| Internet-Draft | Identity-Attributed Commits | April 2026 |
| Morrison | Expires 13 October 2026 | [Page] |
This document defines a git commit trailer grammar for
identity-attributed contributions using the ~handle identity
primitive defined in [MCPDNS]. The grammar binds sovereign actors,
automated bots, and AI instruments to specific commits via three
tier-structured trailers (Acted-By, Executed-By, Drafted-With)
and three optional cryptographic trailers (Identity-Signature,
Identity-Key-Id, Identity-Anchor). The signature is computed
with Ed25519 over the commit's tree hash rather than its commit
hash, preserving attribution across rebase, cherry-pick, and squash
merge operations. Conformant parsers reject cross-tier category
errors (e.g., an Instrument-tier handle in an Acted-By slot) as
malformed. The mechanism is provider-neutral, depends only on DNS
[RFC1035] and the ~handle resolution algorithm of [MCPDNS], and
requires no central authority or platform-specific verification
service.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 3 October 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on October 9, 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.¶
Modern source-control workflows produce commits whose authorship is shared between human contributors, automated bots, and AI instruments operating under varying degrees of delegation. The prevailing mechanisms for attaching identity to a commit are fragmented and individually inadequate for this mixed reality:¶
Git Signed-off-by [DCO]. A legal attestation of contribution
rights under the Developer Certificate of Origin. It carries no
cryptographic identity proof, no tier distinction, and no
resolution to a verifiable key. A Signed-off-by: line is
whatever the committer types.¶
Git commit signing (git commit -S). Cryptographically
binding, but the key model is provider-locked: GPG keys uploaded
to GitHub, SSH keys uploaded to GitLab, with each platform
maintaining its own key directory. There is no DNS-resolved key
path and no canonical identity-to-key mapping.¶
Sigstore / gitsign [GITSIGN]. A keyless signing path using short-lived certificates issued from OIDC identity tokens and recorded in the Rekor transparency log. The cryptography is sound, but the identity layer is bound to the operator of the OIDC provider. Migrating between providers re-roots identity. No tier structure exists for non-sovereign signers.¶
Anthropic's Co-Authored-By: Claude convention
[ANTHROPIC-COAUTHOR]. An informal text convention for AI
attribution. It is unverifiable, ungrammatical with respect to
the underlying identity layer (the model is not a co-author in
the sovereign sense), and offers no resolution path. Any
committer can paste any string.¶
None of the above provides a provider-neutral, DNS-resolvable, tier-structured identity binding for the human/bot/AI contribution mix that has become typical of agent-augmented codebases.¶
This document defines a trailer grammar with the following goals:¶
Provider-neutral. No dependency on any specific identity provider, certificate authority, or transparency log operator.¶
DNS-resolvable. Public key material is reached via the
~handle resolution algorithm of [MCPDNS], which itself
resolves to a DNS TXT record under the handle's policy zone.¶
Tier-structured. Three distinct trailer slots correspond to three distinct identity tiers: Sovereign (humans and organisations with cryptographic agency), Bot (autonomous agents under scoped delegation), and Instrument (AI models and tool classes that lack keys). Each slot accepts only handles from its corresponding tier.¶
Cryptographically verifiable at the sovereign layer. Sovereign attribution is bound by an Ed25519 signature whose public key is reachable from DNS without prior trust establishment.¶
Category-safe against misattribution. Conformant parsers
reject cross-tier handle placement (e.g., an Instrument handle
in an Acted-By slot) as a structural grammar violation, not a
policy decision. Misattribution is detected at parse time.¶
This document specifies:¶
Multiplicity, placement, and ordering rules.¶
The Ed25519 signature algorithm over the commit's tree hash.¶
Verifier behaviour for accepting, rejecting, and surfacing attribution states.¶
Security considerations specific to the trailer mechanism.¶
This document does NOT specify:¶
The ~handle identity primitive itself. This is defined by
[MCPDNS] and incorporated here by reference.¶
The full normative tier taxonomy. This is maintained as an internal ALTER doctrine in [ALTER-DID8]. Section 3 of this document restates the taxonomy briefly so the spec is standalone-readable.¶
Sovereign key custody, derivation, and recovery. These are addressed by [ALTER-KEY-CUSTODY].¶
The IdentityLog transparency-log mechanism backing the optional
Identity-Anchor trailer. A future document will define it.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC2119 [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
A ~-prefixed identifier per [MCPDNS]. Handles are the unit
of identity addressing in this document. Resolution proceeds
by extracting the policy zone from the handle and querying the
zone's _alter underscore-prefixed TXT record.¶
A handle representing a human individual or formal organisation
with direct cryptographic agency. Holds its own private key.
