Bearing in mind that the crypto is likely the most sensitive part of the project and extensive documentation may speed exposing vulnerable points, understanding the full extent of peer-enforced powers versus protocol-enforced powers granted by the certificates/sibyls. Also, to what degree are private keys and re-signing are significant? A person concerned about security may want to initiate a physical barrier between key calculations and the network connected client (such as usb to carry messages or manual data-entry).
A person skeptical of the legitimate monopoly of force, might be curious of the "pre-mining" process, practicality of "side-chaining" the network, and/or cross-compatibility between networks (or conflicting ~zod). Suggesting that doubt is an option may cut into the legitimacy of Tlon, but, if the electorial system is effective and legitimacy popular, it should be a negligible assurance.
More specific questions might be: are stars able to invalidate planets? If so, is it still deterministic that they were infact once valid? What algorithms can be used to efficiently create these keys and how much arbitrary work goes into the creation of a new sibyl, since P vs NP is still something to factor into. It's reasonable the believe that the underlining key of ~zod is vulnerable since it can be reasonable that facebookcorewwwi.onion proved the feasibility of breaking sha-256 and that the most recent supposed forgery of a single Satoshi private key. This makes wondering what algorithm is being used definitely a relevant longevity concern.
UDP choice seems to be controversial, though for the uninitiated in the halls of cisco, it may require some more documentation on how the actual association engine of messages and listeners works and why it works the way it does to defend or criticize.
And, as mentioned elsewhere, there is no redundancy of work between Urbit and Juan Benet's IPFS, however there could be said to be a redundacy of work between Urbit's addressing system and Juan Benet's IPNS which provides similar level of functionality at the moment, however has vaporware roadmap promising more deeply elaborated ethical considerations about the matter. The ultimately interesting question is, could urbit implements an alternative IPNS scheme or perhaps even some twisted hybrid scheme? The ethical considerations of a hybrid potential, likely out-weigh either's merits through mere individual choice, unless we don't believe in the power of that any more.
With the entire Vulture repayment model hinging on the value of such a system, centralized control and disenfranchising such compatibility would be incentivized even when destructive, so ethically how does one justify not documenting this most contraversial aspect. And, to everyone not associated and just reading, how do you justify not asking? Legitimately this is likely a lapse in consideration, but a cynical mind could paint it as malicious and reasonably so. If we can't hold ourselves accountable, the question, these days, is: who will?
Disclaimer: primary computer has only <600 mbs of ram; unable to actually use urbit.