[urn] Re: Registration for `c2pa` URN
Peter Saint-Andre <stpeter@stpeter.im> Thu, 01 August 2024 19:19 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45537C1522A0 for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 12:19:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b="PwFOjFE6"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="q6Ju2XzL"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DPd1N7ha7xAV for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 12:19:07 -0700 (PDT)
Received: from fhigh7-smtp.messagingengine.com (fhigh7-smtp.messagingengine.com [103.168.172.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3292BC151531 for <urn@ietf.org>; Thu, 1 Aug 2024 12:19:07 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.48]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 6E1AB114AE2C; Thu, 1 Aug 2024 15:19:06 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Thu, 01 Aug 2024 15:19:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1722539946; x=1722626346; bh=zUtL0Kgq4Lz39lTOuUCYvWyX0mFYz9TVccK81oQcNrc=; b= PwFOjFE6vEfMvVAg0YLcdQMLODVGbw2L4DB0ZTXUkA1Kgx9myrrlkH2V7nP1/1z9 xejCWbAtNNxkkl5pk3Hge94sYe4qTs6feTjJ/s5QOovfATT6TDziT99B3SYybtJH n4jJlBBc8wpTU3+2PRSbUVZHgzPg9y1m9ANH3cqAxB9oHMMaH/lFXoE+jeREDLY0 itrH/UBT5Ie4ucSFh+D6U7BrPRJWHECwQV6QMAMbEZ/RgHr//QaNDC56fNXxlY47 bTJTMI71oZeYNag2R4OZ6H5On8rVUZTPHd0jrRPGOT25OUy8/+cBsztN25Wl3lKg GpWw7D4pV1ME9RlyAec07w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722539946; x= 1722626346; bh=zUtL0Kgq4Lz39lTOuUCYvWyX0mFYz9TVccK81oQcNrc=; b=q 6Ju2XzLMYMORh4Dglsa2cumgSaYlGzJnXHYzUUa/gTJQ63zEJYw32rM7XjFTBqGg u6rhaUWp8949ZYYGM20u6vZIxSHF535FAOGFo+VjhOuYT3O4mciy1zQq0tft24WV wES7eIW+VbDHWmT83hRMqHrVDICE9E1hy+/GD5IcWgBpVkb5UNR2ah1b7zznlGAx 9ogl+3rqjll/kLRSogqaA2RmLh7yBZzrnuMtjIAzBqwoNF3ZE/B4/9hqG8ILBblN OHHWtPScCe/GvkscX5FNABcY9MuSqhBpRGGyKvqaMfAa1jzauuht80GxsgftglCF FwqjbhBzDFS+8S0TkOI0w==
X-ME-Sender: <xms:qt-rZpxFdGZtwtctSRBZyrL9yYn-BT_QDDHac6e7jnvKcGlIgRuwuA> <xme:qt-rZpTn0dG9ZYzlfdkg27UGgg-M6QPtcmrLAn7SgqnDH6IdJnV_SVmr2NYC4dwur ojWuzxJZn6NYZqPMw>
X-ME-Received: <xmr:qt-rZjXqPrh1qi61oFIZek3cDzcf4e7JhE5pL83NAGhY5yIB6O2pvI3khz5vOQDG>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeekgddufeeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvvehfhfgjtgfgsehtkeertddtvdejnecuhfhrohhmpefrvght vghrucfurghinhhtqdetnhgurhgvuceoshhtphgvthgvrhesshhtphgvthgvrhdrihhmqe enucggtffrrghtthgvrhhnpeehkeffvdetgefgkeelfeevveffudffiedujedtjeeffeei heduheehieegueekjeenucffohhmrghinheptgdvphgrrdhorhhgpdhouhhtlhhoohhkrd gtohhmnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep shhtphgvthgvrhesshhtphgvthgvrhdrihhmpdhnsggprhgtphhtthhopedt
X-ME-Proxy: <xmx:qt-rZrjC9Bx9Ch0saHAcN72n3rcTxoP2wvKOEzWgO8VFqqHCPcCarA> <xmx:qt-rZrD8C4lzxLQ1gygIh6QUeNX1ytRks_YUIm_iiGSKiQIFS-H-Uw> <xmx:qt-rZkJTRzLjKSmWMiT-GXbhGCBZTY4UfIjqviiiviLBq8y9XgUaNA> <xmx:qt-rZqBQoewurKNZEsJL-Sgm4Aamz4Zn2-3Nw7gWzPBU7nNoTv7fxQ> <xmx:qt-rZm9T8A28HtMvVZzWnXioLfQiAYS_P3cy0opHeSlEa1b86jfBJpzV>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 1 Aug 2024 15:19:05 -0400 (EDT)
Message-ID: <115f84f9-8621-45da-9403-6ed6cfc1514b@stpeter.im>
Date: Thu, 01 Aug 2024 13:19:04 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Leonard Rosenthol <lrosenth=40adobe.com@dmarc.ietf.org>, "Dale R. Worley" <worley@ariadne.com>
References: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com> <87ttg4ayvi.fsf@hobgoblin.ariadne.com> <DM8PR02MB8181D0D0CDB79E455004F32ECDB22@DM8PR02MB8181.namprd02.prod.outlook.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <DM8PR02MB8181D0D0CDB79E455004F32ECDB22@DM8PR02MB8181.namprd02.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: QGA5CJRT5URVHKNHQDROR5BJPZKDSU4Y
X-Message-ID-Hash: QGA5CJRT5URVHKNHQDROR5BJPZKDSU4Y
X-MailFrom: stpeter@stpeter.im
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "urn@ietf.org" <urn@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [urn] Re: Registration for `c2pa` URN
List-Id: Revisions to URN RFCs <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/FwVwrKHkKFfvnRsJm_dSLyPZQbo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>
Hi Leonard, thanks for the quick turnaround. To simplify the ABNF, you could re-use some of the rules from RFC 3986 or RFC 5234 rather than (apparently) redefining them here. Other than that, it looks good to me. Peter On 8/1/24 12:58 PM, Leonard Rosenthol wrote: > Here is the revised registration proposal. The links to 2.1 will be > live tomorrow (2-Aug-2024). > > Leonard > > Namespace Identifier: c2pa > > Version: 1 > > Date: 2024-07-30 > > Registrant: > > Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance > and Authenticity) > > info@c2pa.org <mailto:info@c2pa.org>, 1-215-808-4978 > > Purpose: > > Each C2PA Manifest (aka Content Credential) created to incorporate > provenance information about a given asset is given a unique identifier > which has historically been an incorrectly formatted UUID URN. This > proposal, in conjunction with an updated specification, will define