Remote ATtestation procedureS D. Condrey Internet-Draft WritersLogic Intended status: Standards Track 14 February 2026 Expires: 18 August 2026 Proof of Process (PoP): Forensic Appraisal and Security Model draft-condrey-rats-pop-appraisal-01 Abstract This document specifies the forensic appraisal methodology and quantitative security model for the Proof of Process (PoP) framework. It defines how Verifiers evaluate behavioral entropy, perform liveness detection, and calculate forgery cost bounds. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 18 August 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Condrey Expires 18 August 2026 [Page 1] Internet-Draft PoP Appraisal February 2026 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Jitter Seal: Captured Behavioral Entropy . . . . . . . . . . 2 2.1. Entropy Thresholds . . . . . . . . . . . . . . . . . . . 2 3. Forensic Assessment Mechanisms . . . . . . . . . . . . . . . 2 4. Forgery Cost Bounds (Quantified Security) . . . . . . . . . . 3 5. Absence Proofs: Negative Evidence . . . . . . . . . . . . . . 3 6. Tool Receipt Protocol (AI Attribution) . . . . . . . . . . . 4 7. Privacy and Inclusivity . . . . . . . . . . . . . . . . . . . 4 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 8.1. Normative References . . . . . . . . . . . . . . . . . . 4 8.2. Informative References . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction The value of Proof of Process (PoP) evidence lies in the Verifier's ability to distinguish biological effort from algorithmic simulation. This document provides the normative framework for forensic appraisal, defining the appraisal logic required to generate a Writers Authenticity Report (WAR). 2. Jitter Seal: Captured Behavioral Entropy Verifiers appraisal behavioral entropy (jitter) to establish a biological binding to the document. jitter-binding = { 1 => entropy-source, ; 1=keystroke, 2=pause, 3=mouse 2 => bstr, ; jitter-digest (compressed) 3 => bstr .size 32, ; hmac-binding to content } 2.1. Entropy Thresholds For a checkpoint to be considered "Biologically Bound," the JitterDigest MUST contain at least a minimum threshold of min-entropy (H_min). For ENHANCED profiles, this protocol RECOMMENDS *H_min = 128 bits* per 1,000 characters of input. 3. Forensic Assessment Mechanisms SNR (Signal-to-Noise Ratio) Analysis: Verifying the 1/f fractal noise signature of human motor signals to detect machine-clocked synthetic injection. Biological noise exhibits non-linear variance that is computationally expensive to simulate. Condrey Expires 18 August 2026 [Page 2] Internet-Draft PoP Appraisal February 2026 Cognitive Load Correlation (CLC): To defeat high-fidelity AI jitter models, Verifiers MUST correlate timing patterns with semantic complexity. Human authors exhibit increased inter-keystroke intervals (IKI) during the composition of high-entropy segments (e.g., complex technical definitions). Mechanical Turk Detection: Analyzes intra-checkpoint correlation (C_intra) to detect "robotic pacing"—where an automated system maintains a machine-clocked editing rate regardless of content complexity. Error Topology Analysis: Human authors exhibit characteristic patterns: Localized corrections near recent insertions, and fractal self-similarity in revision patterns across different time scales. 4. Forgery Cost Bounds (Quantified Security) Forgery cost bounds provide a Verifier with a lower bound on the computational resources required to forge an Evidence Packet. The cost (_C_total_) is computed as: C_total = C_vdf + C_entropy + C_hardware * *C_vdf:* Iterations * Joules per iteration * Energy Cost. The sequential nature of VDFs ensures time cannot be "bought" with parallel compute. * *C_entropy:* Effort required to synthesize biological noise that satisfies SNR and CLC constraints via high-fidelity AI modeling. * *C_hardware:* Pro-rated cost of discrete TPMs or high-bandwidth memory interfaces required for MHSF acceleration. 5. Absence Proofs: Negative Evidence Absence proofs assert that certain events did NOT occur during the monitored session. Type 1: Computationally-Bound Verifiable from the evidence chain alone (e.g., "Max single delta size < 100 bytes"). Type 2: Monitoring-Dependent Requires trust in AE monitoring (e.g., "No content was pasted from unauthorized sources"). Type 3: Environmental Assertions about system state (e.g., "No debugger attached" or "Hardware temperature remained within T_min/ T_max"). Condrey Expires 18 August 2026 [Page 3] Internet-Draft PoP Appraisal February 2026 6. Tool Receipt Protocol (AI Attribution) When external tools contribute content, the PoP framework enables a "compositional provenance" model: 1. *Receipt Signing:* The Tool signs a "Receipt" containing its identity and a commitment to the generated content. 2. *Binding:* The Attester records a *PASTE* event in the transcript referencing the Tool Receipt. 3. *Countersigning:* The Attester binds the Receipt into the next human-driven checkpoint, anchoring the automated work into the linear human effort. 7. Privacy and Inclusivity Verifiers MUST support *Evidence Quantization* to mitigate stylometric de-anonymization risks. Additionally, Verifiers MUST support *Accessibility Modes* for authors using assistive technologies, ensuring they are not systematically excluded. 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9334] Birkholz, H., Thaler, D., Richardson, M., Smith, N., and W. Pan, "Remote ATtestation procedureS (RATS) Architecture", RFC 9334, DOI 10.17487/RFC9334, January 2023, . 8.2. Informative References [Goodman2007] Goodman, A. and V. Zabala, "Using Stylometry for Biometric Keystroke Dynamics", 2007, . Condrey Expires 18 August 2026 [Page 4] Internet-Draft PoP Appraisal February 2026 [Monrose2000] Monrose, F. and A. Rubin, "Keystroke dynamics as a biometric for authentication", 2000, . [PoP-Protocol] Condrey, D., "Proof of Process (PoP): Architecture, Evidence Format, and VDF", Work in Progress, Internet- Draft, draft-condrey-rats-pop-protocol-02, 2026, . [Sardar-RATS] Sardar, M.U., "Security Considerations for Remote ATtestation procedureS (RATS)", May 2024, . Author's Address David Condrey WritersLogic Inc San Diego, California, United States Email: david@writerslogic.com Condrey Expires 18 August 2026 [Page 5]