| Feature | TCP/IP | AGTS |
|---|---|---|
| Core unit | Packet | Canonical leaf |
| Global identifier | IP address | log_id (SHA-256 of public key) |
| Reliability mechanism | ACKs, retransmission | Inclusion proofs, consistency proofs |
| Error signaling | ICMP, TCP RST | Equivocation Proof, HTTP 422 |
| Flow control | TCP window, congestion control | Fail-closed rule, HCE feedback loop |
| Security | Optional (IPsec, TLS) | Built-in (signatures, transparency, witnesses) |
| Layering | Application, Transport, Internet, Link | Governance, Envelope, Transparency, Verification, Trust Policy |
| Extensibility | Ports, protocols | Vertical Instantiations (domain plugins) |
| Governing body | IETF | AGTS Technical Steering Committee |
| Key invariant | Packets arrive (best effort) | Leaves are append-only and verifiable |
1. Purpose and Scope
| Aspect | TCP/IP | AGTS |
|---|---|---|
| Primary goal | Enable reliable, interoperable communication between heterogeneous networks | Enable verifiable, transparent governance of autonomous systems across organizational boundaries |
| Scope | Global data transport — packets, routing, connections | Global governance record — authorization, evidence, audit |
| Core abstraction | The packet — unit of data delivery | The canonical leaf — unit of governance record |
| Key property | Best-effort delivery with end-to-end reliability | Append-only transparency with end-to-end verifiability |
| Trust model | Decentralized routing; trust in endpoints | Decentralized logs; trust in transparency and witnesses |
Both define a universal, minimal set of abstractions that enable a global system of independent participants to interoperate without central coordination.
2. Architectural Layers
AGTS defines five logical layers; TCP/IP has four. The layering principles are similar: each layer provides services to the layer above and uses services from the layer below.
| TCP/IP Layer | AGTS Layer | Analogy |
|---|---|---|
| Application (HTTP, SMTP) | Governance Layer (RTR measurement, validation) | Domain-specific logic — capability measurement and five-gate validation |
| Transport (TCP, UDP) | Envelope Layer (Governance Envelope) | Package the payload for delivery — TCP segments data; AGTS envelopes wrap Proof Bundles |
| Internet (IP) | Transparency Layer (Merkle log, STH) | Core global infrastructure — IP routes packets; AGTS logs provide append-only records |
| Link (Ethernet, Wi-Fi) | Verification Layer (witnesses, monitors) | Cryptographic checks and gossip vs. hardware medium |
| (Physical) | Trust Policy Layer (client policy) | Trust policy is like a firewall rule — decides which logs to trust |
Key Difference: AGTS layers are designed for cryptographic verifiability and accountability, while TCP/IP layers are designed for data transport.
3. End-to-End Principle
TCP/IP's end-to-end principle: intelligence at the endpoints; the network stays simple. AGTS: governance authority at the institutions; the transparency network stays simple (append-only logs, witnesses, monitors). The network does not need to understand governance decisions; it only needs to provide immutable, verifiable records.
- TCP/IP: Routers forward packets without understanding applications.
- AGTS: Logs admit leaves without understanding governance evidence; verification happens at clients using inclusion proofs and policies.
4. Protocol Stack and Encapsulation
TCP/IP uses encapsulation: application data → TCP segment → IP packet → link frame. AGTS uses a similar encapsulation chain:
Each layer adds its own headers and signatures, analogous to TCP/IP headers. The canonical leaf is the final encapsulated unit that is "transmitted" (appended) to the log.
5. Addressing and Identifiers
TCP/IP: IP addresses identify network interfaces. DNS provides human-readable names.
AGTS: log_id = SHA256(SubjectPublicKeyInfo) uniquely identifies a transparency log. Self-certifying, cryptographic fingerprint. Governance Envelopes carry log_binding.log_id to specify which log is authoritative.
Both use fixed-length identifiers. AGTS's log_id is inherently tied to the log's signing key — authentication by construction.
6. Reliability and Error Detection
- TCP: Reliable, ordered delivery through sequence numbers, acknowledgments, and retransmission.
- AGTS: Verifiable delivery through inclusion proofs and consistency proofs. If a leaf is admitted, its inclusion proof guarantees it exists. If a log operator misbehaves, monitors produce Equivocation Proofs.
Inclusion proof ≈ TCP ACK. Consistency proof ≈ TCP sequence number continuity. Equivocation proof ≈ TCP duplicate ACK indicating forgery.
7. Congestion Control vs. Governance Flow Control
TCP's congestion control adapts sending rate to network capacity. AGTS's governance flow control is the fail-closed rule and the HCE feedback loop. If execution deviates (variance), the system nudges observables and may quarantine future updates — analogous to TCP backing off when packets are lost.
8. Security and Threat Model
TCP/IP was designed in a trusted environment; security (IPsec, TLS) was added later. AGTS builds security into its core:
| Threat | TCP/IP Mitigation | AGTS Mitigation |
|---|---|---|
| Packet spoofing | IPsec, ingress filtering | Logs are self-certifying; signatures on STHs and envelopes |
| Man-in-the-middle | TLS | Transparency logs are public; monitors detect equivocation |
| Denial of service | Various | Logs are append-only; monitors detect partition attacks |
| Data tampering | TCP checksums | Merkle tree ensures tamper-evidence |
AGTS's threat containment model explicitly separates authorities so no single actor can both authorize and hide actions — a property not present in TCP/IP.
9. Extensibility and Vertical Instantiations
TCP/IP allows different application protocols (HTTP, SMTP) on top. AGTS allows Vertical Instantiations for different domains (finance, healthcare, autonomous vehicles). The core protocol remains the same; domain-specific parameters are defined in vertical documents — analogous to TCP ports and application-layer protocols.
10. Adoption Path and Network Effect
TCP/IP succeeded because it was simple, freely available, and solved a universal problem. AGTS aims for similar adoption:
- Minimal deployment — can be as small as five services
- Low overhead — governance cost less than 0.001% of AI inference cost
- Incremental adoption — internal governance first, then settlement, then cross-institution logs
- Network effect — as more institutions run logs and cross-witness, the mesh becomes more valuable
11. Comparison Summary
See the table at the top of this page.
12. The "Great Inversion" Parallel
TCP/IP inverted the telecom model: from circuit-switched networks (centralized control) to packet-switched (distributed intelligence at edges). AGTS similarly inverts the cloud model: from a single provider controlling compute, data, logs, and billing to a separation where governance authority is independently verifiable and compute providers are merely executors. This is a structural shift analogous to the internet's shift away from centralized telephony.
13. Why AGTS is the "TCP/IP for Autonomous Systems Governance"
Just as TCP/IP provided a common language for computers to communicate, AGTS provides a common language for autonomous systems to be governed and audited. It abstracts away the specifics of AI models, hardware, and execution environments, focusing on the minimal necessary record: an authorized action, with evidence, in an append-only log, independently verifiable.
This universal primitive enables a whole ecosystem of settlement, compliance, audit, and coordination — much like TCP/IP enabled the web, email, and cloud computing.
AGTS applies the design principles that made TCP/IP successful — layering, minimalism, end-to-end argument, and decentralized trust — to the problem of governing autonomous systems. It is not a communication protocol but an accountability protocol, and in that domain it aims to be as foundational as TCP/IP is for networking.