HGCP: A Voluntary Signing Framework for Human Expression in the Age of AI
draft-taoqiwen-hgcp-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Author | Qiwen Tao | ||
| Last updated | 2025-03-29 | ||
| RFC stream | Independent Submission | ||
| Formats | |||
| Stream | ISE state | Submission Received | |
| Consensus boilerplate | Unknown | ||
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-taoqiwen-hgcp-00
Network Working Group Q. Tao
Internet-Draft Independent Researcher
Intended status: Informational 30 March 2025
Expires: 1 October 2025
HGCP: A Voluntary Signing Framework for Human Expression in the Age of
AI
draft-taoqiwen-hgcp-00
Abstract
In an era where AI-generated content has become indistinguishable
from human writing, the Human-Generated Content Protocol (HGCP)
proposes a voluntary signing framework that enables human authors to
take responsibility for their expressions. Instead of relying on
probabilistic detection methods or enforcing centralized identity,
HGCP encourages a simple yet powerful act: a signer publicly declares
responsibility for authored content through a structured signature
block. The protocol is platform-neutral, supports both real-name and
anonymous identities, and prioritizes transparency, accountability,
and human agency. HGCP defines minimal signature structures,
integration suggestions for platforms and tools, and philosophical
guidance for fostering expression trust in an increasingly synthetic
information ecosystem.
About This Document
This note is to be removed before publishing as an RFC.
Status information for this document may be found at
https://datatracker.ietf.org/doc/draft-taoqiwen-hgcp/.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
Tao Expires 1 October 2025 [Page 1]
Internet-Draft HGCP March 2025
This Internet-Draft will expire on 1 October 2025.
Copyright Notice
Copyright (c) 2025 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. The Problem of Expression Trust . . . . . . . . . . . . . . . 3
3. The Philosophy of HGCP: Responsibility Over Provenance . . . 4
4. Signature Declaration Structure . . . . . . . . . . . . . . . 5
5. Identity Types and Trust Levels . . . . . . . . . . . . . . . 7
5.1. Statement Responsibility Levels . . . . . . . . . . . . . 7
6. Platform and Tool Integration Suggestions . . . . . . . . . . 8
7. Social and Ethical Considerations . . . . . . . . . . . . . . 9
8. Example Use Cases . . . . . . . . . . . . . . . . . . . . . . 10
8.1. Personal Blogs and Essays (identity_type: pseudonymous,
statement_level: HGCP-H) . . . . . . . . . . . . . . . . 10
8.2. Social Media Discussion (identity_type: anonymous,
statement_level: HGCP-H) . . . . . . . . . . . . . . . . 10
8.3. Academic or Scientific Blog Summary (identity_type:
real-name, statement_level: HGCP-C) . . . . . . . . . . . 11
8.4. AI-Assisted Script Writing (identity_type: human+ai,
statement_level: HGCP-H+AI) . . . . . . . . . . . . . . . 11
8.5. AI-Generated Content Disclosure (identity_type: ai,
statement_level: HGCP-AI) . . . . . . . . . . . . . . . . 11
9. Criticisms and Responses . . . . . . . . . . . . . . . . . . 12
9.1. Criticism 1: “Signing doesn’t stop misinformation.” . . . 12
9.2. Criticism 2: “Malicious actors can sign too.” . . . . . . 12
9.3. Criticism 3: “Why not require real names?” . . . . . . . 12
10. Scope and Limits of Human Responsibility . . . . . . . . . . 12
11. Why We Need HGCP Now . . . . . . . . . . . . . . . . . . . . 13
12. Future Extensions and Evolving Use Cases . . . . . . . . . . 13
13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
14. Security Considerations . . . . . . . . . . . . . . . . . . . 14
15. Informative References . . . . . . . . . . . . . . . . . . . 15
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 16
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16
Tao Expires 1 October 2025 [Page 2]
Internet-Draft HGCP March 2025
1. Introduction
In the rapidly evolving digital world, a flood of content from
countless sources fills our screens—much of it now automatically
generated, indistinguishable, and detached from genuine human intent.
As artificial intelligence becomes increasingly proficient at
mimicking human expression, the boundary between real thought and
algorithmic generation is becoming ever more blurred. The rise of
AI-generated content brings tremendous opportunity, but it also
presents a critical question: if we can no longer identify who wrote
something, how can we trust it?
