<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.2.3) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-tojens-diem-arch-visual-aid-00" category="info" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title>DIEM Architecture Example</title>
    <seriesInfo name="Internet-Draft" value="draft-tojens-diem-arch-visual-aid-00"/>
    <author fullname="Tommy Jensen">
      <organization>Cloudflare</organization>
      <address>
        <email>tojens.ietf@gmail.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <area>Applications and Real-Time</area>
    <workgroup>Digital Emblems</workgroup>
    <keyword>DIEM architecture</keyword>
    <abstract>
      <?line 33?>

<t>This document defines the architecture for Digital Emblems. Standards
that define Digital Emblems are expected to do so by mapping their
mechanisms to the required and optional componented defined by this
document.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-tojens-diem-arch-visual-aid/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        Digital Emblems Working Group mailing list (<eref target="mailto:diem@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/diem/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/diem/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/tojens-ietf/draft-tojens-diem-arch-visual-aid"/>.</t>
    </note>
  </front>
  <middle>
    <?line 41?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Various use cases for Digital Emblems and the requirements those use
cases present are defined in (link to it). This document builds on those
requirements to define an architecture that can accommodate a diverse
set of use cases (hopefully generalized such that as-of-yet unknown use
cases can reuse this same architecture).</t>
      <t>The subsections of the next two sections outline the checklist of
things a Digital Emblem standard <bcp14>MUST</bcp14> define to be considered a
Digital Emblem (even if to say that the optional element is being
omitted).</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="foundation-and-required-components-of-a-digital-emblem">
      <name>Foundation and Required Components of a Digital Emblem</name>
      <t>This section defines the elements that are common to all Digital
Emblems. Therefore, standards that define a Digital Emblem <bcp14>MUST</bcp14>
define how that emblem fulfills each part of this section.</t>
      <section anchor="digital-emblem-format">
        <name>Digital Emblem Format</name>
        <t>TODO: the current text presumes some custom binary format for
simplicity of defining an example architecture. In reality, this should
probably be some existing data structure format standard, but the
proposed fields remain the same</t>
        <t>To accommodate Digital Emblem standards that may require extensive data
payloads, the base format of a Digital Emblem is purposefully kept as
small as possible with an extensible payload. Digital Emblem standards
<bcp14>MUST</bcp14> define the semantics of that payload.</t>
        <t>Format:
- FQDN: the asset identifier, a length-prefixed UTF-8 string
- Digital Emblem Type: 16-bit integer from IANA Digital Emblem Type registry
- Payload: length-prefixed data field whose semantics are defined by the Digital Emblem Type</t>
        <t>The Digital Emblem Type of 0 is defined by this document to provide
standards with a reusable parsable format. This format of the payload
is defined as:
- a length-prefixed string: this is a MIME type identifier
- the rest of the payload: in the format defined by the MIME type</t>
      </section>
      <section anchor="digital-emblem-discovery">
        <name>Digital Emblem Discovery</name>
        <t>Because Digital Emblems are defined as being identified by FQDNs,
discovering them via the DNS is likely to be a common scenario.
