AXEL Protocol

AXEL = Access for eXplicit Enforcement & Labeling

An IPv6-based protocol for isolating age-restricted content using DNS-based enforcement mechanisms, authorized IP prefix lists, and privacy-preserving attestation. AXEL addresses the failures of voluntary content labeling systems (ICRA, PICS) by providing technical enforcement at the network layer.

Key Features

• AXEL-STS: Strict Transport Security for age-restricted content

• APL Records: DNS-based authorized IP prefix lists

• Privacy-Preserving Attestation: Zero-knowledge proofs for age verification

• IPv6-First: Designed for modern internet infrastructure

• Network-Level Enforcement: DNS and firewall integration

Architecture

• ReScript - Type-safe AXEL-STS validator

• Deno - Modern runtime (no Node.js)

• proven - Formally verified domain validation (Idris2)

• Zig FFI - C-compatible implementation layer

Development

deno task build
deno task watch

Status (2026-01-31)

• ✅ AXEL Protocol Specification (v1.0.0-draft)

• ✅ ReScript AXEL-STS validator

• ✅ Firewall configuration (firewalld)

• ✅ Containerfile for deployment

• ✅ Security hardening complete

• ⏳ IANA port assignment request (port 459)

• ⏳ Production attestation service

• ⏳ Browser extension for client-side enforcement

Roadmap

Phase 1: Specification & Reference Implementation (Current)

• ✓ AXEL Protocol specification document

• ✓ DNS record formats (AXEL-STS, APL)

• ✓ ReScript validator implementation

• ❏ Reference attestation service

• ❏ IANA registrations (.well-known URI, port 459, flow label)

Phase 2: Deployment Tools

• ❏ firewalld integration

• ❏ DNS zone file generators

• ❏ Terraform/Ansible deployment scripts

• ❏ Browser extension for AXEL enforcement

Phase 3: Ecosystem Integration

• ❏ CDN provider integration (Cloudflare, Fastly)

• ❏ CMS plugins (WordPress, Drupal)

• ❏ OpenSSF Scorecard compliance

• ❏ Public AXEL registry

License

PMPL-1.0-or-later