[I-D] New: draft-vidiniotis-crp-headers-00 — HTTP Header Fields for AI Context Safety and Governance
Constantinos Vidiniotis <contact@crprotocol.io> Thu, 28 May 2026 22:07 UTC
Received: by mail2.ietf.org (Postfix) id 0999BF6FD75C; Thu, 28 May 2026 15:07:13 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 05D68F6FD75B for <ietfarch-httpbisa-archive-bis2Juki@mail2.ietf.org>; Thu, 28 May 2026 15:07:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780006033; bh=HKCs+G7f/nAZ6K/wf4sCKkvtOOW6AENaRAj7Cu6l+20=; h=Resent-From:Resent-Date:From:Date:To:Subject:Resent-Sender: List-Id:List-Help:List-Post:List-Unsubscribe; b=M+qoADNIUZvBvyI9PZbXeZlr6zQqlDrrvgNb/K4NKR/Kvp8eAS6j+SV5uvHME2+qC ZoQQmi+IcudSlqUdVbfKlql8vj+iGk11dhhf++HXIfUwbrtCZNar22NrIy1Gt3VpcU 4yH5wzDB0+0fpP04DGttyW67S64SOPejCcOP17HM=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -5.299
X-Spam-Level:
X-Spam-Status: No, score=-5.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="EZsHZmMP"; dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=w3.org header.b="UeYJ2nnx"; dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=w3.org header.b="oeRspnHg"; dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=w3.org header.b="m93v5cuN"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VfBzKLrKZpVb for <ietfarch-httpbisa-archive-bis2Juki@mail2.ietf.org>; Thu, 28 May 2026 15:07:12 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CDF1FF6FD5E7 for <httpbisa-archive-bis2Juki@ietf.org>; Thu, 28 May 2026 15:05:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:To:Message-ID:Date:From:MIME-Version:Cc:Reply-To :In-Reply-To:References; bh=CmNDlNicbEylrJRv75Z7VyxkMFv4VZtZvUCCe9r0HYI=; b=E ZsHZmMPZfR0tWPnnypTHxJtMkqOx/2QKozsswlYNavfZGg3naBcdv0amN4ymgNBRuY/4CZLyt0NkF AhYtDXaCFZZWAxGgm35ByIXxTMCOi2QI06s2r6QYG+RhCCWq+WoQ8mDkfsuq93dC7HHYhsJ7lknNz sz3QVnuCft/jBAhsmUmvo4x7fGx1gHVoxw2FT62o6stg4PN7mNngWEZDVXu20apJrmouoIH1SneiD HZTKAHoXsE7aTcXY4/pLphyntfKJRstk6VkOQMrfZ0pd876XuWobKBGg0RJUT/IkU8UiASE8TRDST 9vj1nQmh/k+Z3QVv2DaPDFz/HhjmLQFpg==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1wSiq1-00FI1u-1r for ietf-http-wg-dist@listhub.w3.org; Thu, 28 May 2026 22:04:25 +0000
Resent-Message-Id: <E1wSiq1-00FI1u-1r@mab.w3.org>
Received: from www-data by mab.w3.org with local (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1wSipz-00FI0x-07 for ietf-http-wg@listhub.w3.internal; Thu, 28 May 2026 22:04:23 +0000
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1wSckj-00EYnw-0R for ietf-http-wg@listhub.w3.internal; Thu, 28 May 2026 15:34:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:To:Message-ID:Date:From:MIME-Version:Cc:Reply-To :In-Reply-To:References; bh=UPx+fRFOb1MZ5v58SMmuRgreEIkgkSZZxfW2XOtSUpQ=; t=1779982473; x=1780846473; b=UeYJ2nnxm1ry5Qh2RUYdziE8MURIviEI3StV8s7F3YOpO5u NV+4yIIMsBnp4VJ6oLmkNRDWuIfHyJOjN22upqEKpd//LKPhj11qxvf/hgJcHcCqzfxHGdy+k2KXF mkrhfUZYAwQj1qZkoNXReTQ0aV6YpLGBT8qB9zhgzojzplNGe7Ur0FpP06ATEp65s4xOUeAEvsBht mbtrvbPrrKleWueukd22teCi1rFSiXl1Dn5S1zfvfGpdbf4THhgzXHRSjwuSfyqDHgJdgHi9oiVJJ XmeIN5QdQjmOQRZ5cvzfEPKcs0xULby8GIJXjdaVi3PpSH6cXdaC9GazVCSkCmUA==;
