New Draft: draft-dhir-http-agent-profile — HTTP Agent Profile (HAP)
Sanatkumar Dhir <sd3824@columbia.edu> Wed, 26 November 2025 06:47 UTC
Received: by mail2.ietf.org (Postfix) id F35CB90D957A; Tue, 25 Nov 2025 22:47:05 -0800 (PST)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id F1EE590D9578 for <ietfarch-httpbisa-archive-bis2Juki@mail2.ietf.org>; Tue, 25 Nov 2025 22:47:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -5.383
X-Spam-Level:
X-Spam-Status: No, score=-5.383 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.017, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="NYtODsJT"; dkim=pass (2048-bit key) header.d=w3.org header.b="bAgJ5q5g"; dkim=pass (2048-bit key) header.d=w3.org header.b="NYtODsJT"; dkim=pass (2048-bit key) header.d=w3.org header.b="pru3xh4l"; dkim=pass (2048-bit key) header.d=columbia.edu header.b="gKbPXeTE"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KwgAkGfpwRPE for <ietfarch-httpbisa-archive-bis2Juki@mail2.ietf.org>; Tue, 25 Nov 2025 22:47:03 -0800 (PST)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B96AC90D92C5 for <httpbisa-archive-bis2Juki@ietf.org>; Tue, 25 Nov 2025 22:46:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:MIME-Version:Reply-To :In-Reply-To:References; bh=qo6gW8kC0c+JF/hFtw20B/pmxCu1sHy9Zrmz3yD06ng=; b=N YtODsJT9CKCZkGzJkvCnMqC97oKio2Xm+JaA/issVIZ7/J899ysajpz4NTHksIQ+j9GVT0SpYec7i Uvx++C0hhNE7tBqBZd6WoLFW7GQI0LcWMoJ266i0nLYBIgAAAYawMATqF9wgFVfKnTt1DS73jU/bQ 8EoqicKmvjJ1uW3lkuIpBHkRMYL0Y7/kuTu0O2G99tf22O0NR1AYHvOU+om9n+Rg8BeLmkba/Fket Ni5Lv1ESCWDjo/1iLVsjw55/9KrAOTcJ3kM426XvbLssSt4aUNoWeasssZIrmzazrAHI55M9bBZWD vQwXGH/ERjNa3QU6gwTYZIXBVfk3cgj2w==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1vO9HO-001fpx-09 for ietf-http-wg-dist@listhub.w3.org; Wed, 26 Nov 2025 06:45:30 +0000
Resent-Message-Id: <E1vO9HO-001fpx-09@mab.w3.org>
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1vO9Gw-001fg5-0s for ietf-http-wg@listhub.w3.internal; Wed, 26 Nov 2025 06:45:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:MIME-Version:Reply-To :In-Reply-To:References; bh=qo6gW8kC0c+JF/hFtw20B/pmxCu1sHy9Zrmz3yD06ng=; t=1764139502; x=1765003502; b=bAgJ5q5g678rZoosPFmidLI1JBXT+KDwHEK5nw+DABVAu+W iMk4nVBIxGxc/A7hNRT116xafm8t45ez0uToYrkkkU5Nt5SC+NgZ5ZkPZyqzQiFy+8WygWGRbMqwa oVDP9PDEnTnTH4RY+kfAsUvxGkoj0N1rLBqcjeKG16plW2DAHsAAh4jpuYnmYcUu2d2PNyJwh6fPM WyANdVBbTLGzO62lKiD45Y1R90Vq80iJ6tt90h9eCdS6PfVPY7OcqalQ5bChR5dl8m9APSIZeAXaA Lu7Tkf4zjQuAMsjb+dSUtImO/Lqwxs1QYQsfXnMz2sikeV76xeSlLxqVogprmrbg==;
