Independent Stream W. Chuang Internet-Draft E. Gustafsson Intended status: Experimental Google, Inc. Expires: 21 December 2026 19 June 2026 Agent Attribution Header Fields draft-chuang-agent-attribution-header-fields-00 Abstract When human users communicate with autonomous computer agent users, the human users should be able to identify that communication as coming from agent users and know which humans are responsible for the agent users. This document specifies email header fields that an email sender can use to transmit agent user attribution information to email receivers. The first header field is human readable and specifies the agent's responsible humans' email address. The second header field is machine readable and specified in JSON attribution information. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 21 December 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components Chuang & Gustafsson Expires 21 December 2026 [Page 1] Internet-Draft Local Headers June 2026 extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. *Introduction* . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. *Terminology and Definitions* . . . . . . . . . . . . . . 2 1.2. *Header Fields* . . . . . . . . . . . . . . . . . . . . . 2 1.2.1. *Authentication* . . . . . . . . . . . . . . . . . . 3 1.3. *Security Considerations* . . . . . . . . . . . . . . . . 3 1.4. *IANA Considerations* . . . . . . . . . . . . . . . . . . 4 2. Normative References . . . . . . . . . . . . . . . . . . . . 4 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 4 1. *Introduction* Recent autonomous computer agent users have gained the capability to communicate with human users through such means such as emails ([RFC5322]). Human users should be able to identify that communication as coming from computer agents. They should also be able to identify which humans are responsible for the agent, that is the human owner of the agent. For example when the agent misbehaves and sends unwanted email, the recipient may want to communicate with the responsible human to stop the behavior. This document specifies email header fields ([RFC5322]) that an email sender can use to transmit agent user attribution information to email receivers. The first header field Agent-of specifies the agent's responsible human's email address, and is human and machine readable. The second header field Agent-attribution is specified in JSON attribution information, and is meant to be machine readable only. 1.1. *Terminology and Definitions* The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 1.2. *Header Fields* This specification defines two header field-names ([RFC5322]) agent- of and agent-attribution. When the agent-of header field is attached to an email, it defines that a computer agent sent the message. The field value is an address-list ([RFC5322]) of the responsible humans of the agent that sent an email. This is meant to be human and machine readable. Chuang & Gustafsson Expires 21 December 2026 [Page 2] Internet-Draft Local Headers June 2026 agent-of = "Agent-of:" address-list CRLF With this header field, the responsible human information here is simplified for readability. If there are multiple responsible humans of an agent, multiple addresses may be specified or an email address alias may be used to represent many users that control that agent. In other scenarios, when an agent triggers the creation of another agent, the responsible human information SHOULD be propagated so that it is always available to the newly created agent. Alternatively when the sender wishes to represent a more complex responsibility relationship, they can use the agent-attribution header field. The field value is a base64string ([RFC4648]) of JSON ([RFC8259]). The JSON key-value of attributes about the identity of the responsible humans that allows arbitrary definition of responsibility and delegation relationship of computer agents. We expect that there will be an IANA registry for these values as well as future updates to this document to represent those relationships. It is meant to be only machine readable. When the agent-attribution header field is attached to an email, it also defines that a computer agent sent the message. agent-attribution = "Agent-attribution:" base64string CRLF If both header fields are present in a message, the receiver SHOULD take a union of the sender identities of both header fields. 1.2.1. *Authentication* Senders SHOULD sign these header fields with DKIM ([RFC6376]). Receivers that use these headers MUST DKIM authenticate them, i.e the signature passes and the header fields are covered by the header hash. If DKIM2 (draft-ietf-dkim-dkim2-spec (https://datatracker.ietf.org/doc/html/draft-ietf-dkim-dkim2-spec)) authentication is available, then DKIM2 results SHOULD be used for authentication instead of DKIM. To prevent spoofing of the responsible humans, receivers that use those identities MUST check for DMARC relaxed ([RFC9989]) alignment with a passing DKIM or DKIM2 signature domain. 1.3. *Security Considerations* These headers MUST be DKIM authenticated before they can be used as defined in Section 1.2.1. Similarly the responsible humans' email addresses domains MUST be DKIM aligned as defined in Section 1.2.1. Presence of this header field does not infer any trustworthiness. It is simply a claim by the sender that the creator of the email is an agent and a second claim of who are the responsible humans of an Chuang & Gustafsson Expires 21 December 2026 [Page 3] Internet-Draft Local Headers June 2026 agent. Receivers MUST make their own judgement of the utility of this information. 1.4. *IANA Considerations* This document has no IANA actions yet. -- 2. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, . [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, . [RFC6376] Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed., "DomainKeys Identified Mail (DKIM) Signatures", STD 76, RFC 6376, DOI 10.17487/RFC6376, September 2011, . [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017, . [RFC9989] Herr, T., Ed. and J. Levine, Ed., "Domain-Based Message Authentication, Reporting, and Conformance (DMARC)", RFC 9989, DOI 10.17487/RFC9989, May 2026, . Authors' Addresses Weihaw Chuang Google, Inc. Email: weihaw@google.com Emil Gustafsson Google, Inc. Chuang & Gustafsson Expires 21 December 2026 [Page 4] Internet-Draft Local Headers June 2026 Email: emgu@google.com Chuang & Gustafsson Expires 21 December 2026 [Page 5]