Agent delegates use ephemeral keys, and agent servers can rotate their JWKS. The spec focuses on proving message authenticity at request time where the entity signing the message holds the private key bound to the agent identity. But how should adopters think about audit and non-repudiation after the fact?
Once keys rotate out of JWKS, old signatures become unverifiable. The only persistent identifiers are agent and sub (agent delegate), but these don't help you cryptographically prove "agent X signed request Y at time T" after key rotation.
Is this intentional (privacy-preserving by design)?
Should the spec offer guidance for deployments that need audit trails?
Are there recommended patterns (e.g., resources archiving tokens at verification time, key transparency logs)?
Agent delegates use ephemeral keys, and agent servers can rotate their JWKS. The spec focuses on proving message authenticity at request time where the entity signing the message holds the private key bound to the agent identity. But how should adopters think about audit and non-repudiation after the fact?
Once keys rotate out of JWKS, old signatures become unverifiable. The only persistent identifiers are
agentandsub(agent delegate), but these don't help you cryptographically prove "agent X signed request Y at time T" after key rotation.Is this intentional (privacy-preserving by design)?
Should the spec offer guidance for deployments that need audit trails?
Are there recommended patterns (e.g., resources archiving tokens at verification time, key transparency logs)?