Network Working Group Q. Tao Internet-Draft Independent Researcher Intended status: Informational 30 March 2025 Expires: 1 October 2025 HGCP: A Voluntary Signing Framework for Human Expression in the Age of AI draft-taoqiwen-hgcp-00 Abstract In an era where AI-generated content has become indistinguishable from human writing, the Human-Generated Content Protocol (HGCP) proposes a voluntary signing framework that enables human authors to take responsibility for their expressions. Instead of relying on probabilistic detection methods or enforcing centralized identity, HGCP encourages a simple yet powerful act: a signer publicly declares responsibility for authored content through a structured signature block. The protocol is platform-neutral, supports both real-name and anonymous identities, and prioritizes transparency, accountability, and human agency. HGCP defines minimal signature structures, integration suggestions for platforms and tools, and philosophical guidance for fostering expression trust in an increasingly synthetic information ecosystem. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-taoqiwen-hgcp/. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Tao Expires 1 October 2025 [Page 1] Internet-Draft HGCP March 2025 This Internet-Draft will expire on 1 October 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. The Problem of Expression Trust . . . . . . . . . . . . . . . 3 3. The Philosophy of HGCP: Responsibility Over Provenance . . . 4 4. Signature Declaration Structure . . . . . . . . . . . . . . . 5 5. Identity Types and Trust Levels . . . . . . . . . . . . . . . 7 5.1. Statement Responsibility Levels . . . . . . . . . . . . . 7 6. Platform and Tool Integration Suggestions . . . . . . . . . . 8 7. Social and Ethical Considerations . . . . . . . . . . . . . . 9 8. Example Use Cases . . . . . . . . . . . . . . . . . . . . . . 10 8.1. Personal Blogs and Essays (identity_type: pseudonymous, statement_level: HGCP-H) . . . . . . . . . . . . . . . . 10 8.2. Social Media Discussion (identity_type: anonymous, statement_level: HGCP-H) . . . . . . . . . . . . . . . . 10 8.3. Academic or Scientific Blog Summary (identity_type: real-name, statement_level: HGCP-C) . . . . . . . . . . . 11 8.4. AI-Assisted Script Writing (identity_type: human+ai, statement_level: HGCP-H+AI) . . . . . . . . . . . . . . . 11 8.5. AI-Generated Content Disclosure (identity_type: ai, statement_level: HGCP-AI) . . . . . . . . . . . . . . . . 11 9. Criticisms and Responses . . . . . . . . . . . . . . . . . . 12 9.1. Criticism 1: “Signing doesn’t stop misinformation.” . . . 12 9.2. Criticism 2: “Malicious actors can sign too.” . . . . . . 12 9.3. Criticism 3: “Why not require real names?” . . . . . . . 12 10. Scope and Limits of Human Responsibility . . . . . . . . . . 12 11. Why We Need HGCP Now . . . . . . . . . . . . . . . . . . . . 13 12. Future Extensions and Evolving Use Cases . . . . . . . . . . 13 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 14. Security Considerations . . . . . . . . . . . . . . . . . . . 14 15. Informative References . . . . . . . . . . . . . . . . . . . 15 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 16 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 16 Tao Expires 1 October 2025 [Page 2] Internet-Draft HGCP March 2025 1. Introduction In the rapidly evolving digital world, a flood of content from countless sources fills our screens—much of it now automatically generated, indistinguishable, and detached from genuine human intent. As artificial intelligence becomes increasingly proficient at mimicking human expression, the boundary between real thought and algorithmic generation is becoming ever more blurred. The rise of AI-generated content brings tremendous opportunity, but it also presents a critical question: if we can no longer identify who wrote something, how can we trust it? The Human-Generated Content Protocol (HGCP) is proposed as a voluntary signing framework to address this issue. HGCP does not attempt to detect AI content through technical means; instead, it introduces a simple yet powerful idea: that a human author should be able to voluntarily declare, "This was written by me, and I take responsibility for it." HGCP is not a detection algorithm or classification tool. It is a social and ethical trust mechanism. It provides a standardized signing format that enables any publisher—across any platform and identity type—to assert authorship in a verifiable and human- responsible manner. HGCP is platform-neutral, identity-flexible, and supports both anonymous and real-name authors who wish to make their human expression distinguishable and trustworthy. HGCP is intentionally designed as a minimal core protocol—simple, declarative, and human-first. It does not attempt to encode all possible expression scenarios from the start. Instead, it offers a stable foundation that can evolve over time to support multi-signer declarations, partial claims, multimedia expressions, and richer trust semantics. 