertions by requiring either evidence reference or explanation code when such assertions are exchanged portably.
- Clarify revocation versus supersession.
- Add one compact example of conflicting assertions from different issuers to make receiver processing easier to implement.

## Minor findings

- Tighten abstract wording around scoped issuer opinion.
- Make a few terminology definitions more RFC-like.
- Reduce provisional tone in IANA and dependency text.

## Conflicts resolved

- No major reviewer conflict exists. All reviewers support the narrow scope.
- The only tension is between remaining model-agnostic and becoming implementable. Resolution: keep algorithm choice open, but define a stronger minimum portable assertion envelope and clearer stale-data behavior.