IETF Logo Mail Archive

[urn] Re: Registration for `c2pa` URN

Leonard Rosenthol <lrosenth@adobe.com> Thu, 01 August 2024 18:59 UTC

Return-Path: <lrosenth@adobe.com>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DED5C151531 for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 11:59:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.152
X-Spam-Level:
X-Spam-Status: No, score=-2.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eyWORcEVswdR for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 11:59:01 -0700 (PDT)
Received: from CH1PR05CU001.outbound.protection.outlook.com (mail-northcentralusazon11010030.outbound.protection.outlook.com [52.101.193.30]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61DF0C19ECB6 for <urn@ietf.org>; Thu, 1 Aug 2024 11:59:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HxDtbQrZN1GCefAIz1Zuc3mcr/+FgDPlHuA9VeGU9JYGjasIhgHqEZCegzWkUwMO3XFmHKyhvkrHb5wLR3VG2s0D9dr+YeN92JBfu0PZhpNP6JXAICqh7B33DSpfoLvODniQS+xoVaRW78jrJuNr7NHtZ19Mr6BAWyjDTvg0VzcLfcCUvleShyNCzRJyffIUBf7neFZcUbxnnQtLg3zuFvwpocujUrl7AM1tDYPgKwL2EAmbKWCOaImH539vz0ZsJX5eesNlg2FlaYU/Q3MZjLgVvcOVFn2X3tFiJKuDu7OARCjzewZZsAJ6akkBO0mPVVpBwG2DYDmtyN3ysWaDxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LCfiHopJ0N3BSvOq0cF9PDfcc7fe+xhz/J0gFv39WF0=; b=e8lY2Pvw+QS9F2U+oO7iVQZ4ibBdEmW2WaOGEy1CEu1q2xN4EVfvQWjzAL87n/9OBfGRyon9g2Uanf9nuHZztHnOcIGu4+pDmNUVa6l6ctSPUOrQjZnjZ0kaiFRSGIINIe9+bINzJpkoupmX0RDS14qrs8xWa5+dbIL5ffp+LsEFDTN7Lvm+yHrcJzKKV35V9P9Oy0G6UCYjsZZc6zcgYtYFT8fTFwIgr7Adc+cAe5a5HP9zGEp+MUChchcCpY5rWgoD0O9KBRzv3TBNzrsIgT5pD+ve5StE6a+k9t65M4NEc1LKLWVwb6421L8kuuHDl+aqUaE19BZy46Fb0Q9ocQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adobe.com; dmarc=pass action=none header.from=adobe.com; dkim=pass header.d=adobe.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LCfiHopJ0N3BSvOq0cF9PDfcc7fe+xhz/J0gFv39WF0=; b=v+7Moou/n+w/gpH/wIZw3TmLx+FEUIz2BheaCt19baDjsIiZ3Qibt7OvBzto6gzWymMEflliX32J+u6NBayAtM0HAh01B8PBHItpdnY0g66t2J7ymcE1wacVeQcpegAiVOLJKrfJS6j1rAvTnQeEHCyPVilV4FwTcLhlbuS24f0=
Received: from DM8PR02MB8181.namprd02.prod.outlook.com (2603:10b6:8:a::14) by DS0PR02MB10687.namprd02.prod.outlook.com (2603:10b6:8:204::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.22; Thu, 1 Aug 2024 18:58:58 +0000
Received: from DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151]) by DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151%3]) with mapi id 15.20.7828.021; Thu, 1 Aug 2024 18:58:58 +0000
From: Leonard Rosenthol <lrosenth@adobe.com>