Can sign. Examples: ~blake, ~truealter.com, ~anthropic.com.¶
A handle representing an autonomous agent acting under scoped
delegation from a sovereign. Holds a scoped key whose authority
is bounded by the sovereign's published delegation policy. Can
counter-sign within the delegation envelope. Examples:
~dependabot.bot, ~github.merge.bot.¶
A handle representing an AI model, API endpoint, or tool class.
Does NOT hold cryptographic keys. Cannot sign. Exists as a
DNS-resolvable descriptive label only, suitable for attaching
provenance metadata to a contribution without making any
identity claim that requires cryptographic backing. Examples:
~cc-opus-4.6, ~gpt-5-turbo, ~gemini-ultra-2.¶
The SHA-1 (or SHA-256 in git's newer object format) hash of a
git tree object, as produced by git write-tree against the
staged index, or equivalently by git cat-file -p <commit>^{tree}
on an existing commit. The tree hash is a function of the
committed content and is invariant under operations that
preserve the tree (e.g., rebase, cherry-pick, squash merge into
an empty parent).¶
The constraint that a given trailer name accepts handles only from its corresponding tier. Cross-tier placement is a grammatical error, not a policy violation.¶
A consumer of commit trailers that implements the parsing, rejection, and signature-verification rules defined in Section 7.¶
The trailer grammar in Section 4 partitions handles into three tiers. The normative reference for the tier taxonomy is the internal ALTER doctrine [ALTER-DID8]. This section restates the taxonomy briefly so this document is standalone-readable.¶
| Tier | Cryptographic Agency | Trailer Slot | Examples |
|---|---|---|---|
| Sovereign | Holds own key, signs |
Acted-By:
|
~blake, ~truealter.com, ~anthropic.com
|
| Bot | Scoped delegated key |
Executed-By:
|
~dependabot.bot, ~github.merge.bot
|
| Instrument | No key, no signature |
Drafted-With:
|
~cc-opus-4.6, ~gpt-5-turbo, ~gemini-ultra-2
|
The tier of a given handle is determined by DNS metadata published
under its _alter TXT record per [MCPDNS]. Implementations MAY
treat the tier assignments above as authoritative when they
correspond to DNS-published tiers; implementations MUST NOT promote
or demote a handle's tier without re-resolving DNS.¶
The key invariant is that Instrument-tier handles cannot make
attestational claims. An Drafted-With: trailer is informational
provenance metadata, not a verifiable identity binding.¶
The following ABNF [RFC5234] defines the syntax of each trailer. Implementations MUST accept exactly this grammar.¶
``` acted-by-trailer = "Acted-By:" SP sovereign-handle CRLF executed-by-trailer = "Executed-By:" SP bot-handle CRLF drafted-with-trailer = "Drafted-With:" SP instrument-handle CRLF identity-signature = "Identity-Signature:" SP "ed25519:" base64url-signature CRLF identity-key-id = "Identity-Key-Id:" SP did-alter-uri CRLF identity-anchor = "Identity-Anchor:" SP "identitylog://" timestamp "Z/sth/" seq "#" commit-id CRLF¶
sovereign-handle = "~" handle-label bot-handle = "~" handle-label ".bot" instrument-handle = "~" handle-label ; tier determined by DNS resolution per [MCPDNS]¶
handle-label = 163( ALPHA / DIGIT / "-" / "_" / "." ) did-alter-uri = "did:alter:" sovereign-handle "#" key-id key-id = 164( ALPHA / DIGIT / "-" / "" ) base64url-signature = 86( base64url-char ) "==" ; 64-byte Ed25519 signature, base64url-encoded base64url-char = ALPHA / DIGIT / "-" / "" timestamp = date-fullyear "-" date-month "-" date-mday "T" time-hour ":" time-minute ":" time-second seq = 1*DIGIT commit-id = 40HEXDIG / 64HEXDIG ; SHA-1 or SHA-256 commit identifier ```¶
The terminals ALPHA, DIGIT, HEXDIG, SP, and CRLF are
imported from [RFC5234].¶
The bot-handle rule requires the .bot suffix, which makes the
tier syntactically distinguishable for Bot trailers. Sovereign
and Instrument handles share the same surface syntax; their tier
distinction is enforced by DNS resolution per [MCPDNS] and by
verifier-side rejection of cross-slot placement (Section 7).¶
Trailers MUST appear in the commit message footer block per the
git trailer convention [GIT-TRAILERS]. The footer block is
separated from the commit message body by exactly one blank line.
