Status: Draft Specification - NMCITRA
Version: 0.1
Date: November 2025
This repository contains draft specifications developed by the New Mexico Cyber Intelligence & Threat Response Alliance (NMCITRA). These documents have not been submitted to the IETF and do not represent Internet Standards or consensus of any standards body.
"We cannot command Nature except by obeying her." — Francis Bacon
The Kinetic Trust Protocol (KTP) is a framework for dynamic, physics-based authorization of autonomous agents. It replaces static permission models with environmental constraints that adapt in real-time to system conditions.
The Core Insight: Instead of asking "Does this agent have permission?", KTP asks "Can this environment safely support this action?"
Traditional authorization systems suffer from three fatal assumptions:
- The Passport Fallacy: Possession of a credential equals proof of identity
- The Static Fallacy: Permissions verified at time T remain valid at T+1
- The Vacuum Fallacy: Digital systems operate independent of physical reality
In the age of autonomous agents operating at machine-speed, all three assumptions fail catastrophically.
KTP introduces a physics-based model where:
- Trust is Mass: Earned through survival, not assigned by fiat
- Risk is Friction: Environmental stress that constrains movement
- Authorization is Motion: The result of mass overcoming friction
- Identity is Trajectory: A vector of movement, not a static credential
The foundational constraint of all KTP systems:
A ≤ E
Where:
A = Autonomy (intrinsic risk of the requested action)
E = Environment stability (current Trust Score)
This is not a policy. It is a physical constraint enforced by cryptography.
This repository contains 19 RFC documents comprising the complete KTP specification:
| Document | Title | Lines | Description |
|---|---|---|---|
| Constitution | Constitution of Digital Physics | 693 | Preamble and 10 Articles defining the governing framework |
| KTP-CORE | Core Protocol | 2,038 | Trust Score, Context Tensor, Trust Proof, Silent Veto, Anti-Goodhart measures |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-IDENTITY | Vector Identity | 1,512 | Trajectory Chains, Proof of Resilience, Sponsorship, NIST 800-63 Identity Proofing |
| KTP-SENSORS | Context Tensor Sensors | 1,050 | Sensor specifications, Risk Domains (Node/Neighborhood/Global), normalization, domain profiles |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-ENFORCE | Enforcement Layer | 1,186 | Policy Enforcement Points, Trust Tiers, Adaptive Dormancy, Mass Ceiling |
| KTP-AUDIT | Flight Recorder | 876 | Decision Geometry, immutable logging, forensics, counterfactual analysis |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-ZONES | Blue Zone Discovery | 1,176 | Zone types (Deep Blue → Wild), discovery protocols, ingress/egress |
| KTP-FEDERATION | Trust Federation | 904 | Inter-zone trust, cross-attestation, federation governance |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-CRYPTO | Cryptographic Specification | 1,456 | Algorithms, key management, HSM requirements, post-quantum strategy |
| KTP-TRANSPORT | Transport Layer | 1,398 | Wire formats, REST/gRPC APIs, real-time protocols, WebSocket streams |
| KTP-THREAT-MODEL | Threat Model | 1,756 | STRIDE analysis, attack trees, risk assessment, security requirements |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-RECOVERY | Disaster Recovery | 932 | Backup/restore, key ceremonies, zone recovery, split-brain resolution |
| KTP-MIGRATION | Migration Guide | 1,042 | Adoption pathways, legacy integration, staged deployment |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-HUMAN | Human Integration | 1,178 | Humans as agents, collaboration patterns, system ethics |
| KTP-GOVERNANCE | Specification Governance | 654 | Stewardship council, amendment process, anti-capture provisions |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-PRIVACY | Privacy Framework | 2,382 | GDPR, CCPA, ICCPR Article 17, privacy-preserving computation, data minimization |
