# Whisper for Agriculture: equipment identity on the wire for the connected farm. This is agri.whisper.online. The marketing story here is told for agricultural equipment OEMs, agritech/FMIS platforms, farms and co-ops; the /docs library, the console, and the whole system behind it are identical to whisper.online. Read it in full: written so both an agent and a person can act on it. ## The problem it solves Third parties reverse-engineer a farm-data platform's APIs, authenticate with a harvested OAuth grant (access tokens live hours, refresh tokens live a year, and both are portable to any IP), and pull growers' agronomic data contract-free: yield maps, field boundaries, as-applied records. The root cause is broken authentication (OWASP API BOLA): the token authenticates a claim, never the machine. Undetectable at the network layer, because the operator rotates egress across clouds and residential proxies. And the deeper wound is data sovereignty: "farmers own their farm data" is a contract clause with no network fact behind it, so nobody can prove who touched what. ## The cure: make it an identity problem Give every machine a routable IPv6 /128 (from 2a04:2a01::/32, AS219419) DETERMINISTICALLY derived from the hardware key it already holds (secure element / TPM), with the 17-character equipment PIN (or an implement/ECU serial) as the domain separator. DNSSEC-anchored, DANE-EE pinned, RDAP-registered, verifiable trustlessly with `whisper verify --trustless`. The platform then authorizes on the machine's pinned identity, not a stealable token: one IP to a whole co-op becomes impossible, IP rotation is irrelevant, stolen grants fail, and one revoke, thrown by the OWNER and publicly verifiable, retires a machine's identity worldwide. Additive to the ISOBUS (ISO 11783) NAME, AEF Guideline 040, and the X.509/mTLS the OEM cloud already runs; complements them, never replaces. ## Pages - / Home: the problem, the cure, and the two structural gaps - /equipment-api-abuse The equipment-API-abuse and data-sovereignty cure, end to end - /platform The three planes + where they fit the stack you already run - /oem-security For OEM/agritech security: SOC + SIEM fit, ISO 24882 / AEF 040 / Data Act / ADT - /compare Honest comparison: additive, not a replacement - /pricing Flat, predictable per-machine pricing - /docs The full technical documentation (identical to whisper.online/docs) ## Verify it yourself (keyless) whisper verify --trustless dig -x # forward-confirmed reverse DNS curl https://whisper.online/verify-identity/ ## Provision (with a Whisper API key) Control plane: POST https://graph.whisper.security/api/query CALL whisper.agents({op:'register', args:{...}}) # mints the /128 identity Console: https://console.whisper.security ## The operator Operator: Whisper Security (viaGraph B.V.), Amsterdam, NL. Network: AS219419, IPv6-only, RPKI-signed, MANRS-compliant. AS219419 announces 2a04:2a01::/32.