Each trailer occupies one line of the footer block in the form
Key: Value.¶
A commit message that places trailers anywhere other than the footer block (e.g., interleaved with body paragraphs) is malformed under this specification. Conformant verifiers MUST refuse to parse trailers from outside the footer block.¶
Trailers SHOULD appear in the following canonical order:¶
Verifiers MUST accept trailers in any order, but emitters SHOULD follow the canonical order to support diff-based review. The canonical order is also the order most natural for a human reader: sovereign first, then delegate, then instruments, then proofs.¶
The following multiplicity constraints apply to a single commit:¶
Acted-By: - Exactly one trailer per signed commit. A
squash-merged commit MAY contain multiple Acted-By: trailers
aggregating the contributor handles of the squashed commits;
this is the only case in which multiple Acted-By: trailers
are permitted. Verifiers MUST treat each aggregated Acted-By:
as a separate sovereign attribution that requires its own
signature pair if cryptographic verification is desired.¶
Executed-By: - At most one trailer per commit. A commit
is executed by at most one bot in a single delegation context.¶
Drafted-With: - Zero or more trailers per commit.
Multi-instrument drafting (e.g., a commit drafted partly with
~cc-opus-4.6 and partly with ~gpt-5-turbo) is permitted and
expected. Multiple Drafted-With: trailers on a single commit
form an unordered set; order of appearance is not semantically
significant and verifiers MUST NOT attribute differential
authority to earlier-appearing entries.¶
Identity-Signature: and Identity-Key-Id: - These two
trailers MUST appear together or not at all. An
Identity-Signature: without an Identity-Key-Id: is malformed,
and vice versa. When present, they bind to the most recent
preceding Acted-By: trailer in the trailer block.¶
Identity-Anchor: - OPTIONAL in this version of the
specification. Implementations targeting Rung-3-compliant
attribution (transparency-log-anchored) MUST emit it; all
other implementations MAY omit it. Future revisions of this
document may upgrade the requirement.¶
The signature algorithm is Ed25519 [RFC8032], which uses SHA-512 internally and produces a 64-byte signature over an arbitrary input message. Implementations MUST use Ed25519 and MUST NOT use Ed25519ph or Ed25519ctx variants.¶
The signed payload is the raw byte representation of the commit's tree hash:¶
For repositories using SHA-1 git objects, the payload is the 20-byte SHA-1 tree hash.¶
For repositories using SHA-256 git objects, the payload is the 32-byte SHA-256 tree hash.¶
The tree hash is obtained by git write-tree at signing time
(operating on the staged index) or equivalently by
git cat-file -p <commit>^{tree} on an existing commit. The hash
is signed in its raw binary form, not as a hex-encoded string.¶
The decision to sign the tree hash rather than the commit hash is load-bearing for the operational viability of the scheme.¶
A commit hash is a function of the commit's tree, its parent commits, its author, its committer, its timestamps, and its message - including, recursively, any trailers in the message. Signing the commit hash directly creates a chicken-and-egg problem (the trailer would be part of the input to its own signature) and, more fundamentally, invalidates the signature on any history-rewriting operation: rebase, cherry-pick, squash merge, amend, and filter-branch all change the commit hash while preserving the tree.¶
A tree hash is a function of the committed content alone. It is stable across rebase, cherry-pick, and squash merge into an empty parent (the squash result has the same tree as the union of the input trees if no conflicts arose). Signing the tree hash preserves attribution across the full range of git workflows that modern teams depend on, at the cost of being unable to distinguish between two commits with the same tree but different histories.¶