This document defines such a mechanism that Digital Emblem standards
can use. They <bcp14>MUST</bcp14> define how their emblems are discovered either by
using this mechanism, building on this mechanism, or defining a new
mechanism of their own. Use of this mechanism is simply defined as using
standard DNS queries to retrieve the DIEM records associated with the
FQDN of the asset bearing the emblem.</t>
        <t>&lt;&lt; Normative Reference: second doc defining new DIEM RR type &gt;&gt;</t>
        <t>Use cases that wish to use the DIEM RR type can. Others may see fit
to define use of an existing record for (reasons). Others may use
the DIEM record but signal in a SVCB/HTTPS record that it is
available. Some may use specific labels (like a future "_de" label)
while others may not. This architecture does not define or limit
these choices. This document requires that Digital Emblem standards
<bcp14>MUST</bcp14> define how their emblems are discovered and retrieved, even
if it is as simple as "QTYPE=DIEM for the asset's FQDN".</t>
      </section>
    </section>
    <section anchor="optional-architecture-elements">
      <name>Optional Architecture Elements</name>
      <t>This section defines the elements that a Digital Emblem might have if
its use case requires them, but otherwise does not have to have just
because it is a Digital Emblem. Standards that define a Digital Emblem
<bcp14>MUST</bcp14> indicate whether each of these apply or not.</t>
      <section anchor="authorization">
        <name>Authorization</name>
        <t>Some Digital Emblem standards <bcp14>MAY</bcp14> require bearers to have and
demonstrate proper authorization to bear their emblem. If so, they
<bcp14>MUST</bcp14> define the following:
- what parties are authorities
- how trust in an authority is established by a validator
- how a bearer presents its authorization within its emblem's payload</t>
        <t>Because FQDNs are used to identify assets bearing emblems, a natural
solution can be the use of DNSSEC. This inherits the trust model
already defined for DNSSEC, which then requires validators to perform
DNSSEC validation. The use of PKI is another possibility. This document
does not define how this or other approaches could be done.</t>
      </section>
      <section anchor="verification">
        <name>Verification</name>
        <t>Some Digital Emblem standards <bcp14>MAY</bcp14> require some specific verification
of emblem integrity, such as having subsets of their payload signed
and verified through a different source of authority than the
authorization. If so, they <bcp14>MUST</bcp14> define how this is to function. As
this document defines the generic Digital Emblem format, there is
no data integrity verification provided by the format.</t>
      </section>
      <section anchor="detection-of-validation">
        <name>Detection of Validation</name>
        <t>Some Digital Emblems <bcp14>MAY</bcp14> require that bearers cannot reasonable
detect when validators are checking for their asset's emblem (or
who is checking). Others <bcp14>MAY</bcp14> require that this is known because they
