c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ietf-draft-analyzer/workspace/draft-team/cycles/dynamic-trust-and-reputation/55-review-synthesis-v1.md
Christian Nennemann 2506b6325a
Some checks failed
CI / test (3.11) (push) Failing after 1m37s
Details
CI / test (3.12) (push) Failing after 57s
Details
feat: add draft data, gap analysis report, and workspace config
2026-04-06 18:47:15 +02:00

1.4 KiB
Raw Permalink Blame History

Review Synthesis

Blocking findings

  • Add an explicit conformance rule that portable trust assertions require authenticated origin and integrity protection; unauthenticated portable assertions must not be treated as conformant input.
  • Tighten stale-data handling so clearly expired assertions are rejected rather than merely "downgraded" at implementer discretion.
  • Define a firmer minimum portable data shape for trust assertions, including explicit model identification.

Major findings

  • Clarify whether trust-event interoperability is core to the document or whether trust events are primarily feeder objects for portable assertions.
  • Strengthen the handling of negative assertions by requiring either evidence reference or explanation code when such assertions are exchanged portably.
  • Clarify revocation versus supersession.
  • Add one compact example of conflicting assertions from different issuers to make receiver processing easier to implement.

Minor findings

  • Tighten abstract wording around scoped issuer opinion.
  • Make a few terminology definitions more RFC-like.
  • Reduce provisional tone in IANA and dependency text.

Conflicts resolved

  • No major reviewer conflict exists. All reviewers support the narrow scope.
  • The only tension is between remaining model-agnostic and becoming implementable. Resolution: keep algorithm choice open, but define a stronger minimum portable assertion envelope and clearer stale-data behavior.
Reference in New Issue View Git Blame Copy Permalink