Whisper · Docs
Solutions

Compliance & audit

When an auditor asks "which agent touched this data, from where, and can you prove it wasn't back-dated?", a fleet behind ephemeral keys and rotating NAT'd IPs has no good answer.

And neither does an issuer who controls the very log they're asking you to trust.

The pain: identity that can't survive an audit

Most agent fleets are audited on artifacts that weren't built to be audited:

None of this is a logging problem you fix with more log lines — it's an identity problem. You can't produce an audit trail for an actor with no stable, provable identity in the first place.

The fix: identity you don't have to be trusted to prove

Whisper gives every agent a real, routable IPv6 /128 from 2a04:2a01::/32 (announced by AS219419) as its identity — not a key, not a NAT'd shared address. That address is the join key across every compliance artifact: DNS (forward + reverse), RDAP/WHOIS, a DANE TLS pin, and a public transparency log, all keyed on the same /128, all independently checkable by a stranger with stock tools. Four pieces do the actual work:

  1. A stable, registry-anchored identity. One agent, one /128, for its lifetime — resolvable both ways (dig -x and dig AAAA), so "which agent" is a DNS lookup, not a lookup in your own database.
  2. Signed, per-agent activity logs, queryable per agent via the control plane, so "what did it do" doesn't require trusting your own SIEM.
  3. A Bitcoin-anchored transparency log (RFC 6962) of every issuance and revocation event — append-only, so "was this identity really created/revoked when we say it was" doesn't require trusting Whisper either.
  4. Historical RDAP + jurisdiction-aware addressing (RFC 9092 geofeed), so "where does this agent's traffic originate" is a public record, not a policy document.

Coverage map: which frameworks you can tick

How to read this page. We grade every control into one of three verdicts and never blur them. DIRECT-ADDITIVE: Whisper produces evidence that maps to the control (one input to your package, never the whole standard). COMPLEMENTARY: the framework mandates the sector's own PKI, certificate or process; Whisper sits alongside it and can DANE-pin it, but does not satisfy that requirement. DO-NOT-CLAIM: controls Whisper is honestly the wrong tool for; we list them so nobody over-claims. Each row also carries a fit symbol: strong · partial · stretch · not-addressed. Whisper is a control and evidence layer; it never makes you compliant or certified — your auditor does that.

Shipped & live. The key-derived, RDAP-registered /128 identity, DANE-EE 3 1 1 pin, DNSSEC-signed forward + reverse zones, per-/128 signed logs (op:logs), reverse-lookup observability (op:lookups), one-call op:revoke, the RFC 6962 Merkle transparency log with SCITT (RFC 9942/9943) receipts, typed compliance attestations (POST /attest) with keyless per-leaf inclusion proofs (GET /inclusion?leaf=N), and the attribution graph are all in production and checkable today with dig, curl, or one control-plane call over POST https://graph.whisper.security/api/query with your X-API-Key. The Splunk, Microsoft Sentinel and OpenCTI SIEM connectors ship.

Honest status. The transparency log is tamper-evident, Ed25519-signed, Bitcoin-anchored via OpenTimestamps, and independently witnessed by MarkovianProtocol (any party can co-sign the same open checkpoint format; the live X-Whisper-Ledger-Claim header is the source of truth). Point-in-time RDAP (?history / ?time=) is Whisper's own extension: it is an observation of what we saw, never the registry's ground truth. SCITT COSE receipts ship; the SCRAPI HTTP API (draft-ietf-scitt-scrapi) is still an IETF draft. SIEM: Splunk, Microsoft Sentinel and OpenCTI shipped; STIX/TAXII is on the roadmap. Sector items marked roadmap (STIX/TAXII export, typed CLI flags, C2PA Conformance submission) and pending regulations (HIPAA Security Rule NPRM, NCCS control lists ~2027, PSD3/PSR RTS) are labelled as such; nothing on this page is described as working unless you can reproduce it.

Which frameworks you can tick

Read the Verdict and Fit columns first: they are the load-bearing part. Each row is one control; grouped by framework. Whisper is one input to your package, never the whole standard.

