Skip to main content

Trust Model

AiHint's trust model defines how AI systems determine whether to trust an AiHint document and the score it contains. Trust is not inherent in the protocol — it is established through the relationship between issuers, their public keys, and the consuming AI system's trust policy.

Trust Chain

Website Owner  →  AiHint File  →  Signature  →  Issuer's Public Key  →  AI System's Trust Policy
  1. A website owner publishes an AiHint file on their domain.
  2. The file contains a signature created with the issuer's private key.
  3. The issuer's public key is published at the URL in public_key_url.
  4. The AI system verifies the signature and decides whether to trust the issuer.

The critical question is: does the AI system trust the issuer?

Issuer Types

Official Issuers

Official issuers are organizations that:

  • Independently evaluate domains using defined methodologies
  • Publish their public keys at well-known, stable URLs
  • Are recognized by AI systems as trusted authorities

The AiHint Official Issuer Service (coming soon) will provide a globally recognized issuer with domain validation, similar to how certificate authorities work for TLS.

Self-Signed Hints

When a website owner signs their own AiHint file (i.e., issuer equals target), the hint is self-signed. This means:

  • The domain is vouching for itself
  • No third party has validated the claims
  • The signature only proves the file was created by someone who controls the domain's private key

Self-signed hints are valid according to the protocol but carry no external trust. They are analogous to self-signed TLS certificates.

Third-Party Issuers

Any organization can act as an issuer by:

  1. Evaluating domains using their own methodology
  2. Signing AiHint files with their private key
  3. Publishing their public key at a stable URL

AI systems choose which third-party issuers to trust based on their own policies.

Trust Decisions

AI systems must implement a trust policy that determines how to handle hints from different issuers. Common strategies:

Allowlist-Based Trust

Maintain a list of trusted issuer public keys or domains. Only accept hints from issuers on the list.

Trusted issuers:
  - https://trust.aihint.org (official)
  - https://security-scanner.example.com (third-party)

Tiered Trust

Assign different trust levels to different issuer types:

Issuer TypeTrust LevelHow Used
Official AiHint IssuerHighFull weight in scoring decisions
Recognized third-partyMediumPartial weight, combined with other signals
Self-signedLowInformational only, not used for trust decisions
Unknown issuerNoneIgnored or flagged for review

Web of Trust

Accept hints from issuers that are themselves vouched for by other trusted entities. This creates a chain of trust, similar to PGP's web of trust model.

Comparison with Existing Systems

SystemTrust ModelAiHint Analogy
TLS/SSLCertificate Authorities (CAs) issue certificates; browsers maintain a root storeOfficial issuers sign hints; AI systems maintain issuer lists
PGP/GPGWeb of trust; users sign each other's keysThird-party issuers vouch for domains
robots.txtHonor system; no verificationSelf-signed hints (without signature verification)

AiHint is closest to the TLS model: a defined format, cryptographic verification, and a concept of trusted issuers. The key difference is that AiHint is specifically designed for AI consumption, not browser-based trust.

Transparency

To build trust in the ecosystem, issuers SHOULD:

  • Publish their scoring methodology
  • Make their evaluation criteria transparent
  • Provide mechanisms for domain owners to dispute scores
  • Log issued hints for auditability

Future Considerations

  • Issuer registry — A public registry of known issuers and their public keys, allowing AI systems to discover and evaluate issuers.
  • Revocation — A mechanism for revoking compromised hints before expiration.
  • Multi-issuer hints — Support for hints co-signed by multiple issuers for higher assurance.

Next Steps