The Human-Generated Content Protocol (HGCP) is proposed as a
voluntary signing framework to address this issue. HGCP does not
attempt to detect AI content through technical means; instead, it
introduces a simple yet powerful idea: that a human author should be
able to voluntarily declare, "This was written by me, and I take
responsibility for it."
HGCP is not a detection algorithm or classification tool. It is a
social and ethical trust mechanism. It provides a standardized
signing format that enables any publisher—across any platform and
identity type—to assert authorship in a verifiable and human-
responsible manner. HGCP is platform-neutral, identity-flexible, and
supports both anonymous and real-name authors who wish to make their
human expression distinguishable and trustworthy.
HGCP is intentionally designed as a minimal core protocol—simple,
declarative, and human-first. It does not attempt to encode all
possible expression scenarios from the start. Instead, it offers a
stable foundation that can evolve over time to support multi-signer
declarations, partial claims, multimedia expressions, and richer
trust semantics.
2. The Problem of Expression Trust
The internet was originally built to foster human connection and
communication. Yet in a world where content creation, duplication,
and distribution approach zero cost, the origin of information has
become increasingly obscured. We once relied on domain names,
writing style, and user profiles to infer trustworthiness—but now,
all of these can be simulated or spoofed by AI.
We face a growing asymmetry: it is far easier to generate content
than to verify its trust. This leads not only to an explosion of
noise and manipulation but to a slow erosion of meaning itself.
Readers hesitate to believe; authors hesitate to sign their work;
platforms hesitate to take responsibility.
Tao Expires 1 October 2025 [Page 3]
Internet-Draft HGCP March 2025
Many recent solutions have focused on "AI detection"—using machine
learning classifiers to guess whether a given text was written by an
AI. These tools are inherently probabilistic, easily evaded, and
perpetually behind in the arms race of model advancement. The more
essential question is not "Was this written by an AI?", but rather:
"Is someone willing to take human responsibility for having said
this?"
HGCP addresses this deeper layer: the level of expression
responsibility. It introduces a new kind of signal—not derived from
how content was generated, but from whether someone is willing to
stand behind it. In doing so, trust becomes not a passive inference
but an active, verifiable commitment.
3. The Philosophy of HGCP: Responsibility Over Provenance
The core idea of HGCP is not to verify originality, authorship, or
human origin of content—but to offer a voluntary, structured
mechanism for a person to take public responsibility for their
expression.
Whereas most classification systems ask "Who wrote this?", HGCP
invites a more meaningful question: "Are you willing to claim this
expression as your own?"
Signing under HGCP does not imply that the content is accurate, high-
quality, or original. It simply affirms: "I am a human being, and I
am publicly acknowledging that I wrote this."
This makes HGCP signing a social gesture rather than a technical
classification. It is not about improving detection precision, but
about restoring the most basic principle of communication: to speak
is to bear responsibility.
HGCP is not anti-AI. It does not forbid AI-assisted writing. Its
purpose is not to exclude AI, but to identify human intent and
responsibility. Even if a human uses AI to assist, as long as they
willingly sign, they are taking responsibility as a human.
HGCP is an open framework. It does not restrict what tools you use;
it only asks whether you are willing to sign. It does not judge your
expertise; it only values your readiness to be held accountable.
This voluntary human claim becomes the root signal of trust in HGCP.
Tao Expires 1 October 2025 [Page 4]
Internet-Draft HGCP March 2025
4. Signature Declaration Structure
HGCP recommends that any author willing to assume responsibility for
their expression include a standardized signature declaration when
publishing content. The declaration should contain the following
elements:
Required Fields:
signer_id: A pen name, public key fingerprint, platform username, or
other verifiable identity reference (RFC 9580 [RFC9580] OpenPGP
fingerprints recommended)
timestamp: A UTC timestamp indicating when the signature was made
(preferably in [RFC3339] format)
content_hash: A cryptographic digest of the original text using a
standard hash function (SHA-256 recommended, as defined in [RFC6234])
hgcp_version: A required version field to indicate which version of
the HGCP signature structure is being used (e.g., "0.2"). This helps
ensure future compatibility as the protocol evolves.
declaration: A clear statement of responsibility, e.g., "I affirm
that the above content was written by me and I accept responsibility
for it."
