IETF Logo Mail Archive

[Diem] Re: architectural considerations document

Bill Woodcock <woody@pch.net> Tue, 28 April 2026 07:58 UTC

Return-Path: <woody@pch.net>
X-Original-To: diem@mail2.ietf.org
Delivered-To: diem@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 12E79E488BAF for <diem@mail2.ietf.org>; Tue, 28 Apr 2026 00:58:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777363107; bh=ghBs/akpGS92xk4jG6ccW77tlOoy0MmBJlKzABNIn/Q=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=NWf6eIL/zzOSvnWGYVoWuwdAHpYWoPMhmFUWW0Rk3zJ4C9hDmJyakJCoM7vNpNw/Y dg8EFchuvFytadeFvyC5/7Bc7j+FhLZ+RUW22BIy9xr0HvBUKpMdk3LTq0JbFKoIja oHilkEInaC90BX9cwFLvNQrDIC17AERVS/OwWD5Y=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.206
X-Spam-Level:
X-Spam-Status: No, score=-1.206 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=pch.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tmvn4ZFQxaqe for <diem@mail2.ietf.org>; Tue, 28 Apr 2026 00:58:26 -0700 (PDT)
Received: from mail.pch.net (keriomail.pch.net [206.220.231.84]) (using TLSv1.1 with cipher ECDHE-ECDSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id ACF29E488A9C for <diem@ietf.org>; Tue, 28 Apr 2026 00:57:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=pch.net; s=mail; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=ghBs/akpGS92xk4jG6ccW77tlOoy0MmBJlKzABNIn/Q=; b=F9QoApTCD7oym9bEj6dnR9cL1WZtTUYn6K+0tCJndnXQ5br2d1Yf0FAbOnMIPP7aFtI+mrjESz/hY 1vUVr+sIyEZFU8ObdMym5imMLuQYviVUApb//b8UYRdeEnEVxokZkUo1TebY312zxIdg7pahbdjvWU hChCUiq8Xifd3TMJCNkcZcXfwUReRfDhefqBWRlfVYsEn+xDQVPAlUilz8AJ2rfORHXHnNRbtHaqwr mziAXMod4nUyI/gdos83OrFiZD4QldaWjSwWHwza0Znvq/zlKVQ4gUCnFK2Te4Vp+/C0sGOR0EaVXb GXE7Xy/sJVTDugqX8+zMw8dtERvg9Eg==
X-Footer: cGNoLm5ldA==
Received: from smtpclient.apple ([2620:171:eb:a0:3ff4:81b3:effc:338c]) by mail.pch.net (Kerio Connect 9.2.7 patch 3) with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)); Tue, 28 Apr 2026 00:57:40 -0700
Content-Type: multipart/alternative; boundary="Apple-Mail-2C90F33E-9CAC-4EAF-AAE0-0096EB163CF4"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (1.0)
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <CAKoiRuZfosCxjQ+Aocwr4+cpqy=RUZ1iLRUQ=P629CTZKuTkTg@mail.gmail.com>
Date: Tue, 28 Apr 2026 15:57:28 +0800
Message-Id: <69B7B26E-3945-4CD0-8C54-27950817C3DB@pch.net>
References: <CAKoiRuZfosCxjQ+Aocwr4+cpqy=RUZ1iLRUQ=P629CTZKuTkTg@mail.gmail.com>
To: Rohan Mahy <rohan.mahy@gmail.com>
X-Mailer: iPhone Mail (23E261)
Message-ID-Hash: 5WPF7VIF74PMUCAMZBZKNOPKLMK2HINM
X-Message-ID-Hash: 5WPF7VIF74PMUCAMZBZKNOPKLMK2HINM
X-MailFrom: woody@pch.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Alex Rosenberg <alexr@veridigo.com>, Felix Linker <linkerfelix@gmail.com>, diem@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Diem] Re: architectural considerations document
List-Id: Discussion of digital emblems <diem.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/diem/7Unw0pHwwd7-or7n_pwAaNaVtv8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/diem>
List-Help: <mailto:diem-request@ietf.org?subject=help>
List-Owner: <mailto:diem-owner@ietf.org>
List-Post: <mailto:diem@ietf.org>
List-Subscribe: <mailto:diem-join@ietf.org>
List-Unsubscribe: <mailto:diem-leave@ietf.org>

Ok, that’s fine.  As long as it’s a question of DNSSEC or no authentication, rather than DNSSEC, no with, or some ambiguous number of other mechanisms implementers might need to bolt onto the side.  No need to reinvent the wheel. 
    
                -Bill


On Apr 28, 2026, at 15:37, Rohan Mahy <rohan.mahy@gmail.com> wrote:


Bill, Alex,
We have use cases where authentication is not required. Hopefully it is sufficient to say that when emblems are looked up in the DNS and authentication is required, that DNSsec is the default/assumed authentication mechanism; DNSsec could also be used for other discovery mechanisms either in whole or in part.

Thanks,
-rohan

On Tue, 28 Apr 2026, 08:38 Bill Woodcock, <woody@pch.net> wrote:
We do require DNSSEC, because it provides the digital signature which allows the validator to assure themselves of the validity of the record bundle. 
    
                -Bill


On Apr 28, 2026, at 12:31, Alex Rosenberg <alexr@veridigo.com> wrote:


(inline)

On Mar 22, 2026, at 1:16 AM, Felix Linker <linkerfelix@gmail.com> wrote:

Hi Alex,

Thanks for that doc. I think what you describe quite closely matches how our current prototypes work already (for reference https://github.com/adem-wg/adem-proto" target="_blank" rel="noreferrer nofollow">https://github.com/adem-wg/adem-proto).

We don't require DNSSEC, as it doesn't provide any additional security and because authorization (and thus extra validation steps) are necessary anyway.

How do we know that a DNS-provided emblem is not spoofed otherwise? I have been assuming DNSSEC is required.

I have some questions on your draft:
  • In your Sec. 5, you mention a hierarchical structure, and you say that this "hierarchy is effectively a Merkle tree of chains of trust." Is it or is it just "effectively" - and what does the word "effectively" do here?
The Merkle tree is an emergent property of the result, not intended. None of the uses for that property that I’ve come up with seem worth pursing since we’re not making git or a ledger of NFTs.

  • You also mention that "[s]igned fields are included in a cryptographic hash of the record." So will that hash be signed? I don't think you mention that. And what's the benefit of signing the hash vs just signing the record?
I would think the hash is only used when part of the hierarchy refers to another emblem for inclusion.

Alex

Cheers,
Felix

Am Mo., 16. März 2026 um 10:04 Uhr schrieb Alex Rosenberg <alexr@veridigo.com>:
I pushed this document up to datatracker the other day in hopes to facilitate conversation. I foolishly assumed that the email list would be notified of new documents being published. My apologies for not sending this notification prior to today’s meeting.

It primarily describes the mental model I’ve been forming of what DIEM might look like for the use cases we’ve already discussed.


Alex
_______________________________________________
Diem mailing list -- diem@ietf.org
To unsubscribe send an email to diem-leave@ietf.org
_______________________________________________
Diem mailing list -- diem@ietf.org
To unsubscribe send an email to diem-leave@ietf.org

_______________________________________________
Diem mailing list -- diem@ietf.org
To unsubscribe send an email to diem-leave@ietf.org
_______________________________________________
Diem mailing list -- diem@ietf.org
To unsubscribe send an email to diem-leave@ietf.org
_______________________________________________
Diem mailing list -- diem@ietf.org
To unsubscribe send an email to diem-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status