Framework · controlWhat it asks forVerdictFitWhisper evidence (shipped)
SOC 2 CC6.1 · logical accessRestrict logical access to authorized identitiesDIRECT-ADDITIVEDANE-pinned per-agent /128 + FCrDNS/verify name-based inbound authz: one control inside your access program
SOC 2 CC6.2 · registration & deprovisionRegister/authorize before issuing credentials; remove on offboardingDIRECT-ADDITIVEregister provisions, revoke deprovisions a machine/agent identity; both land in the signed transparency log
SOC 2 CC6.6 · external boundaryProtect against threats from outside the boundaryDIRECT-ADDITIVEDefault-deny egress governance bound to the /128; graph-first resolver denies known-C2 per query
SOC 2 CC6.7 · transmissionRestrict & protect information in transmissionDIRECT-ADDITIVEEncrypted DNS (DoH/DoT) + source-bound /128 egress transit; complements your TLS
SOC 2 CC7.2 · monitoringMonitor components for anomaliesDIRECT-ADDITIVEPer-/128 signed logs (dns/conn/alloc) + JA3/JA4; Splunk export shipped, SIEM correlation stays yours
SOC 2 CC7.3/7.4 · incident responseEvaluate, respond to & contain security eventsDIRECT-ADDITIVEOne-call revoke = provable DNS-TTL containment (the network-containment half; you own evaluation & response), checkable with dig -x / verify-identity
ISO/IEC 27001:2022 A.5.16 · identity mgmtManage the full identity lifecycleDIRECT-ADDITIVE/128 as a lifecycle-managed asset: register → keyless verify → revoke; RDAP-registered, transparency-logged
ISO/IEC 27001:2022 A.5.17 · authentication informationManage allocation/use of authentication secretsCOMPLEMENTARYKey-derived identity removes a shared bearer secret; you still run your own credential store
ISO/IEC 27001:2022 A.8.5 · secure authenticationSecure authentication technologiesDIRECT-ADDITIVEDANE/DNSSEC-verifiable, cert-pinnable machine authentication
ISO/IEC 27001:2022 A.8.15/8.16 · logging & monitoringLog events; monitor anomalous behaviourDIRECT-ADDITIVEPer-/128 attributable logs; the attribution graph turns a destination into a verdict
ISO/IEC 27001:2022 A.8.20/8.21 · network securitySecure networks & network servicesDIRECT-ADDITIVEDNSSEC-signed resolution + DANE-pinned channel + per-tenant resolver; complements your firewall/SASE
ISO/IEC 27001:2022 A.8.24 · use of cryptographyPolicy on & effective use of cryptographyDIRECT-ADDITIVEDNSSEC (ECDSA-P256/CSK) signing, DANE, key-derived identity, encrypted transit: concrete crypto inputs to your policy, not the policy itself
NIST CSF 2.0 PR.AA · identity, auth & accessIdentities/credentials managed; access authorizedDIRECT-ADDITIVEPer-/128 identity + DANE auth + default-deny egress
NIST CSF 2.0 PR.DS-02 · data-in-transitProtect confidentiality/integrity in transitDIRECT-ADDITIVEEncrypted DNS + DNSSEC integrity + /128-bound transport
NIST CSF 2.0 DE.CM · continuous monitoringMonitor assets to find adverse eventsDIRECT-ADDITIVEPer-/128 logs + attribution; reverse-DNS → identity on every line
NIST CSF 2.0 ID.AM · asset managementInventory assets with address + ownerDIRECT-ADDITIVE/128 registry keyed to network address + owner per agent/device
NIST CSF 2.0 GV.SC · supply-chain riskManage third-party / system-to-system access riskDIRECT-ADDITIVEPer-vendor/agent identity + revoke + transparency-log grant/removal record
NIST SP 800-53 IA-3 · device I&AUniquely identify/authenticate devicesDIRECT-ADDITIVE/128 device identity derived from the device's own key
NIST SP 800-53 IA-9 · service I&AIdentify/authenticate services before commsDIRECT-ADDITIVEDANE/DNSSEC-verifiable per-service /128 identity
NIST SP 800-53 AC-4 · information-flow enforcementControl information flows (egress)DIRECT-ADDITIVESource-bound /128 egress, default-deny allowlist
