--- title: "Wire Protocol" description: " " url: https://instituteofprovenance.org/docs/wire-protocol source: Institute of Provenance --- # Wire Protocol The XIO Resolution Protocol defines a distributed verification infrastructure for provenance lookup and data attribution. Orbital nodes function as resolvers, handling binary wire protocol queries and returning signed records with cryptographic proofs. ## Overview The wire protocol follows the structural model of DNS: queries are binary messages sent as HTTP POST requests, and responses contain typed records organized into sections. This design provides: - **Compact binary format** — Efficient over the network and easy to parse - **Familiar semantics** — Developers experienced with DNS understand the query model immediately - **Extensible record types** — New record types can be added without changing the protocol framing ## Transport Queries are serialized into binary messages and sent as HTTP POST requests to the Orbital's `/query` endpoint. The Content-Type is `application/xio-query`. Responses use Content-Type `application/xio-response`. HTTP was chosen as the transport layer (rather than raw UDP like DNS) because: - Content trust queries carry more data than DNS queries (certificate chains, Merkle proofs) - HTTP provides reliable delivery without implementing retransmission logic - HTTP integrates with existing load balancers, TLS termination, and observability infrastructure - HTTP/2 multiplexing handles concurrent queries efficiently ## Message Format Every wire protocol message (query or response) follows this structure: | Section | Description | |---------|-------------| | **Header** | Message ID, flags (query/response, authoritative, truncated), section counts | | **Question** | The query: what name and record type is being requested | | **Answer** | Records that directly answer the question | | **Authority** | Records that prove the authority of the answer (certificate chain, proofs) | | **Additional** | Supplementary records that may be useful (related fingerprints, metadata) | See [Query Format](/docs/query-format) for the binary encoding specification. ## Orbital Roles **Certified Orbitals** hold intermediate certificates from the Root CA. They can: - Issue and revoke leaf certificates - Create and update records - Advance epochs (Sparse Merkle Tree state transitions) - Respond to all query types with authoritative answers **Mirror-Only Orbitals** provide read-only verification and high-performance global access. They replicate state from Certified Orbitals via a gossip synchronization protocol but cannot issue certificates or create records. See [Record Types](/docs/record-types) for the full set of wire protocol record types.