# Verification — where the name comes from

TSL8 is short for *tessellate*, but that's the cover story. The real name comes from the verification step.

When a TSL8 arrives, the recipient needs to know one thing before they spend a minute on it: **this is safe, because it came from a person I know, who controls this LinkedIn.** Not a stranger, not a spoof, not a cold pitch laundered through an AI. A person whose identity is verifiable in the way identities are verifiable in 2025 — public profile, public work history, continuity of voice across a public record.

## What the verification block contains

Every TSL8 carries, at the top:

- **Sender.** Plain-text name.
- **Verified by.** A public identity the recipient can cross-reference in ten seconds. LinkedIn is the default. GitHub, a personal domain, or a public work history on an org site also work.
- **Source chain.** Where the raw material came from. An email the sender wrote on a specific date. A voice memo. A Google Doc. A Reddit post. The crew does not invent content; it shapes what the sender already wrote.
- **Crew permission.** A single line: "The crew may read the sender's public LinkedIn with permission, to know who it is speaking to." This is opt-in per TSL8, not a global setting.

## Why LinkedIn

Not because LinkedIn is good. Because it is the thinnest available **shared public identity layer** that most professional recipients already trust at the level TSL8 needs — "is this person real, do they do roughly the kind of work they say they do, does their posting history look like a person and not a bot."

A sender can substitute a personal domain (`tom.example.com/about`), a verified GitHub profile, or an organization page. The contract is: *the recipient can confirm the sender is a continuous public person in under a minute, without clicking past a login wall.*

## Why the crew reads it

Because when the recipient asks "who is this guy," the crew needs to answer. And the answer should be accurate, bounded, and honest: *here is what the public LinkedIn says; here is what I don't know; here is where to check for yourself.*

The crew does not claim information it doesn't have. If LinkedIn says five years at Company X, the crew says five years at Company X. If LinkedIn is thin, the crew says LinkedIn is thin.

## The handshake — how a sender gets verified

Verification works like DNS domain-control proof. You don't upload a scan of your passport. You prove that you control the public identity you're claiming.

1. **Claim.** The sender arrives at tsl8.app and claims a public identity — e.g. `linkedin.com/in/tellsworth`. (Personal domain, GitHub, and org page work the same way; LinkedIn is the default.)
2. **Mint.** TSL8 issues a short, human-legible proof token: `TSL8:ring-trex-lint`. Three random dictionary words, namespaced.
3. **Publish.** The sender places the token somewhere visible on the claimed profile — the About section, a pinned post, a GitHub profile README, a `/.well-known/tsl8` file on their domain. Anywhere a person clicking through can see it.
4. **Check.** The sender clicks "verify." TSL8 fetches the public profile, looks for the token, confirms.
5. **Verified.** The sender can now mint TSL8s. The token can be removed from the profile afterward; the claim persists because control was proven once.

This is the same contract as proving you own a domain before issuing a TLS certificate, or verifying a GitHub org before unlocking SSO. No scraping, no data harvest, no handshake with LinkedIn's API. The sender does the work of placing a string on a public page the sender already controls. TSL8 just reads it.

## The asymmetry — verified to create and reply, not to read

This is the quiet design principle that makes the format work:

- **Reading a TSL8 requires nothing.** No signup, no email, no account. A recipient opens a link and reads.
- **Creating a TSL8 requires verification.** Senders prove identity before they can mint an envelope with their name on it.
- **Replying to a TSL8 requires verification.** A reader who wants to push back in writing steps through the same handshake — claim a profile, paste a token, verify.

The asymmetry is the spam filter. Readers aren't stopped by anything, which is why a TSL8 can spread freely. Writers pay a one-time cost in proving who they are, which is why what circulates inside the format tends to be signed by real people with continuous public records.

## The recipient side — engaging without being surveilled

When a recipient decides they want to talk to the crew or write a reply, there's a second, smaller handshake:

1. **Ask.** The recipient says, in effect, *I am Priya Nair, here is my LinkedIn.*
2. **Consent.** The crew asks for permission to read the recipient's public profile — once, for the duration of this conversation only — so it can know who it is speaking to.
3. **Read.** If the recipient consents, the crew reads the public profile. It uses what it finds to ground the conversation: *you're at a fund that does multifamily; you're the right person to push on the coalition question; you've reviewed three proposals like this before.* If the recipient declines, the conversation continues without it — the crew just doesn't have context.

This is what makes the first exchange feel like two people who have done their homework, rather than a cold pitch and a polite stranger. Both sides know something about who they're talking to, because both sides have volunteered it.

## Novel bits worth naming

Two parts of this flow aren't in the usual verified-identity toolkit, and both are load-bearing:

**Links expire after a full AI interaction, not after a click.** A standard short-link dies after N days or never. A TSL8 link dies after the conversation with the crew completes — the recipient has asked their questions, gotten their answers, decided whether to reply. The link "spends itself" on a real exchange, not on a pageview. This lets a sender distribute freely (the cost is one meaningful conversation per token, not one view per token) and prevents a single link from being forwarded infinitely to non-recipients. The expiration is a natural consequence of the exchange, not a surveillance timer.

**Verification is mutual and scoped per-document.** The sender proves who they are once, globally. The recipient opts in per TSL8, only for that conversation. No one accumulates a profile across documents. The crew knows who it's talking to for ninety seconds, then it doesn't.

## Building this — an honest bootstrap

A full implementation needs: identity claim + token minting, public-profile fetch for the claim check, minting and tracking of TSL8 URLs and QR codes, a consent-gated profile read for recipients, and an expiration mechanism tied to conversation completion.

A reasonable shortcut to skip the fragile part first: **let verified senders upload the LinkedIn data-export archive** to seed their profile. LinkedIn gives every user a downloadable archive of their own data. Accepting that archive as the initial profile source has three good properties:

- **No scraping, no API dependency.** TSL8 never touches LinkedIn's servers. The user brings the data themselves.
- **The user already consented.** They exported it.
- **It's a real proof of control.** Only the account owner can generate that archive.

From there, the public-profile handshake (token on the live profile) becomes the ongoing check — the archive seeds the profile; the token proves the account is still under the sender's control today. This lets the format launch without a LinkedIn partnership, and sidesteps the Bluesky-style "we need open APIs" dependency until it's worth negotiating.

## What the recipient can opt out of

Everything. The crew can be declined. The verification block can be read and the recipient can close the tab. No tracking, no "Tom has read your reply." The TSL8 is a letter, not a pixel.

## The name, plainly

We named it after the verification step because the verification step is what makes the rest of it possible. Without it, the crew is a stranger with a pitch. With it, the crew is working on behalf of someone the recipient has already agreed to hear out for ninety seconds.

Tessellate is the shape. Verification is the foundation.