Home / News Changelog · spec development

News & changelog

What's moving in the standard. This is a record of specification work: drafts published, normative changes proposed, RFCs opened, working groups forming. It is not a press feed. OCSS is Draft for Review; v1.0 ratification is targeted for Q3 2026, at which point editorial authority transfers from the founding steward to the multi-stakeholder Trust Committee.

If you build parental-controls or platform features, this is where you time your implementation against spec milestones: which capabilities are stable enough to build on, which are still in comment, and when a normative change might move ground under you. Entries are dated and described in the language a standards body uses: what changed, what stage it reached, and what review window applies. Subscribe to the RFC feed to get each entry as it lands.

§ 1

Feed

Specification milestones in reverse chronological order. Each carries a tag: spec for normative drafts and protocol work, guide for governance and process, adopt for coalition formation. Every milestone below reflects work on OCSS, which maps to 91 child-safety laws across 30+ jurisdictions (54 enacted, 22 proposed, 7 pending, plus a handful under injunction). The taxonomy implements several that aren't yet enforced law (KOSA, COPPA 2.0, CA AB 1043's OS age-signal mandate, NY S9051's AI-companion ban) and maps to ones in force today (EU DSA, the UK AADC and Online Safety Act, Australia's OSA). OCSS rules were derived bottom-up: each statute's obligations were decomposed into the smallest enforceable units, then collapsed into the ~100 shared categories, so one category often satisfies the same duty across a dozen jurisdictions. The full per-statute mapping, with which OCSS rule covers which clause, is at resources.html#legislation-mapping.

Normative language · RFC 2119 Normative language throughout follows RFC 2119: the key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL carry their RFC 2119 meanings in every OCSS document referenced below. When an entry says an intermediary MUST validate a signature or MUST NEVER decrypt a payload, read it as a conformance obligation, not editorial emphasis.

spec2026-05-20

OCSS Trust Framework whitepaper published (draft v0.1)

The OCSS Trust Framework whitepaper (draft v0.1) is now public: read it at the-standard.html#sec2, or pull the PDF from the resources library. It pins the crypto primitives the routing layer is built on, by name and parameter, with no "left to the implementation" gaps. The IETF draft-phosra-ocstf-00 filing (below) is the standards-track companion; the whitepaper is the readable spec, with the full envelope schema and security analysis the changelog only summarizes here:

Envelope layers, threat model & the post-quantum decision

Outer envelope (routing layer, visible to the intermediary): signed with Ed25519 under RFC 9421 HTTP Message Signatures, with RFC 8707 resource indicators binding each signature to its intended receiver. Carries only routing metadata and a receiver-domain-separated family_hash, never identity.
Inner payload (record layer, opaque to the intermediary): a JWE sealed to the receiver's public key. The draft specifies the cipher suite rather than deferring it: content encryption is A256GCM (AES-256-GCM) with key agreement via ECDH-ES+A256KW over X25519. zip compression is disallowed to close the JWE compression-oracle class of attack. ChaCha20-Poly1305 is reserved as an alternative content-encryption registration for the v1.1 cipher-agility track.
Trust List: an eIDAS-style, Ed25519-signed machine-readable registry of accredited intermediaries, modeled on the EU Trusted List (EUTL, in operation since 2014). Fetched and cached for ≤24h; a revoked intermediary drops out of every verifier's view within that window. Status is Yellow below three accredited intermediaries, Red below two. "Federation-grade" requires at least three, so no single operator is load-bearing.
Verifiable-credential pathway (SHOULD): for age and consent signals carried as verifiable credentials, intermediaries SHOULD support the W3C Digital Credentials API and OpenID4VP as the presentation transport, giving platforms a standards-track alternative to bespoke attestation. Zero-knowledge issuance (Longfellow-ZK) and TEE attestation are roadmap (MAY / v1.1), not v1.0 requirements.