a > new `c2pa` URN namespace for this purpose. > > The `c2pa` URN will consist of a UUID URN (as per RFC 9562), with the > namespace changed to 'c2pa' and additional information that is specific > to C2PA added. These URNs are non-resolvable, serving as unique > identifiers. In this way, the ability to unambiguously compare them is > of significant importance. > > Syntax: > > A `c2pa` URN shall consist of two mandatory and two optional components, > in the following order, with `:`'s between each section. > > - URN identifier (`urn:c2pa`): REQUIRED > > - UUID v4, in string representation (as per RFC 9562, > section 4): REQUIRED > > - Claim Generator identifier string : OPTIONAL > > - Version and Reason string : OPTIONAL > > When present, the "Claim Generator identifier" string shall consist of > no more than 32 characters from the ASCII range (as per RFC 20), but > which are not Control Characters (RFC 20, 5.2), Graphic Characters (RFC > 20, 5.3), the `:` or the `_`. > > When present, the "Version and Reason" string shall consist of a `v` > followed by a monotonically increasing integer, starting with 1, > followed by an underscore (`_`) and then an integer representing the > reason for the re-labeling. > > An ABNF for a `c2pa` URN looks like: > > c2pa_urn = c2pa-namespace UUID [":" claim-generator] > [":" version-reason] > > c2pa-namespace = "urn:c2pa:" > > ; this definition is taken from RFC 9562 > > UUID = 4hexOctet "-" > > > 2hexOctet "-" > > > 2hexOctet "-" > > > 2hexOctet "-" > > 6hexOctet > > hexOctet = HEXDIG HEXDIG > > DIGIT = %x30-39 > > HEXDIG = DIGIT / "A" / "B" / "C" / "D" / "E" / "F" > > ; ASCII, but not Control Characters, Graphic > Characters, `:` or `_` > > visible-char-except-space-colon-underscore = %x21-2B / > %x2D-3A / %x3C-7E / %x80-FF > > ; claim-generator-identifier is a string of > > ; 1 to 32 > visible-char-except-space-colon-underscore > > claim-generator = ":" claim-generator-identifier > > claim-generator-identifier = > 1*32visible-char-except-space-colon-underscore > > ; version-reason is a string consisting of a "v" > followed by > > ; a positive integer, an underscore and a > second positive integer > > version-reason = ":v" version "_" reason > > version = 1*DIGIT > > reason = 1*DIGIT > > EXAMPLES: > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4` > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme` > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1` > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:v2_1` > > Assignment: > > URNs conforming to this scheme are self-assigned, based on the creation > of the UUID (as per RFC 9562) and the optional inclusion of the Claim > Generator identifier string and Version and Reason. This process is > described at > https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers <https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers> > > Security and Privacy: > > No known security or privacy issues exist for this specific URN, > however, the C2PA specification maintains a "Information Security" > section > (https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_information_security <https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_information_security>) which documents any known threats and harms related to the core C2PA specification. > > Interoperability: > > A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if > there were to exist a workflow that required doing so. Beyond that, no > known concerns or requirements around interoperability exist. > > Resolution: > > As mentioned earlier in this document, these URNs are non-resolvable, > serving as unique identifiers. In this way, the ability to unambiguously > compare them is of significant importance. > > Documentation: > > https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html <https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html> > > Additional Information: NONE > > Revision Information: N/A > > *From: *Dale R. Worley <worley@ariadne.com> > *Date: *Thursday, August 1, 2024 at 2:23 PM > *To: *Leonard Rosenthol <lrosenth@adobe.com> > *Cc: *urn@ietf.org <urn@ietf.org> > *Subject: *Re: [urn] Registration for `c2pa` URN > > EXTERNAL: Use caution when clicking on links or opening attachments. > > > The overall concept looks fine. I have the following comments. > >> Namespace Identifier: c2pa >> >> Version: 1 >> >> Date: 2024-07-30 >> >> Registrant: >> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance >> and Authenticity) >> lrosenth@adobe.com<mailto:lrosenth@adobe.com <mailto:lrosenth@adobe.com>>, 1-215-808-4978 > > As Peter says, the contact identification should be chosen to be stable > as long as possible. > >> Purpose: >> >> Each C2PA Manifest (aka Content Credential) created to incorporate >> provenance information about a given asset is given a unique >> identifier which has historically been an incorrectly formatted UUID >> URN. This proposal, in conjunction with an updated specification, >> will define