Inferensys

Glossary

Trust List

A curated, cryptographically signed list of trusted issuers, Certificate Authorities, and validators that a verifier application uses to determine if a content credential is trustworthy.
Strategy consultant facilitating AI use case discovery workshop, sticky notes on glass wall, casual corporate meeting.
CRYPTOGRAPHIC TRUST ANCHOR

What is a Trust List?

A Trust List is a curated, cryptographically signed inventory of trusted issuers and validators that a verifier application uses to determine the authenticity and trustworthiness of a content credential.

A Trust List is a digitally signed, authoritative catalog of public keys, X.509 Certificates, and issuer identifiers that a Validator Engine consults to determine if a Content Credential is trustworthy. It acts as the foundational Trust Anchor for the entire provenance verification ecosystem, explicitly defining which Certificate Authorities, signing authorities, and identity providers are recognized as legitimate sources of truth. Without a Trust List, a verifier has no basis to distinguish a cryptographically valid signature from a trusted source versus one from a self-signed or malicious actor.

Trust Lists are typically distributed as a signed file, such as a JSON Web Token (JWT) or a CMS signed-data structure, ensuring the list itself has not been tampered with. During Provenance Verification, the validator engine cross-references the Claim Signature's certificate chain against the active Trust List to confirm the signer is a recognized member. This mechanism enables a robust, decentralized trust model where application providers can independently curate their own lists, allowing for domain-specific trust decisions without relying on a single global authority.

CRYPTOGRAPHIC GOVERNANCE

Key Characteristics of a Trust List

A Trust List is the root of all validation logic in a content provenance ecosystem. It defines the authoritative set of entities a verifier application will recognize as legitimate, enabling the critical binary decision: is this credential trustworthy or not?

02

Curated Issuer Authorization

A Trust List is not a passive collection; it is a curated, policy-driven manifest of approved identity providers. It answers the question: 'Who is allowed to make claims about content?'

  • Allowlisting: The list operates on an allowlist principle. Any issuer not on the list is treated as untrusted, regardless of the mathematical validity of their signature.
  • Granular Permissions: Advanced lists can constrain what specific claims an issuer is trusted to make. For example, a news organization's CA might be trusted for copyright assertions but not for identity assertions.
  • Governance: The curation process is a governance function, often managed by an industry consortium or a chief trust officer, not an automated algorithm.
03

Validator Engine Integration

The Trust List is a runtime configuration file consumed by the Validator Engine. It is the operational database that drives the verification decision logic.

  • Lookup Mechanism: During validation, the engine extracts the issuer's certificate chain from the manifest and performs a lookup against the Trust List to find a matching trusted root.
  • Offline Capability: A complete Trust List can be bundled with a verifier application, enabling provenance validation in air-gapped or offline environments without relying on a live network request.
  • Update Cadence: The list must be updated regularly to add new trusted issuers and, critically, to distribute revocation information for compromised CAs.
04

Revocation and Expiry Management

Trust is temporal. A Trust List must provide mechanisms for revoking trust when a signing key is compromised or an issuer's authority is rescinded.

  • CRL Distribution Points: The list can specify where to fetch Certificate Revocation Lists (CRLs) to check if a previously valid certificate has been revoked.
  • OCSP Stapling Support: It can mandate or prefer Online Certificate Status Protocol (OCSP) stapling for real-time revocation status checks without revealing the specific certificate being validated.
  • 'Not After' Enforcement: The Trust List itself has a validity period. A verifier must reject any list that has expired, ensuring operators are forced to update to the latest trust posture.
05

Distinguished from Web PKI

A provenance Trust List is fundamentally different from the trust store in your web browser. It serves a narrower, higher-assurance purpose.

  • Scope: A browser trust store must be universal to connect to any website. A provenance Trust List is domain-specific, tailored for media and content authenticity.
  • Risk Profile: The consequence of a failure is different. A rogue TLS certificate enables eavesdropping; a rogue content credential enables large-scale disinformation. The Trust List's curation reflects this higher-stakes risk.
  • Identity Verification: Issuers on a provenance Trust List typically undergo a rigorous, out-of-band identity verification process, unlike the automated domain validation common in Web PKI.
TRUST LIST

Frequently Asked Questions

A trust list is the root of all content credential verification. Below are the most common questions about how these cryptographically signed lists of trusted issuers function within the C2PA ecosystem.

A Trust List is a curated, cryptographically signed manifest of trusted issuers, Certificate Authorities (CAs), and validators that a verifier application consults to determine if a content credential is trustworthy. It functions as the root of trust in the C2PA ecosystem. When a verifier encounters a signed manifest, it checks the signer's certificate against the trust list to see if the issuer is authorized. Without a trust list, a verifier has no basis to distinguish a legitimate photojournalist's signature from a bad actor's self-signed certificate. Trust lists are typically distributed as signed JSON Web Token (JWT) or similar structures and are updated periodically to add new members or revoke compromised ones.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.