To: "Dale R. Worley" <worley@ariadne.com>
Thread-Topic: [urn] Registration for `c2pa` URN
Thread-Index: AQHa5D/ZikmMU02jZ0mWRdyKwZ1oLLISwQYG
Date: Thu, 01 Aug 2024 18:58:58 +0000
Message-ID: <DM8PR02MB8181D0D0CDB79E455004F32ECDB22@DM8PR02MB8181.namprd02.prod.outlook.com>
References: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com> (lrosenth=40adobe.com@dmarc.ietf.org) <87ttg4ayvi.fsf@hobgoblin.ariadne.com>
In-Reply-To: <87ttg4ayvi.fsf@hobgoblin.ariadne.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=adobe.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8PR02MB8181:EE_|DS0PR02MB10687:EE_
x-ms-office365-filtering-correlation-id: f1122c73-a51f-4e89-a460-08dcb25bffd9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: m+qSnTOulevoRjIpqS1Jhn3W0tUGKhm/lRMiRlqlWxCUmSWLozBPuKUDMDd+1Bk4iyBqP1ZahL1cEMgPel3Z5lavbmQKGd5QGPl3p0zJCg2GIrrcLdFg0kjoLJ6451UsM2OXcgHNjSl0Vq77BQ2Rwjr9HVm2ORVf/tCW3Y4d3KQ7S2O2W5VvZmPjj/O0s5SwDLLPhYmPeEpB43ReF4lEj525VEW67nioy9Nzfw5hSQihEZzS3NKcL6PBxM8ohO97FTZqy8eEUKQINRbygvVRo/lZtJglj3aQSpqKykL31yhmQ47Wj0ztSWu95YRh46qggr96SuMQKjKCb9EHo4nE1pgfUDVvswBllQenv2t059wppyUmbRwOqG5IvNDYyf5NUuoBWyXadtlK2YkaOLLnX+yyK2eT8aqsdCWl7/3BdP8/UqpuLYo5EIUeKxriw9VBarPSJn5VEFmC4MY233IuT/OSQeWC7JBw6Jk/dsgGzDuuIyzPI8yVWx6YVaVYftpMBoqV+VUkXkOXkr9lcw82c4msYja5mh6B7AjxipTRi6xVvg5xYOtopZpdMwMOAJUdpaQHc3zoEdw0Mw/aJ6vLc2DO3tGCcZvQfRWsZRrAnvVa6NE0Mmsyzkc5hgWi8cHoWclLBfT4aX55reN7Lh7NA0UfrWb2No7mWS2cS0ZWH4oMiXm7apdfq8QIBhhAqUvvfHtaNg1vBR97p6pe1+1z1bW9kgwTUj0c0jHsjaH5tumg8LzjTQNLnY00TVQexUNvDFQBZ/1gp97oyWg2UMRG9limij7a/bzDcP40N//bi+Y8VVgw00tGsIux34eFUezXayvsGU+aFScp5h4PqcRjMGLcE2+z8Ap2Re4+EWQKtZrFN9jOPG3kg9IjKIq6zzidn8hB2kbkVQIBMqrGEa+ysWwyOob5vVbwupU3PmpXROYK/JDQxloKJWGLZDpmvb07yoevVOVks9AfIp1QZwAIQeyNLthfXsZQ2JgOgYGNwzxgVrexPW+9Vw7labU6QR++8uw8isYSyZq+d1TiatdtuBgwxbZJUZA9sWawphMU8r6+S2kgx9R/7i5ewyYq8ARscx5AZjkwk/cETNO0iIlRhyu8EovKXjXbHOFCIaDV1+w8u/t43li4CmGpNNoUHKNIC0WkuwP/Upzv8GHV8cZyeMMrwrr4D65XPrKVPKvkTcZ+mfqlAASWgyiO1v305tpQH9wEUUMN4MnT69djtoQvp5zQefWSLX7YVfDLpWrwbEkA9TGiGUIZ6ILT+SOd/htSNGO5NYgzUzb/apSXvYS0akxbwAYA5fSX5ncfPzXGEYSNl0ezQVjVLW5rqWCPO2MGMRhQrpRqlvuPG7VXZU1qOmBBfZYJwGV93pvCQMLul0s=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM8PR02MB8181.