New Draft: draft-dhir-http-agent-profile – HTTP Agent Profile (HAP) from Sanatkumar Dhir on 2025-11-24 (ietf-http-wg@w3.org from October to December 2025)

From: Sanatkumar Dhir <sd3824@columbia.edu>
Date: Mon, 24 Nov 2025 15:39:30 -0500
To: ietf-http-wg@w3.org
Cc: "Dhir, Sanatkumar" <SDhir26@gsb.columbia.edu>, My Residence <skdhir@gmail.com>
Message-ID: <CAJEErCJu_yCgYAkX11ZWQQ+6V0UYu0rd-2c+vsCRgJ8fUxpWMA@mail.gmail.com>

Dear HTTP Working Group,

I would like to announce a new individual Internet-Draft titled:

*“HTTP Agent Profile (HAP): Authenticated and Monetized Agent Traffic on
the Web”*
*draft-dhir-http-agent-profile-00*

Link to Datatracker:
https://datatracker.ietf.org/doc/draft-dhir-http-agent-profile/

The draft proposes an *HTTP-based profile* for making autonomous agent
traffic *explicit, authenticated, and optionally monetized*, using existing
mechanisms already familiar to this group—specifically:

   -

   *HTTP Message Signatures (RFC 9421)* for cryptographic agent identity
   -

   *Privacy Pass / PATs (RFC 9578)* for human-vs-agent differentiation
   -

   *HTTP 402 (“Payment Required”)* as a protocol-level challenge for
   micropayments or other economic work
   -

   Fully backwards-compatible design intended for *incremental deployment
   via CDNs, reverse proxies, and agent SDKs*

The motivation is the rapid shift in web traffic patterns: LLM-based
crawlers, browser-integrated assistants, and automated bots are already
consuming large volumes of content without ads or subscription flows, while
simultaneously being indistinguishable from browser traffic with existing
signals. Many major agents are already signing requests in practice, and
there is growing deployment interest from browser vendors, CDN providers,
and agent platforms.

*The goal of this draft* is to start a structured discussion in HTTPWG
around:

   1.

   Whether a standards-based, HTTP-native mechanism for agent identity is
   needed
   2.

   How such a mechanism should integrate with existing work (e.g., RFC
   9421, Privacy Pass tokens, ALPN hints, etc.)
   3.

   Whether the group sees value in exploring standardized uses of 402
   challenges for agent traffic
   4.

   How this profile should evolve (e.g., attestation, reputation, or
   metadata integration)

I would greatly appreciate feedback from the working group, especially
around the applicability of this work within the HTTPWG charter, technical
direction, and any prior art I may have missed.

Thank you for your time and consideration. I look forward to your comments
and discussion.

Best regards,
*Sanat Dhir*
sdhir26@gsb.columbia.edu

Received on Wednesday, 26 November 2025 06:45:02 UTC