2. The Problem of Expression Trust The internet was originally built to foster human connection and communication. Yet in a world where content creation, duplication, and distribution approach zero cost, the origin of information has become increasingly obscured. We once relied on domain names, writing style, and user profiles to infer trustworthiness—but now, all of these can be simulated or spoofed by AI. We face a growing asymmetry: it is far easier to generate content than to verify its trust. This leads not only to an explosion of noise and manipulation but to a slow erosion of meaning itself. Readers hesitate to believe; authors hesitate to sign their work; platforms hesitate to take responsibility. Tao Expires 1 October 2025 [Page 3] Internet-Draft HGCP March 2025 Many recent solutions have focused on "AI detection"—using machine learning classifiers to guess whether a given text was written by an AI. These tools are inherently probabilistic, easily evaded, and perpetually behind in the arms race of model advancement. The more essential question is not "Was this written by an AI?", but rather: "Is someone willing to take human responsibility for having said this?" HGCP addresses this deeper layer: the level of expression responsibility. It introduces a new kind of signal—not derived from how content was generated, but from whether someone is willing to stand behind it. In doing so, trust becomes not a passive inference but an active, verifiable commitment. 3. The Philosophy of HGCP: Responsibility Over Provenance The core idea of HGCP is not to verify originality, authorship, or human origin of content—but to offer a voluntary, structured mechanism for a person to take public responsibility for their expression. Whereas most classification systems ask "Who wrote this?", HGCP invites a more meaningful question: "Are you willing to claim this expression as your own?" Signing under HGCP does not imply that the content is accurate, high- quality, or original. It simply affirms: "I am a human being, and I am publicly acknowledging that I wrote this." This makes HGCP signing a social gesture rather than a technical classification. It is not about improving detection precision, but about restoring the most basic principle of communication: to speak is to bear responsibility. HGCP is not anti-AI. It does not forbid AI-assisted writing. Its purpose is not to exclude AI, but to identify human intent and responsibility. Even if a human uses AI to assist, as long as they willingly sign, they are taking responsibility as a human. HGCP is an open framework. It does not restrict what tools you use; it only asks whether you are willing to sign. It does not judge your expertise; it only values your readiness to be held accountable. This voluntary human claim becomes the root signal of trust in HGCP. Tao Expires 1 October 2025 [Page 4] Internet-Draft HGCP March 2025 4. Signature Declaration Structure HGCP recommends that any author willing to assume responsibility for their expression include a standardized signature declaration when publishing content. The declaration should contain the following elements: Required Fields: signer_id: A pen name, public key fingerprint, platform username, or other verifiable identity reference (RFC 9580 [RFC9580] OpenPGP fingerprints recommended) timestamp: A UTC timestamp indicating when the signature was made (preferably in [RFC3339] format) content_hash: A cryptographic digest of the original text using a standard hash function (SHA-256 recommended, as defined in [RFC6234]) hgcp_version: A required version field to indicate which version of the HGCP signature structure is being used (e.g., "0.2"). This helps ensure future compatibility as the protocol evolves. declaration: A clear statement of responsibility, e.g., "I affirm that the above content was written by me and I accept responsibility for it." Optional Fields: tools_used: If any