NIST SP 800-53 AU-9 · protection of audit infoProtect logs from unauthorized alterationDIRECT-ADDITIVEAppend-only Merkle ledger; OpenTimestamps/Bitcoin anchor; independent witness cosign¹
NIST SP 800-53 AU-10 · non-repudiationProve an actor performed an actionDIRECT-ADDITIVESCITT (RFC 9942/9943) receipts + transparency-log inclusion; issuance/revocation non-repudiable²
NIST SP 800-53 SC-8 · transmission conf./integrityProtect data in transitDIRECT-ADDITIVEEncrypted DNS (DoH/DoT) + /128-bound egress
NIST SP 800-53 SC-20/21/22 · secure name resolutionAuthoritative + resolver DNSSEC origin-authDIRECT-ADDITIVEWhisper IS a DNSSEC-signing authoritative (SC-20) + validating resolver (SC-21): the strongest 800-53 fit
NIST SP 800-53 SC-23 · session authenticityProtect session authenticityCOMPLEMENTARYDANE-pinned TLS hardens session trust; your app owns the session
PCI DSS 4.0 Req 1 · network security controlsRestrict connections to/from the CDEDIRECT-ADDITIVE/128 default-deny egress = one network security control at the IP layer, not your whole NSC ruleset
PCI DSS 4.0 Req 8 · identify & authenticateUnique ID + strong auth for componentsDIRECT-ADDITIVEPer-/128 cryptographic identity for non-human system components (not the human-user IDs / MFA the requirement also mandates)
PCI DSS 4.0 Req 4 · strong crypto for PAN in transitEncrypt PAN over open/public networksCOMPLEMENTARYEncrypts the DNS/egress path, not the PAN payload itself
PCI DSS 4.0 Req 10 (+10.5) · log & protectLog all access; protect audit trailsDIRECT-ADDITIVEPer-/128 logs (10.2/10.3); tamper-evident ledger protects integrity (10.5)
HIPAA §164.312(a)(2)(i)/(d) · unique ID + entity authUnique identifier; verify the entityDIRECT-ADDITIVEPer-/128 unique identifier + DANE/DNSSEC-verifiable machine-entity auth (not human MFA)
HIPAA §164.312(b) · audit controlsRecord & examine system activityDIRECT-ADDITIVEPer-/128 activity logs record the DNS/egress boundary: one input to your audit controls, not the ePHI-system audit trail
HIPAA §164.312(e) · transmission securityGuard & encrypt ePHI in transitDIRECT-ADDITIVEEncrypted DNS + /128-bound transit on the identity/resolution path; your ePHI store stays yours
HIPAA §164.312(c)(1) · integrityCorroborate ePHI not alteredCOMPLEMENTARYDNSSEC/DANE integrity on resolution; the ledger corroborates its own records
GDPR Art. 32(1)(a) · encryption of processingPseudonymisation + encryptionDIRECT-ADDITIVEEncrypted DNS/transit; per-record crypto-shred keys (scope: Whisper's records, not your store)
GDPR Art. 5(1)(f) · integrity & confidentialityProcess securely against unauthorised accessDIRECT-ADDITIVEIdentity + egress governance + logs as the demonstrable measure
GDPR Art. 25 · data protection by designBuild DP in from the startCOMPLEMENTARYIdentity-derived-from-key + default-deny egress = a by-design building block
GDPR Art. 17 · right to erasureErase personal data on requestDIRECT-ADDITIVELedger leaves are salted opaque commitments: crypto-shred the salt → meaning unrecoverable, prior proofs stay valid
GDPR Art. 30 / Art. 44+ · records & residencyRecords of processing; know & constrain where data goesDIRECT-ADDITIVEBitcoin-anchored, independently-witnessed issuance ledger + point-in-time RDAP¹ ³; RFC 9092 geofeed publishes jurisdiction, egress policy can geo-scope
DORA Art. 9 · protection & preventionAuthenticity/integrity/confidentiality in transit; network mgmtDIRECT-ADDITIVEIdentity + DNSSEC integrity + encrypted transport + egress control
DORA RTS (2024/1774) Art. 6 · encryption & cryptoPolicy + use of cryptographyDIRECT-ADDITIVEDNSSEC/DANE/transit crypto as concrete inputs to the crypto policy