Optional Fields:
tools_used: If any tools (AI assistants, grammar correctors,
translation engines) were involved, list them transparently
identity_type: e.g., real-name, anonymous, pseudonymous,
organizational
revocability: Whether the signature can be withdrawn or the content
edited. Suggested standard values include:
- immutable
- editable-until-locked
- time-limited-editable
- revocable-with-proof
id_format: e.g., "GitHub username", "PGP fingerprint", "platform
alias"
Example Signature (Markdown):
Tao Expires 1 October 2025 [Page 5]
Internet-Draft HGCP March 2025
Author: Tao Qiwen
Timestamp: 2025-03-29T14:22Z
HGCP Version: 0.2
ID Type: anonymous
Tools Used: ChatGPT + manual edits
Content Hash (SHA-256, base64): aGVsbG8sIHdvcmxk...
Revocability: editable-until-locked
Declaration: I confirm that the above content was published by me,
and I take responsibility as a human author.
Example HGCP Signature (JSON, v0.1):
{ "signer_id": "qiwen2025", "id_type": "anonymous", "timestamp":
"2025-03-29T14:22Z", "hgcp_version": "0.2", "content_hash":
"a732c8dffe34aabbcc...", "tools_used": ["ChatGPT", "Notion AI"],
"revocability": "editable-until-locked", "declaration": "I confirm
that the above content was published by me, and I take responsibility
as a human author." }
Optional (PGP Signature):
"gpg_signature": "-----BEGIN PGP SIGNATURE-----\n...\n-----END PGP
SIGNATURE-----"
HGCP signatures are versioned to ensure clarity, compatibility, and
future evolution. The hgcp_version field in the signature block
indicates which structure is used.
* *v0.1*: Basic HGCP signature, including signer ID, timestamp,
content hash, and a declaration. Suitable for human-readable
contexts (e.g., Markdown).
* *v0.2*: Adds optional cryptographic signing (e.g., PGP) for
enhanced verification. Fully backward-compatible with v0.1.
"hgcp_version": "0.2"
The version number refers to the signature structure specification,
not the tool version or software implementation. Future versions may
include DID bindings, cross-platform trust references, or encrypted
metadata.
Tao Expires 1 October 2025 [Page 6]
Internet-Draft HGCP March 2025
5. Identity Types and Trust Levels
HGCP does not require real-name identification, but encourages the
use of consistent and interpretable identity labels. Each
identity_type is associated with a general trust signal, though long-
term behavior and signing consistency are more important than any
single declaration.
*Identity Types and Suggested Trust Levels*
*human*
A human author who signs and takes responsibility.
*Trust Level:* High
*human+ai*
A human-led expression with AI assistance.
*Trust Level:* Medium-High
*organization*
A collective statement signed on behalf of an entity.
*Trust Level:* Medium
*anonymous*
An identity with no disclosed name but consistent signing history.
*Trust Level:* Medium
*ai*
Clearly labeled as AI-generated, signature for transparency only.
*Trust Level:* Low
Even anonymous users may build trust over time through persistent and
verifiable signing behavior. Platforms may choose to highlight
signer identity history to assist readers in evaluating context.
5.1. Statement Responsibility Levels
The statement_level field reflects how the signer claims
responsibility for the content. It does not attempt to verify
authorship origin, but instead signals how the signer relates to the
text and its expression.
