Verification steps
- Load ToneThread Root public key…
- Verify Tenant Site Certificate signature…
- Verify Post Certificate signature…
- Recompute ToneHash of post content…
- Compare recomputed hash to certificate…
Revision history
Originally published 2026-05-02, updated 2026-05-18; 9 revisions (this active certificate plus 8 prior).
| Issued | Superseded | Content hash |
|---|---|---|
| 2026-05-02T08:24:50.193Z | 2026-05-02 08:25:47 | tth_v1_41b4a9157e5789d6 |
| 2026-05-02T08:25:47.497Z | 2026-05-03 08:32:24 | tth_v1_41b4a9157e5789d6 |
| 2026-05-03T08:32:24.075Z | 2026-05-05 01:55:19 | tth_v1_41b4a9157e5789d6 |
| 2026-05-05T01:55:19.893Z | 2026-05-05 02:38:26 | tth_v1_06b50f5b60491fee |
| 2026-05-05T02:38:26.578Z | 2026-05-05 02:39:57 | tth_v1_06b50f5b60491fee |
| 2026-05-05T02:39:57.077Z | 2026-05-06 14:18:29 | tth_v1_06b50f5b60491fee |
| 2026-05-06T14:18:29.802Z | 2026-05-07 16:53:50 | tth_v1_69bb83e586f04029 |
| 2026-05-07T16:53:50.632Z | 2026-05-18 11:12:44 | tth_v1_8f1f891953450b83 |
| 2026-05-18T11:12:44.636Z | — active — | tth_v1_174bf728ea4acfd3 |
What this page exposes
Verification runs on the server. The browser only sees the public summary in the sidebar and the step-by-step ok/fail result above — never the certificate's raw signature, the tenant's raw public key, the ToneHash salt, the per-axis tonal scores, or the compact fingerprint string. Those stay on the signing host.
The public JSON at
/tonehash/cert/he-got-there-first mirrors the
same surface. To independently audit a certificate's raw
signed payload you must request an authenticated cert-bundle
export from the operator —
how to request access.