tools (AI assistants, grammar correctors, translation engines) were involved, list them transparently identity_type: e.g., real-name, anonymous, pseudonymous, organizational revocability: Whether the signature can be withdrawn or the content edited. Suggested standard values include: - immutable - editable-until-locked - time-limited-editable - revocable-with-proof id_format: e.g., "GitHub username", "PGP fingerprint", "platform alias" Example Signature (Markdown): Tao Expires 1 October 2025 [Page 5] Internet-Draft HGCP March 2025 Author: Tao Qiwen Timestamp: 2025-03-29T14:22Z HGCP Version: 0.2 ID Type: anonymous Tools Used: ChatGPT + manual edits Content Hash (SHA-256, base64): aGVsbG8sIHdvcmxk... Revocability: editable-until-locked Declaration: I confirm that the above content was published by me, and I take responsibility as a human author. Example HGCP Signature (JSON, v0.1): { "signer_id": "qiwen2025", "id_type": "anonymous", "timestamp": "2025-03-29T14:22Z", "hgcp_version": "0.2", "content_hash": "a732c8dffe34aabbcc...", "tools_used": ["ChatGPT", "Notion AI"], "revocability": "editable-until-locked", "declaration": "I confirm that the above content was published by me, and I take responsibility as a human author." } Optional (PGP Signature): "gpg_signature": "-----BEGIN PGP SIGNATURE-----\n...\n-----END PGP SIGNATURE-----" HGCP signatures are versioned to ensure clarity, compatibility, and future evolution. The hgcp_version field in the signature block indicates which structure is used. * *v0.1*: Basic HGCP signature, including signer ID, timestamp, content hash, and a declaration. Suitable for human-readable contexts (e.g., Markdown). * *v0.2*: Adds optional cryptographic signing (e.g., PGP) for enhanced verification. Fully backward-compatible with v0.1. "hgcp_version": "0.2" The version number refers to the signature structure specification, not the tool version or software implementation. Future versions may include DID bindings, cross-platform trust references, or encrypted metadata. Tao Expires 1 October 2025 [Page 6] Internet-Draft HGCP March 2025 5. Identity Types and Trust Levels HGCP does not require real-name identification, but encourages the use of consistent and interpretable identity labels. Each identity_type is associated with a general trust signal, though long- term behavior and signing consistency are more important than any single declaration. *Identity Types and Suggested Trust Levels* *human* A human author who signs and takes responsibility. *Trust Level:* High *human+ai* A human-led expression with AI assistance. *Trust Level:* Medium-High *organization* A collective statement signed on behalf of an entity. *Trust Level:* Medium *anonymous* An identity with no disclosed name but consistent signing history. *Trust Level:* Medium *ai* Clearly labeled as AI-generated, signature for transparency only. *Trust Level:* Low Even anonymous users may build trust over time through persistent and verifiable signing behavior. Platforms may choose to highlight signer identity history to assist readers in evaluating context. 5.1. Statement Responsibility Levels The statement_level field reflects how the signer claims responsibility for the content. It does not attempt to verify authorship origin, but instead signals how the signer relates to the text and its expression. *Statement Levels and Their Meanings* *HGCP-H* Human-only authored, signer claims full responsibility _Use Case:_ Essays, personal writings *HGCP-H+AI* Tao Expires 1 October 2025 [Page 7] Internet-Draft HGCP March 2025 Human-led with AI assistance, signer reviews and owns final version _Use Case:_ Blogs, mixed content *HGCP-O* Statement signed on behalf of an organization _Use Case:_ Press releases, company updates *HGCP-AI* AI-generated content, signed only for transparency _Use Case:_ Automated posts, system replies *HGCP-C* Curated or reinterpreted content, signer takes responsibility for context and presentation _Use Case:_ Compilations, summaries, quoted content Platforms and readers may interpret these statement levels in combination with identity and signing history to infer credibility or accountability. HGCP does not enforce strict verification, but rather enables visible patterns of declared responsibility. ###Trust is Accumulated Through Behavior HGCP emphasizes the act of voluntarily claiming responsibility, not the technical origin of the content. Repeated, consistent, and transparent signing behavior is