Threat model (stated, not implied). The design assumes a passive-honest-but-curious intermediary and is built to stay sound under collusion of up to N−1 of N accredited intermediaries: because the inner record is JWE-sealed to the receiver, no quorum of intermediaries can read a payload. Replay is bounded by the RFC 9421 created/nonce components plus an audit row per envelope, so a re-sent envelope is detectable and idempotent. Cross-intermediary correlation is blocked by the receiver-domain-separated family_hash: the same family resolves to different opaque identifiers at different receivers, so no two intermediaries can join their logs to re-identify a minor. Key compromise is contained by mandatory rotation at ≤180 days and Trust-List revocation that propagates within the ≤24h cache TTL. The one explicitly out-of-scope threat is a stricter-rule downgrade (an intermediary silently relaxing a Block to a Warn), which the protocol cannot prevent cryptographically; it is instead caught by the immutable signed Receipt at the enforcement point (see §10 Receipt), since the receiver's audit trail will not match the sender's signed intent. We state that mitigation honestly: it is a detective control with an audit-trail adversarial bound, not a preventive cryptographic one. Open for comment ahead of the next revision.

On post-quantum: a stated decision, not an omission. v1.0 is classically secure and has no PQC path. Key agreement is X25519 (ECDH-ES+A256KW), which is not post-quantum-secure, and the Ed25519 signatures over the outer envelope and the Receipt are likewise classical. That is deliberate: X25519 and Ed25519 are the interoperable, broadly-implemented primitives a 2026 standard can demand of every adopter today, and the threat that matters for a child-safety signal is a live intermediary reading or correlating a payload now. The "harvest-now, decrypt-later" attacker is not the concern here, since a sealed routing envelope carries no long-lived secret worth banking against a future quantum machine. The cipher-agility track is real and reserved, not hand-waved: ChaCha20-Poly1305 is already registered as an alternative content-encryption suite for v1.1, the JWE alg/enc headers make the suite negotiable on the wire, and a PQC or hybrid key-agreement profile is the explicit candidate for that same v1.1 cipher-agility work. We are not claiming v1.0 is quantum-resistant; we are documenting why it is not and where the upgrade lands.

spec2026-05-06

`draft-phosra-ocstf-00` filed as an IETF Internet-Draft

The OCSS Trust Framework was filed as an individual-submission Internet-Draft. It cites RFC 9421 (HTTP Message Signatures, Ed25519 over the outer envelope) and RFC 8707 (resource indicators) as normative. It extends the Issuer / Verifier / Gatekeeper roles from draft-knodel-age-arch-00 by adding a fourth role, an Infrastructure-intermediary that performs signed forwarding without decryption: the intermediary validates the sender's Ed25519 signature on the outer routing layer while the inner payload stays JWE-sealed to the receiver's key, so no party in the path can read or re-identify the minor. Comment via the IETF process.

guide2026-04-22

Four working groups forming

The coalition opened chartering for four public working groups: AI Safety, Privacy, Algorithmic Transparency, and Hard Blocks. Each owns the rule categories in its area and reviews proposals RFC-first. Seats are open; meetings and drafts will be public. The groups convene once the founding cohort is seated.

spec2026-04-08

OCSS Rules taxonomy published for review

The rule taxonomy (~100 typed categories grouped under the eight runtime capabilities) was published as Draft for Review. This is the content layer: the canonical vocabulary platforms enforce against. Category names and semantics are open for comment through the working-group process.

spec2026-03-25

Conformance approach drafted

A first draft of the conformance model was circulated: two paths (self-attested "Implementer" and independently verified "Certified"), each tested against the rule list of every capability claimed, the nine areas from Age and Tier through Block and Receipt. As the suite firms up, canonical test vectors for each capability (Age band resolution, Tier Allow/Warn/Block evaluation, hard-Block matching) and sample signed envelopes + Receipts ship alongside it in the conformance-suite repository, so implementers can diff their output against fixed inputs rather than reading prose. The suite itself is in active drafting; test vectors and canonical sample envelopes are targeted for Q3 2026, alongside v1.0 ratification. Until they ship, treat the rule semantics as stable for prototyping but not yet diffable against a baseline. No test counts or pass rates are published yet (and won't be invented).