have a strong audit requirement of when emblems were verified. Many
will require neither, which is why this component is optional.</t>
        <t>If a Digital Emblem standard does either require or forbid
bearer awareness of validators checking for their asset's emblem,
it <bcp14>MUST</bcp14> define how this is to be achieved, including any necessary
modifications to other components (such as discovery). Otherwise, it
<bcp14>MUST</bcp14> simply declare that neither case applies.</t>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The security considerations of Digital Emblem standards will be
dependent on the way they choose to implement the elements defined
in this document. However, this document uniquely introduces</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document defines a new registry called the Digital Emblem Type
registry. This is intended to be a low bar to entry, FCFS, so that
implementors can tell which parsers to use for the emblem payload.
The zero value is reserved for a special case where the payload is
the MIME type payload defined earlier.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-normative-references">
      <name>Normative References</name>
      <reference anchor="RFC2119">
        <front>
          <title>Key words for use in RFCs to Indicate Requirement Levels</title>
          <author fullname="S. Bradner" initials="S." surname="Bradner"/>
          <date month="March" year="1997"/>
          <abstract>
            <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="2119"/>
        <seriesInfo name="DOI" value="10.17487/RFC2119"/>
      </reference>
      <reference anchor="RFC8174">
        <front>
          <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
          <author fullname="B. Leiba" initials="B." surname="Leiba"/>
          <date month="May" year="2017"/>
          <abstract>
            <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
          </abstract>
        </front>
        <seriesInfo name="BCP" value="14"/>
        <seriesInfo name="RFC" value="8174"/>
        <seriesInfo name="DOI" value="10.17487/RFC8174"/>
      </reference>
    </references>
    <?line 193?>

<section numbered="false" anchor="acknowledgments">
      <name>Acknowledgments</name>
      <t>N/A</t>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA5VZ23IbuRF9x1cg9EPklEivNq7EYXm9S+sSK7EulminXKlU
CjMDkljNAFxgRjTt8r/kW/JlOd3ADDkUtc4+2CQHA6D7dPfpA2g4HIra1KUe
y8HJ+emFnPh8YWqd143X8vSTqpalHohc1Xru/HosjZ05IQqXW1VhUuHVrB7W
7mdtw7AwuhoqLDC8N6FR5VCZYvjddyI0WWVCMM7W6yUmnZ9Oz6R8IlUZHPY1
ttBLjf9sPTiUA12Y2nmjSvpxPnmND+fx7WZ6NhC2qTLtx6KAQWOROxuwcRPG
svaNFvdj+UehvFZYdbJclgZ2Y9cglS3kjYZFU1PBnZXzd3PvmiV5beamVqU8
rbJSV2Eg7vQa48VYyKFkSNQWJOJe2wY7S/nofCmjl4N/YBdj5/Kv9CY9r5Qp
8Zxg+snoejZyfk7PscCiyTCScKSxZ99EdiCEauqF82QpVpFy1pRlDMvUVdVa
/k0TPDyEnZQ1nxmOsTwuXVPMSiDFgzoaFvca0e4/zenRKHeVENb5CvPu4bWg
6G9+jUYjIYbDoVRZqL3KayGmCxMksqOpEE1Z6JmxOsh6oXsoSqwid4Abydsa
YVK+CKJeqHby7mtYR0v9aYmFdAGTsZkMTmZroLtcEtzYzHhR6XwBjwNm4CUy
wOtfGuMxiZLBLQkJLAsXl87CWAzEHQtarIYfovUDXrKblSmKUgvxRJ7b2rui
yWkRIT4ob1wTZBO0zFWAw3v842237KCFCRmHSZgo4sSl14GQIy9bc4yVB6Wx