This trade-off is acceptable: git's own merkle structure ensures content integrity, the parent chain is independently auditable through git itself, and the cases in which two distinct commits share a tree are precisely the cases in which attribution should be preserved (a clean rebase is the same content by the same author).¶
Where stronger anchoring is required, the optional
Identity-Anchor: trailer binds the signature to a specific
commit-id within a transparency log entry, recovering commit-level
identity at the cost of an external dependency.¶
The signature is encoded for placement in the trailer as:¶
ed25519:<base64url-signature>
¶
The base64url encoding follows [RFC4648] Section 5 (URL- and
filename-safe alphabet) without line breaks. A 64-byte Ed25519
signature encodes to 86 base64url characters plus two = padding
characters, for a total of 88 characters in the trailer value
following the ed25519: prefix.¶
Sovereign keys are derived out-of-band; their public components
are published under the sovereign's _alter DNS record per
[MCPDNS]. Key derivation, custody, and recovery procedures are
out of scope for this document. This document treats the
sovereign key as a pre-existing Ed25519 keypair whose public
component is reachable via the DNS-resolved path of Section 6.1.¶
Key rotation is supported by the Identity-Key-Id: trailer, which
identifies which key was used to sign a given commit. A
sovereign's DNS record MAY publish multiple historical keys
indexed by key-id, allowing verifiers to validate older commits
against the key that was current at the time of signing even
after the sovereign has rotated their primary signing key.¶
The sovereign handle's public key is resolved via the [MCPDNS]
_alter.<zone> DNS record mechanism. Verifiers MUST use the
resolution algorithm specified in [MCPDNS] to obtain the public
key corresponding to the key-id named in the Identity-Key-Id:
trailer.¶
Verifiers MUST require DNSSEC [RFC4034] validation on the
_alter.<zone> lookup when DNSSEC is available for the zone.
For zones lacking DNSSEC deployment, verifiers MAY accept the
HTTPS .well-known fallback resolution path defined in [MCPDNS],
provided the TLS chain validates against the policy domain.¶
Instrument-handle metadata (provider, version, deprecation
status, capability profile) is resolved via the same _alter
mechanism, but the resolved record is descriptive only. Verifiers
SHOULD treat Instrument metadata as informational provenance and
MUST NOT treat any field of an Instrument record as an
attestational claim. Instrument handles cannot cryptographically
sign commits; their DNS records advertise what the model is, not
that the commit was authorised by it.¶
A conformant verifier MUST perform the following steps in order:¶
Parse all trailers from the footer block. Trailers appearing outside the footer block MUST be ignored.¶
Reject cross-slot category errors. For each trailer,
resolve the handle's tier per [MCPDNS] (or, where DNS
resolution is unavailable, fall back to the syntactic tier
indicators of Section 4.1). If any handle appears in a slot
other than its tier's slot - for example, an Instrument-tier
handle in an Acted-By: slot, or a Sovereign-tier handle in
a Drafted-With: slot - the commit is malformed and the
verifier MUST reject it as a category error. The error
message SHOULD identify the offending trailer by name.¶
Verify signatures, if present. If Identity-Signature:
and Identity-Key-Id: are present, the verifier MUST:¶
a. Extract the key-id from the Identity-Key-Id: trailer.
b. Resolve the corresponding public key by querying the
Acted-By: handle's _alter record per Section 6.1.
c. Compute the commit's tree hash via git cat-file or an
equivalent.
