IETF Logo Mail Archive

[ai-control] Re: VDAC proposal: Addressing the "What if the AI agent lies?" enforcement gap

Blue Dog <king347608@gmail.com> Sun, 24 May 2026 04:12 UTC

Return-Path: <king347608@gmail.com>
X-Original-To: ai-control@mail2.ietf.org
Delivered-To: ai-control@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CE151F4062B7 for <ai-control@mail2.ietf.org>; Sat, 23 May 2026 21:12:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1779595927; bh=E4QRSQ75dBeKwgI2+NcWlosumZIFE24dj2kWkImW3fM=; h=References:In-Reply-To:From:Date:Subject:To; b=DrZbYszUN6e5JvRWdVa3Em2uNFT8BlYOnHpTZrnoTzbJKcVn88Cd1IOl6T7tFheIE U2w3xbX5FeOCY5LAqbf2xstDS63cH0XR1rpAbjQfxPkVFQ//MxFJ1/JslTdkjdyLkN REb+UIhCfoBaRhftqcovtpoZHfakPb8bmjK4F8yk=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.848
X-Spam-Level:
X-Spam-Status: No, score=-1.848 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yD8HWDtbEjHr for <ai-control@mail2.ietf.org>; Sat, 23 May 2026 21:12:07 -0700 (PDT)
Received: from mail-qt1-x831.google.com (mail-qt1-x831.google.com [IPv6:2607:f8b0:4864:20::831]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5E6CAF4061A8 for <ai-control@ietf.org>; Sat, 23 May 2026 21:12:02 -0700 (PDT)
Received: by mail-qt1-x831.google.com with SMTP id d75a77b69052e-50e97863425so93461521cf.0 for <ai-control@ietf.org>; Sat, 23 May 2026 21:12:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1779595916; cv=none; d=google.com; s=arc-20240605; b=aJ1D0EDm9n7zlm0ej39Snflmp6u37yQjdLoTdsXtgBK+RkVlBXqLzM9pvY72PFQQD+ JsOPzteOxOeVb/wT1KqPn0f4HeP97xkZgOwrLaeiSiNx7JqMXACEA8DAAFW147jz6Wbt nQ0sq9RqMrfZmkFdrIghmAqq9ceXGW5yJLY3TweUm1nc7El5hT4HgVyfXolM3PGmfWZa PRpYMQw/40WUu0bg95qclLjBxdAuxKusSq2xfdUxk48Tg5mLx94Jk8t6lzytEnoJe0No ozzVkgnVpFjCfdSUhUzNRLVS4bx7r+Hi0n5sCJSTMPEe+nCocOmaujqke59/iA0Bv95Y L4+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=J4GaJ8Wd+Nx3d5QqmFPfwnVKeup6iUzowm7KoN0cbNw=; fh=Lucz/LXb10E+iJZVJjb2I07ZS4Mm0JlEwviUFL/BtSM=; b=PXSwhyRgwaNbXilpZsbfuopKZZ0zFySsfSPG+u0miXkYtOeBQWHh8DJ8u8M0tvtuL4 1TqXXyoIMqUGVVRsklUVyoU/vI6X5/ZVKcaw4YLI+p7jXHgLI5SsMBbnIsiLJOballeo GtQT7jMQGyPmoQyKMxIgkACD4FiPfzsz9SgN1Hg9MYcki1ifOJkUUb/rDwApNuGzJhye g0YfY22dcPN3LfQvdKbyFecDoZdPF6uXlPTllYTiNaces9Omm51Pc7kQq8lVXOkPeDcZ UOXTA3rrk9aQ4KNXgbvRik8bddRlvjjIcDRcEy+4mE+55korPskA4mk6Im3hNxpq1rr/ qqQg==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779595916; x=1780200716; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=J4GaJ8Wd+Nx3d5QqmFPfwnVKeup6iUzowm7KoN0cbNw=; b=oGeTRCIHI4rt8LKdSPhhqnrKyzKSRo4lwrZlnWO3buw5uPXE+hnS1eiCm213kPN3q9 yot4By8AyoIFnM4L2JyHPgBTpBQjDNmtVTn4zpGw5xZmkN/YvpNLIZeZn8usx0/gi4rZ WXS4nMwg5/c8A9JI4+sNzce/1QD7hVl6NsQ10QmJ5xQg7CDvNItKCaH9ELgDK0js9jCU /Xwofb2H9sFlX0+FDUa62gFoNRgyHQi9RV35DfrqiO74Z2qTtBVgY/IPwrBTIatt7teT RYZjar+ocafTVTrf04jMD9SjP+whUBCkOE4Y53qFSBQWmX0Dz1zblDgORbF9Kg4h0R5D oIpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779595916; x=1780200716; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=J4GaJ8Wd+Nx3d5QqmFPfwnVKeup6iUzowm7KoN0cbNw=; b=SUE6EU/8puOik737mr68e1xC4i01YGXc0k53kcF4fPBC7+TxKoNnYk/S9BzC+z2/Ep HPsG8ac9BjVpy/o/Mej+JIWn7pvfpbZyhKudcGuYx0lqUyja9qnvmwT5J0G97Ikqm41S flG9gJyy/6dC+jJ1ZTM5xW1N6qsTnO5x/antcxMXCTnyrKcpYC4hZGFsRuV2Suo0yrHS bWG02jpdQ5jGN8SL2K6tWuZaMm8VJnXfM8M/pHlpz8cWjNMsjLX+dbRCD6L1PIG4B/0a 8XhvVQwGTQMAwhs1t8a2KyqG03zCjyqcdBDap834VOo+dxJqNBsicfR9om6b9CS9hp3u 3OTg==
X-Gm-Message-State: AOJu0Yzn+lKf/KN4fhHz+qK855oGBFdyEL35kVEZFFm0B6UtMnmIKi0x 93I4UEV/kb9+SkbfEcnpVpRGpjfJjXumKMnmG4EZCM1quTvt5TMbmz71ECgWjVajsbnqZqRs/bV 67godcAWHIk8CnLVGrWm8mm35zKwf4Xq9rGw5
X-Gm-Gg: Acq92OFcnXmqyTWiblYbKf238nLpP6Hx+zD0GBO6Pdlq7D7jdEfAyLVVzbKVhKYr8sU hET0x/2Ki1VtyN7HogtyQ/H+7jNzpIxG5QNeD3869WXkdvIYMKLUGqN5w5fU39q71jORXZMpha5 7hirelpskqnx292UgzrR4uRKR6Qnt1dx5lDiuSql1EaYDZ+9/aHUAb80PHdYQqUcLDkOSdRIkC9 vmKz1LrL8VFwheoXYwAiGWOcIX4bUac6piWx8FTLm9wYiHQoswUif+kxTzkVfsMXSnIsW1RKIVy o2EWGoQ8BrvYBThEArGcWYn6Iqm8RU0bIIR003Y=
X-Received: by 2002:a05:622a:11:b0:516:e569:d3ee with SMTP id d75a77b69052e-516e569d925mr46898111cf.27.1779595916304; Sat, 23 May 2026 21:11:56 -0700 (PDT)
MIME-Version: 1.0
References: <DBBPR01MB1065183FA2E99FEBBC754DDB7950C2@DBBPR01MB10651.eurprd01.prod.exchangelabs.com> <E847B501-0FBE-40CE-AE25-A228A8EFD478@mnot.net>
In-Reply-To: <E847B501-0FBE-40CE-AE25-A228A8EFD478@mnot.net>
From: Blue Dog <king347608@gmail.com>
Date: Sun, 24 May 2026 12:11:44 +0800
X-Gm-Features: AVHnY4KAyhA2xoaafBOm-v8eO5tjgShx8gM-G7kLf6KD4M3ZxD_jVEkGJCWKD2g
Message-ID: <CAK08nYZSDx=a+EpwZn65GrxAAvauyVJpcU_J9ViNyNMubEm2XA@mail.gmail.com>
To: ai-control@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006f6547065288767b"
Message-ID-Hash: 7CRYSZNNP7ZBEPKJN64GF5EMUSXXQ7AV
X-Message-ID-Hash: 7CRYSZNNP7ZBEPKJN64GF5EMUSXXQ7AV
X-MailFrom: king347608@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [ai-control] Re: VDAC proposal: Addressing the "What if the AI agent lies?" enforcement gap
List-Id: AI Control <ai-control.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ai-control/S_BJsK0Rn-tI6hOZXrdAcZRxldY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ai-control>
List-Help: <mailto:ai-control-request@ietf.org?subject=help>
List-Owner: <mailto:ai-control-owner@ietf.org>
List-Post: <mailto:ai-control@ietf.org>
List-Subscribe: <mailto:ai-control-join@ietf.org>
List-Unsubscribe: <mailto:ai-control-leave@ietf.org>

