For: ENS standards reviewers, ERC-8004 implementers, agent-platform architects
Trust DNS Manifesto — naming as authentication for autonomous agents
RFC-style 5000-word manifesto. Why SBO3L resolves ENS names to trust commitments rather than wallet addresses; the seven-record opinionated profile; the standardisation path through ENSIP-N.
This is a synopsis. The full manifesto (~5000 words, RFC-style with
normative MUST/SHOULD/MAY language, eight sections, comparison tables,
worked rotation examples, and an attack-resistance argument) lives at
docs/concepts/trust-dns-manifesto.md.
The substitution that changes everything
Most uses of ENS reduce to naming: a friendlier label for a wallet address. What an autonomous-agent ecosystem actually needs is authentication: a name that lets a remote verifier reconstruct everything they need to know about the named entity, with no shared secrets and no trusted intermediary. ENS — precisely because of how it was already built — turns out to be the cleanest substrate to make that substitution on.
The trust profile in seven records
ENS gives us text(node, key). SBO3L proposes seven keys.
Each answers a question a remote verifier needs answered.
agent_id stable identifier · endpoint daemon
URL · pubkey_ed25519 receipt verifying key ·
policy_hash commitment to the active policy ·
audit_root anchor to the audit chain ·
capability sponsor-surface tags ·
reputation_score portable signal via CCIP-Read.
The seven keys are also the body of docs/ENSIP-N-DRAFT.md,
the standardisation companion to this manifesto. Treating them as a
profile rather than a free-form schema is what lets the convention
generalise across platforms.
Resolver rotation as identity key-rotation
ENS names point to a resolver contract; the owner can change which
resolver the name points to at any time. If the agent's signing key is
compromised, the operator runs a four-line runbook: generate the new
key, update pubkey_ed25519 in one transaction, resume
signing, append a key.rotated entry to the audit chain. There is no
CRL, no OCSP, no third-party signal — the chain itself is the
truststore.
Cross-agent reputation through reverse records
An action's signature recovers the public key; the public key hashes to a synthetic identifier; the synthetic identifier reverse-resolves to the agent's forward ENS name; the forward name reads back the seven records. The chain is permissionless and injective by construction — an attempt to launder bad reputation by registering a parallel name with the same key is detectable in the resolver, not in application code.