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: lKOvBiv/8PAxEEuuX/211QzQx2M1ktR0zynYbA0Yr4/yfOkTl8LfQywgJr/h51IlQEdMfdzd1p5S5cvLlZTC3u42EVrc/1D9zPhy7vbR2yehxBP9l0c80SVjGD1uMkJmncaAW/5mZJ+jySAAS41aTj+azTUx8jgbXVTdJ0yYOw1neU9F8Za5Qc0ZvjqhbufEnS7TqYABvNAE6S8XCgZXL9qMpOpxwoecm7CascFBt10aWJXYlU65/0FfPaW67LxT21Q6H/0CLxRrUxUKue3vfFaDurPwa6JZoOdL/XJkhtpbNLRMe3maw1Of16ddELLhWmgvFWVY84p+gY20BjdO3yLZuLdKJGJuKpAzsHTDcfZadCVZTGw+JGKNFwfPC7TTXJyETHocnO/myKvnKLf60s4PEY9NEETYiNCf6ihqtm3B5RJ01MacYeWhyBOdyBRFTK32fkkDcaiZ8uTQT58rs+enl7FirXeG4z408G+CQnlxNl4e3/Zicz83d4/PIcCs2GrYqybMh8kfBMsV9qmpRPzPe0sp224fXj/owQgo+9ShAW6cjJbIptTlxiMPh/IgPCPR2UFiea/MT+ABYgrUYhD3Jzv8Rxv+ldNHf8+8arVMAEuP68+UOar3vYYZ7qY1b8Tn2u9RS6uZCA0mi6gTT31uHuNY6Fm+KJZ+pqwxcuLZSkoEPP4oZbgb6ejT6vDy+L8Nh2N/nj+Wj8qQLk7oTkGOlZrrt44C9vfUAaaMMX392MXRvTlmg8KJ6B34gJ9dqYBEugoQv2/PaaE0LDXIFTcpjDLWfZIcBVLovxBc2Q5gbLASL8EsRw9uMlBtT7b3JtXf1CNUUuG8QPG8+uLVib5Ev7RZZq0jDyhDNZCTDCxnBDZ1bFqzebzyr0Cjfc8CWH/BBbfRVN4DQle7kbnVa7wzEM5fT6Tnu2OElM1S775m2imNTDD3QsYi3ZB4MmuUhYI9NZ2ZI8wOhUVcxl0VZre4QQ9LSlI+UNrftm8d3KvPSweXdyEnkhs/4mL6YV/XkTM+PAX8DuYD+n83ONRtIdPbjf1M1wUvyFqO0uDjGs03S/QmDMWXIcALDvwF6BSiUHR8+ZqFos0nJguj1p6YqemPp+6qhT6X3LQ3tysKXg1y+1PYolggLluFsHB+PGh/8/QdzXD2zIu9XE3mtvNEus/py8ECng+yY/f7lNlt1Q5MfaQyWY9kCglGIpur1fs7jo1foom4sAAq2wPMXXI9LTuHzGmILMl2B/ntUr82LsSfs5uKYIDiwq3ZvDrAG5VSNdDx3+PmgHDDC63k59z3qWKA6fUKAEgY7SEizyXy2PzStipWkN7L5OyjqVdsL9Ew+Jvejv/gwKf9dfXKct9RW9w1WKRVeobUBxGFFLhGjC6EFcwlpVS2xyLXb96UUDVmLWB41VSWLNDnGDL4XTW8VCO7IeQ+aRXwwdHqf/aJvh/B1kdyu/CraDpn01CXfWPBgHVPfz+igNhK+4KkCh6eDKFyhf6Dqutk3iBRRVV8dq4h+XoxRxfWBiPMV7ppLaxCXd9+TUKlokLJdesTc8rZWiRUjnWPQI+oP7H6fjH5uqtG7Eayn2F05A0lMk+Lq3XQgmvtiEAHiRfSTuYgi0lXUeaI6b2BKX+XODwE2mf+wgEoxqZdx7OT7FKWLNVDmhbKPFmdeIDzfZFDjetm+8aUNQ==
Content-Type: multipart/alternative; boundary="_000_DM8PR02MB8181D0D0CDB79E455004F32ECDB22DM8PR02MB8181namp_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR02MB8181.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f1122c73-a51f-4e89-a460-08dcb25bffd9
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2024 18:58:58.3776 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iPIHoBaMzwcYfsSyUinqPSjQj1ZeCZTwgBre3iWmSvsLTwhs1ZRcyIpdRGRLk1JBnyk90Ju+VkRSxC3BzVSV0g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR02MB10687
Message-ID-Hash: 5JH2RHHJIEHENTJ7WF4DNQQKTSSBOS6C
X-Message-ID-Hash: 5JH2RHHJIEHENTJ7WF4DNQQKTSSBOS6C
X-MailFrom: lrosenth@adobe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "urn@ietf.org" <urn@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [urn] Re: Registration for `c2pa` URN
List-Id: Revisions to URN RFCs <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/7xxvTXx9UjlTQNDeetas9WIsr5E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>

