Ballot for charter-ietf-diem
Yes
No Objection
No Record
Summary: Has enough positions to pass.
Ballot question: "Do we approve of this charter?"
Thanks for continuing the work on DIEM charter. The new charter has been narrowed a lot, but I guess this is OK based on the reviews. Some comments though: Unsure whether Blue Shield is `governed by International Humanitarian Law` as it is not really humanitarian, it is more an example of the 2nd sentence AFAIK. In `Validation may include ensuring that the bearer has not forged, stolen, or tampered with an emblem` should freshness (i.e., "not expired") be part of the criteria ? Sometimes `discovery mechanism` is used in singular form and sometimes in plural form. Should this be uniform ? About `strictly in this order` does this means that adoption of document #N+1 can be done only after WGLC of document #N ? Suggest using something like "documents will progress in such a way that all steps (adoption, WGLC, request for publication) will be done in strict order".
Like Roman, I questioned the undetectability when using DNS - as it can really only be undetected if it is broadcast. But that implies a local range and signals that are not internet based. The answers I received (supply the additional records along with "regular DNS" queries is not something I see as very viable. But I think "undetectability" can take a back seat at first.
I previously left a comment during initial review of not understanding “The discovery mechanism and validation procedures must allow for validators to be undetectable as validators” and suggesting that further refinement of the threat model would be helpful. Subsequent discussions did not illuminate the thread model within the DNS-based scope of the charter. I leave this to a future WG to deliver. I caution this almost-formed-WG that this vagueness means that the Internet threat model applies. As such, this “undetectability of the verifier” means not only “from the bearer” and “those potentially colluding with the bearer”, but also all entities capable of watching, on path, or hosting the DNS infrastructure being used. I trust that this is what is intended.