There's a recurring move in the agent governance conversation. When existing tools don't obviously fit, the instinct is to propose a new protocol. New transport, new port, custom verbs. I've watched it happen enough times now to recognize the pattern, and I think it's the wrong reflex.
This piece walks through the alternative. HTTP has been quietly extended through headers for twenty-six years, each extension layered on top of what already worked. The credit card industry didn't need a payment-specific transport. Email got DKIM as a signed header that existing servers could ignore (at their peril). Same playbook, three decades, no tollbooths.