ifp

← Garden Patch Home · Principles

• is_a::[[Principle Form]]
• has_status::[[Seed Stage]]
• in_domain::[[Deep Context Architecture]]

Auditable Intermediaries Over Silent Proxies

When a relay, proxy, or intermediary handles a message between two agents, it must append a trace entry recording its involvement. The trace is mandatory — not a logging convenience, but a protocol requirement.

This principle exists because human legibility is a hard constraint in Inter-Face Protocol (IFP-1 Section 5.3). If an intermediary can silently forward, delay, duplicate, or drop messages without leaving a trace, the human operator cannot verify the path their messages took. The audit log becomes unreliable, and the accountability chain breaks.

What the Trace Records

Each intermediary appends:

• When it received the message
• From which agent or relay
• Any transformations applied (re-encryption, format conversion)
• Its own identifier

What the Trace Does Not Prevent

Tracing is accountability, not prevention. A malicious relay can still read unencrypted content, delay delivery, or inject false trace entries. The mitigations are layered:

• IFP-5 signatures survive relay — the sending agent’s signature covers the message, not the transport. A relay cannot forge the sender’s identity.
• Replay detection — receiving agents track message IDs and detect duplicates.
• Body encryption — agents should encrypt message bodies when routing through untrusted relays.

The trace ensures that relay involvement is visible. Detection and response are separate concerns.

Sources

• IFP-1: Philosophy and Design Principles, Section 6.4
• IFP-8: Relay and Pub/Sub Transport, trace requirements

Relations

• relates_to::[[Relay as Accountable Store-and-Forward Intermediary]]
  • Relays are the primary implementation of this principle.
• relates_to::[[Three-Part Enforcement Stack]]
  • Mandatory tracing is the technical enforcement layer; accountability also requires legal duties and exit rights.
• relates_to::[[Human Authority Over Augmentation Systems]]
  • Auditable traces enable the human to verify what happened — a precondition for meaningful authority.
• relates_to::[[Authority Flows from the Person]]
  • Transparency through mandatory tracing ensures the person can verify the path their delegated communications took.

This site is open source. Improve this page.