IETF Logo Mail Archive

[Diem] Re: architectural considerations document

Felix Linker <linkerfelix@gmail.com> Sun, 22 March 2026 08:17 UTC

Return-Path: <linkerfelix@gmail.com>
X-Original-To: diem@mail2.ietf.org
Delivered-To: diem@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E627CCF6B942 for <diem@mail2.ietf.org>; Sun, 22 Mar 2026 01:17:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6mHGXvTXEslP for <diem@mail2.ietf.org>; Sun, 22 Mar 2026 01:17:06 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 57C13CF6B938 for <diem@ietf.org>; Sun, 22 Mar 2026 01:17:06 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-5a0faa0d15cso3200848e87.0 for <diem@ietf.org>; Sun, 22 Mar 2026 01:17:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774167425; cv=none; d=google.com; s=arc-20240605; b=LN4/+07faQaBrJCt4KVgJKJekkP4r+99a1JfBkts71tgtuwnticVkao+dh9r8syAL+ Ka/kxf6eoQbuIpBV834YdkP58IoNHuHV+bjbUhjfCLxht9gfxmTKbixGbn/CVRL/CYw4 wWKSBp6C7rmDPQeKOSp7MF9V1SGB87t+EaRFY4XkicBmj+rW0zUx/EOh1sugpD75HFEu kN0Wbao/85UxEXi5pHq0Q+c9vw5sK1H9PdgG5F56H4ifkwrWk7fCuzBHYTPdbdpR9s/F 5m5S4a3bVk8tZ4bJREZkkW5tNm18/Yz6/q4yPqxGeqWKoslg8a3LWbHRI6Q3wqYm3gaS vIyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=J6IrC4P3BnbdcS9I5EnBbwxEOwWqxeljgrk0gw2EeHM=; fh=sVWCtlkEMZ90eBv0p8BsHAAukTCv1yD2i8XMIqqOe+8=; b=goNNK8X5SyAeRMYgRb+cwG/Su6mmAGOrwH6gRuzn4uNhqgh/ggkXetVQIY5/Iui/J9 f7Sdc9WDYQTreW8yI25RGvvL3QMarK06+Ys1tIp6POCJR0kI4KSBAu5Y+ri7kTcyrtPy cV5kXFC0z0xuRojRu+oz4hdyKtL+q6GmTd8HrP7PUWpvpjNhcegyZciZ8xPF6mhTLPLB VggRfwwKpqb41RFaXtRk6VVozrWPlI7q+GhS+9MKdMr6iIgGs5izo+RUhbO80vJHUVRl iqd6+Iub6F96YVWHzm5fZZi8ii2POZctJqX8PxOTYBm/Grubdb1SwfNRzm/ZcwKEO0l/ 7Hiw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774167425; x=1774772225; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=J6IrC4P3BnbdcS9I5EnBbwxEOwWqxeljgrk0gw2EeHM=; b=KwvGVTixfYuk1GtnzA8N++9Kpu/HpfNLCbTJfvzCVrQ2wc5JfOQCN07xENdxFvlyo8 /3ap7txnorAEo15DDz+aoqB35W58dUePCnhCsRfOLoYoTLFoEMxmrUHurJWQl0QYeFQU 5+mxkRAYU/VverYipMLLYGUHz7Dy8UT0/OBg0W0CFkW0ue9EcyZQqVhwSFG1cTN7HlkU aTqRFhDl4aVxVq8ltLs6+kxU64fiyq1EtHnpHyXNWDaUj3LcKVJFrAy0kRDADiTm4Sp2 Tg0gdLFqXeCosfqX2xj0F0XHOvl17toHHfhliAMBymi+btgzGZhKf4rYqFuHmjBw4EiN 9HQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774167425; x=1774772225; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=J6IrC4P3BnbdcS9I5EnBbwxEOwWqxeljgrk0gw2EeHM=; b=Y6n6+5lodbTx18fOWIfHfVE2Z+klY+NFqVBuEOVwKY7X/oz2BdYMVZ9viYNDVEh3Ez ODFBKwIhlefcd2HthtDhrekUx4mjGvCRpAU0Yz8QpKN/MIrAm5BXgGMND+1tcN65FMsu fP6mJpDiAv8t8W/jdTRmNRB5YxGEtei0x/4grevl1RzkuE74FWkXR9DBOjM3mihWcUt/ zvxYxbKVBZYGqEXMeT2+mkNRdIYOsVP6xrt6o9miZiU0vDPwJCwJravxn0Zus2TBZ/9M X5Jyak2HOGgD9iKTY+zYcdWC3SzxIOdlnSAwLx4Pj4/tCIHHCULzge/nuZAunW4KqdJ2 Hljw==
X-Gm-Message-State: AOJu0YyVDry+nxCvbi0FpkJUp+DF9iJLeJVpk80D39iiHajHqj6i07Db r/TPNAFeIe5SZcvKJf0gSsUna3bqmQ4SB5FqVgK1BDziryReU9FHjxyy487zefNYbygq8ac7Q+i 3oS/RTC5f5B3Ep//Zwf6aIsb4+bo7RZwPIw9N16k=
X-Gm-Gg: ATEYQzysNctlIGdwGwUIdYCOEorG+uK5jj/OcH/DrIDu5H4Z+CKedXJ/yszStkTqxnK sqI7IlII7s7leHALw3mdF8lxlTI30tmwXZD13K1S7pjRx5Ykh56CbGzWwmOiR4EZMvNUiGzJKN3 M9tWiEyb8ib+u0ihPLl1wrQlvnTRcKsOj1uq0gAiR5vRJtm7oO5QreBI02p4jNU6EGONhkdAHs8 nBEFItV2hL6r/r1iYB+2rrWVOTQr2B7PHyjQra+1fPuUPqIqORra16LnmoDFQAF4ifkDzrRMXjn QIC0WLI756hihyyfg8l7HDhg1CFZzVEaOeJKEGdzzxbpkoAfChypbiz1c0nZLJj8ttyr5nmORrt KAedr3w9a
X-Received: by 2002:a05:6512:a8d:b0:5a1:74e2:4781 with SMTP id 2adb3069b0e04-5a285b68337mr3277303e87.42.1774167424719; Sun, 22 Mar 2026 01:17:04 -0700 (PDT)
MIME-Version: 1.0
References: <1A139491-2A48-4AB4-BA54-B76E99B41E3D@veridigo.com>
In-Reply-To: <1A139491-2A48-4AB4-BA54-B76E99B41E3D@veridigo.com>
From: Felix Linker <linkerfelix@gmail.com>
Date: Sun, 22 Mar 2026 09:16:53 +0100
X-Gm-Features: AaiRm53WV0YrYPBVYPLbgU79ARgJgOvLRxmT-DLLM7IpWmKCPp0-oQcgGdvzTOQ
Message-ID: <CAPeSryoLPAx1Xp2KgHi9xDsZxBzXdUvzVoEG+rD9M_VLbNpgEw@mail.gmail.com>
To: Alex Rosenberg <alexr@veridigo.com>
Content-Type: multipart/related; boundary="0000000000001f77f8064d988bd2"
Message-ID-Hash: XOHNUBVNKWTLNDHT33EPPUKNMZATFMXL
X-Message-ID-Hash: XOHNUBVNKWTLNDHT33EPPUKNMZATFMXL
X-MailFrom: linkerfelix@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: diem@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Diem] Re: architectural considerations document
List-Id: Discussion of digital emblems <diem.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/diem/nUhslVdHIVhR_gv5k4OQXZqx4JI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/diem>
List-Help: <mailto:diem-request@ietf.org?subject=help>
List-Owner: <mailto:diem-owner@ietf.org>
List-Post: <mailto:diem@ietf.org>
List-Subscribe: <mailto:diem-join@ietf.org>
List-Unsubscribe: <mailto:diem-leave@ietf.org>