a new `c2pa` URN syntax for this purpose. > > Change "URN syntax" to "URN namespace". > >> The `c2pa` URN will consist of a UUID URN (as per RFC 9562) with > > You probably want to add "the namespace changed to 'c2pa', with" here. > >> additional information, specific to C2PA added. These URNs are >> non-resolvable, simply serving as unique identifiers. In this way, the >> ability to unambiguously compare them is of significant importance. > > Though it seems from the 3rd and 4th fields, the URNs aren't *just* > unique identifiers, the identifier is tagged with some semantic > information. So you might want to expand on that here. > >> Syntax: >> >> A `c2pa` URN shall consist of two mandatory and two optional >> components, in the following order, with `:`'s between each section. >> >> - URN identifier (`urn:c2pa`): REQUIRED >> - UUID v4, in string representation (as per RFC 9562, section 4): REQUIRED >> - Claim Generator identifier string : OPTIONAL >> - Version and Reason string (as described below) : OPTIONAL > > You really ought to provide ABNF here. E.g., this text says that the > 3rd and 4th parts are both optional, but it's not clear, if only one of > them is present in a URN, which one is present. It appears from the > examples that if the 4th part is present, then the 3rd (or at least the > colon that starts it) must be. What you're looking for is something > like: > > c2pa_urn = "urn:c2pa:" > UUID ; from RFC 4122 > [ ":" [ claim_generator ] > [ ":" version_reason ] ] > > Of course, we need some idea what the syntax of "claim_generator" is. > At least it must not contain a colon! > >> When present, the "Version and Reason" string shall consist of a `v` >> followed by a monotonically increasing integer, starting with 1, >> followed by an underscore (`_`) and then an integer representing the >> reason for the re-labeling. > > version_reason = version "_" reason > version = "v" %31-39 *%30-39 ; "v" and a positive decimal > integer (see RFC 2234) > > But it's not clear what the syntax or semantics of "reason" is. > >> EXAMPLES: >> >> - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4` >> - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme` >> - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1` > > It's always good to have examples! > >> Assignment: >> >> URNs conforming to this scheme are self-assigned, based on the >> creation of the UUID (as per RFC 9562) and the optional inclusion of >> the Claim Generator identifier string and Version and Reason. > > It would be helpful to have some description of the syntax and semantics > of the claim_generator and reason fields. If the C2PA web specification > has a concise description, a link to that would be sufficient. > >> Security and Privacy: >> >> No known security or privacy issues exist. > > As Peter says, not only does > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.0%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C75ff36116eaa4590625608dcb256fab2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581333851216505%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=MvnKaCNhSylJNrm0Y%2FoirFWaBgZq4Mhq3%2BeHZ8X9CF0%3D&reserved=0 <https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_information_security> > give extensive security discussion (which might just be pointed to here) > but its existence shows that there *are* known security issues, > contradicting this text. > >> Interoperability: >> >> A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if >> there were to exist a workflow that required doing so. Beyond that, >> no known concerns or requirements around interoperability exist. >> >> Resolution: N/A > > You might want to move the sentences "These URNs are non-resolvable ..." > to this section. > >> Documentation: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C75ff36116eaa4590625608dcb256fab2%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581333851225220%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=x5Su58QKqIG9cJJS1UN7Xv8SkLV1%2F0bdAB9ouEjUm6Q%3D&reserved=0 <https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html> >> >> NOTE: Version 2.1 is not yet published but will contain this documentation when published > > How shall we handle this? It's not proper to register a URN namespace > if its references do not exist. Is there an earlier version of the > specification which is "good enough" to link to as documentation? > > Of course, when new version(s) of the C2PA spec are published, it's easy > enough to register a new version of the URN to update the documentation > pointer. > >> Additional Information: NONE >> >> Revision Information: N/A > > Dale > > > _______________________________________________ > urn mailing list -- urn@ietf.org > To unsubscribe send an email to urn-leave@ietf.org
- [urn] Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN worley
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN worley
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol