Skip to content
NORA
Canon v0.1.0 · draft-rfc · CC0

A standard for reasoning artifacts that recipients can falsify without you.

Canon specifies the structure of a reasoning artifact — the file format, the field semantics, and the falsification protocol — such that any recipient, using only the artifact and ordinary network access, can verify or falsify it without any cooperation from the issuer.

Download spec · PDFCANON.md on GitHubJSON Schema
§2

The four-stage chain.

WWitness
What was observed
observations[]

Each observation carries a SHA-256 content hash. Retrievable inline or by reference. Re-hashing retrieved content must reproduce the declared hash.

FFindings
What was concluded
claims[]

Each claim declares its inference type — observation, deduction, induction, abduction, or compound — lists its supports, and enumerates its acknowledged gaps.

RRefutation
What was challenged
challenges[] · coverage.declined[]

The inventory of what was not attacked is required, not optional. Canon makes honest accounting of scope a first-class element.

SSeal
What was bound
seal.signature · chain_hash

RFC 8785 canonicalization, SHA-256 chain-hash, Ed25519 signature, publicly retrievable key. Any recipient can verify end-to-end.

§3

What Canon specifies. What it does not.

Canon defines the artifact. Everything else is out of scope — deliberately.
CANON.md §6
§4

Falsification protocol.

A recipient possessing an Attestation and ordinary network access performs seven steps to reach a definitive verdict:

  1. 01Fetch the public key. Verify its fingerprint matches seal.public_key_fingerprint.
  2. 02Verify the Ed25519 signature against the UTF-8 bytes of chain_hash.
  3. 03Recompute chain_hash by re-serializing without seal per RFC 8785, then SHA-256.
  4. 04For every witness entry, retrieve the content, re-hash, compare.
  5. 05Confirm every claim's supports[] resolves. No circular references.
  6. 06Confirm every challenge's targets[] resolves.
  7. 07Review coverage.declined[]. Apply the recipient's own judgement to the stated scope of un-challenged material.
Try it · §4 verifier · runs in your browserOpen full verifier →

If any of steps 1–6 fail, the Attestation is invalid — structurally, cryptographically, or referentially — regardless of appearance. Step 7 is the recipient's substantive judgement. Canon requires that the honest inventory be present, not that the recipient find it acceptable.

§5

Versioning discipline.

Canon follows semantic versioning. MAJOR bumps break wire-compat; MINOR adds optional fields; PATCH fixes wording without changing semantics. Every bump ships with a signed amendment record.

0.1.0 · draft-rfc
  • +Stabilize the four-function chain (W·F·R·S)
  • +Require coverage.declined[] inventory in §3.4
  • +Add seven-step falsification protocol (§4)
  • -Drop optional 'sketch' inference type
  • +Codify RFC 8785 canonicalization for chain_hash
0.0.3
  • +Initial public draft of Refutation block
  • +Ed25519 selected over P-256 for seal signatures
§6

Implementers · verifier registry.

Independent verifiers that conform to §4 and pass the conformance test vectors are listed in the public registry below. The registry is maintained by NORA Foundation but its entries are open to any implementation, in any language, under any licence.

Registry · 0 entries

First implementation lands soon.

The reference verifier ships with Meridian. We are funding two independent third-party implementations (Python and Rust) and will list them here on registration.

Become an implementer →
Implementation-neutral

Any implementation — NORA itself, a competing verifier, or a recipient's own validator — may read or emit Attestations conforming to Canon without permission. The specification is dedicated to the public domain under CC0 1.0 Universal. Amendments are proposed via pull request and must preserve the constitutional guarantees: public inspectability, falsifiability without the issuer's cooperation, binary attestation status, and integrity of the four-function chain.

Meridian is the reference implementation of Canon. Building something else that emits or verifies Canon attestations? We'd love to hear about it — open a discussion on GitHub.

Help bring Canon to v1.0.

Draft-rfc is open for amendment. We welcome specification review, verifier implementations in new languages, and adversarial analysis of the protocol.

Contribute to the spec →Support the work