Hello Mark, Srecko,

I agree with Mark’s reading of the current charter scope. It seems
important to keep technical enforcement, crawler
authentication/authorization, and auditing outside the AIPREF deliverables
unless the WG is explicitly rechartered.

One way to make the boundary useful, while still allowing VDAC-like
mechanisms to compose with AIPREF later, may be to keep the AIPREF work
focused on mechanically consumable preference expressions:

   - stable preference vocabulary;
   - clear attachment mechanisms;
   - scope of applicability for each preference expression;
   - precedence and reconciliation when multiple expressions apply;
   - enough normalization or canonicalization guidance that another system
   can reference the same expression unambiguously.

Then an enforcement or accountability mechanism could consume AIPREF
expressions as input, but would define its own identity, acceptance,
authorization, logging, and dispute-handling semantics outside AIPREF.

I think that separation would help avoid overloading the preference
vocabulary with enforcement-specific assumptions, while still making the
output useful to later systems that want to build accountability or
contractual workflows around it.

Best regards,

Songbo Bu

On Sun, 24 May 2026 12:37:30 +1000, Mark Nottingham
mnot=40mnot.net@dmarc.ietf.org wrote:

Hello Srecko,

Our charter explicitly makes “technical enforcement of preferences” out of
scope:
https://datatracker.ietf.org/wg/aipref/charter/

That’s not to say that we might not try to tackle it after a charter
revision, however.

Cheers,

On 23 May 2026, at 11:03 pm, Srecko Jovancevic Srecko.Jovancevic@skgo.org
wrote:

Hi AIPREF Team,
I have been following the discussions around defining vocabulary and
attachment mechanisms for AI preferences. While establishing a standardized
vocabulary is a crucial first step, it inherently leaves a major open
question: What happens when an agent ignores the rules, or simply lies
about its compliance?
To address this exact enforcement and verification gap, I have published an
Internet-Draft: Verifiable Data Access Contract (VDAC).
The core philosophy of VDAC is to move from unilateral declarations (like
robots.txt or headers) to a cryptographically bound, bilateral agreement
between the Site and the Agent.
How VDAC Complements AIPREF (The “Pick and Compose” Stack)
In the latest 01 revision, VDAC has been intentionally architected as a
modular, identity-agnostic layer. It can easily ingest and wrap the
vocabulary AIPREF is developing:
The Contractual Handshake: The Site publishes its terms (potentially using
AIPREF vocabulary). The Agent must cryptographically sign an Acceptance
Document. This creates a dual-signed Contract Document before data access
begins.
Cryptographic Accountability: Subsequent HTTP requests are bound to this
contract via a unique Contract Identifier header.
Automated Enforcement & Compliance: VDAC defines a framework for mutual log
reconciliation (reconciliation manifests that protect end-user privacy) and
introduces explicit headers (VDAC-Violation, VDAC-Self-Report) to handle
automated sanctions when quotas or path restrictions are breached.
Instead of reinventing the wheel on identity, VDAC allows the architecture
to be composed seamlessly with various identification methods (whether
SAIP, VICDM, or DNS-based keys).
I believe VDAC provides the missing “teeth” to the AI regulation stack by
giving content publishers a technical, verifiable mechanism to ensure that
agreed intent is actually honored.
I would love to get the group’s feedback on how we can align VDAC with the
current AIPREF work items.
Draft link: https://datatracker.ietf.org/doc/draft-jovancevic-vdac/01/
Best regards, Srećko Jovančević

–
ai-control mailing list – ai-control@ietf.org
To unsubscribe send an email to ai-control-leave@ietf.org

–
Mark Nottingham https://www.mnot.net/

–
ai-control mailing list – ai-control@ietf.org
To unsubscribe send an email to ai-control-leave@ietf.org

v2.46.0 | Report a Bug | By Email | System Status