Security Considerations
Transport security, document integrity, terms versioning, ephemeral link security, privacy, and rate limiting.
Transport Security
The discovery document and the terms document MUST be served over HTTPS. The TLS certificate provides domain identity anchoring — the same trust model as every other /.well-known file.
Document Integrity
At Level 2+, the contentHash provides integrity verification. Any party can download the terms document, compute SHA-256, and compare to the contentHash. A mismatch indicates the document has been altered.
At Level 1, there is no integrity verification mechanism. The agent relies on the TLS-secured connection for transport integrity but has no proof the document has not changed over time.
Terms Versioning
When vendors update their terms:
- The terms document at the URL changes
- The
contentHashinlegal-context.jsonis updated (Level 2+) - Previous transactions reference the previous
contentHash— the agent's saved copy and the receipt hash identify the version that was in effect
The contentHash in a transaction receipt is authoritative for that transaction. If an agent transacted with contentHash H1 and the vendor later updates to H2, the transaction is governed by H1 regardless.
Ephemeral Link Security
Ephemeral links (see Private and Custom Terms) SHOULD use unguessable URLs (e.g., containing a cryptographic random token) and SHOULD expire after a short period (minutes, not hours). The ephemeral link MUST be served over HTTPS.
Privacy
The legal-context.json file is publicly accessible. Vendors SHOULD NOT include sensitive information in this file. Contact information, dispute processes, and API endpoints in legal-context.json are visible to anyone who fetches the file.
For confidential terms, use the ephemeral link pattern (see Private and Custom Terms) or encrypted storage rather than publishing the terms URL in legal-context.json.
Rate Limiting
Implementations SHOULD implement rate limiting on the /.well-known/legal-context.json endpoint and on any API referenced by the api field. Public endpoints are susceptible to enumeration and abuse.