News · 25 June 2026
Our first IETF Internet-Draft: action evidence, hardware-rooted
When an AI agent records what it did, it is both witness and suspect — the keeper of the log is also the party the log is about. Our first IETF Internet-Draft, draft-sokolov-rats-aep-composition-00, proposes a way out: treat an agent's Action Evidence Package — a signed, append-only record of what it did, under whose authority, and with what outcome — as application-layer Evidence, and bind it to hardware platform Evidence under IETF RATS (RFC 9334). The package is conveyed via an EAT (RFC 9711) or a CMW and appraised by a Verifier such as the open-source Veraison, producing a result aligned with the AR4SI and EAR vocabularies.
This composes with, rather than competes with, hardware attestation: the silicon attests the machine; this draft attests that the agent's governance controls actually ran, anchored to a root of trust the agent cannot forge. It is an individual submission — not a working-group document, and not adopted by the RATS WG. The feasibility check runs against an emulated software TPM (swtpm); it demonstrates the mechanics, not a hardware security guarantee.
A practitioner-facing companion is under review at IEEE Internet Computing. Preprint: Zenodo 10.5281/zenodo.20818672. Feedback from the RATS and Veraison communities is warmly invited.