The DNS of Human Trust

Every era of computing earns its trust protocol the moment the cost of trusting blindly exceeds the cost of building cryptographic plumbing. The agent era has crossed that line. Manav is what the plumbing looks like — and the seven-protocol arc of how computing got here is the only context that makes the claim sensible.

The phrase journalists are welcome to steal

The line we want to be quoted in 2030 is short on purpose: DNS told browsers which server. SSL told browsers the server was real. OAuth told the world which app was authorised. Manav tells the world which human stands behind this agent. Each clause is a different decade's answer to a question that decade refused to leave to faith. Each was contested at the moment of arrival and obvious in retrospect. Each became plumbing, and plumbing is the layer of computing whose builders end up named in textbooks.

The seven trust protocols of computing

The arc is longer than three rows. Six protocols have already become invisible plumbing; the seventh is what Manav exists to be.

Each row added invisible plumbing. Each row, within five years of broad adoption, became unremarkable. Each row was a feature once and infrastructure later — and the transition from feature to infrastructure was visible in only one signal: the moment people stopped naming the protocol when they used the products built on top of it.

The pattern, in detail

The seven protocols share a structural shape. Understanding the shape is what tells you why the seventh is inevitable.

Each one solved a question the prior decade could safely ignore. DNS was unnecessary when there were 200 hosts. SSL was unnecessary when the wire was a private LAN. OAuth was unnecessary when "your data" lived on a single application server. Each protocol's necessity was a function of scale crossing a threshold the prior architecture could not absorb.

Each one was contested at arrival. The IETF debates around DNS were bitter. Netscape's invention of SSL was widely dismissed as commercial overreach. OAuth was famously fragmented (1.0a vs 2.0) and several large vendors campaigned for proprietary alternatives. Passkeys faced years of "users will never adopt this" objections. The objections were real and uniformly wrong on a five-year horizon.

Each one became infrastructure within five to seven years. By 1989, every major operating system shipped a DNS resolver. By 2000, every major browser shipped SSL. By 2018, every major identity vendor shipped OAuth 2.0. The transition from "interesting protocol" to "no one mentions it" took a single product cycle in each case.

Each one's value compounded with reach. A protocol useful only inside one organisation is a feature. A protocol useful across organisations is infrastructure. Trust protocols specifically have the property that their value is super-linear in adoption: the second adopter doesn't add value, the millionth adopter does.

Why the seventh row is now

Three numbers, none of them rhetorical. Agents on the ERC-8004 standard alone grew from 337 to nearly 130,000 in the first ten weeks of 2025 — a 385× increase in 70 days. 78% of enterprise AI teams now report MCP-backed agents in production, up from 31% a year earlier. The average enterprise manages over 250,000 non-human identities — about 100 for every human in the building.

The agent population has arrived. Its trust protocol has not. The gap is what every prior decade's gap was: a few quiet years where the cost of doing without keeps rising while the protocol gets built. The 2014–2018 transition for HTTPS-by-default was a decade-long campaign that, in retrospect, looked like one continuous decision the entire web made simultaneously. The Manav transition will compress into eighteen to thirty-six months because the regulatory and economic forcing functions are sharper.

What Manav plumbs

The protocol does five small things in a particular order. Each layer corresponds to a question the prior decade's stack could not answer. Together they compose the sentence the agent age requires every other system to be able to write.

1. It verifies a human exists. Multi-modal biometric, device-attested, behaviorally-confirmed. Not a session token; a persistent cryptographic identity bound to a human body and revalidated continuously.
2. It accepts that human's signature on a delegation to an agent. Scope, magnitude, time, composition — five orthogonal bounds, all expressed in a single signed token, all revocable in seconds.
3. It records what the agent did, and what the human authored, supervised, or merely directed. The provenance of every artefact, attached as metadata that survives across systems.
4. It scores the human's track record over time. Not LinkedIn endorsements — cryptographic, peer-attested, presented in zero-knowledge form, portable across employers.
5. It settles transactions across the resulting graph. A native economic layer that pays humans for verified work and burns gas for verification, making the protocol self-sustaining without surveillance.

Five small things. Together they make the sentence: this human, with this verified identity, under this delegated authority, on this date, took this action — and here is the cryptographic proof. No screenshot. No affidavit. No "trust the platform." Just the proof, replayable on demand by any party with reason to ask.

The objection cycle, rehearsed

Every prior trust protocol absorbed the same three objections at arrival. The Manav launch is absorbing them now. Knowing the cycle in advance shortens it.

"It's overkill for the use case." SSL was overkill in 1995 when 99% of web traffic was static pages. It was infrastructure by 2005. The use case grew under the protocol; the protocol did not need to grow into a use case that was already obvious. The agent population is the use case here, and it is doubling every twelve months.

"It will fragment along vendor lines." OAuth 1.0a vs 2.0 vs OpenID Connect were the canonical fragmentation case, and the fragmentation resolved within a single procurement cycle once enterprise customers refused to pick a side. Manav's protocol is open (Apache 2.0). The reference implementation is one of several intended to exist; the test suite and conformance specs are the gatekeeper, not any single vendor.

"Users won't accept the friction." Passkeys absorbed this objection for five years and won the argument the moment phishing losses crossed the password reset cost. Manav absorbs it the moment hiring fraud, agent liability, or Article 14 enforcement makes the friction cheaper than the alternative — and those moments are already happening.

The story we like to tell about plumbing

Plumbing is uninteresting until the day it isn't installed. Cities built on top of bad plumbing got cholera. Cities built on top of good plumbing got skyscrapers. The phrase is a metaphor everyone has heard, and it is also literally true: London's Great Stink of 1858 produced the engineering response (Bazalgette's sewers) that made the rest of Victorian London possible. The protocols above are the same shape. They are uninteresting until the moment a city of 130,000 agents is being built on top of nothing.

The agent age is a city we are building this decade. The plumbing is what determines whether we get the second outcome or the first. The job of the founders, builders, and standards bodies in the next thirty-six months is to make sure the plumbing is in place before the population is. We have failed at this in prior eras (every CISO who has lived through a credential breach knows the story). We have a chance to do it right this time, partly because the prior failures are still close enough in memory to motivate action.

DNS for servers. SSL for connections. OAuth for apps. HTTPS for everything. FIDO for devices. MCP for tools. Manav for humans.

Seven protocols. The first six are invisible. The seventh is the one your decade has to ship.