Certificates of Authenticity
For as long as we have had material “things” people have made replicas of those things and tried to pass them off as originals for fun, profit or both. This is especially true in a world awash in generative AI, high-resolution cameras, cheap manufacturing and industrialized FOMO (“fear of missing out”). It is the world we live in now.
“Certificates of authenticity” are a long-standing practice in the art world, particularly for works produced in multiples. They are, typically, a signed statement asserting the “authenticity” of a work; in effect a kind of hedge against forgeries. If you can produce a certificate of authenticity it bolsters your claim that the work in your possession is the “real thing.” Did you notice the way I glossed over the problem of having a forged certificate of authenticity or a valid certificate and a forged work? That is the world we have always lived in, just more so now.
Or This… uses public/private key cryptography and digital signatures to produce verifiable certificates of authenticity for each jacket. You would be forgiven for thinking that's kind of dull but this is the plumbing which makes that verifiability possible. The details of how this works are explained below.
These certificates may also include either the email address or the public key of the individual purchasing the jacket to further customize the certificate. Including an email address in a certificate provides a low-cost means of asserting that the certificate represents you. Including a public encryption key in a certificate provides a more secure, but higher-cost, means of doing the same thing. But, again, neither are physically (or cosmically) linked to the jacket itself and the benefits of sewing the contents of either an email or a public key -based certificate in to the lining of a jacket are quickly outweighed by the privacy concerns.
Because a counterfeiter could just as easily include any email address or public key in a jacket the only way to verify them would be for us (Or This…) to publish them on our website. That would, in effect, broadcast people’s private information and/or their purchasing habits to the entire world. At a minimum that would be creepy so we won’t do that. Further, publishing those identifiers online provides everything a counterfeiter needs to produce a good-enough-is-perfect replica and on and on it goes.
At the end of the day it’s a jacket. We hope the certificate of authenticity offers some guarantees, or comfort, if you need to treat it as a financial asset but, mostly, we hope you just enjoy wearing it.
How it works:
Note: Setting up and configuring your own public/private encryption keys, is outside the scope of this document. Or This… uses the GNU Privacy Guard (GPG) application which is available for all major operating systems. The GPG website has comprehensive documentation but it is technical in nature. It’s not “hard” so much as “fiddly” which, on bad days, can easily be misinterpreted as “complicated”. If you don’t want to set up encryption keys but would like to personalize your certificate then the best option is to request that your email address be included in the certificate’s text.
1. For every jacket design a new public/private encryption key-pair is produced, using the GPG application. The public key is published to the Or This… shop website and that page is archived in the Internet Archive’s Wayback Machine.
2. Each individual jacket produced receives a unique identifier (an “artisanal integer”). If you would like that identifier to be added (by hand) to the jacket's label tag please indicate that in the notes field at checkout.
3. By default every jacket will ship with a printed certificate stating that “This is Or This... jacket #{IDENTIFIER} associated with {JACKET_URL} and order ID {ORDER_ID}.” followed by a digital signature, created using the jacket design’s private key. We will also include a printed copy of the jacket’s public key which can be used to verify the signature in the certificate.
4. At checkout time, you may explicitly request a personalized statement in the certificate that includes the email address you used to complete the order which will read: “This is jacket #{IDENTIFIER} associated with {JACKET_URL} and order ID {ORDER_ID}. It belongs to {EMAIL_ADDRESS}.” This request MUST be included in the notes field of the checkout form.
5. At checkout time, you may explicitly request a personalized statement in the certificate to include a GPG public key which will read: “This is jacket #{IDENTIFIER} associated with {JACKET_URL} and order ID {ORDER_ID}. It belongs to the person identified by the public key below: {PUBLIC_KEY}” This request and the public key MUST be included in the notes field of the checkout form.
6. When the last jacket is sold the private key associated with that jacket’s design will be destroyed. This assures that no more certificates for that jacket can be produced (unless, unlikely as it is, the private key and the password protecting it, are stolen).
Note: In the examples above, {IDENTIFIER}, {EMAIL_ADDRESS}, {JACKET_URL}, {ORDER_ID} and {PUBLIC_KEY} are placeholders for the actual jacket ID, the email address you completed the order with, the URL of the jacket design you ordered, the ID of the order itself and the purchaser’s public encryption key respectively.
Providing your own public encryption key is the most robust form of certifying ownership in the sense that you are, presumably, the only person who knows the corresponding private key. That private key can the be used to produce, and sign, an independent message in order to validate the (public) key identified in the certificate of authenticity. In an ideal world we might request that a purchaser include not just their public encryption key when they place an order but also an encrypted message requesting the purchase, signed with their private key. We don’t require that today because, honestly, the current setup is complicated enough as it is.
All of this allows you to resell a jacket to a third party by creating and signing (using their private key) a new document including the original certificate of authenticity and a declaration stating the jacket now belongs to the third party’s public GPG key. This in effect creates a chain of custody that can be cryptographically validated. Congratulations, now you understand how blockchains work!
In principle it would also provide a way for Or This… to take a cut of that transaction by issuing its own signed declaration confirming the transaction between the original purchaser and the new buyer. This only works if you believe that there is implicit value in the chain of custody being validated by Or This… Congratulations, now you understand how capitalism works!
Until we decide otherwise Or This… is NOT in the business of validating (and profiting from) the resale of its jackets if for no other reason than, as stated above, the private key for a jacket’s design will eventually be destroyed and we wouldn’t be able to sign a resale statement even if we wanted to.
If all this sound a bit like NFTs (non-fungible tokens) which were all the rage a few years ago it’s because everything described above is basically how NFTs work. The difference is that NFTs add many layers of complexity which come with very real financial risks and environmental costs yielding little to no additional benefit. Certainly not in the case of trying to assert the authenticity of a jacket.
If all this sound like the whole thing is a joke it’s not but the fact that it could be only serves to reinforce some larger questions about how we assign value and measure worth. It is important to remember that there is no intrinsic bond between the jacket you receive and its certificate of authority. One is a jacket and the other is a piece of paper. In a world of cheap and ubiquitous reproduction either could be duplicated.
Further reading:
“NFTs Weren’t Supposed to End Like This”, Anil Dash – https://www.theatlantic.com/ideas/archive/2021/04/nfts-werent-supposed-end-like/618488/
“Digital artists' post-bubble hopes for NFTs don't need a blockchain”, Molly White – https://blog.mollywhite.net/digital-artists-post-bubble-hopes-for-nfts-dont-need-a-blockchain/