*Statement Levels and Their Meanings*
*HGCP-H*
Human-only authored, signer claims full responsibility
_Use Case:_ Essays, personal writings
*HGCP-H+AI*
Tao Expires 1 October 2025 [Page 7]
Internet-Draft HGCP March 2025
Human-led with AI assistance, signer reviews and owns final
version
_Use Case:_ Blogs, mixed content
*HGCP-O*
Statement signed on behalf of an organization
_Use Case:_ Press releases, company updates
*HGCP-AI*
AI-generated content, signed only for transparency
_Use Case:_ Automated posts, system replies
*HGCP-C*
Curated or reinterpreted content, signer takes responsibility for
context and presentation
_Use Case:_ Compilations, summaries, quoted content
Platforms and readers may interpret these statement levels in
combination with identity and signing history to infer credibility or
accountability. HGCP does not enforce strict verification, but
rather enables visible patterns of declared responsibility. ###Trust
is Accumulated Through Behavior
HGCP emphasizes the act of voluntarily claiming responsibility, not
the technical origin of the content. Repeated, consistent, and
transparent signing behavior is more meaningful than a single
signature. Platforms are encouraged to experiment with trust scoring
systems based on:
* Identity stability
* Revocation or editing history
* Contradiction or refutation patterns
* Peer endorsement or community validation
6. Platform and Tool Integration Suggestions
HGCP is platform-neutral and decentralized, but content platforms,
publishing tools, and browser extensions are encouraged to integrate
HGCP through the following actions:
For content platforms:
Provide HGCP signing support (e.g., auto-generate timestamp, content
hash, signature block)
Tao Expires 1 October 2025 [Page 8]
Internet-Draft HGCP March 2025
Visibly display signature declarations and identity type
Offer exportable signature metadata (e.g., JSON-LD)
Provide "verify signature" buttons for end users
Allow flagging or auditing of forged or misleading signatures
For authoring tools:
Markdown/word editors can embed HGCP plugins for local signing
AI-assisted writing apps should encourage users to optionally sign
with responsibility
Publishing interfaces should invite voluntary HGCP signing at
submission time
For reader tools and plugins:
Browser extensions can detect and visually mark HGCP-signed content
Enable readers to view signer reputation, signature validity, and
signing history
7. Social and Ethical Considerations
HGCP is not a replacement for content governance, but a voluntary
signal system designed to restore visibility to human-authored
expressions in an increasingly hybrid content landscape.
HGCP does NOT:
Detect AI content or act as an AI classifier
Track real identities or force doxxing
Judge truth, originality, or value of signed content
Restrict unsigned content from being published
HGCP DOES protect:
Anonymous authors’ right to claim authorship
Signers’ right to choose their identity level
The right to revoke, edit, or update signed content
Tao Expires 1 October 2025 [Page 9]
Internet-Draft HGCP March 2025
Each platform’s autonomy in adapting or extending HGCP support
HGCP offers a decentralized path to expression accountability—not by
censorship, but by providing those who want to be recognized and
trusted the ability to do so.
8. Example Use Cases
HGCP is platform-neutral and supports a wide spectrum of content
styles and identities. Each use case involves a signer voluntarily
declaring both their identity context and expression responsibility.
8.1. Personal Blogs and Essays (identity_type: pseudonymous,
statement_level: HGCP-H)
A blogger writing longform essays under a pseudonym includes a
signature at the end of each post. While the views may be
subjective, the signer affirms personal responsibility for all
content.
{ "signer_id": "silentvoice", "id_type": "pseudonymous",
"statement_level": "HGCP-H", "timestamp": "2025-03-29T16:12Z",
"tools_used": [], "declaration": "I wrote the above post entirely on
my own and stand by it as a human author." }
8.2. Social Media Discussion (identity_type: anonymous,
statement_level: HGCP-H)
An anonymous user on a contentious Reddit thread wants to show that
they are not a bot and take personal responsibility for their words.
"This opinion is signed under HGCP. I take responsibility for
this view as a human author."
The signature metadata may look like:
{ "signer_id": "anon321", "id_type": "anonymous", "statement_level":
"HGCP-H", "timestamp": "2025-03-29T17:35Z", "tools_used": [],
"declaration": "I stand by this statement as an individual human
participant in this conversation." }
Tao Expires 1 October 2025 [Page 10]
Internet-Draft HGCP March 2025
8.3. Academic or Scientific Blog Summary (identity_type: real-name,
statement_level: HGCP-C)
A university researcher summarizes a recent paper from another lab
and posts it to their department blog. While they didn't generate
the original content, they take responsibility for the summary.
{ "signer_id": "dr.lin", "id_type": "real-name", "statement_level":
"HGCP-C", "timestamp": "2025-03-29T19:12Z", "tools_used": ["Notion",
"Grammarly"], "declaration": "This post is my own summary of a
published paper. While I did not author the original, I take
responsibility for this interpretation and presentation." }
8.4. AI-Assisted Script Writing (identity_type: human+ai,
statement_level: HGCP-H+AI)
A YouTube creator uses ChatGPT to help draft a video script. They
edit, restructure, and rewrite sections before publication.