Implementer detail: typed rule shape & verify-before-enforce

What an implementer actually builds against: each rule is typed JSON (a category ID, the capability it belongs to, and its parameters), and the integration is a verify-before-enforce sequence. Validate the outer Ed25519 signature → confirm the sender is on the Trust List → resolve the age band → evaluate the matching rule to Allow / Warn / Block → emit a signed Receipt. That same evaluated decision then drives whatever enforcement surface you own: DNS resolvers, MDM profiles, home-router firmware, OS-level controls, or in-app gates. One typed signal, the same verdict, regardless of where the block lands.

Here's the typed shape an implementer evaluates against: a Tier rule, an Age rule, and a Block rule, illustrative but to the same schema as the conformance draft. Every rule carries a category id, the capability it belongs to, the typed params for that capability, and the cite array that lands in the Receipt. The architecture decision you can make now: your engine is a switch on capability with a handler per area, and you only build handlers for the capabilities you claim.

// OCSS rule categories — illustrative typed shapes (one per capability)
[
  {
    "id":         "ai_chatbot_tier_gate",
    "capability": "Tier",
    "params": {
      "scale":    "civil-society-4tier",  // e.g. a 4-tier AI risk scale
      "min_band": "13-17",                // band that may pass
      "on_fail":  "Block"                  // Allow | Warn | Block
    },
    "cite": ["NY-S9051-§2"]
  },
  {
    "id":         "os_age_signal_ingest",
    "capability": "Age",
    "params": {
      "sources":  ["os", "app", "household"],
      "returns":  "band",                  // derived range, never DOB
      "bands":    ["0-12", "13-17", "18+"]
    },
    "cite": ["CA-AB1043-§1798.99.30"]
  },
  {
    "id":         "nfk_hard_block",
    "capability": "Block",
    "params": {
      "match":    "not-for-kids",          // hard, non-overridable
      "surfaces": ["dns", "mdm", "router", "os", "app"]
    },
    "cite": ["KOSA-§3(a)"]
  }
]

spec2026-03-11

Receipt format drafted: the regulator-auditable record

The Receipt capability (§10) got its first normative draft: every enforcement decision wraps in a signed, replayable envelope a regulator can verify without trusting the platform's word. A Receipt signs the rule ID, the resolved age band (a derived range like "13–17", never identity or PII), the jurisdiction, the capability, the Allow/Warn/Block decision, and an array of statute citations. The signature is Ed25519 over typed data, domain-separated by spec version, so a receipt issued under v1.0 can't be replayed as another. The point is independent auditability: a regulator requests a receipt by ID and recomputes the signature against the signer's published JWKS, with Trust List authenticity checked against the Linux Foundation AAIF root key. What used to be a six-week subpoena becomes a ~30-second cryptographic check, with no privileged access to the platform required.

Audit workflow, trust-root custody & the Receipt shape

Who can issue a Receipt, and how a regulator audits one. A Receipt is signed at the enforcement point by any conformant implementer. There is no gatekeeper tier required to issue one, because the value is in the signature, not in who holds it: a self-attested Implementer's Receipt verifies the same way a Certified intermediary's does. What differs is the assurance behind the key. The audit workflow has no privileged step: the regulator asks the platform (or any party in the path) for the receipt by ID, fetches the signer's public key from the published Trust List / per-party JWKS, checks the Ed25519 signature and the version domain-separator, and reads the rule ID, age band, jurisdiction, decision, and statute citations off the verified payload. No subpoena, no trust in the platform's word, no access to the minor's identity: the band is derived, never the DOB.

