What OSAP Does Not Prove
Non-normative overview. Normative claim and verification semantics are defined in Claims and Verification.
OSAP does not establish the truth, accuracy, completeness, or fairness of a signed claim. A valid signature shows that an issuer signed an attestation. It does not endorse the issuer or the statement.
An unreliable issuer can sign an altered image with a valid key. The verifier may report a valid signature and an exact fingerprint match while a selected trust bundle reports that the issuer is outside the bundle or assigns a cautious status. Both findings are relevant and neither proves the image's caption.
Verification also does not establish:
- that the issuer controls the self-asserted display name in an attestation;
- that a claim of original authorship is correct;
- that the earliest attestation known to a transparency log identifies the first real-world source;
- that a lineage claim describes a transformation that actually occurred;
- that a correction or revocation makes the earlier record disappear;
- that a trust bundle is suitable for every user; or
- that an exact-byte fingerprint will match a screenshot, resize, crop, or recompressed copy.
The verification result keeps evidence checks separate from trust-bundle interpretation. The labeling rules therefore prohibit a generic “verified,” “authentic,” or “real” indicator.