David Ross is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Looks like the interesting part is 4.5 Proposed Code of Practice
I don't like its point 4 - if credentials are per-device, there should be no need for TrustZones and whatnot.
In point 5 they forgot about authentication (preventing MITM)
Point 7 will probably be implemented in a very tinkerer-hostile way.

The labelling proposition later on is also nice.