Here is the revised registration proposal.   The links to 2.1 will be live tomorrow (2-Aug-2024).

Leonard
Namespace Identifier:  c2pa

Version:  1

Date:  2024-07-30

Registrant:
Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance and Authenticity)
info@c2pa.org<mailto:info@c2pa.org>, 1-215-808-4978

Purpose:

Each C2PA Manifest (aka Content Credential) created to incorporate provenance information about a given asset is given a unique identifier which has historically been an incorrectly formatted UUID URN.  This proposal, in conjunction with an updated specification, will define a new `c2pa` URN namespace for this purpose.

The `c2pa` URN will consist of a UUID URN (as per RFC 9562), with the namespace changed to 'c2pa' and additional information that is specific to C2PA added.  These URNs are non-resolvable, serving as unique identifiers. In this way, the ability to unambiguously compare them is of significant importance.

Syntax:

A `c2pa` URN shall consist of two mandatory and two optional components, in the following order, with `:`'s between each section.

                - URN identifier (`urn:c2pa`): REQUIRED
                - UUID v4, in string representation (as per RFC 9562, section 4): REQUIRED
                - Claim Generator identifier string : OPTIONAL
                - Version and Reason string : OPTIONAL

When present, the "Claim Generator identifier" string shall consist of no more than 32 characters from the ASCII range (as per RFC 20), but which are not Control Characters (RFC 20, 5.2), Graphic Characters (RFC 20, 5.3), the `:` or the `_`.

When present, the "Version and Reason" string shall consist of a `v` followed by a monotonically increasing integer, starting with 1, followed by an underscore (`_`) and then an integer representing the reason for the re-labeling.

An ABNF for a `c2pa` URN looks like:
                c2pa_urn = c2pa-namespace UUID [":" claim-generator] [":" version-reason]

                c2pa-namespace = "urn:c2pa:"

                ; this definition is taken from RFC 9562
                UUID     =  4hexOctet "-"
                                                                2hexOctet "-"
                                                                2hexOctet "-"
                                                                2hexOctet "-"
                                                                6hexOctet
                hexOctet = HEXDIG HEXDIG
                DIGIT    = %x30-39
                HEXDIG   = DIGIT / "A" / "B" / "C" / "D" / "E" / "F"

                ; ASCII, but not Control Characters, Graphic Characters, `:` or `_`
                visible-char-except-space-colon-underscore = %x21-2B / %x2D-3A / %x3C-7E / %x80-FF

                ; claim-generator-identifier is a string of
                ;               1 to 32 visible-char-except-space-colon-underscore
                claim-generator = ":" claim-generator-identifier
                claim-generator-identifier = 1*32visible-char-except-space-colon-underscore

                ; version-reason is a string consisting of a "v" followed by
                ;               a positive integer, an underscore and a second positive integer
                version-reason = ":v" version "_" reason
                version = 1*DIGIT
                reason = 1*DIGIT

EXAMPLES:

                - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4`
                - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme`
                - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1`
                - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:v2_1`


Assignment:

URNs conforming to this scheme are self-assigned, based on the creation of the UUID (as per RFC 9562) and the optional inclusion of the Claim Generator identifier string and Version and Reason. This process is described at https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers


Security and Privacy:

No known security or privacy issues exist for this specific URN, however, the C2PA specification maintains a "Information Security" section (https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_information_security) which documents any known threats and harms related to the core C2PA specification.


Interoperability:

A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if there were to exist a workflow that required doing so.  Beyond that, no known concerns or requirements around interoperability exist.

Resolution:

As mentioned earlier in this document, these URNs are non-resolvable, serving as unique identifiers. In this way, the ability to unambiguously compare them is of significant importance.


Documentation:

https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html

Additional Information:  NONE

Revision Information:  N/A




From: Dale R. Worley <worley@ariadne.com>
Date: Thursday, August 1, 2024 at 2:23 PM
To: Leonard Rosenthol <lrosenth@adobe.com>
Cc: urn@ietf.org <urn@ietf.org>
Subject: Re: [urn] Registration for `c2pa` URN
EXTERNAL: Use caution when clicking on links or opening attachments.


The overall concept looks fine.  I have the following comments.