Chain of custody for the trust roots. Today, while OCSS is Draft for Review, the founding steward (Phosra) signs the Trust List against the Linux Foundation AAIF root key: single-keyholder, stated plainly, because there is no Trust Committee yet to share it. That is a transitional arrangement, not the governance model. At v1.0 ratification, custody of the AAIF root key transfers to the nine-seat Trust Committee: the root key and Trust List become committee-administered, no single member (including the steward) can re-issue them unilaterally, and the Trust Committee holds a reserved regulator-observer seat. So a regulator auditing conformance can name the keyholder at every stage (Phosra through ratification, the Trust Committee after) rather than auditing an anonymous root.

// OCSS Receipt — illustrative shape (typed, signed, no PII)
{
  "id":         "rcpt_01HZ…",
  "rule":       "ai_chatbot_tier_gate",
  "capability": "Tier",
  "age":        "13-17",          // derived band, not DOB
  "jurisdiction":"US-NY",
  "audit":      "Block",
  "cite":       ["NY-S9051-§2", "KOSA-§4(b)(2)"],
  "issued_at":  "2026-03-11T18:04:22Z",
  "spec":       "OCSS-v1.0",
  "sig":        "ed25519:…"
}

guide2026-03-04

Versioning and change policy adopted

The coalition adopted a SemVer-based change policy for the protocols: minor versions are additive, major versions are breaking with a 90-day public review and an 18-month deprecation window, and every normative change is filed as an RFC at least 30 days before adoption.

guide2026-02-18

Governance model drafted: stewardship → Trust Committee

The draft charter establishes that the founding steward holds editorial authority over v1.0 through ratification only, after which authority transfers to the Trust Committee. Civil society is structurally embedded in a 9-seat Trust Committee. 3 of the 9 seats are reserved for named civil-society bodies (for example Common Sense Media, Roost, the EFF, FOSI, and the ACLU), non-removable except for cause. Accreditation decisions run on one organization, one vote, so a large implementer cannot accumulate weight proportional to market share. Every trust-list change carries a 72-hour public notice and comment period. De-accreditation requires a 2/3 Trust Committee vote plus a 30-day cure period. No single member, including the founding steward, can adopt a normative change unilaterally. "No member owns the standard."

adopt2026-02-04

Coalition formation announced; founding cohort opened

The OCSS coalition was announced as a vendor-neutral effort to standardize what a child-safety signal means and how it moves. The founding cohort is open for applications and closing Q3 2026. As of this writing, the member registry and Trust List are forming; no members have yet signed.

Next steps for implementers

Ready to implement? Start with the Age, Tier, and Block rule categories; they carry the bulk of the ~100 rules in the OCSS Rules specification and cover most of what a parental-controls product enforces. Or walk the signal lifecycle end to end in How it works →

§ 2

Spec versions & status

Every artifact, its current version, and the stage it has reached. Nothing here is ratified: OCSS is Draft for Review until v1.0.

Document	Version	Status	Target
OCSS (umbrella standard)	v1.0	Draft for Review	Ratification Q3 2026
OCSS Rules (taxonomy)	tracks v1.0	Draft for Review	With v1.0
OCSS Trust Framework	Draft v0.1	Published for comment	v1.0 alignment by Q3 2026
`draft-phosra-ocstf-00`	00	Filed: IETF Internet-Draft	Standard track TBD
Conformance suite	—	In active draftingview repo →	Q3 2026
Trust List registry	schema v1	Schema published; forming	Federation-grade at ≥3 intermediaries

Status legend: Draft for Review: circulated for comment, not ratified. Published for comment: a stable draft revision is public. Filed: submitted through the IETF process as an Internet-Draft. In active drafting: work in progress, not yet released. Schema published; forming: the Trust List schema is stable and publicly documented; the operational registry is open but still accumulating accredited intermediaries (Trust List status is Yellow below three, Red below two, and "federation-grade" requires at least three). Forming: open but not yet populated.

