scriptjunkie · March 11, 2026 14:41
diff --git a/AVO RFC.txt b/AVO RFC.txt
 Network Working Group Script Junkie
 Internet-Draft 67
 Intended status: Experimental March 11, 2026
 Expires: September 12, 2026

 The "Adult" Bit: An IP Header Option for Age Verification

 Abstract

 This document defines a new IPv4 header option, the Age Verification Option (AVO). This option allows a sending host to signal that the user originating the traffic has been verified as being 18 years of age or older. This is intended to facilitate "green-lane" access to age-restricted content without requiring repetitive application-layer handshakes, while acknowledging the significant privacy and security implications of such a signal.

 1. Introduction
 As global regulations regarding online safety and age-gated content increase, there is a growing need for a standardized, low-latency method to signal age-appropriateness. This document proposes a network-layer signal—the "Adult Bit"—to indicate that a packet’s payload originated from a verified adult.

 1.1 Requirements Language
 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

 2. The Age Verification Option (AVO) Format
 The AVO is a standard IPv4 option. To maintain alignment, it is defined as a 4-byte option.

 2.1 Option Layout
 Plaintext
 +--------+--------+--------+--------+
 |  Type  | Length |  Flags |  RSVD  |
 +--------+--------+--------+--------+
  8 bits   8 bits   8 bits   8 bits

 Type: To be assigned by IANA (Suggested: 67). The "copy" bit SHOULD be set to 0.

 Length: 4 bytes.

 Flags:

 Bit 0 (A-Bit): The "Adult" bit. If set to 1, the sender claims to be 18+.

 Bit 1 (V-Bit): The "Verified" bit. Set to 1 if the claim was verified by a trusted third-party or hardware-level attestation.

 Bits 2-7: Reserved for future use.

 RSVD: Reserved for future use (MUST be zero).

 3. Operation
 When a host generates a packet for an age-restricted service, it MAY include the AVO in the IPv4 header.

 Sender Behavior: The sender MUST only set the A-bit if the local operating system or a trusted application has confirmed the user's age.

 Middlebox Behavior: Routers SHOULD NOT drop packets containing this option but MAY use it to apply Quality of Service (QoS) or filtering policies (e.g., a "Child-Safe" ISP filter might drop any packets destined for certain ports if the A-bit is NOT set).

 Receiver Behavior: The receiver (e.g., a web server) MAY use this header as an initial hint to bypass front-end age gates, though it SHOULD NOT be used as the sole factor for legal compliance.

 4. Security and Privacy Considerations
 This RFC introduces significant concerns that must be addressed:

 Spoofing: Since IP headers are easily forged, the A-bit MUST NOT be considered a "proof" of age unless combined with IPsec or similar cryptographic attestation.

 Privacy Leaks: Including this option identifies the user as an adult, which is a form of metadata leakage. Users SHOULD have the ability to toggle this option off in their OS settings.

 Fingerprinting: This header provides an additional entropy bit for browser and device fingerprinting.

 5. IANA Considerations
 IANA is requested to allocate a new option number in the "IP Option Numbers" registry for the Age Verification Option.

 6. Conclusion
 The AVO provides a standardized way for the network layer to assist in age-gating, moving the burden from the application layer to the session initiation. However, due to the ease of spoofing, its use is recommended only in managed or "trusted" network environments.
	Network Working Group Script Junkie
	Internet-Draft 67
	Intended status: Experimental March 11, 2026
	Expires: September 12, 2026

	The "Adult" Bit: An IP Header Option for Age Verification

	Abstract

	This document defines a new IPv4 header option, the Age Verification Option (AVO). This option allows a sending host to signal that the user originating the traffic has been verified as being 18 years of age or older. This is intended to facilitate "green-lane" access to age-restricted content without requiring repetitive application-layer handshakes, while acknowledging the significant privacy and security implications of such a signal.

	1. Introduction
	As global regulations regarding online safety and age-gated content increase, there is a growing need for a standardized, low-latency method to signal age-appropriateness. This document proposes a network-layer signal—the "Adult Bit"—to indicate that a packet’s payload originated from a verified adult.

	1.1 Requirements Language
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

	2. The Age Verification Option (AVO) Format
	The AVO is a standard IPv4 option. To maintain alignment, it is defined as a 4-byte option.

	2.1 Option Layout
	Plaintext
	+--------+--------+--------+--------+
	\| Type \| Length \| Flags \| RSVD \|
	+--------+--------+--------+--------+
	8 bits 8 bits 8 bits 8 bits

	Type: To be assigned by IANA (Suggested: 67). The "copy" bit SHOULD be set to 0.

	Length: 4 bytes.

	Flags:

	Bit 0 (A-Bit): The "Adult" bit. If set to 1, the sender claims to be 18+.

	Bit 1 (V-Bit): The "Verified" bit. Set to 1 if the claim was verified by a trusted third-party or hardware-level attestation.

	Bits 2-7: Reserved for future use.

	RSVD: Reserved for future use (MUST be zero).

	3. Operation
	When a host generates a packet for an age-restricted service, it MAY include the AVO in the IPv4 header.

	Sender Behavior: The sender MUST only set the A-bit if the local operating system or a trusted application has confirmed the user's age.

	Middlebox Behavior: Routers SHOULD NOT drop packets containing this option but MAY use it to apply Quality of Service (QoS) or filtering policies (e.g., a "Child-Safe" ISP filter might drop any packets destined for certain ports if the A-bit is NOT set).

	Receiver Behavior: The receiver (e.g., a web server) MAY use this header as an initial hint to bypass front-end age gates, though it SHOULD NOT be used as the sole factor for legal compliance.

	4. Security and Privacy Considerations
	This RFC introduces significant concerns that must be addressed:

	Spoofing: Since IP headers are easily forged, the A-bit MUST NOT be considered a "proof" of age unless combined with IPsec or similar cryptographic attestation.

	Privacy Leaks: Including this option identifies the user as an adult, which is a form of metadata leakage. Users SHOULD have the ability to toggle this option off in their OS settings.

	Fingerprinting: This header provides an additional entropy bit for browser and device fingerprinting.

	5. IANA Considerations
	IANA is requested to allocate a new option number in the "IP Option Numbers" registry for the Age Verification Option.

	6. Conclusion
	The AVO provides a standardized way for the network layer to assist in age-gating, moving the burden from the application layer to the session initiation. However, due to the ease of spoofing, its use is recommended only in managed or "trusted" network environments.
No results found