more meaningful than a single signature. Platforms are encouraged to experiment with trust scoring systems based on: * Identity stability * Revocation or editing history * Contradiction or refutation patterns * Peer endorsement or community validation 6. Platform and Tool Integration Suggestions HGCP is platform-neutral and decentralized, but content platforms, publishing tools, and browser extensions are encouraged to integrate HGCP through the following actions: For content platforms: Provide HGCP signing support (e.g., auto-generate timestamp, content hash, signature block) Tao Expires 1 October 2025 [Page 8] Internet-Draft HGCP March 2025 Visibly display signature declarations and identity type Offer exportable signature metadata (e.g., JSON-LD) Provide "verify signature" buttons for end users Allow flagging or auditing of forged or misleading signatures For authoring tools: Markdown/word editors can embed HGCP plugins for local signing AI-assisted writing apps should encourage users to optionally sign with responsibility Publishing interfaces should invite voluntary HGCP signing at submission time For reader tools and plugins: Browser extensions can detect and visually mark HGCP-signed content Enable readers to view signer reputation, signature validity, and signing history 7. Social and Ethical Considerations HGCP is not a replacement for content governance, but a voluntary signal system designed to restore visibility to human-authored expressions in an increasingly hybrid content landscape. HGCP does NOT: Detect AI content or act as an AI classifier Track real identities or force doxxing Judge truth, originality, or value of signed content Restrict unsigned content from being published HGCP DOES protect: Anonymous authors’ right to claim authorship Signers’ right to choose their identity level The right to revoke, edit, or update signed content Tao Expires 1 October 2025 [Page 9] Internet-Draft HGCP March 2025 Each platform’s autonomy in adapting or extending HGCP support HGCP offers a decentralized path to expression accountability—not by censorship, but by providing those who want to be recognized and trusted the ability to do so. 8. Example Use Cases HGCP is platform-neutral and supports a wide spectrum of content styles and identities. Each use case involves a signer voluntarily declaring both their identity context and expression responsibility. 8.1. Personal Blogs and Essays (identity_type: pseudonymous, statement_level: HGCP-H) A blogger writing longform essays under a pseudonym includes a signature at the end of each post. While the views may be subjective, the signer affirms personal responsibility for all content. { "signer_id": "silentvoice", "id_type": "pseudonymous", "statement_level": "HGCP-H", "timestamp": "2025-03-29T16:12Z", "tools_used": [], "declaration": "I wrote the above post entirely on my own and stand by it as a human author." } 8.2. Social Media Discussion (identity_type: anonymous, statement_level: HGCP-H) An anonymous user on a contentious Reddit thread wants to show that they are not a bot and take personal responsibility for their words. "This opinion is signed under HGCP. I take responsibility for this view as a human author." The signature metadata may look like: { "signer_id": "anon321", "id_type": "anonymous", "statement_level": "HGCP-H", "timestamp": "2025-03-29T17:35Z", "tools_used": [], "declaration": "I stand by this statement as an individual human participant in this conversation." } Tao Expires 1 October 2025 [Page 10] Internet-Draft HGCP March 2025 8.3. Academic or Scientific Blog Summary (identity_type: real-name, statement_level: HGCP-C) A university researcher summarizes a recent paper from another lab and posts it to their department blog. While they didn't generate the original content, they take responsibility for the summary. { "signer_id": "dr.lin", "id_type": "real-name", "statement_level": "HGCP-C", "timestamp": "2025-03-29T19:12Z", "tools_used": ["Notion", "Grammarly"], "declaration": "This post is my own summary of a published paper. While I did not author the original, I take responsibility for this interpretation and presentation." } 8.4. AI-Assisted Script Writing (identity_type: human+ai, statement_level: HGCP-H+AI) A YouTube creator uses ChatGPT to help draft a video script. They edit, restructure, and rewrite sections before publication. { "signer_id": "creatorzone", "id_type": "human+ai", "statement_level": "HGCP-H+AI", "timestamp": "2025-03-29T21:05Z", "tools_used": ["ChatGPT", "DeepL", "Grammarly"], "declaration": "This