Verification steps
- Load ToneThread Root public key…
- Verify Tenant Site Certificate signature…
- Verify Post Certificate signature…
- Recompute ToneHash of post content…
- Compare recomputed hash to certificate…
Revision history
Originally published 2026-06-01, updated 2026-06-01; 7 revisions (this active certificate plus 6 prior).
| Issued | Superseded | Content hash |
|---|---|---|
| 2026-06-01T05:13:04.404Z | 2026-06-01 05:14:57 | tth_v1_bcd538dac2f6c191 |
| 2026-06-01T05:14:57.557Z | 2026-06-01 06:59:17 | tth_v1_bcd538dac2f6c191 |
| 2026-06-01T06:59:17.137Z | 2026-06-01 06:59:53 | tth_v1_fc8101c7ed300a16 |
| 2026-06-01T06:59:53.141Z | 2026-06-01 07:08:14 | tth_v1_87b52b052e4b5562 |
| 2026-06-01T07:08:14.635Z | 2026-06-01 09:11:44 | tth_v1_9a27e37ee495a21d |
| 2026-06-01T09:11:44.167Z | 2026-06-01 10:47:04 | tth_v1_1536d26a7c64d742 |
| 2026-06-01T10:47:04.509Z | — active — | tth_v1_1684c2cf79ceda08 |
What this page exposes
Verification runs on the server. The browser only sees the public summary in the sidebar and the step-by-step ok/fail result above — never the certificate's raw signature, the tenant's raw public key, the ToneHash salt, the per-axis tonal scores, or the compact fingerprint string. Those stay on the signing host.
The public JSON at
/tonehash/cert/serious-play mirrors the
same surface. To independently audit a certificate's raw
signed payload you must request an authenticated cert-bundle
export from the operator —
how to request access.