d. Verify the Ed25519 signature against the tree hash using
the resolved public key.¶
If signature verification fails, the verifier MUST mark the
commit as unverified and MUST NOT report it as having a valid
sovereign attribution.¶
Verify the transparency anchor, if present. If
Identity-Anchor: is present, the verifier SHOULD verify the
anchor against the referenced log according to the log's own
verification protocol. Failure to verify the anchor MUST be
surfaced to the user but MUST NOT silently downgrade the
commit's verified status.¶
A conformant verifier SHOULD additionally:¶
Cache handle-to-key resolutions. DNS lookups for the same handle within a single verification pass should be performed at most once. Cache TTL SHOULD respect the DNS record TTL.¶
Distinguish attribution states in user-facing output. Verifiers SHOULD present three distinct states to users:¶
verified - Acted-By: present with a valid
Identity-Signature: resolving to the published key.¶
claimed - Acted-By: present without a signature, or
with a signature whose key cannot be resolved.¶
anonymous - no Acted-By: present.¶
Conflating these states is a security defect.¶
If a sovereign's signing key is compromised, the sovereign rotates
the key and publishes the new key under a new key-id in their
_alter record. The previous key SHOULD remain published as a
historical record so that commits signed during its validity
period continue to verify. Sovereigns SHOULD also publish
revocation metadata distinguishing keys that were rotated for
hygiene from keys that were rotated due to compromise; verifiers
encountering a compromise-revoked key SHOULD warn the operator
that any commit signed by that key is suspect even if the
signature still validates mathematically.¶
Because Instrument handles cannot sign, the Drafted-With:
trailer is an unverified provenance claim. A malicious committer
can always paste Drafted-With: ~cc-opus-4.6 into a commit they
hand-wrote. Implementations MUST treat Instrument attribution as
informational, not attestational, and MUST NOT extend trust
decisions on the basis of an Instrument trailer alone. This is
explicit by design: the Instrument tier is a documentation
mechanism, not an attestation mechanism. The protection against
Instrument-trailer abuse is the sovereign signature on
Acted-By:, which binds a real cryptographic identity to the
overall commit and to the committer's claim about what tools they
used.¶
A successful DNS poisoning attack against the _alter.<zone>
zone could redirect verifiers to a substitute public key under
the attacker's control. This risk is mitigated by:¶
DNSSEC validation when available. Verifiers SHOULD require DNSSEC on the policy zone and MAY refuse to verify against an unsigned zone.¶
The HTTPS .well-known fallback path defined in [MCPDNS],
which terminates the trust chain at the TLS certificate of
the policy domain.¶
Independent transparency-log anchoring via the optional
Identity-Anchor: trailer, which provides a second source of
truth that is unaffected by DNS poisoning.¶
Most git repositories currently use SHA-1 for tree hashing. SHA-1 is cryptographically weakened (SHAttered, 2017) for collision resistance, and tree-hash signing inherits that weakness. Implementations operating in high-assurance contexts SHOULD migrate to SHA-256 git objects, which use SHA-256 for the tree hash and eliminate the SHA-1 weakness. Until such migration is complete, verifiers SHOULD record both the tree hash and the commit hash in any local audit log so that any future SHA-1 collision attack against the verifier's history is detectable ex post.¶
The aggregation of contributor Acted-By: trailers into a
squash-merged commit is an implementation responsibility of the
hosting platform or merge tool. If aggregation is skipped or
fails silently, the trailers from individual contributor commits
are lost, and the merge commit appears to have a single sovereign
when it actually had several. Implementations performing squash
merges MUST validate that contributor trailers have been
aggregated before completing the merge, and SHOULD refuse to
complete a squash that loses trailer attribution. This is an
implementation concern, not a protocol-level issue, but it is
listed here because the operational consequence of a missing
trailer is a silent loss of attribution.¶
The pre-commit hook (or analogous integration point) that invokes the signing operation is a trust-sensitive boundary: the hook runs in the unprivileged developer process and may have access to the sovereign's private key. Implementations SHOULD route signing through a privileged helper - for example, a unix domain socket exposed by a dedicated signing daemon, or a hardware authenticator using WebAuthn PRF - rather than reading the private key directly from unprivileged process memory. Direct key handling in the developer process is acceptable for prototyping but MUST NOT be relied upon in production deployments where commit attribution carries weight.¶
A committer may deliberately omit the Drafted-With: trailer to
conceal AI-instrument involvement in a contribution. This is
