Verification steps
- Load ToneThread Root public key…
- Verify Tenant Site Certificate signature…
- Verify Post Certificate signature…
- Recompute ToneHash of post content…
- Compare recomputed hash to certificate…
Revision history
Originally published 2026-05-19, updated 2026-05-22; 4 revisions (this active certificate plus 3 prior).
| Issued | Superseded | Content hash |
|---|---|---|
| 2026-05-19T18:46:51.383Z | 2026-05-19 18:49:03 | tth_v1_028b9e8a9c92e17e |
| 2026-05-19T18:49:03.564Z | 2026-05-20 02:45:41 | tth_v1_777d21fa9456a701 |
| 2026-05-20T02:45:41.327Z | 2026-05-22 15:14:14 | tth_v1_61e07e9719538ecc |
| 2026-05-22T15:14:14.412Z | — active — | tth_v1_96aee42669e707fa |
What this page exposes
Verification runs on the server. The browser only sees the public summary in the sidebar and the step-by-step ok/fail result above — never the certificate's raw signature, the tenant's raw public key, the ToneHash salt, the per-axis tonal scores, or the compact fingerprint string. Those stay on the signing host.
The public JSON at
/tonehash/cert/before-youtube-we-catalogued-the-faces mirrors the
same surface. To independently audit a certificate's raw
signed payload you must request an authenticated cert-bundle
export from the operator —
how to request access.