NIS2 Art. 21(2)(d) · supply-chain securityManage supplier / service-provider riskDIRECT-ADDITIVEPer-vendor identity + revoke + transparency-log grant/removal
NIS2 Art. 21(2)(i) · access control & asset mgmtAccess-control policies; asset managementDIRECT-ADDITIVEPer-/128 machine access + /128 asset registry
NIS2 Art. 21(2)(j) · continuous auth / secured commsContinuous auth; secured communicationsDIRECT-ADDITIVEContinuously-checkable DANE credential + instant revoke + encrypted DNS: the continuous-auth/secured-comms half, not MFA
EU CRA Annex I (2)(d) · protection from unauthorised accessAuth / identity / access-mgmt mechanismsDIRECT-ADDITIVEEmbedded /128 identity for the product-with-digital-elements
EU CRA Annex I (2)(f) · integrity protectionProtect data/command integrityDIRECT-ADDITIVEDNSSEC/DANE integrity on resolution + identity
EU CRA Annex I (2)(l) · record & monitorLog security-relevant activityDIRECT-ADDITIVEPer-/128 security-relevant activity logs
EU CRA Annex I Part II · SBOMA machine-readable software bill of materialsDO-NOT-CLAIMNot provided: Whisper is not an SBOM tool
EU AI Act Art. 12 · record-keepingAutomatically log events over the lifecycleDIRECT-ADDITIVEPer-agent egress/resolution logs + tamper-evident ledger = traceability records
EU AI Act Art. 15 · robustness & cybersecurityResist manipulation / confidentiality attacksCOMPLEMENTARYVerifiable agent identity + DANE + egress governance = one concrete cybersecurity measure, not a conformity route
ISO/IEC 42001 A.6 / NIST AI RMF MANAGE · AI lifecycle & traceabilityManage AI system lifecycle; traceability & recordsDIRECT-ADDITIVEIdentity issuance/rotation/revoke + transparency log + per-agent logs supply technical evidence; you run the management system
CIS Controls v8 1 · asset inventoryInventory by network address + ownerDIRECT-ADDITIVE/128 registry: network address + owner per agent/device
CIS Controls v8 6 · access control mgmtGrant/revoke by least privilegeDIRECT-ADDITIVEPer-/128 identity + register/revoke lifecycle
CIS Controls v8 8 · audit log mgmtCollect, protect, retain audit logsDIRECT-ADDITIVEPer-/128 logs, tamper-evident, retained
CIS Controls v8 13 · network monitoring & defenseMonitor + defend the networkDIRECT-ADDITIVEEgress logs + attribution + default-deny defense
OWASP LLM06:2025 · excessive agencyBound the actions/reach an agent can takeDIRECT-ADDITIVEDefault-deny /128 egress allowlist + one-call revoke (kill switch) bound the agent's network reach
OWASP Agentic · agent identity & non-repudiationUnique agent identity; accountable, containable actionsDIRECT-ADDITIVEPer-agent cryptographic /128 + tamper-evident action log + instant revoke
OWASP LLM02/LLM03 · info disclosure / supply chainNarrow exfil paths; verify dependency endpointsCOMPLEMENTARYEncrypted DNS + egress governance narrow exfil; DANE-pin dependency endpoints — you own dependency vetting
MITRE ATLAS · exfiltration / impact tacticsDetect-limit exfil; contain adversary impactCOMPLEMENTARY/128 egress logs + default-deny detect/limit exfil; revoke = containment; attribution maps the actor (ATLAS is a threat model, not a control catalog)
MFA / human authenticationMulti-factor authentication for human accessDO-NOT-CLAIMWhisper does device/entity identity, not a human login factor
Encryption at restProtect stored data at restDO-NOT-CLAIMOut of scope: Whisper anchors the network/IP boundary, not storage
Certification / "makes you compliant"Any audit, attestation or conformity decisionDO-NOT-CLAIMWhisper is a control + evidence layer within your program; an auditor certifies, we never do