script was generated with AI assistance, but I have reviewed and edited the final version and take human responsibility for it." } 8.5. AI-Generated Content Disclosure (identity_type: ai, statement_level: HGCP-AI) A system-generated bot post discloses that it is not written by a human, but still includes HGCP metadata for transparency and traceability. { "signer_id": "autosummary-bot", "id_type": "ai", "statement_level": "HGCP-AI", "timestamp": "2025-03-29T23:00Z", "tools_used": ["Custom NLP Pipeline"], "declaration": "This content was automatically generated by a bot and is signed for transparency purposes only." } These examples demonstrate how HGCP enables a wide range of expressive behaviors, from pseudonymous essays to AI-generated system messages. By combining identity_type, statement_level, and an explicit declaration, HGCP makes the nature of authorship visible, responsibility claimable, and trust interpretable. Tao Expires 1 October 2025 [Page 11] Internet-Draft HGCP March 2025 9. Criticisms and Responses As a voluntary protocol, HGCP is not without its skeptics. Below are common concerns and clarifications to address them: 9.1. Criticism 1: “Signing doesn’t stop misinformation.” *Response:* Correct. HGCP is not a fact-checking mechanism or a tool for moderating content. It exists to signal that a human is willing to be associated with and take responsibility for the expression—regardless of whether others agree with it. 9.2. Criticism 2: “Malicious actors can sign too.” *Response:* HGCP does not prevent bad-faith actors from signing. However, consistent signing behavior creates a trackable pattern, enabling communities to build reputation graphs over time. Persistent abuse can be observed, flagged, and judged accordingly. 9.3. Criticism 3: “Why not require real names?” *Response:* HGCP protects the right to pseudonymous and anonymous expression. Real-name identification is not always safe, especially in authoritarian contexts. Responsibility can still be claimed meaningfully without revealing legal identities. HGCP emphasizes *voluntary, transparent, and repeatable* expression behavior. It complements—but does not replace—legal, social, or technical forms of accountability. 10. Scope and Limits of Human Responsibility HGCP affirms an ethical gesture of responsibility, but it is not a legal instrument. Signing indicates that the author: * Is human (or self-identifies as such), * Chooses to claim the expression, * Accepts the social consequences of that claim. However, the scope of “responsibility” should be clearly understood: * HGCP *does not confer legal liability* unless enforced by separate legal agreements or jurisdictions. Tao Expires 1 October 2025 [Page 12] Internet-Draft HGCP March 2025 * HGCP *does not guarantee truth, originality, or moral correctness*. * HGCP *does allow for revocation*, and platforms may record and display revocation histories transparently. Over time, frequent revocations or inconsistency in signing behavior may reduce the perceived trustworthiness of a signer. Platforms and readers are encouraged to interpret such patterns thoughtfully. HGCP serves as a *signal*, not a sentence. It is a flag of presence—not proof of virtue. 11. Why We Need HGCP Now In an era where synthetic content floods our screens and truth feels elusive, what we are losing is not just facts—but responsibility. Expression has never merely been about information. It is about standing behind what one says. HGCP is a quiet signal. It is not a firewall or detection tool, but a torch, held by those willing to say: "This is what I said. And I am willing to be remembered for it." Those who sign are not necessarily perfect, but they are present. They are not hiding. They are accountable. HGCP does not aim to stop AI, nor does it attempt to verify the origin or value of content. Instead, it offers a decentralized and consistent way for humans to voluntarily claim authorship and responsibility. Just as HTTPS creates trust in communication, HGCP creates trust in expression—not by policing the source, but by making visible those who choose to stand behind their words. In an age of artificial voice, those who remain human by choice will be trusted first. 