Frequently Asked Questions
General
What is AiHint?
AiHint is an open standard for publishing signed, machine-readable metadata about a website. A JSON file placed at /.well-known/aihint.json allows AI systems to discover, read, and cryptographically verify trust information about a domain.
Why does AiHint exist?
AI systems increasingly need to evaluate website trustworthiness — for content sourcing, link recommendations, safety decisions, and more. Today they rely on ad-hoc heuristics that are inconsistent and gameable. AiHint provides a standardized, verifiable signal.
Is AiHint free to use?
Yes. The standard is open source under the MIT License. Anyone can create, sign, publish, and verify AiHint files at no cost.
How is AiHint different from robots.txt?
robots.txt tells crawlers what they may access. AiHint tells AI systems how much they can trust a domain. They serve different purposes and are complementary — robots.txt controls access, AiHint communicates trust.
Does AiHint guarantee a website is safe?
No. AiHint provides a verifiable trust signal, not a safety guarantee. A high trust score means the domain passed certain evaluations by the issuer, but no single signal can guarantee safety. AI systems should use AiHint alongside other inputs.
Implementation
How do I add AiHint to my website?
Follow the Implementation Guide. In summary: generate RSA keys, create the JSON document, sign it, and place it at /.well-known/aihint.json on your domain.
Do I need a specific programming language?
No. AiHint is language-agnostic. The signing and verification use standard RSA-SHA256 cryptography available in every major language and via OpenSSL on the command line.
Can I self-sign my AiHint file?
Yes. Self-signed hints (where issuer = target) are valid according to the protocol. However, self-signed hints carry no third-party trust — similar to self-signed TLS certificates. For production use where global trust matters, consider using an official issuer service.
What is the AiHint Official Issuer Service?
A globally trusted issuer service (coming soon) that provides independent domain evaluation, domain validation, and a recognized trust authority. Similar to how certificate authorities issue TLS certificates.
Trust & Scoring
What does the trust score mean?
The score is a number from 0.0 to 1.0 representing the issuer's trust assessment of the domain. See Trust Scoring for detailed interpretation.
Can different issuers give different scores?
Yes. Different issuers use different methodologies and may evaluate domains differently. The method field identifies which methodology was used, and the issuer field identifies who created the score.
Are self-signed scores trusted?
Self-signed scores are structurally valid but carry no external trust. A domain claiming its own trust score is like a restaurant reviewing itself — technically possible, but consumers may weigh it differently.
Security
What if my private key is compromised?
Generate a new key pair immediately, re-sign your AiHint file with the new key, update public_key_url, and redeploy. Existing hints signed with the compromised key remain valid until they expire — there is currently no revocation mechanism in the protocol.
Can someone forge an AiHint file?
Not without the issuer's private key. The RSA-SHA256 signature ensures that any modification to the document — even a single byte — invalidates the signature.
What if someone tampers with the public key URL?
The public_key_url should always use HTTPS. As long as the issuer's domain and TLS certificate are secure, the public key cannot be substituted by a man-in-the-middle. See Security Model for the full threat analysis.
Technical
What cryptographic algorithm does AiHint use?
RSA with SHA-256 and PKCS#1 v1.5 padding. Minimum key size is 2048 bits; 4096 bits is recommended. See Signature Algorithm.
Is there a JSON Schema for validation?
Yes. See the Schema Reference for the full schema and usage examples with common tools.
What version of the spec is current?
Version 0.1. The version is specified in the version field of every AiHint document.