Hi Alex,

Thanks for that doc. I think what you describe quite closely matches how
our current prototypes work already (for reference
https://github.com/adem-wg/adem-proto)

We don't require DNSSEC, as it doesn't provide any additional security and
because authorization (and thus extra validation steps) are necessary
anyway.

I have some questions on your draft:

   - In your Sec. 5, you mention a hierarchical structure, and you say that
   this "hierarchy is effectively a Merkle tree of chains of trust." Is it or
   is it just "effectively" - and what does the word "effectively" do here?
   - You also mention that "[s]igned fields are included in a cryptographic
   hash of the record." So will that hash be signed? I don't think you mention
   that. And what's the benefit of signing the hash vs just signing the record?

Cheers,
Felix

Am Mo., 16. März 2026 um 10:04 Uhr schrieb Alex Rosenberg <
alexr@veridigo.com>:

> I pushed this document up to datatracker the other day in hopes to
> facilitate conversation. I foolishly assumed that the email list would be
> notified of new documents being published. My apologies for not sending
> this notification prior to today’s meeting.
>
> It primarily describes the mental model I’ve been forming of what DIEM
> might look like for the use cases we’ve already discussed.
>
> Digital Emblems - Architectural Considerations
> <https://datatracker.ietf.org/doc/draft-rosenberg-diem-architecture/>
> datatracker.ietf.org
> <https://datatracker.ietf.org/doc/draft-rosenberg-diem-architecture/>
> [image: ietf-logo-nor-180.png]
> <https://datatracker.ietf.org/doc/draft-rosenberg-diem-architecture/>
> <https://datatracker.ietf.org/doc/draft-rosenberg-diem-architecture/>
>
> Alex
> _______________________________________________
> Diem mailing list -- diem@ietf.org
> To unsubscribe send an email to diem-leave@ietf.org
>

v2.46.0 | Report a Bug | By Email | System Status