| KTP-CONFORMANCE | Conformance Requirements | 906 | Certification levels, testing requirements, interoperability |
| RFC | Title | Lines | Description |
|---|---|---|---|
| KTP-CELESTIAL | Celestial Wayfinding | 1,153 | Interplanetary trust, light-cone model, Polynesian navigation philosophy |
| KTP-PROBLEMS | Open Problems | 2,448 | Known limitations, anticipated critiques, honest assessment, call for collaboration |
- Total RFC Documents: 19
- Total Specification Lines: ~24,000
- JSON Schemas: 4
- Constitutional Articles: 10
E_trust = E_base × (1 - R)
Where:
E_base = Agent's intrinsic capability (0-100)
R = Risk factor from Context Tensor (0-1)
E_trust = What the environment allows (0-100)
Seven dimensions of environmental reality:
| Dimension | Symbol | Physics Equivalent | Measures | Sensors |
|---|---|---|---|---|
| Mass | M | Density/Mass | Physical density | CO2, LIDAR, RF noise, device count |
| Momentum | P | Kinetic Energy | Data flow velocity | TPS, link saturation, packet velocity |
| Heat | H | Entropy/Temperature | Adversarial pressure | WAF blocks, anomaly rates, CPU temps |
| Time | T | Temporal Phase | Moment criticality | Event countdown, maintenance windows |
| Inertia | I | Inertial Mass | Blast radius | Topology centrality, dependency depth |
| Observer | O | Frame of Reference | Who is watching | VIP presence, regulatory jurisdiction |
| Soul | S | Cosmological Constant | Sovereignty constraints | TK Labels, OCAP/CARE, Sacred Land geofences |
The Soul Veto: Unlike the first six dimensions (which contribute weighted values to the Risk Factor), Soul acts as a binary veto. If sovereignty constraints are violated (S = 1), the action is forbidden regardless of Trust Score. This operationalizes Indigenous Data Sovereignty, cultural heritage protections, and other immutable constraints.
| Tier | E_trust | Capabilities |
|---|---|---|
| God Mode | ≥ 95 | Create, destroy, mutate infrastructure |
| Operator Mode | ≥ 85 | Restart services, read configs |
| Analyst Mode | ≥ 70 | Query data, read-only access |
| Observer Mode | ≥ 50 | Emit logs only |
| Hibernation | < 50 | Heartbeat only, await recovery |
When A > E_trust, the action is denied automatically. No human intervention. No appeal. No exception.
This is not punishment. It is physics.
Blue Zones are network segments where Digital Physics is enforced—safe harbors on the internet where humans and agents can operate with cryptographic trust guarantees.
┌─────────────────────────────────────────────────────┐
│ BLUE ZONE │
│ ┌───────────────────────────────────────────────┐ │
│ │ Trust Oracle Mesh │ │
│ │ [Oracle 1] ←→ [Oracle 2] ←→ [Oracle 3] │ │
│ └───────────────────────────────────────────────┘ │
│ ↓ │
│ ┌───────────────────────────────────────────────┐ │
│ │ Context Tensor Sensors │ │
│ │ [M] [P] [H] [T] [I] [O] [S] │ │
│ └───────────────────────────────────────────────┘ │
│ ↓ │
│ ┌───────────────────────────────────────────────┐ │
│ │ Policy Enforcement Points │ │
│ │ [API GW] [Service Mesh] [IAM] [DB Proxy] │ │
│ └───────────────────────────────────────────────┘ │
│ ↓ │
│ ┌───────────────────────────────────────────────┐ │
│ │ Agent Population │ │
│ │ [Tethered] [Divergent] [Persistent] │ │
│ └───────────────────────────────────────────────┘ │
│ ↓ │
│ ┌───────────────────────────────────────────────┐ │
│ │ Flight Recorder │ │
│ │ [Immutable Audit Log - Decision Geometry] │ │
│ └───────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────┘
↕
[ZONE GATEWAY]
↕
┌─────────────────────────────────────────────────────┐
│ WILD INTERNET │
│ (Static credentials, binary permissions) │
└─────────────────────────────────────────────────────┘
Identity is a trajectory, not a credential. You are not what you hold; you are where you've been and how you moved.
Trust is earned through survival under stress, not granted by authority. An agent that has weathered storms carries more weight than one with a pristine but untested history.
New agents enter through sponsorship. A sponsor stakes their own trust, creating accountability without requiring pre-existing reputation.
