Skip to content

COMPARE — FOUNDATIONAL

Five properties make a protocol foundational.
Most M2M trust primitives clear three or four. EdSSA is positioned for all five — honestly scored.

Companion to Compare Protocol (what we do today versus what the standard auth stack does) and Compare Hardware (silicon versus silicon). This page asks the harder question: is EdSSA architecturally positioned to become foundational — the way TCP, DNS, and TLS are — for the M2M trust substrate the 2030s will need? Honest cells below, including where today's answer is demo rather than yes.

EdSSA Nano vs mTLS, OAuth 2.0/JWT, DPoP, SPIRE/SPIFFE, Vault dynamic secrets, PQ-hybrid TLS, SCMS (IEEE 1609.2), and Kerberos — scored against the five properties shared by foundational protocols (TCP, DNS, TLS, Kerberos).
Foundational property
EdSSA Nano
mTLS
OAuth 2.0 / JWT
DPoP (RFC 9449)
SPIRE / SPIFFE
Vault dynamic secrets
PQ-hybrid TLS
SCMS (IEEE 1609.2)
Kerberos
Uniquely answers a problem nothing else solves at scale
Scored within the agentic-M2M-substrate framing — the question is "is this the natural answer to no-vault stateless trust at machine speed, or one of several viable answers in a different niche?". Each established protocol is foundational for its own domain (transport, delegated auth, cloud-native workload identity, V2X cert mgmt). None are architecturally aimed at the M2M agentic substrate.
Substrate-like — invisible when working, named only when broken
TCP, DNS, TLS, Kerberos disappear into the substrate; OAuth and Vault are named in application code by design (vault.read, oauth.sign-in). EdSSA is architecturally substrate-shaped — branch-free verification path, no ceremony, no per-request control-plane call — but has one fleet in production today. Until many fleets run silently, the cell honestly reads "demo".
Survives 2030s paradigm shifts (post-quantum, agentic, energy)
Three forces define the substrate question of the next decade: post-quantum migration, agentic AI traffic at machine speed, energy-constrained compute. PQ-hybrid TLS answers one cleanly. Vault and Kerberos are tied to paradigms that don't translate to agentic scale (central authority, single-realm KDC). EdSSA was built with all three in the threat model from day one — PQ at bootstrap, sub-microsecond verification, no per-request central call.
Adoption-standards story — de facto first, or standards first, rarely both
Foundational protocols arrive via one of two paths: standards driving adoption (TLS, Kerberos, PQ-hybrid TLS, SCMS) or de facto adoption forcing standardisation (OAuth, DNS). Vault is single-vendor with no neutral standard. EdSSA has neither yet — patent filed May 2026, IRTF research-group or IETF BoF is on the 24-month plan. Honest "no" until one of those paths visibly opens.
Credible multiple independent implementations
Single-vendor protocols become products, not substrates — that is why Vault scores "no" here even though it's widely deployed. TLS has OpenSSL, BoringSSL, NSS, rustls, mbedTLS, schannel. Kerberos has MIT, Heimdal, AD. EdSSA has one Rust implementation today. The roadmap names C, embedded-microcontroller, and a formally-verified reference implementation; "foundational" stays aspirational until at least two of those land.
Yes Partial Demo today, designed-in No

The honest read: most established M2M trust primitives are foundational for the problem they originally solved — TLS for transport encryption, Kerberos for enterprise SSO, SCMS for V2X cert management. They earn their cells in rows 2, 4, and 5. They fail row 1 only because foundational status doesn’t carry from one domain to another: a protocol foundational for transport is not automatically foundational for agentic-scale M2M trust.

EdSSA’s thesis is the inverse. The architecture is positioned to be foundational for the M2M trust substrate the 2030s will demand — no vault, no per-request central call, sub-microsecond verification, post-quantum at bootstrap. Rows 1 and 3 read “yes” today. Row 2 reads because one fleet running silently isn’t yet a substrate. Rows 4 and 5 read “no” and will stay there until the next 24 months of work — IRTF research-group or IETF BoF, plus a C and an embedded-microcontroller implementation alongside the Rust one — visibly opens those paths.

A short version: this is the page where the “we want to be foundational” ambition meets the work that’s still ahead. No glyph fakery, no aspirational greens. The path is clear; the score will move with the calendar.

Foundational-protocol references in this analysis (TCP, DNS, TLS, Kerberos) are not in the comparison columns — they sit in different layers and would score top-marks across rows 2–5 by construction. Score row 1 against the specific question on the page. Specifics evolve fast and protocol families shift; report errors to contact@edssa.io and we’ll correct.

Foundational is a long arc.

If the architecture argument lands and you want to walk the 24-month plan in detail — IRTF / IETF outreach, independent implementations, ecosystem moves — we’ll do it on a call.

Talk to us →