Received: from mab.w3.org ([2600:1f18:7d7a:2700:d091:4b25:8566:8113]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1vO9Gw-001ykN-0F for ietf-http-wg@w3.org; Wed, 26 Nov 2025 06:45:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:MIME-Version:Reply-To :In-Reply-To:References; bh=qo6gW8kC0c+JF/hFtw20B/pmxCu1sHy9Zrmz3yD06ng=; b=N YtODsJT9CKCZkGzJkvCnMqC97oKio2Xm+JaA/issVIZ7/J899ysajpz4NTHksIQ+j9GVT0SpYec7i Uvx++C0hhNE7tBqBZd6WoLFW7GQI0LcWMoJ266i0nLYBIgAAAYawMATqF9wgFVfKnTt1DS73jU/bQ 8EoqicKmvjJ1uW3lkuIpBHkRMYL0Y7/kuTu0O2G99tf22O0NR1AYHvOU+om9n+Rg8BeLmkba/Fket Ni5Lv1ESCWDjo/1iLVsjw55/9KrAOTcJ3kM426XvbLssSt4aUNoWeasssZIrmzazrAHI55M9bBZWD vQwXGH/ERjNa3QU6gwTYZIXBVfk3cgj2w==;
Received: from www-data by mab.w3.org with local (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1vO9Gv-001ffd-2m for ietf-http-wg@w3.org; Wed, 26 Nov 2025 06:45:01 +0000
Resent-From: List moderator <sysbot+mod@w3.org>
Resent-Date: Wed, 26 Nov 2025 06:45:01 +0000
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <sd3824@columbia.edu>) id 1vNiPI-00G7eg-1J for ietf-http-wg@listhub.w3.internal; Tue, 25 Nov 2025 02:03:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:MIME-Version:Reply-To :In-Reply-To:References; bh=qo6gW8kC0c+JF/hFtw20B/pmxCu1sHy9Zrmz3yD06ng=; t=1764036232; x=1764900232; b=pru3xh4lireQ5/5KOyXejNIKiAxCfwQXh50IGbdZQetRiB3 X0XjAjWFFeaPDINr/JVKr2yyHu3c6FODlBObmIw8RbgaSth6KGoJ0MlHZItB6syUAAYWWy3WmGrIn tqly0ep1Va51lNmSEuC0Nh7o1/RY6KdvqK8E1PQqTdowjU8/1YEIN6LTy23I5goryH4UeL2tXvL0q uoWnaFD18S1gML2YZiipXc8XSvEdOw3H7lLG2GW7d3RUi5XjtItP3FoHa15pqz3b+hAm6cIvTLI9R rI06BMPEvClPb+5M6qsMxhqEZijQ5qI6womp/QB31KgwO5R/T8T9MjV75vXzqMHg==;
Received-SPF: pass (puck.w3.org: domain of columbia.edu designates 148.163.139.74 as permitted sender) client-ip=148.163.139.74; envelope-from=sd3824@columbia.edu; helo=mx0b-00364e01.pphosted.com;
Received: from mx0b-00364e01.pphosted.com ([148.163.139.74]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <sd3824@columbia.edu>) id 1vNiPH-001dil-1x for ietf-http-wg@w3.org; Tue, 25 Nov 2025 02:03:52 +0000
Received: from pps.filterd (m0167073.ppops.net [127.0.0.1]) by mx0b-00364e01.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5AP20QYR2238976 for <ietf-http-wg@w3.org>; Mon, 24 Nov 2025 21:03:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=columbia.edu; h= cc:content-type:date:from:message-id:mime-version:subject:to; s= pps01; bh=qo6gW8kC0c+JF/hFtw20B/pmxCu1sHy9Zrmz3yD06ng=; b=gKbPXe TEQo537qdhaLWwZvlqJ95bpVneL3pPGXY7NUz/SO87lJ+HADMCTcyk4rFgoCVrOS kXvkUui88Jqi2w7DA96n/9P6qgvMuzpqusuMmOpOg/zzHhkq2EyvcjOFmjwbP5cb wvqHm/aCz3h5oMllG/NoZA6yEt+CgWFOTVVpP26E0sya/d0fHULKhUkEoNxLcSw9 cWGxnpfDqilndPmTUANSTXvSGRhOV3CRFMxU+d9LMZ5JZ7wFAOQl4nnYsXSo0wl2 rXvEdhxBh3+8PnHQuK2SQjW23+krnADx+E/ZpMQYJPH0FbpsQIBVaEjk5bggUcYR UfY7tAn6LoF8QJSQ==