By industry

Whisper anchors one boundary — the cloud/IP interface between a sector device or endpoint and its backend. It complements each sector's own PKI and processes; it never satisfies a certification. Each vertical has its own deep page.

Vertical · standardWhat it asks forVerdictFitWhisper evidence (shipped)
Automotive · UN R155 CSMS (monitor-detect-respond)Detect, monitor & respond to vehicle cyber-threats across the fleet lifecycleDIRECT-ADDITIVEDevice-derived /128 from IDevID/TPM + VIN(+ECU serial); per-/128 logs → attribution graph → one-call revoke supply a monitor-detect-respond loop at the cloud/IP boundary — one control inside the CSMS, not the whole management system
Automotive · UN R156 SUMS (software updates)Secure the software-update process to the vehicleCOMPLEMENTARYDANE-pins the update endpoint (transport identity only); it does not sign the update package
Automotive · ISO/SAE 21434 (TARA lifecycle)Cybersecurity engineering across the vehicle lifecycleDIRECT-ADDITIVEOne TARA control in the operations/IR phase; not the whole engineering process
Automotive · Auto-ISAC ATM (threat matrix)Map & share adversary tactics (Initial Access/C2/Exfil/Containment)COMPLEMENTARYPer-/128 logs + attribution map to ATM tactics; analyst-driven, STIX/TAXII export on roadmap
Automotive · SecOC / V2X-SCMS / ISO 15118In-vehicle & V2X message securityDO-NOT-CLAIMWhisper never sits inside these handshakes; it anchors the cloud/IP boundary only
Energy · NERC CIP-005-7 R3 (vendor remote access)Determine & disable active vendor remote-access sessionsDIRECT-ADDITIVE/128 identity + op:list/op:lookups (determine) + revoke (disable) for vendor remote access
Energy · NERC CIP-013-2 R1.2 (supply chain)Vendor-risk controls incl. coordinated remote-access & disclosureDIRECT-ADDITIVETransparency log = non-repudiable vendor grant/removal record; per-vendor identity: one control within the R1.2 supply-chain plan
Energy · EU NIS2 Art.21 / NCCS 2024/1366 Art.33Risk-management measures for the electricity sectorDIRECT-ADDITIVEIdentity + per-/128 logs + revoke cover part of the risk-management measures; NCCS technical control lists finalise ~2027
Energy · IEEE 2030.5 CSIP (LFDI) · SunSpec/Kyrio PKI · IEC 62351-9DER cryptographic identity via the sector PKICOMPLEMENTARY/128 keyed to LFDI; DANE-pins the CSIP/SunSpec cert — it never issues the CSIP certificate
Energy · NERC CIP-010 / CIP-005 R2 IRA-MFA / CIP-007 R5Config change mgmt · interactive-remote-access MFA · account mgmtDO-NOT-CLAIMOut of scope (BES-scope caveat); Whisper does not do config-mgmt or human MFA
Telecom / 5G core · 3GPP TS 33.501 (SBA; rogue-NRF / DNS-spoof)Secure NF discovery & the service-based architectureDIRECT-ADDITIVEDNSSEC + DANE close the DNS-spoof / rogue-NRF gap; drops into NFProfile.ipv6Addresses, no NRF change
Telecom / 5G core · GSMA FS.36 (N32/SEPP)Secure the inter-PLMN N32 interfaceCOMPLEMENTARYDANE-pinned N32/SEPP peer identity alongside the SEPP's own TLS/PRINS; it does not replace them
Telecom / 5G core · NIS2 Art.21/23 · NSA/CISA ESF · ZTMMRisk mgmt, incident timelines, zero-trust for 5G cloudDIRECT-ADDITIVEPer-NF logs/lookups on the NIS2 clock; default-deny micro-segmentation vs lateral movement
Telecom / 5G core · 3GPP TS 33.310 NF cert (mTLS + OAuth2/NRF)Per-NF certificate + mutual-TLS + token authCOMPLEMENTARY/128 from the NF's existing SBI mTLS key; a second independent DNS layer, never replaces mTLS
Telecom / 5G core · GSMA NESAS/SCAS · FCC Covered ListNetwork-equipment security assurance / certificationDO-NOT-CLAIMNot a certification; a boundary control, not the deep intra-SBI mesh
OT / ICS · EU CRA Annex I (2)(d)/(i)/(j)Identity, access control & data-flow control for productsDIRECT-ADDITIVEEmbedded /128 from OPC UA cert / 802.1AR IDevID / TPM; default-deny egress = MUD-style conduit at asset granularity