{ "signer_id": "creatorzone", "id_type": "human+ai",
"statement_level": "HGCP-H+AI", "timestamp": "2025-03-29T21:05Z",
"tools_used": ["ChatGPT", "DeepL", "Grammarly"], "declaration": "This
script was generated with AI assistance, but I have reviewed and
edited the final version and take human responsibility for it." }
8.5. AI-Generated Content Disclosure (identity_type: ai,
statement_level: HGCP-AI)
A system-generated bot post discloses that it is not written by a
human, but still includes HGCP metadata for transparency and
traceability.
{ "signer_id": "autosummary-bot", "id_type": "ai", "statement_level":
"HGCP-AI", "timestamp": "2025-03-29T23:00Z", "tools_used": ["Custom
NLP Pipeline"], "declaration": "This content was automatically
generated by a bot and is signed for transparency purposes only." }
These examples demonstrate how HGCP enables a wide range of
expressive behaviors, from pseudonymous essays to AI-generated system
messages. By combining identity_type, statement_level, and an
explicit declaration, HGCP makes the nature of authorship visible,
responsibility claimable, and trust interpretable.
Tao Expires 1 October 2025 [Page 11]
Internet-Draft HGCP March 2025
9. Criticisms and Responses
As a voluntary protocol, HGCP is not without its skeptics. Below are
common concerns and clarifications to address them:
9.1. Criticism 1: “Signing doesn’t stop misinformation.”
*Response:* Correct. HGCP is not a fact-checking mechanism or a tool
for moderating content. It exists to signal that a human is willing
to be associated with and take responsibility for the
expression—regardless of whether others agree with it.
9.2. Criticism 2: “Malicious actors can sign too.”
*Response:* HGCP does not prevent bad-faith actors from signing.
However, consistent signing behavior creates a trackable pattern,
enabling communities to build reputation graphs over time.
Persistent abuse can be observed, flagged, and judged accordingly.
9.3. Criticism 3: “Why not require real names?”
*Response:* HGCP protects the right to pseudonymous and anonymous
expression. Real-name identification is not always safe, especially
in authoritarian contexts. Responsibility can still be claimed
meaningfully without revealing legal identities.
HGCP emphasizes *voluntary, transparent, and repeatable* expression
behavior. It complements—but does not replace—legal, social, or
technical forms of accountability.
10. Scope and Limits of Human Responsibility
HGCP affirms an ethical gesture of responsibility, but it is not a
legal instrument. Signing indicates that the author:
* Is human (or self-identifies as such),
* Chooses to claim the expression,
* Accepts the social consequences of that claim.
However, the scope of “responsibility” should be clearly understood:
* HGCP *does not confer legal liability* unless enforced by separate
legal agreements or jurisdictions.
Tao Expires 1 October 2025 [Page 12]
Internet-Draft HGCP March 2025
* HGCP *does not guarantee truth, originality, or moral
correctness*.
* HGCP *does allow for revocation*, and platforms may record and
display revocation histories transparently.
Over time, frequent revocations or inconsistency in signing behavior
may reduce the perceived trustworthiness of a signer. Platforms and
readers are encouraged to interpret such patterns thoughtfully.
HGCP serves as a *signal*, not a sentence. It is a flag of
presence—not proof of virtue.
11. Why We Need HGCP Now
In an era where synthetic content floods our screens and truth feels
elusive, what we are losing is not just facts—but responsibility.
Expression has never merely been about information. It is about
standing behind what one says.
HGCP is a quiet signal. It is not a firewall or detection tool, but
a torch, held by those willing to say:
"This is what I said. And I am willing to be remembered for it."
Those who sign are not necessarily perfect, but they are present.
They are not hiding. They are accountable.
HGCP does not aim to stop AI, nor does it attempt to verify the
origin or value of content. Instead, it offers a decentralized and
consistent way for humans to voluntarily claim authorship and
responsibility.
Just as HTTPS creates trust in communication, HGCP creates trust in
expression—not by policing the source, but by making visible those
who choose to stand behind their words.
In an age of artificial voice, those who remain human by choice will
be trusted first.
12. Future Extensions and Evolving Use Cases
HGCP is deliberately minimal by design. Its current version focuses
on text-based, single-signer declarations of human responsibility.