Comprehensive countermeasures against gaming the Trust Score, including multi-dimensional scoring, behavioral unpredictability, adversity requirements, and peer validation.
The Soul dimension operationalizes TK Labels, OCAP/CARE principles, and sacred land protections as immutable constraints that cannot be overridden by operational convenience.
KTP-PROBLEMS explicitly documents what we don't know how to solve, inviting collaboration rather than claiming false completeness.
ktp-rfc/
├── README.md # This file
├── constitution.txt # The Constitution of Digital Physics
├── rfcs/ # RFC specifications (19 documents)
│ ├── ktp-core.txt # Core protocol specification
│ ├── ktp-identity.txt # Vector identity and trajectory
│ ├── ktp-sensors.txt # Context Tensor sensors
│ ├── ktp-enforce.txt # Enforcement layer
│ ├── ktp-audit.txt # Flight Recorder
│ ├── ktp-zones.txt # Blue Zone discovery
│ ├── ktp-federation.txt # Trust federation
│ ├── ktp-crypto.txt # Cryptographic specification
│ ├── ktp-transport.txt # Transport layer
│ ├── ktp-threat-model.txt # Security threat model
│ ├── ktp-recovery.txt # Disaster recovery
│ ├── ktp-migration.txt # Migration guide
│ ├── ktp-human.txt # Human integration
│ ├── ktp-governance.txt # Specification governance
│ ├── ktp-privacy.txt # Privacy framework
│ ├── ktp-conformance.txt # Conformance requirements
│ ├── ktp-celestial.txt # Interplanetary trust
│ └── ktp-problems.txt # Open problems and limitations
└── schemas/ # JSON schemas
├── trust-proof.json # Trust Proof token schema
├── context-tensor.json # Context Tensor schema
├── soul-constraint.json # Soul constraint schema
└── sensor-config.json # Sensor configuration schema
This specification is in active development. Contributions welcome:
- RFC Review: Submit issues for clarifications or improvements
- Implementation: Reference implementations in any language
- Sensor Profiles: Domain-specific Context Tensor configurations
- Blue Zone Pilots: Real-world deployment experiences
- Open Problems: Solutions to challenges documented in KTP-PROBLEMS
- Reference implementation (Rust or Go recommended)
- Test vectors for conformance testing
- Formal verification of core properties
- Privacy-preserving computation integration
- Real-world sensor integration examples
"Freedom is the recognition of necessity." — Baruch Spinoza
KTP is built on the insight that true autonomy requires constraint. An agent is not free because it can do anything—it is free because it acts within the bounds of what the environment can safely support.
The wayfinders of Polynesia crossed the Pacific not by conquering the ocean but by learning to read it. They didn't fight the swells; they joined them. They became part of the system they navigated.
We are applying the same principle to code.
We are not building a prison for AI. We are building physics for the digital world.
Chris Perkins
New Mexico Cyber Intelligence & Threat Response Alliance (NMCITRA)
Email: cperkins@nmcitra.org
This specification is released under the Apache License, Version 2.0.
- "The Missing Law of Motion" — The Zeroth Law and Digital Physics
- "The Ghost in the Machine" — The Data Compass and environmental sensing
- "Sailing by Starlight" — Trust as mass, gravitational routing
- "The Constitution of Digital Physics" — Ten immutable laws
- "Proof of Physics" — Vector Identity and trajectory
- "The Tether" — The Context Tensor and sensor aggregation
- RFC 7519 — JSON Web Token (JWT)
- RFC 8693 — OAuth 2.0 Token Exchange
- RFC 9396 — OAuth 2.0 Rich Authorization Requests
- NIST SP 800-63 — Digital Identity Guidelines
- Local Contexts — Traditional Knowledge Labels
- OCAP® Principles — First Nations Information Governance
- CARE Principles — Indigenous Data Governance
- Goodhart, C. (1984) — "Problems of Monetary Management"
- Spinoza, B. (1677) — "Ethics" (conatus)
- Bacon, F. (1620) — "Novum Organum"
"We do not ask permission to implement gravity. We do not negotiate with entropy. We do not appeal to friction. We build the physics. The physics does the rest."