Verification steps
- Load ToneThread Root public key…
- Verify Tenant Site Certificate signature…
- Verify Post Certificate signature…
- Recompute ToneHash of post content…
- Compare recomputed hash to certificate…
Revision history
Originally published 2026-07-06, updated 2026-07-06; 7 revisions (this active certificate plus 6 prior).
| Issued | Superseded | Content hash |
|---|---|---|
| 2026-07-06T06:52:00.947Z | 2026-07-06 06:54:49 | tth_v1_70920e2e69a9c169 |
| 2026-07-06T06:54:49.392Z | 2026-07-06 06:55:11 | tth_v1_70920e2e69a9c169 |
| 2026-07-06T06:55:12.018Z | 2026-07-06 06:58:15 | tth_v1_70920e2e69a9c169 |
| 2026-07-06T06:58:15.487Z | 2026-07-06 06:59:38 | tth_v1_70920e2e69a9c169 |
| 2026-07-06T06:59:38.954Z | 2026-07-06 07:06:29 | tth_v1_70920e2e69a9c169 |
| 2026-07-06T07:06:29.865Z | 2026-07-06 07:29:19 | tth_v1_8ac2825a144467a4 |
| 2026-07-06T07:29:19.853Z | — active — | tth_v1_9349075b9ea5bab0 |
What this page exposes
Verification runs on the server. The browser only sees the public summary in the sidebar and the step-by-step ok/fail result above — never the certificate's raw signature, the tenant's raw public key, the ToneHash salt, the per-axis tonal scores, or the compact fingerprint string. Those stay on the signing host.
The public JSON at
/tonehash/cert/from-dr-doo-little-to-roasting-reimagined mirrors the
same surface. To independently audit a certificate's raw
signed payload you must request an authenticated cert-bundle
export from the operator —
how to request access.