d+SIqZ+OZB/krDFlEaSzcTHRX9+1OCrbDwFjnNPTHBhUjipKKlkgtB6rBF1L
N9ty6WDhlpoybC3n2mqvSvMZxoUmX8S1VBi62XCNeY29s25lt9yifbymxQhY
GZCkPWuejih1NFbLgs5jzWJ3gsvqT7WsV4hyN9DUJXlEo/lC53elCWQs0gbx
B9A70MuQEktevL+dtngAmQzzsaApNKeF2Jl2oFHs0szo1aDW0UvatEseXTLM
Ei5lGnsLV5kamUTuIEuOncUKGwY6oZ0N/47ugmokcU2QAzKNCI9NvLzi7zen
796f35ye0PfbN5O3b7svIr1x++bq/duTzbfNzOOri4vTy5M4GU9l75EYXEw+
YoSsGlxdT8+vLidvB5RpdS+3KA0jUAYV4pGdVCcKpaFD7k0Ws/P18fV//3P0
XH758rubs+Pvj47+8vVr+vHi6M/P8WO10Dbu5iwSKP4ElGuBotXK0yqqRDWq
JUUg4F1kyYKSaIHgAM4//JOQ+ddYvszy5dHzV+kBOdx72GLWe8iYPXzyYHIE
cc+jPdt0aPae7yDdt3fysfe7xX3r4csfObOHRy9+fCU4h85cg9ylnElNLJHY
cctbXCi7KZ+IOJVMj4dTzoZUtJ5qAOVvKc4UgrSQ6Gh5ShEAoenDrpDS5JZZ
duuNAiPSIGIYX9ZxDAwyM2UZpFYgjqXydSz0jbUI9pMnu0uecduBW1cnV+NY
+Y33lKI18QPRJjIWa7iKhkLtKpkZq/xaxo5FHyKYikSBqde0KVtIHQPkpKPS
6ZHSCDQP1gLR1evDZOLCNWUhlt5lKkMiozB4R/0JFERLIVQKMPmm63O0d4vb
IciaKYRWWIKsCzkzmtjbUw+27BiRIxx1PWJ+hNFSICqwU6J9mFKji4PF2Rax
VOvSqSJwuckMbNwatSdtiMiWjSfLItPf6SURuwgVpQZqEkPB4FW5gmaJwPF2
9ChtNXrUWNHjX3IVXoMf80T2MKpdQ4gY8bEYyrN3J5cx5ipQWzKkFA2A86AJ
WWo7rxdDZMDMfAKg76dnwxcUAuLj4a4tU5ZmR38aZqZmTptrL2ce2XI+uZzs
exvAzhFcv8Zi19G68YNNOewcSnAbdfSNZ9udnIXFg2DSLrEf7NseyHxHcdkR
JxuORt0im+6BitikRQwP91wVY+Pjlxj8pCE2mUBmJezF1mYqUAAeghzhHUdL
DLXci/OLUxa+W+HB1Ch4wu4eY5mSPVmwA1C32D4qODEhdxApayFe61yRqNin
ETcuxN68sYu3oaQKh6JIiyXhWMl7o2KMLm/JsdLcadRB7IGqpcqQa0uab/SI
3mVRpGSnQWNuP1oWpI7gBlPtuidSIntCzyb6TK4lo+GJRpyRwdlaNCH6AHu6
fQ+jOKQBZx+MQaNuKBA6a7URzSlc2BcteCTfB92x9OYd4kMi1PU21mxGl4gM
4y8N8NWsRaEf8PU+Vj8frrzOWQChtF1uFMkLzl0iSYpRmzix9DNohRSqhAiY
4uVLedmeStAgZwDG5qhy9BOHlonobPyEl3Hfm5uYra/QZ993IpfjtDJhQcZG
uar77yNWI3lFoAem3aCRxKYWG6HdRLCYG1NXiE7yqeAADSVAAD7trUJKeQcS
bhXBzElnkjqStx+OXz97M51e37ZvsLXEY0Goe5zXqMBxjKKGlBaVAQcl5Hwu
MajRdQ8oobHYrOH+NPh3oQdx7KlYLQwIwm2ssq4lit7JoXBACmOtw/CqNBVh
sNCE5MKZXIfdY0rqT+EbtfCbsp8UUZtSaK6k1wX0OkPCCtLEpg59/W768fr0
B8aXwtCl1O8DU8GAVIe8aoV9/xYkKab/X1TtuleZ+aKWC4X8NDNh6s1RcRsW
XUV9wBFAEm4hzVORYvz5M+SNyBL1JV93dtw6TP+qVItwG1vQTYkmXc50wtos
Fh62gERHjQM0ygdm5AnfO6TrBCE44x5VKJC9nTih+qXsal3BOxCKoFS6P4AB
JIuwv9peP5Kv8r1UgDabQXqlQ8Surpi5snQr6lBoQauoK3xNHEQJlFan3xjm
JPOAlKvMdqNrwhWdC0UFPohNQ8l7qEE0e+fTTJVcag/u6Ib417ef+Axr00A0
HjnX9tquhXE/YvOaEC82Ur9axzwNHfelWiDtYxUSFFo9uLLhraiTZBGDREMg
4NvT41SMxiK6po45G52GvtSlUCVoqdgQOd9f8MxD4Gf4iK/tJlk7GDiUCBn1
cRFntIMk5amjtZZc//2cU9VyficlaUhc71CF2CWYyAN4A1bFyUhJ75CkdLVA
ipycLnAciun5AU7O0t3fb8lOlvIdY95vrwL70wGGRaPnI0Fs84FSmQLDlxd1
2PTOFGRmcV0IYqu4KAV44V0zX/CNy4xbFtjeNT6PzaNLQlQvKyXRy6le+u9R
DFGVITSzxsZDlZzQtdpjl3N8owOfd2CK6ox3ATxoM9ZFqduB0EOp1aGdjkti
M6o4XSfihH8fuhTZG59+WJjAWuZAhlNmxC5KDQ/8QQvzncJ2XvLJlm6HKDSJ
8hGTlvRTNA9QyVDshFb78qYzPzCiBTZeb7UUzBQU6YyEsSM51RSm3r7pI6fZ
wraTrQjRNhtG8kLZtVjhYNxtaKO0a+sPu64WSfp3d5b0tL2MAsrne050nRLj
okpysd0DqACZzBQisZha4QNJwUm8BeY3gTxEV/u1PCT1jJYa+7SxedkU8eQN
laGhFgJO6gJc1OUSz4rFnm+uOg7akmtFwLqNFvVLrFzHXtDp0rxUbfASoLHt
Uk8D/8d7uludN5zMx+k2UG3d0YV2MO8NMrc+RiocyIxSM/1dI8pvNFi+RkTJ
QiTRMZFoniRKPMhtC4nExGL3Sm4k37gVYPSHO8fAxhoIbTht0t00uhtfVdO5
9qFj+5iADwHdeRdAlaUuHj2xtu+1vSUwK9gidi8+LqEJy4w6t5PYx4Myz47P
bg/pwp5CIjrfXaxsWWsAFxOeTqxJKjTx0mJL9W/uCShEn7V3lK0NcRQdN7W/
T01MRT6ni34K+4qJbOsgSqTWO3F2A20rRGEgU3z7N4BM5XcE6yQnEgA+86gN
v4zjn6Z08cNgpsqgB1+FuHw2Ef8Dh2MPg2IbAAA=

-->

</rfc>
