We submitted MCPS to the IETF -- here's why MCP needs cryptographic security

We just submitted MCPS (MCP Secure) as an IETF Internet-Draft . Here's why we built it and what it does. The problem: MCP has no identity layer Anthropic's Model Context Protocol is brilliant -- it standardises how AI agents talk to tools. But it has zero security at the protocol level. No agent identity. No message signing. No tamper detection. No revocation. Real CVEs exist (CVSS 9.6). OWASP created an entire Top 10 specifically for MCP risks. In our audit of 518 MCP servers, 41% had zero authentication and 82% had path traversal vulnerabilities. MCP is HTTP. We're building HTTPS. What MCPS adds MCPS wraps every JSON-RPC message in a signed envelope: Agent MCP Server | | |== Signed JSON-RPC envelope ===>| | { | | mcps: "1.0", | | passport_id: "asp_...", | Verify signature | nonce: "abc123", | Check not revoked | timestamp: 1710..., | Reject if replayed | signature: "MEU...", | Check trust level | message: { jsonrpc... } | | } | Tamper any field -- the signature breaks. Replay a messa

We submitted MCPS to the IETF -- here's why MCP needs cryptographic security

Related Articles

Build Days That Actually Mean Something

I have blogged about the difference between code coverage and test coverage and why it matters to distinguish between these 2.

The origin story of Apple’s long-running relationship with FoxConn

How to Optimize Big Data Platform Costs Across the Data Lifecycle

Switzerland — Best Crypto Exchange (2026)

Related Articles

How-To
Build Days That Actually Mean Something
Medium Programming • 2d ago

How-To
I have blogged about the difference between code coverage and test coverage and why it matters to distinguish between these 2.
Dev.to Beginners • 2d ago

How-To
The origin story of Apple’s long-running relationship with FoxConn
The Verge • 2d ago

How-To
How to Optimize Big Data Platform Costs Across the Data Lifecycle
Hackernoon • 2d ago

How-To
Switzerland — Best Crypto Exchange (2026)
Dev.to Beginners • 2d ago