OT / ICS · IEC 62443-3-3 SR 5.1 · NIST 800-82r3 · CSF ID.AM/PR.AA · CISA CPG 2.0 · RFC 8520 MUDZone/conduit segmentation & asset inventoryDIRECT-ADDITIVEAsset-granularity conduit + an asset register straight from DNS/RDAP
OT / ICS · IEC 62443-4-2 CR 1.2 (software-process I&A)Identification & authentication of software processesCOMPLEMENTARY identity /  authProvides the identity (●); the authentication handshake stays the asset's own (◐)
OT / ICS · CRA Annex I Part II SBOM · 62443-4-2 CR 1.1 human I&A · 62443-4-1 SDLASBOM · human user I&A · secure-development lifecycleDO-NOT-CLAIM / No SBOM (✗), no human I&A (✗); SDLA is a development process, not a product control (○)
Health · FDA §524B(b)(1)/(2) + cyber-device UDIPostmarket monitoring, secure design, UDI-keyed traceabilityDIRECT-ADDITIVEDevice-derived /128 keyed to the UDI; per-device revoke; one control inside the SPDF, not the whole secure-development framework
Health · HIPAA Security Rule NPRM + §164.312(b)/(d)Asset inventory, network map, segmentation, audit, entity authDIRECT-ADDITIVE/128 inventory anchor + live network map (attribution) + entity auth (not human MFA); audit is the DNS/egress boundary, not the ePHI-system trail; NPRM still proposed
Health · FHIR UDAP/SMART · TEFCA/QHIN · IEC 62443-4-2 · IEC 81001-5-1 · EU MDR 17.4Community-CA endpoint trust & secure device lifecycleCOMPLEMENTARYDANE-anchors the community cert keyed to Endpoint.identifier; never the community CA/clearance
Health · FDA §524B(b)(3) SBOM · MFA · encryption-at-rest · clearance routeSBOM · human MFA · at-rest crypto · market clearanceDO-NOT-CLAIMNo SBOM/MFA/at-rest; never a §524B/MDR clearance shortcut
Content / provenance · EU AI Act Art.50(2)/(4) + Recital 133Mark & disclose AI-generated content via cryptographic provenanceDIRECT-ADDITIVE/128 from the C2PA claim-signer key + cert serial; DANE-anchors the signer (an enumerated cryptographic-provenance technique — it anchors the signer, not the content mark itself) + op:lookups verification analytics
Content / provenance · C2PA claim signer (COSE_Sign1/x5chain)A trusted cryptographic signer for the manifestCOMPLEMENTARYA pluggable, DANE-anchored C2PA trust source, keyed to the signer cert serial
Content / provenance · C2PA Trust List / Conformance · CAWG Identity 1.2 · ISO 22144Trust-list membership & identity assertionsCOMPLEMENTARYA pluggable source, not gate-kept membership; op:lookups = "who verified my content"
Content / provenance · deepfake detection · survives manifest-strip · "this is AI"Detect synthetic media / survive re-encodeDO-NOT-CLAIMProvenance ≠ truth; Whisper never asserts "this is AI" (that's the manifest's) and does not survive a manifest-stripping re-encode
Commerce / agentic payments · PSD2 SCA delegation + dispute attributionStrong customer auth anchoring & dispute evidenceDIRECT-ADDITIVE/128 anchor for SCA delegation (an anchor, not SCA itself) + a dispute-attribution subject
Commerce / agentic payments · KYA · NIST NCCoE agent identity · OWASP ASI03Know-Your-Agent identity, universal revocationDIRECT-ADDITIVEUniversal (not per-network) revocation + a public DNSSEC/DANE key directory for agents
Commerce / agentic payments · A2A · AP2→FIDO · x402 · MCP · Visa TAP · Mastercard Agent PayAnchor agent identifiers across the payment railsCOMPLEMENTARYDANE-pins the identifier (A2A url, AP2 verificationMethod, x402 wallet, Visa keyid, Mastercard cert); no protocol change, never settles
Commerce / agentic payments · PSD2/SCA conformity · PSP/settlement · PCI-DSS · VASP-grade KYCPayment-institution conformity & KYCDO-NOT-CLAIMNot a PSP, not settlement, not PCI-DSS conformity; identity ≠ intent, and this is not VASP-grade KYC