However, real-world content and trust environments are far more
diverse. Future protocol versions may support:
Tao Expires 1 October 2025 [Page 13]
Internet-Draft HGCP March 2025
* Multi-signer declarations (e.g., co-authorship, joint statements)
* Partial responsibility claims (e.g., hybrid AI + human paragraph-
level tags)
* Multimedia content hashes (e.g., audio, image, or video
signatures)
* Publisher-declared AI content without human responsibility
* Role-based identity claims (e.g., editor, translator, commentator)
* Richer metadata for curatorial or interpretive context
HGCP will evolve cautiously. Its core principle remains:
responsibility, voluntarily claimed, should be visible and
interpretable. Extensions should enhance this clarity—not dilute it.
13. IANA Considerations
This document has no IANA actions.
14. Security Considerations
HGCP does not introduce new network protocols or data exchange
layers, and thus does not pose direct technical threats such as
injection, eavesdropping, or man-in-the-middle attacks. However, it
introduces indirect risks rooted in the potential misuse,
manipulation, or misunderstanding of signature claims. These risks
are primarily social and structural in nature, rather than
cryptographic.
Key risks include:
Identity Impersonation and Signature Forgery
In the absence of strong cryptographic validation (e.g., OpenPGP
signatures), it is possible for malicious actors to forge HGCP-style
declarations using arbitrary signer IDs. Platforms should support
optional cryptographic signing or verified identity bindings (e.g.,
platform-verified accounts) to mitigate impersonation and provide
trustworthy signature attribution.
Mass Signature Automation (Sybil Attacks)
Without rate limits or identity constraints, attackers could mass-
generate AI content paired with fabricated signature blocks to
simulate trustworthiness at scale. This undermines the value of
Tao Expires 1 October 2025 [Page 14]
Internet-Draft HGCP March 2025
human-authored declarations. To address this, platforms may
implement frequency controls, account reputation checks, or trust
graphs to detect and contain such behavior.
Content Hash Evasion through Minimal Edits
HGCP relies on cryptographic content hashes to bind declarations to
content. Yet even trivial edits (e.g., changing a space or emoji)
produce a different hash, potentially allowing near-identical but
unsigned derivatives to circulate unchallenged. Platforms are
encouraged to store content snapshots alongside signatures, or
explore fuzzy hashing techniques to detect close variants of signed
material.
Revocation Abuse and Responsibility Avoidance
HGCP supports revocable or editable signature declarations, which can
enhance flexibility—but also invite strategic denial or erasure of
public statements. To preserve accountability, platforms should
retain and display signature histories, including revocation
timestamps, and clearly indicate whether a signed expression has been
withdrawn or altered post-publication.
Lack of Native Trust Scoring or Validation Layer
HGCP intentionally avoids enforcing a centralized trust model. While
this encourages openness, it also requires platforms and communities
to build supplementary mechanisms for evaluating signer credibility,
such as reputation systems, signature consistency tracking, or peer
endorsement. Transparency in how these trust layers are constructed
is essential to avoid unintended bias or exclusion.
Ultimately, HGCP’s effectiveness hinges not on cryptographic
certainty, but on the visible willingness of authors to claim
responsibility and the surrounding ecosystem’s support for
interpretation, verification, and dispute resolution. It is a
voluntary, human-centered protocol—its security lies in
participation, not enforcement.
15. Informative References
[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
<https://www.rfc-editor.org/rfc/rfc3339>.
Tao Expires 1 October 2025 [Page 15]
Internet-Draft HGCP March 2025
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms
(SHA and SHA-based HMAC and HKDF)", RFC 6234,
DOI 10.17487/RFC6234, May 2011,
<https://www.rfc-editor.org/rfc/rfc6234>.
[RFC9580] Wouters, P., Ed., Huigens, D., Winter, J., and Y. Niibe,
"OpenPGP", RFC 9580, DOI 10.17487/RFC9580, July 2024,
<https://www.rfc-editor.org/rfc/rfc9580>.
Acknowledgments
This document was initially drafted using ChatGPT (OpenAI), and
subsequently edited and approved by the human signer. The signer
acknowledges responsibility for the final content.
Author's Address
Qiwen Tao
Independent Researcher
Email: natureconservation@yeah.net
Tao Expires 1 October 2025 [Page 16]