Perhaps could you please tell me how you wish for me to break down your enumeration of possibilities? To me it reads mostly as a general proposal for provenance assertions like you mentioned above:
And if I’m reading the sizing of the letters in your post properly the headers seem to indicate that as well:
# Explicit provenance assertions
## Using email addresses
## Using repository user and/or organisation names
## Using domain names
## Using HTTPS URLs
# Implicit provenance constraints
## Trust on first use
## Sharing trusted provenance lists
## Defining a default verified publisher list
# Namespace prefix provenance contraints with open namespace grants
# Project registration prevention with restricted namespace grants
If my response to the proposal does not indicate that understanding then I will have to think about how to make it more clear that it’s a response to a broad category-level proposal.