Received: from mab.w3.org ([2600:1f18:7d7a:2700:d091:4b25:8566:8113]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1wSckj-003axf-0A for ietf-http-wg@w3.org; Thu, 28 May 2026 15:34:33 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:To:Message-ID:Date:From:MIME-Version:Cc:Reply-To :In-Reply-To:References; bh=UPx+fRFOb1MZ5v58SMmuRgreEIkgkSZZxfW2XOtSUpQ=; b=o eRspnHgaYG19zeFzNP7DuApgwn4jme6AIGzlukOcwME9iklGKFl/V3ItPLcZhVIDDcknHNriouf8S kheUSyz0E+N1EQfMilctJJs9BejUb0qtXonVrK1lN68kyTM/2qT8pxaWut6sYsWy1maBFiTLYu3lm AbfUxOBa5Fi3aX6n3sdUrDv2YJ8UIUIqFZsmxsB/xxGdibgHD7rg8q+RpLs4hQoUrz1TQsDUcZeRS TkYGqXDjHYbfQa6Ob0HPfooIU4tIFcxSNsDvL9aag222GXzMnbHw/h2YmgZvqJmosJ7X94Dgr5YzY fo9cVyOW4m6P1ywMt6/Q8JM/DNu/BsD3w==;
Received: from www-data by mab.w3.org with local (Exim 4.96) (envelope-from <sysbot+mod@w3.org>) id 1wScki-00EYnn-38 for ietf-http-wg@w3.org; Thu, 28 May 2026 15:34:32 +0000
Resent-From: List moderator <sysbot+mod@w3.org>
Resent-Date: Thu, 28 May 2026 15:34:32 +0000
Received: from ip-10-0-0-224.ec2.internal ([10.0.0.224] helo=puck.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <kvidiniotis99@gmail.com>) id 1wSVAW-00DVSO-0d for ietf-http-wg@listhub.w3.internal; Thu, 28 May 2026 07:28:40 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:To:Subject:Message-ID:Date:From:MIME-Version:Cc:Reply-To :In-Reply-To:References; bh=UPx+fRFOb1MZ5v58SMmuRgreEIkgkSZZxfW2XOtSUpQ=; t=1779953320; x=1780817320; b=m93v5cuNDRrsseLCIYZgYgdZ4m0tfjgkTjhZP3MYqgu0MhR arWp+uDBvGUpmzg1y3oEmt7xrcYBnmgpszW4cBDbXDE0Hiw7zUfgdBwRcFtCLGfcSSh4Q0INap8wO 72c6Us1MBr51TlfKMGy29gPT0SoD0246MjzwbMsfHwCSQz4j8O/GG/pKLP0lNKuSfXofL8gUCf8tB rp8YDlg556dKrp/ytVAGs7P38v3toHmEQKlH5k8XAOPCV7FsJE/p+9mq4jG1zZtXHMmHl0XqJmbsk CyMY2Q7qKx1NxIyP8Skalwezmm60tfF9pzVBjjTbSR3x4z4to+Uk/5Ul8JmShHrA==;
Received-SPF: pass (puck.w3.org: domain of gmail.com designates 209.85.222.169 as permitted sender) client-ip=209.85.222.169; envelope-from=kvidiniotis99@gmail.com; helo=mail-qk1-f169.google.com;
Received: from mail-qk1-f169.google.com ([209.85.222.169]) by puck.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <kvidiniotis99@gmail.com>) id 1wSVAV-003T80-1D for ietf-http-wg@w3.org; Thu, 28 May 2026 07:28:40 +0000
