[urn] Re: Registration for `c2pa` URN

Peter Saint-Andre <stpeter@stpeter.im> Tue, 30 July 2024 20:32 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04BA3C15199D for <urn@ietfa.amsl.com>; Tue, 30 Jul 2024 13:32:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b="qr+w9/N6"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="E+zspTo8"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LjKlSUsIzGG6 for <urn@ietfa.amsl.com>; Tue, 30 Jul 2024 13:32:21 -0700 (PDT)
Received: from fout5-smtp.messagingengine.com (fout5-smtp.messagingengine.com [103.168.172.148]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A70E2C14F71C for <urn@ietf.org>; Tue, 30 Jul 2024 13:32:20 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailfout.nyi.internal (Postfix) with ESMTP id A19041380523; Tue, 30 Jul 2024 16:32:19 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 30 Jul 2024 16:32:19 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1722371539; x=1722457939; bh=N/MI5Yc3RrMsOJWomSqSAOfQVVPBFzE8uxXc+pnJ5GQ=; b= qr+w9/N6jXYi89XC99xdzo2Te+2Nb6ntYLpN9cFs3q8p8fL9qC3ycvtNgTQxEsSD cB8o2iJlp/B2R+cSQhnOHnK6haUra3ez/vb14ydu37mK4zcTDJvnpcYRbGy0YjPp D/OrxC2BtWdcyGwxrZGLmpa+6dX01AdpSqtpwRHS05pmoCbeRtXnSPg55gvVDY9W v8YF/Glk++c5BkG0AV6mXlmJphaROcT6CGxq7pLIcnYzkCaYzXtqy7cu1hJI5hur gAfu1xb2/WuSQ6lhd+2458O7Lyga3L3HXt1JWP/FBtD3KhuCljKcB7wGWr4h7WWv 9QGGwqq6kRJj4YGzkG8K7w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722371539; x= 1722457939; bh=N/MI5Yc3RrMsOJWomSqSAOfQVVPBFzE8uxXc+pnJ5GQ=; b=E +zspTo80ZQO0kK7ON3GsXkAXO23Wi+gf1dPh5gntVUFAb5HXW8TQUhOgAWJDcGJS J5SpRmcxSL2cJm4eIKRFwZW0952LSr3ozB0NI58nd6lxrxkhNKtqxgyzEi20mAuJ wC9iMYMRZYm3TKKC/YDv4TGm/Q1sNGi80T47o+s/sbtdoPM0dSpuMIXqfoYh7ua+ +OGWnv+wVFDwpIuvQulLQSHc1VjeCk07BMN/Sfr08OFJidVJ7SWtM5cmrFRQhGuB 4z74L57wTf3x6zaNKH41LFEZl8RcD6HG5AvKrfLURuN+eb/gkXwNtZZMQcOVPXUa DXoNo7e579/vSjlZdaERw==
X-ME-Sender: <xms:002pZjSdIcf_dYnF22871fFhzRhDTekLquRlJFxU1k_D8XGy6Ko0lw> <xme:002pZkzDckhDeDA6687QSFLgQiDjaWiMZ0yFRh1dtAQI2ZSgoxEpbfzkOH9EBmfCU d7NLl5jousSGAvMlA>
X-ME-Received: <xmr:002pZo3Hw92JcjpmwsmrqqyoBNglNkSOewzpwzD2fWyRk-aeAwqZwNQGiZ3D0MFc>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrjeeggdduhedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtke ertddtvdejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgv thgvrhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpeelveeuvdegueefie efffehtdfggfdtvdejiefffefgkeejieeuueehtdefjeeiffenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsthhpvghtvghrsehsthhpvghtvg hrrdhimhdpnhgspghrtghpthhtoheptd
X-ME-Proxy: <xmx:002pZjARhNLL3Umqly5KCW62ZHdktHIHR4tOo75vReJaw-C331ZyYA> <xmx:002pZsg1MP5AMzzVJLNHSSfCY60LinTqWUMrQnJqJr-utDo7LDFgGw> <xmx:002pZnoyHxDljLb8ZxSwegQDN2pQ3YMulFXb0TEQSUDLLtOvKRnCwg> <xmx:002pZnirt6uJnUKpPQr-iAo2lj_EUBz3Fhm4FZnSAAn4oz_LtO-VgA> <xmx:002pZlutqWtQNozRABzGWbIGh6z3Uy4n-wvJSb6FLYdg-UFASLSJqy3m>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 Jul 2024 16:32:18 -0400 (EDT)
Message-ID: <83dd2d3d-f79b-4811-bedf-1c0520230f2f@stpeter.im>
Date: Tue, 30 Jul 2024 14:32:17 -0600
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Leonard Rosenthol <lrosenth=40adobe.com@dmarc.ietf.org>, "urn@ietf.org" <urn@ietf.org>
References: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 3MIEXXEETICFXVSQLL5LPDMWCTD7VHON
X-Message-ID-Hash: 3MIEXXEETICFXVSQLL5LPDMWCTD7VHON
X-MailFrom: stpeter@stpeter.im
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [urn] Re: Registration for `c2pa` URN
List-Id: Revisions to URN RFCs <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/M5u9AwgYVxWv_NEJ0TjsCeRypFI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>

Hi Leonard, thank you for this registration request. Because it's high 
summer in the northern hemisphere, feedback from other members of the 
expert review team might be delayed. However, in the meantime I have 
provided several small comments inline.

On 7/30/24 12:36 PM, Leonard Rosenthol wrote:
> Namespace Identifier:  c2pa
> 
> Version:  1
> 
> Date:  2024-07-30
> 
> Registrant:
> 
> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance 
> and Authenticity)
> 
> lrosenth@adobe.com <mailto:lrosenth@adobe.com>, 1-215-808-4978

Typically it's a good idea to include a "role" email address (e.g., 
info@c2pa.org) instead of a personal one.

> Purpose:
> 
> Each C2PA Manifest (aka Content Credential) created to incorporate 
> provenance information about a given asset is given a unique identifier 
> which has historically been an incorrectly formatted UUID URN.  This 
> proposal, in conjunction with an updated specification, will define a 
> new `c2pa` URN syntax for this purpose.
> 
> The `c2pa` URN will consist of a UUID URN (as per RFC 9562) with 
> additional information, specific to C2PA added.  These URNs are 
> non-resolvable, simply serving as unique identifiers. In this way, the 
> ability to unambiguously compare them is of significant importance.
> 
> Syntax:
> 
> A `c2pa` URN shall consist of two mandatory and two optional components, 
> in the following order, with `:`'s between each section.
> 
>                  - URN identifier (`urn:c2pa`): REQUIRED
> 
>                  - UUID v4, in string representation (as per RFC 9562, 
> section 4): REQUIRED
> 
>                  - Claim Generator identifier string : OPTIONAL
> 
>                  - Version and Reason string (as described below) : OPTIONAL
> 
> When present, the "Version and Reason" string shall consist of a `v` 
> followed by a monotonically increasing integer, starting with 1, 
> followed by an underscore (`_`) and then an integer representing the 
> reason for the re-labeling.

You provide information about the Version and Reason string but not 
about the Claim Generator identifier string. For example: are there any 
length restrictions? Can they include code points (characters) only from 
the ASCII range? And so on. It would be good to clarify these matters, 
since comparison is important for your use cases.

The remainder of the request looks good to me, although you might 
consider pointing to the relevant sections of the c2pa spec regarding 
security issues, since they seem to be covered quite extensively there.

Peter