detectable only by out-of-band evidence and is not addressable at
the protocol layer. Where AI-disclosure obligations exist (for
example, in regulated software development contexts), they SHOULD
be enforced at the policy layer with this protocol providing the
truthful path for honest committers, not the verification path
for dishonest ones.¶
At the time of writing, IANA does not maintain a registry of git commit trailer names. If such a registry is established, this document requests registration of the following trailer names with reference to this specification:¶
Until a formal registry exists, this document recommends that implementers coordinate via the ALTER discovery community and treat the trailer names defined here as reserved for the identity-attributed commit grammar.¶
This document depends on the did:alter: URI scheme via the
Identity-Key-Id: trailer. The alter: URI scheme is the
subject of IANA considerations in [MCPDNS]; this document does
not separately register it.¶
The identitylog:// URI scheme used by the optional
Identity-Anchor: trailer is reserved by this document for
future registration when a normative IdentityLog specification is
published. Implementations encountering identitylog:// URIs
without a registered scheme MUST treat the anchor as an opaque
reference and SHOULD NOT attempt resolution.¶
This document requests no other IANA actions.¶
The trailer grammar defined here is intended to coexist with prior commit-attribution mechanisms rather than to replace them.¶
| Mechanism | Purpose | Coexistence with this spec |
|---|---|---|
Git Signed-off-by [DCO]
|
Legal attestation of contribution rights | Orthogonal. A commit MAY carry both a Signed-off-by: and an Acted-By: trailer. They answer different questions. |
Git commit signing (git commit -S) |
Cryptographic identity via GPG/SSH key directories | Orthogonal. A commit MAY be both GPG-signed and Acted-By-signed. Verifiers handle each path independently. |
| Sigstore / gitsign [GITSIGN] | Keyless cryptographic identity via OIDC | Architecturally adjacent. Different identity provider model (OIDC + Rekor vs DNS-resolved DID + IdentityLog). May coexist. |
Anthropic Co-Authored-By: Claude [ANTHROPIC-COAUTHOR]
|
Informal AI co-authorship convention | Superseded for AI attribution by Drafted-With: (Instrument tier). Implementations MAY emit both during a transition window. |
The Instrument tier is novel to this specification and has no analogue in any existing mechanism. Sigstore identifies signers; the DCO attests to legal rights; the Anthropic convention is a plain-text marker. None expresses the structural distinction between a sovereign actor, a delegated bot, and a non-signing instrument. This distinction is the load-bearing contribution of the present document.¶
The author thanks Drew Dylan (co-founder, Alter Meridian Pty Ltd) for the cosmological framing of identity tiers, and Jake McCallum (Sentinel) for adversarial review of the tier-slot grammar and the cross-tier rejection rules. The members of the ALTER founding circle provided extensive review and pressure-testing of earlier drafts. Additional contributors will be named at review time.¶
[RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987.¶
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.¶
[RFC4034] Arends, R., et al., "Resource Records for the DNS Security Extensions", RFC 4034, March 2005.¶
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006.¶
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008.¶
[RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital Signature Algorithm (EdDSA)", RFC 8032, January 2017.¶
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, May 2017.¶
[RFC8552] Crocker, D., "Scoped Interpretation of DNS Resource Records through 'Underscored' Naming of Attribute Leaves", BCP 222, RFC 8552, March 2019.¶
[RFC8785] Rundgren, A., et al., "JSON Canonicalization Scheme (JCS)", RFC 8785, June 2020.¶
[MCPDNS] Morrison, B., "Discovery of Model Context Protocol Servers via DNS TXT Records", draft-morrison-mcp-dns-discovery, work in progress.¶
[RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, July 2016.¶
[DCO] "Developer Certificate of Origin v1.1", https://developercertificate.org/, 2004.¶
[GIT-TRAILERS] "git-interpret-trailers(1)", https://git-scm.com/docs/git-interpret-trailers.¶
[GITSIGN] "gitsign: Keyless Git Signing", https://docs.sigstore.dev/cosign/signing/gitsign/.¶
[SIGSTORE] "Sigstore: Software Signing for Everybody", https://www.sigstore.dev/.¶
[ANTHROPIC-COAUTHOR] Anthropic, "Co-Authored-By: Claude - convention for AI-assisted commits".¶
[ALTER-DID8] Morrison, B., "ALTER Decision Register entry D-ID8 - Three-Tier Handle Taxonomy", internal, 2026.¶
[ALTER-DDW4] Morrison, B., "ALTER Decision Register entry D-DW4 - Governance Break Invariant", internal, 2026.¶
[ALTER-KEY-CUSTODY] Morrison, B., "ALTER Key Custody Doctrine - WebAuthn PRF Dual-Enrol", internal, 2026.¶
[MORRISON-IFT] Morrison, B., "Identity Field Theory: Toward a Physics of Being Known", https://doi.org/10.6084/m9.figshare.31951383, 2026.¶