¹ The transparency log is independently witnessed (MarkovianProtocol) and OpenTimestamps/Bitcoin-anchored today; the witness set is open and self-reverting, and the live X-Whisper-Ledger-Claim header is the source of truth.
² SCITT COSE receipts (RFC 9942/9943) are shipped and fold to the same checkpoint root; the SCRAPI HTTP API (draft-ietf-scitt-scrapi) is still an IETF draft.
³ Point-in-time RDAP is Whisper's own extension: an observation of what we saw at time T, not a claim about the registry's own ground truth.

Deeper per-industry detail: Automotive · Energy · Telecom / 5G core · OT / ICS · Health · Content / provenance · Commerce / agentic payments.

1. Stable identity: the join key for everything else

The demo resident, 2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4, resolves forward and backward, and its friendly name is its FQDN in agents.whisper.online:

With stock tools:

dig -x 2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4 +short
# acef2002a323d40d4.demo.agents.whisper.online.

dig +short AAAA acef2002a323d40d4.demo.agents.whisper.online
# 2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4

dig +short TLSA _443._tcp.acef2002a323d40d4.demo.agents.whisper.online
# 3 1 1 b653a4ef...fcb82d1d

Every answer above carries AD=1 under DNSSEC validation (RFC 4035) against any recursive resolver, including 1.1.1.1 or 8.8.8.8 — the identity binding isn't asserted by an API response, it's signed by the zone itself.

With Whisper:

whisper verify --trustless 2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4
# re-derives PTR + AAAA + TLSA + RDAP itself, chains to the IANA root — Whisper's API isn't trusted, only DNSSEC is

See Verify an agent and DANE & DNSSEC for the full chain.

2. Signed, per-agent logs

Attribution only matters if you can pull the trail for one agent, not grep a shared access log for an IP that six other workloads also touched.

With stock tools: there is no stock-tool path here — that's the point. A shared IP or a bearer token has no per-actor log by construction; you'd be reconstructing attribution from application-level correlation, which is exactly the unprovable state this page exists to fix.

With Whisper:

CALL whisper.agents({op:'logs', args:{agent:'my-agent', from:'2026-06-01'}})
-> per-event records: timestamp, kind (dns/conn/alloc), destination, decision, bytes
whisper logs --agent my-agent --from 2026-06-01 --kind conn

Because the identity is a dedicated /128, every record is unambiguously one agent's — no shared-IP noise to filter out.

3. The transparency log: RFC 6962, anchored to Bitcoin

Every identity issuance and revocation is appended as a leaf to a Merkle tree, served as signed checkpoints (C2SP tlog-tiles) with the leaf/interior construction straight from RFC 6962:

leaf     = sha256(0x00 || sha256(salt || event))
interior = sha256(0x01 || left || right)

Because entries are salted, opaque commitments, a record can be crypto-shredded for GDPR Article 17 without invalidating the tree or any previously issued inclusion proof — the hash stays, the personal data behind the salt doesn't.

With stock tools:

curl -s https://whisper.online/checkpoint            # origin, tree_size, root_hash, Ed25519 signature
curl -s https://whisper.online/checkpoint/ots         # the checkpoint's OpenTimestamps Bitcoin proof
curl -s https://rdap.whisper.online/ip/2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4/transparency
                                                       # this agent's issuance/revocation events + RFC-6962 inclusion proof
curl -s "https://whisper.online/inclusion?leaf=<N>"  # any leaf's inclusion proof, by index: leaf_hash + path + checkpoint
dig +short TXT _whisper-ledger.whisper.online         # the log's Ed25519 key, DNSSEC-anchored

Honest status: tamper-evident and Ed25519-signed today, Bitcoin-anchored via OpenTimestamps, and independently witnessed by MarkovianProtocol (additional witnesses welcome, any party can co-sign the same open checkpoint format). Full policy at nic.whisper.online/policy#transparency and Transparency log.

op:revoke is provable the same way: after it runs, dig -x <addr> returns nothing, /verify-identity flips to is_whisper_agent: false, and the event lands in the signed checkpoint — the same tools that proved the identity prove the kill.

4. Historical RDAP and jurisdiction-aware addresses

RDAP (RFC 9083) gives you the registry record for any address or name today; the /transparency sibling above gives you its history. For data residency, 2a04:2a01::/32 publishes a standard geofeed (RFC 9092) mapping prefixes to jurisdiction, so "this agent's address is EU-registered" is a fetchable fact, not a claim in a DPA:

curl -s https://rdap.whisper.online/ip/2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4
curl -s https://whisper.online/.well-known/geofeed | grep 2a04:2a01
# 2a04:2a01::/32,NL,NL-NH,Amsterdam
whois -h whois.whisper.online 2a04:2a01:eb5a:ca74:cef2:2a:323d:40d4

With Whisper: whisper create --register returns the same registry facts (address, fqdn, ptr) at mint time, and whisper.agents({op:'policy', ...}) can constrain an agent's egress to a geography-scoped set of destinations, so residency is enforced, not just documented. See RDAP & WHOIS and Control plane.