Trust List operational model & the draft→v1.0 path

Getting Trust-Listed is the Accredited intermediary tier: apply, pass the conformance suite for every routing class you carry, hold a SOC 2 Type II, and commit to ≤180-day key rotation and one immutable audit row per envelope. The list is an Ed25519-signed document fetched and cached for ≤24h, so a revoked or expired entry falls out of every verifier's view within that TTL; revocation is by re-issuing the signed list, not per-certificate OCSP. Quorum: the list reports Yellow below three accredited intermediaries and Red below two; "federation-grade" needs at least three so no single operator is a single point of trust.

Backwards-compatibility: the protocols are SemVer'd. The path from the current drafts to ratified v1.0 is additive: Draft-for-Review rule semantics carry forward unchanged, and the Trust Framework's wire format (RFC 9421 outer signature + JWE inner) is frozen for v1.0. Any breaking change after ratification is a major version with a 90-day public review and an 18-month deprecation window, so an infrastructure vendor's re-engineering exposure between today's draft and v1.0 is bounded to additive changes, not a rewrite.

Build to the spec, not to the statute

The pitch for a parental-controls lead is integration math. Today, supporting N platforms means N bilateral deals, each with its own age-signal format and its own renegotiation when a law changes, an N×M explosion. Implement OCSS once and you consume one typed signal for every source on the Trust List: the cost collapses to N+M. You implement the verify-before-enforce path and the rule categories you care about; you get a standards-track contract that doesn't break when KOSA or CA AB 1043 shifts the ground under a single statute.

Where to start: the Age, Tier, and Block capabilities carry the bulk of the ~100 rule categories a parental-controls product touches, and their semantics are stable enough to prototype against now (canonical test vectors land Q3 2026). You don't need to be a member to begin: the spec is public and a self-attested "Implementer" listing is free.

Two conformance paths land you in the same public registry; pick by your verification model. A self-attested Implementer listing is free and self-verified: you claim the capabilities you support, no third-party check, listed immediately. A Certified mark is audited by an approved assessor (roughly $2.5–5k/yr, with intermediaries on the Trust List additionally holding a SOC 2 Type II and rotating keys ≤180 days) and carries a verified registry entry. Both are tested against the rule list of each capability you claim; the difference is who signs off, not which spec you build to. The Certified mark is meant to be a market trust asset: a procurement-legible badge a school district or app store can check against the registry, not a private claim.

On-ramp velocity: what you can do today vs. what waits for Q3 2026. The first rung does not wait for anything. Implementer is self-attested and free: read the public spec, build the verify-before-enforce path against the stable Age/Tier/Block semantics, claim your capabilities, and you are listed in the registry the same day, with no audit, no membership, and no test-vector dependency. The gate that does wait is Certified: the audit is performed against the conformance suite, and the canonical test vectors and sample envelopes that suite diffs against are targeted for Q3 2026, alongside v1.0 ratification. So the honest timeline is: integrate now as a self-attested Implementer; the audited Certified mark (≈$2.5–5k/yr) becomes available once the suite ships in Q3 2026; a Tier-2 Working Group seat (≈$15–25k/yr) layers on after that, on the coalition's quarterly review cadence. You are not blocked from building today; you are blocked only from the third-party-verified badge until the baseline it checks against exists.

And the rules aren't fixed by a vendor. After v1.0 ratification the standard is governed by a 9-seat Trust Committee, with 3 of the 9 seats reserved for named civil-society bodies (non-removable except for cause) and accreditation decisions run on one organization, one vote, so a large implementer can't accumulate weight proportional to market share. Reach Tier 2 and the AI Safety and Privacy working groups give you a vote on where the categories go next, every proposal reviewed RFC-first. No member, including the founding steward, owns the standard.

A note on scope: OCSS maps each rule to statute across 30+ jurisdictions, but it does not replace legal counsel. Implementers remain responsible for jurisdiction-specific legal compliance: the spec gives you a machine-readable contract to build against, not an opinion on whether your deployment satisfies a given law.

Join a working group Read the spec