12. Future Extensions and Evolving Use Cases HGCP is deliberately minimal by design. Its current version focuses on text-based, single-signer declarations of human responsibility. However, real-world content and trust environments are far more diverse. Future protocol versions may support: Tao Expires 1 October 2025 [Page 13] Internet-Draft HGCP March 2025 * Multi-signer declarations (e.g., co-authorship, joint statements) * Partial responsibility claims (e.g., hybrid AI + human paragraph- level tags) * Multimedia content hashes (e.g., audio, image, or video signatures) * Publisher-declared AI content without human responsibility * Role-based identity claims (e.g., editor, translator, commentator) * Richer metadata for curatorial or interpretive context HGCP will evolve cautiously. Its core principle remains: responsibility, voluntarily claimed, should be visible and interpretable. Extensions should enhance this clarity—not dilute it. 13. IANA Considerations This document has no IANA actions. 14. Security Considerations HGCP does not introduce new network protocols or data exchange layers, and thus does not pose direct technical threats such as injection, eavesdropping, or man-in-the-middle attacks. However, it introduces indirect risks rooted in the potential misuse, manipulation, or misunderstanding of signature claims. These risks are primarily social and structural in nature, rather than cryptographic. Key risks include: Identity Impersonation and Signature Forgery In the absence of strong cryptographic validation (e.g., OpenPGP signatures), it is possible for malicious actors to forge HGCP-style declarations using arbitrary signer IDs. Platforms should support optional cryptographic signing or verified identity bindings (e.g., platform-verified accounts) to mitigate impersonation and provide trustworthy signature attribution. Mass Signature Automation (Sybil Attacks) Without rate limits or identity constraints, attackers could mass- generate AI content paired with fabricated signature blocks to simulate trustworthiness at scale. This undermines the value of Tao Expires 1 October 2025 [Page 14] Internet-Draft HGCP March 2025 human-authored declarations. To address this, platforms may implement frequency controls, account reputation checks, or trust graphs to detect and contain such behavior. Content Hash Evasion through Minimal Edits HGCP relies on cryptographic content hashes to bind declarations to content. Yet even trivial edits (e.g., changing a space or emoji) produce a different hash, potentially allowing near-identical but unsigned derivatives to circulate unchallenged. Platforms are encouraged to store content snapshots alongside signatures, or explore fuzzy hashing techniques to detect close variants of signed material. Revocation Abuse and Responsibility Avoidance HGCP supports revocable or editable signature declarations, which can enhance flexibility—but also invite strategic denial or erasure of public statements. To preserve accountability, platforms should retain and display signature histories, including revocation timestamps, and clearly indicate whether a signed expression has been withdrawn or altered post-publication. Lack of Native Trust Scoring or Validation Layer HGCP intentionally avoids enforcing a centralized trust model. While this encourages openness, it also requires platforms and communities to build supplementary mechanisms for evaluating signer credibility, such as reputation systems, signature consistency tracking, or peer endorsement. Transparency in how these trust layers are constructed is essential to avoid unintended bias or exclusion. Ultimately, HGCP’s effectiveness hinges not on cryptographic certainty, but on the visible willingness of authors to claim responsibility and the surrounding ecosystem’s support for interpretation, verification, and dispute resolution. It is a voluntary, human-centered protocol—its security lies in participation, not enforcement. 15. Informative References [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, . Tao Expires 1 October 2025 [Page 15] Internet-Draft HGCP March 2025 [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487/RFC6234, May 2011, . [RFC9580] Wouters, P., Ed., Huigens, D., Winter, J., and Y. Niibe, "OpenPGP", RFC 9580, DOI 10.17487/RFC9580, July 2024, . Acknowledgments This document was initially drafted using ChatGPT (OpenAI), and subsequently edited and approved by the human signer. The signer acknowledges responsibility for the final content. Author's Address Qiwen Tao Independent Researcher Email: natureconservation@yeah.net Tao Expires 1 October 2025 [Page 16]