Received: by mail-qk1-f169.google.com with SMTP id af79cd13be357-911796e9885so1088803585a.0 for <ietf-http-wg@w3.org>; Thu, 28 May 2026 00:28:39 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779953316; x=1780558116; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UPx+fRFOb1MZ5v58SMmuRgreEIkgkSZZxfW2XOtSUpQ=; b=cXQ9goAnMoowNYGFESZwwNUZYxMrIcKFUu9HPEQONTTMNoOjmHOjzQVkjqeFyUitmf apaqJGHfL1P0Dh5bl0FGeEUZ4ENuEnzD793Xu2z2TExflOPgkqYxUs154ckCVej3StuX OZaE8SQ3wL1OsyvxYJ3X/htUG81DM/QNgdyKKrxWR/snkX1PUmQyBn3OaPE5lwCfU51l hX/HG0k5CJL+B3ZuPfKKy+RjCt3WVNVVJconhLhdcz9AA8qUmgUbdBfx5NPnlgEnNVtw N3GU8Xz7A2Nu+a2Hu1LuC0PQ2GnU8Q9jtaySydvpHIJOjtYbis7fxcjauSe1O42VESuM fUgg==
X-Gm-Message-State: AOJu0YyR28o6zQMePFOfgWLFdpzPN3sWI+OOOQQuooGnxlpUCH9W/RVh MTohMazpRDFx2BRazNPEBDa2VBkaXzPzKbbpvEn7NQGKh1nExoCIRWDmCkxMKWe+
X-Gm-Gg: Acq92OGHG/XRqdPP8k5GmJuMkaDPSU8pKiQNr9BNENdUUebfpuwM1f5H2x0Mjqwdwyz Gw2EzDIJkRzVHswGYd4EBaIUeB6gBfSqQqJaqAIj9etlJT1VikN7xFDKPp3DNOk+WAhLdXfGj9T t+QE0WycqqZy8OOb1mw2Z4wd7D9KR8CzkFs9CoS6E2C43eAXSifnPyoaST9X5Vbfcy3fpKJVQ69 nsEeH6P5aMlQFUi88vPGqJFPDOwQ2xZIRrYp+AImgHbaR/UAoyRIBikpdLffcMbe/qoBA98fB3t ckoAgdqvS/9iy62V2lL7Ip0WBV3imwLAr/PDcEGBueBGMmuNbsseH0XLQil8IpACRtpo25jYtQf zDg9lZSOeU6FYl6OhLRPPOvInremrxkIf5xe7K0BwhpIieeTAh1y18sZ7UbAVRQP1ECokjMHah9 rgPyFHZoNli4ouZNiYnMEd6Mi0uhUJpLg1ES4Uq7D1hV3sEGBuKvl0qnz08bwZgym9EjTzi/aae uQbLPjkvI6fwdu6c5JUh5SdP9rrGCA9VL7f
X-Received: by 2002:a05:620a:45a4:b0:914:c130:2599 with SMTP id af79cd13be357-91521477ce2mr39202885a.19.1779953315732; Thu, 28 May 2026 00:28:35 -0700 (PDT)
Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com. [209.85.222.175]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8ccb377fc60sm74930466d6.17.2026.05.28.00.28.35 for <ietf-http-wg@w3.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 May 2026 00:28:35 -0700 (PDT)
Received: by mail-qk1-f175.google.com with SMTP id af79cd13be357-914bfa75911so657111085a.1 for <ietf-http-wg@w3.org>; Thu, 28 May 2026 00:28:35 -0700 (PDT)
X-Received: by 2002:a05:620a:4412:b0:8ef:6b87:5c52 with SMTP id af79cd13be357-91521763637mr39317285a.38.1779953315283; Thu, 28 May 2026 00:28:35 -0700 (PDT)
MIME-Version: 1.0
From: Constantinos Vidiniotis <contact@crprotocol.io>
Date: Thu, 28 May 2026 17:28:27 +1000
X-Gmail-Original-Message-ID: <CAJ=zZfMRVoYL==GJcKQCbmLfn0rzndm7MRNG0S9kbNK=Vbxqew@mail.gmail.com>
X-Gm-Features: AVHnY4JM3WrZO2Y0uZYIfQ9YtzksmQtyXEJvWZZ7LUzS5bV179elbcC-fNrC8U8
Message-ID: <CAJ=zZfMRVoYL==GJcKQCbmLfn0rzndm7MRNG0S9kbNK=Vbxqew@mail.gmail.com>
To: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="0000000000001307a30652dbada2"
X-W3C-Hub-Spam-Status: No, score=0.5
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DMARC_NONE=0.898, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_NW=1
X-W3C-Scan-Sig: puck.w3.org 1wSVAV-003T80-1D 59bf43baf2c5bd77ca0701ee0e45486c
X-caa-id: 1ce449bb74
X-caa-id: 10881216d4
X-Original-To: ietf-http-wg@w3.org
Subject: [I-D] New: draft-vidiniotis-crp-headers-00 — HTTP Header Fields for AI Context Safety and Governance