Received: from mail-oo1-f71.google.com (mail-oo1-f71.google.com [209.85.161.71]) by mx0b-00364e01.pphosted.com (PPS) with ESMTPS id 4amvw2tudx-1 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NOT) for <ietf-http-wg@w3.org>; Mon, 24 Nov 2025 21:03:47 -0500 (EST)
Received: by mail-oo1-f71.google.com with SMTP id 006d021491bc7-656cc4098f3so6193719eaf.2 for <ietf-http-wg@w3.org>; Mon, 24 Nov 2025 18:03:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764036227; x=1764641027; h=cc:to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qo6gW8kC0c+JF/hFtw20B/pmxCu1sHy9Zrmz3yD06ng=; b=tlXi55OxXV69UITURgHMGSbfkaI5alPAqrD5CXh/1a5YUs6V5YLG0HCTebxrjRdp5e ycEivMzIVyNpJYMzdjhCQQR0xOJMYrer6a+7iAW0Qluy9Is0WuDuIzxuD6cp1zJ7/ovA Lk1GQ0Adydr7mU5Kb+Lrf6CdzXospqZP+Vbx+kjqe46NEZxj1i018iVvLw4iLHLqdiOV rHNMaZwJOZFIip2jrHW6csLQMlXBV47rmnmyR4/juJ9PTYH6pD68bIDMIRw4zcgQIE8M 6jRwB6x+gQqWFiHTCmzM6XrYgczR3xu/FXrrHmxv6rbE+jL/8ORgWwPx1E4eKcoqDNeU u/jw==
X-Gm-Message-State: AOJu0Yzl9uyAlkPLE+A8ai5KH53XdBSW0STJMBIevGdhKhmh15axxcQz 7D0WSm7a6dGmLD1Y4ZaezQ9ZfvGGdfHBnIkxpGdXFHV7KcIennJTPlOMlx09xrAZT8C1HttgijL aitseQRPf6Vs0yQygTa2lBrBAi7ciyJ0sNHp7/YznMhGhIP6dJmqfrjEc+Qi4J4umqa/k/lYOqF UHGA5SeQYh/cbc2Aurn5COX5vFvJap26OePRg=
X-Gm-Gg: ASbGnctrCMkqzounqLt6vw8o5ApF0osSfJg9E0vm1Zf7B82hKX31B7yNKgMadbXrUfs fdXvaLW6p1YV2KunWm4/kkCL8NPTODuajosPiJHUgPVC7c/sLwPI9WqYTbKkQ9Kt8VdKwsBmMTU xcI8NfAwZzRxK9SE/oAm+QmEQFTJv+66x42A1Uabve2iJ7arkpmRT31YXNoJ2HM/EKQC5hiQz84 U9YtxWa72lpyL9C3vBFcP9XykE=
X-Received: by 2002:a05:6808:1a22:b0:43f:63cc:aefa with SMTP id 5614622812f47-45112baa050mr5036979b6e.48.1764036226643; Mon, 24 Nov 2025 18:03:46 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHynUCE3BGdZxWt35S/UCJ7ss67wl4fj5oV2V7b/3EnPe+FiXslyiKqNmQRuey6u2+Nfbm26cuKKcHbj6NF6Zo=
X-Received: by 2002:a05:6808:1a22:b0:43f:63cc:aefa with SMTP id 5614622812f47-45112baa050mr5036969b6e.48.1764036226234; Mon, 24 Nov 2025 18:03:46 -0800 (PST)
MIME-Version: 1.0
From: Sanatkumar Dhir <sd3824@columbia.edu>
Date: Mon, 24 Nov 2025 21:03:34 -0500
X-Gm-Features: AWmQ_bmbg6_5mdbhhUcxBk-Mcm---1Np3sNzWwTD7f4rNwWvWX6OujDg9iF_udM
Message-ID: <CAJEErCK6OmwBBzVHgvdnEzSFrFD=cXZOhgLfAJk0VW2v+hiSYA@mail.gmail.com>
To: ietf-http-wg@w3.org
Cc: My Residence <skdhir@gmail.com>
Content-Type: multipart/alternative; boundary="000000000000a2cb70064461b022"
X-Authority-Analysis: v=2.4 cv=X4pf6WTe c=1 sm=1 tr=0 ts=69250e83 cx=c_pps a=V4L7fE8DliODT/OoDI2WOg==:117 a=6UeiqGixMTsA:10 a=5KLPUuaC_9wA:10 a=x7bEGLp0ZPQA:10 a=VkNPw1HP01LnGYTKEx00:22 a=48vgC7mUAAAA:8 a=vNS6eTKsEQnQLm9r-VsA:9 a=QEXdDO2ut3YA:10 a=1pbc8f1237w3jXlFRmwA:9 a=wE7f9ZrHn0_ZpBBp:21 a=lqcHg5cX4UMA:10 a=WZGXeFmKUf7gPmL3hEjn:22
X-Proofpoint-GUID: -VYqidYxuGLJCKVYE0rG6fE7CJmRIXCn
X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTI1MDAxNiBTYWx0ZWRfX4KMQbRtW6Rap jiNB5mpCLM9ttN+BamsmbGEJsi58diFl97u3FM1kOkXCUz3rH7SGh8CENkyATw77k6RT1Fz/ixN OIYHovUxbFOXcLZ+AkGB6NSAUs8X/mX1EBTg9HzxLMymMe+omx5AvVeR/gfvsAuS5OrAytwg8Kf 5NJ32y81NuXuYlUYy+LaRZtnG16fr1iSplL2NJ2ZYyovyLQI5c90re4hl6HaBAhrBA7qW2o6ELl q1uAIofMlHQxyWt88fAWsZ3BS0HjXCDyrwfQS/dXl9JPtPN13iHS4W2ZjNEqrmmWSwW2Q0AuBCF Gk/sjL74QDSXRzbkw3oGmwCafgJZ1XkNrhALWEzL4Ef4zyjxxxKYF0+K+HwK7eg7722koRZ2DXw 2fLG+LLX16s4ZFYFRsLV5xTyonqKKQ==
X-Proofpoint-ORIG-GUID: -VYqidYxuGLJCKVYE0rG6fE7CJmRIXCn
X-Proofpoint-Virus-Version: vendor=nai engine=6800 definitions=11623 signatures=596818
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 bulkscore=10 impostorscore=10 suspectscore=0 clxscore=1015 malwarescore=0 phishscore=0 lowpriorityscore=10 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2510240001 definitions=main-2511250016
X-W3C-Hub-DKIM-Status: validation passed: (address=sd3824@columbia.edu domain=columbia.edu), signature is good
X-W3C-Hub-Spam-Status: No, score=-1.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_NW=1
X-W3C-Scan-Sig: puck.w3.org 1vNiPH-001dil-1x 35aa2671cfbe0dd81796ce5885129945
X-caa-id: 21e50ded12
X-Original-To: ietf-http-wg@w3.org
Subject: New Draft: draft-dhir-http-agent-profile — HTTP Agent Profile (HAP)
Archived-At: <https://www.w3.org/mid/CAJEErCK6OmwBBzVHgvdnEzSFrFD=cXZOhgLfAJk0VW2v+hiSYA@mail.gmail.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/53573
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hello HTTPWG, I'd like to announce a new individual Internet-Draft: *“HTTP Agent Profile (HAP): Authenticated and Monetized Agent Traffic on the Web”* Datatracker: https://datatracker.ietf.org/doc/draft-dhir-http-agent-profile/ TXT: https://www.ietf.org/archive/id/draft-dhir-http-agent-profile-00.txt The draft explores an increasingly relevant problem: Autonomous agents (LLM-powered crawlers, assistants, bots) now consume a significant portion of web traffic, yet HTTP lacks a standard way to authenticate agents, distinguish them from humans, or express economic requirements for large-scale agent access. HAP proposes an HTTP-compatible profile that: - Uses *HTTP Message Signatures (RFC 9421)* for verifiable agent identity - Uses *Privacy Pass (RFC 9578)* to distinguish human vs agent traffic - Defines use of *HTTP 402* as a machine-readable payment/economic challenge mechanism The goal is to start a structured discussion about whether and how HTTP should evolve to support authenticated, accountable, and economically aligned agent traffic. Feedback of any kind is very welcome. Best regards, Sanat Dhir. sdhir26@gsb.columbia.edu
- New Draft: draft-dhir-http-agent-profile — HTTP A… Sanatkumar Dhir