Skip to content

What OSAP Does Not Prove

Non-normative overview. Normative claim and verification semantics are defined in Claims and Verification.

OSAP does not establish the truth, accuracy, completeness, or fairness of a signed claim. A valid signature shows that an issuer signed an attestation. It does not endorse the issuer or the statement.

An unreliable issuer can sign an altered image with a valid key. The verifier may report a valid signature and an exact fingerprint match while a selected trust bundle reports that the issuer is outside the bundle or assigns a cautious status. Both findings are relevant and neither proves the image's caption.

Verification also does not establish:

  • that the issuer controls the self-asserted display name in an attestation;
  • that a claim of original authorship is correct;
  • that the earliest attestation known to a transparency log identifies the first real-world source;
  • that a lineage claim describes a transformation that actually occurred;
  • that a correction or revocation makes the earlier record disappear;
  • that a trust bundle is suitable for every user; or
  • that an exact-byte fingerprint will match a screenshot, resize, crop, or recompressed copy.

The verification result keeps evidence checks separate from trust-bundle interpretation. The labeling rules therefore prohibit a generic “verified,” “authentic,” or “real” indicator.