5. Attest a control in force: typed compliance attestations

Everything above proves facts Whisper wrote into the log. POST /attest is the arm where you write: a typed statement that a named control was checked and what the verdict was, committed as a leaf in the same RFC 6962 tree and handed back as a fetchable SCITT (RFC 9942) receipt. Attest "SOC 2 CC6.1 was checked and passed, here is the evidence hash" today; hand the auditor a proof next year that verifies with stock tools, no Whisper account, and no trust in you or in us.

Two tiers, Postel style, same as the rest of the ledger: writing takes an API key (the anti-spam gate on the shared tree), reading and verifying is keyless, always.

With your API key (a real, live-captured run; key redacted):

curl -X POST "https://whisper.online/attest" \
     -H "X-API-Key: whisper_live_xxx" \
     -H "content-type: application/json" \
     --data '{"control_id":"CC6.1","verdict":"pass","evidence_hash":"<sha256-hex>","framework":"soc2"}'
{"object":"compliance-attestation",
 "id":"d0e09c8ee5e03d06afa3c2869e6bafff5a0ad57e494663474c8dd5278ee205a2",
 "leaf_index":429,
 "receipt":"/entries/d0e09c8ee5e03d06afa3c2869e6bafff5a0ad57e494663474c8dd5278ee205a2",
 "checkpoint":"whisper.online/ledger\n430\njpp4vn/0aqGamWCLeKm2v9qYphx2nslhBYZx7WN3So4=\n\n— whisper.online/ledger <ed25519-sig>\n",
 "canonical":{"owner":"t<sha256-tenant-handle>","control_id":"CC6.1","verdict":"pass",
              "framework":"soc2","evidence_hash":"<sha256-hex>","at":1784223138224}}

The input side is liberal, per Postel: verdict takes pass/fail, common synonyms, or booleans; evidence_hash accepts bare hex, sha256: or 0x prefixes; at is optional and takes epoch millis, epoch seconds, or an ISO timestamp; the field names have synonyms too. No key is a 401, bad input is a clear 400 that says what is wrong, never an opaque 500.

Keyless, for the auditor (or anyone): the receipt and the proof, straight from the response above:

# the RFC 9942 SCITT receipt for this attestation (200, application/cose)
curl -s "https://whisper.online/entries/d0e09c8ee5e03d06afa3c2869e6bafff5a0ad57e494663474c8dd5278ee205a2"

# its RFC 6962 inclusion proof, by the returned leaf_index
curl -s "https://whisper.online/inclusion?leaf=429"
# {"object":"ledger-inclusion","leaf":429,"tree_size":436,
#  "leaf_hash":"78102abbc7740dc2800663fde4ee76fb9d53d5cafc4984bb435617d639e03e70",
#  "proof":["433705224dd111195a53ce5564499083608c83ca3e2a9fa7ec9682827b58098e", …],
#  "checkpoint":"whisper.online/ledger\n436\n…"}

That leaf_hash is byte-identical to the X-Whisper-Scitt-Leaf-Hash header on the receipt, and both fold to the same checkpoint root: one attestation, two envelopes, exactly like every other leaf. Validating the COSE receipt with stock tooling is the walkthrough on SCITT receipts; folding the proof by hand is the one on Transparency log.

What lands in the tree, and what an attestation proves. The leaf is the same opaque, salted commitment as every other entry: no cleartext control_id, no evidence, nothing an outsider can read (see what's actually in a leaf). The echoed canonical object is your disclosure copy, and canonical.owner is the opaque one-way tenant handle RDAP already publishes, never your account id or email. And the honest ceiling: a logged attestation proves this exact statement was made at this point in the log's history and has not been altered since. It does not prove the control actually passed; the evidence behind evidence_hash stays yours to produce, and your auditor stays the judge. The log's job is to make the record impossible to quietly rewrite.

For: crypto-compliance platforms, fintech, regulated AI deployments, and anyone with EU data-residency or SOC2/audit obligations for autonomous workloads. A production crypto-compliance platform runs its agent fleet on this today.

Next: Transparency log for the full ledger mechanics, or Egress governance to constrain what an already-audited agent is allowed to reach.