Method for identifying an "authentic" version of an epub

[liisamk]

As a Reader, Author, Publisher or Digital Seller, I would benefit from a way to ensure that the edition of the epub that I have purchased and is being made available is the authentic one that was released for this particular title, author and rights so that I have the reading experience that the author intended.

Currently, there are many instances in the reading ecosystem where inauthentic versions based on stolen content are being made available through self-publishing outlets in order to facilitate passive income for parties other than the author and publisher.

The reading experiences for these counterfeit editions are often poor because CSS has been stripped and other formatting altered in order to get whatever automation is included in ingestion to not be aware of the duplication of content.

If there was a way that everyone in the supply chain could know a file to be an authentic edition, it would go a long way towards slowing down this proliferation of counterfeit material that is confusing to readers and authors.

[eshellman]

There are are a number of approaches to this - public key digital signatures for example, but they all share a fundamental weakness. While it's simple to create a method to identify an "authentic" edition, the ability to determine whether something is "fake" is dependent on the universality of the authentication method.

Not sure whether https://www.w3.org/publishing/epub3/epub-ocf.html#sec-container-metainf-signatures.xml is ever used.