Archived-At: <https://www.w3.org/mid/CAJ=zZfMRVoYL==GJcKQCbmLfn0rzndm7MRNG0S9kbNK=Vbxqew@mail.gmail.com>
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/53868
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi all, I have submitted an Internet-Draft proposing a vocabulary of HTTP header fields for AI context governance, safety signalling, and compliance evidence on AI inference request/response cycles. *Draft*: https://datatracker.ietf.org/doc/draft-vidiniotis-crp-headers/ *Repository*: https://github.com/AutoCyber-AI/crprotocol-specs *Website*: https://crprotocol.io/spec/ *Motivation* AI inference calls (requests to large language models) currently carry no standardised metadata about the quality, safety, or governance status of their responses. Every operator instruments this separately, producing non-interoperable signals. This draft applies the HTTP header pattern - the same pattern that gave us Cache-Control, ETag, and Content-Security-Policy - to AI request/response cycles. The draft defines six header namespaces: CRP-Context-* envelope state, quality tier, ETag for conditional dispatch CRP-Safety-* hallucination risk, attribution, fidelity, oversight mode CRP-Provenance-* HMAC chain integrity, audit trail URI CRP-Compliance-* EU AI Act class, NIST tier, GDPR PII flag CRP-Agent-* agentic dispatch state, safety budget across agent chains CRP-Memory-* context cache layer signals A separate draft (draft-vidiniotis-crp-safety-policy-00) defines a declarative directive language for these headers, inspired by CSP. *What this is NOT* This is not a new inference protocol. The headers ride on existing HTTP requests to existing LLM providers (OpenAI, Anthropic, etc.). The draft explicitly mandates that CRP headers MUST be stripped before forwarding to providers - the model remains ignorant of the protocol layer. This is not a replacement for MCP or A2A. Both are based on JSON-RPC over HTTP. The CRP headers govern the AI calls made by MCP tools and propagate across A2A hops. CRP sits at a different layer. *What I'm asking* I'd appreciate feedback on: 1. Header naming and namespace structure 2. The interaction model between CRP-Safety-Policy and Content-Security-Policy (which inspired it) 3. Whether IANA provisional registration of the priority 10 headers (listed in §16.1 of the draft) is the right starting point 4. Whether this work should pursue a new WG, individual submission, or seek adoption by an existing WG Two independent implementations are in development to meet Proposed Standard interoperability requirements. Thank you for reading. Comments and critique welcome, both on-list and to the issue tracker on the GitHub repository. Best, Constantinos Vidiniotis AutoCyber AI Pty Ltd contact@crprotocol.io
- [I-D] New: draft-vidiniotis-crp-headers-00 — HTTP… Constantinos Vidiniotis