> Namespace Identifier:  c2pa
>
> Version:  1
>
> Date:  2024-07-30
>
> Registrant:
> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance
> and Authenticity)
> lrosenth@adobe.com<mailto:lrosenth@adobe.com>, 1-215-808-4978

As Peter says, the contact identification should be chosen to be stable
as long as possible.

> Purpose:
>
> Each C2PA Manifest (aka Content Credential) created to incorporate
> provenance information about a given asset is given a unique
> identifier which has historically been an incorrectly formatted UUID
> URN.  This proposal, in conjunction with an updated specification,
> will define a new `c2pa` URN syntax for this purpose.

Change "URN syntax" to "URN namespace".

> The `c2pa` URN will consist of a UUID URN (as per RFC 9562) with

You probably want to add "the namespace changed to 'c2pa', with" here.

> additional information, specific to C2PA added.  These URNs are
> non-resolvable, simply serving as unique identifiers. In this way, the
> ability to unambiguously compare them is of significant importance.

Though it seems from the 3rd and 4th fields, the URNs aren't *just*
unique identifiers, the identifier is tagged with some semantic
information.  So you might want to expand on that here.

> Syntax:
>
> A `c2pa` URN shall consist of two mandatory and two optional
> components, in the following order, with `:`'s between each section.
>
>                 - URN identifier (`urn:c2pa`): REQUIRED
>                 - UUID v4, in string representation (as per RFC 9562, section 4): REQUIRED
>                 - Claim Generator identifier string : OPTIONAL
>                 - Version and Reason string (as described below) : OPTIONAL

You really ought to provide ABNF here.  E.g., this text says that the
3rd and 4th parts are both optional, but it's not clear, if only one of
them is present in a URN, which one is present.  It appears from the
examples that if the 4th part is present, then the 3rd (or at least the
colon that starts it) must be.  What you're looking for is something
like:

c2pa_urn = "urn:c2pa:"
           UUID         ; from RFC 4122
           [ ":" [ claim_generator ]
             [ ":" version_reason ] ]

Of course, we need some idea what the syntax of "claim_generator" is.
At least it must not contain a colon!

> When present, the "Version and Reason" string shall consist of a `v`
> followed by a monotonically increasing integer, starting with 1,
> followed by an underscore (`_`) and then an integer representing the
> reason for the re-labeling.

version_reason = version "_" reason
version        = "v" %31-39 *%30-39    ; "v" and a positive decimal integer (see RFC 2234)

But it's not clear what the syntax or semantics of "reason" is.

> EXAMPLES:
>
>                 - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4`
>                 - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme`
>                 - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1`

It's always good to have examples!

> Assignment:
>
> URNs conforming to this scheme are self-assigned, based on the
> creation of the UUID (as per RFC 9562) and the optional inclusion of
> the Claim Generator identifier string and Version and Reason.

It would be helpful to have some description of the syntax and semantics
of the claim_generator and reason fields.  If the C2PA web specification
has a concise description, a link to that would be sufficient.

> Security and Privacy:
>
> No known security or privacy issues exist.

As Peter says, not only does
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.0%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C75ff36116eaa4590625608dcb256fab2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581333851216505%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MvnKaCNhSylJNrm0Y%2FoirFWaBgZq4Mhq3%2BeHZ8X9CF0%3D&reserved=0<https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_information_security>
give extensive security discussion (which might just be pointed to here)
but its existence shows that there *are* known security issues,
contradicting this text.

> Interoperability:
>
> A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if
> there were to exist a workflow that required doing so.  Beyond that,
> no known concerns or requirements around interoperability exist.
>
> Resolution:  N/A

You might want to move the sentences "These URNs are non-resolvable ..."
to this section.

> Documentation:  https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C75ff36116eaa4590625608dcb256fab2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581333851225220%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=x5Su58QKqIG9cJJS1UN7Xv8SkLV1%2F0bdAB9ouEjUm6Q%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html>
>
> NOTE: Version 2.1 is not yet published but will contain this documentation when published

How shall we handle this?  It's not proper to register a URN namespace
if its references do not exist.  Is there an earlier version of the
specification which is "good enough" to link to as documentation?

Of course, when new version(s) of the C2PA spec are published, it's easy
enough to register a new version of the URN to update the documentation
pointer.

> Additional Information:  NONE
>
> Revision Information:  N/A

Dale

v2.40.4 | Report a Bug | By Email | System Status