Source: email from Yaron Sheffer to the WIMSE mailing list, Review of draft-klrc-aiagent-auth (editor's copy). Quoted verbatim below.
Section 7 discusses posture assessment only in the context of credential issuance and rotation. The document should also mention the possibility of continuous or live posture assessment, bound to individual workload-to-workload messages — for example, including a fresh attestation assertion in a WPT or HTTP Message Signature. This is particularly relevant in high-risk or cross-domain scenarios.
Source: email from Yaron Sheffer to the WIMSE mailing list, Review of draft-klrc-aiagent-auth (editor's copy). Quoted verbatim below.
Section 7 discusses posture assessment only in the context of credential issuance and rotation. The document should also mention the possibility of continuous or live posture assessment, bound to individual workload-to-workload messages — for example, including a fresh attestation assertion in a WPT or HTTP Message Signature. This is particularly relevant in high-risk or cross-domain scenarios.