[urn] Re: Registration for `c2pa` URN

Leonard Rosenthol <lrosenth@adobe.com> Tue, 30 July 2024 20:37 UTC

Return-Path: <lrosenth@adobe.com>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 514FEC151986 for <urn@ietfa.amsl.com>; Tue, 30 Jul 2024 13:37:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.256
X-Spam-Level:
X-Spam-Status: No, score=-7.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EW4HRAm4vThS for <urn@ietfa.amsl.com>; Tue, 30 Jul 2024 13:37:37 -0700 (PDT)
Received: from SN4PR2101CU001.outbound.protection.outlook.com (mail-southcentralusazon11012066.outbound.protection.outlook.com [40.93.195.66]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248AEC15155B for <urn@ietf.org>; Tue, 30 Jul 2024 13:37:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HEjficrTiDa+VYs34y5+qN42VDYSV+PQEIS9CgfIoxusOtpBg0VZLwRIlgjOgYPYZwqd86uugquOgcy7SSqPuAzGWsbyRONOIYDKc/vCUeeHJeuXQNYd0sk/3NxpEpIkbokrp+XT9T5lv8aBcaON2Ztmb8RJpZ2Dk/6p22plUpMJ7n5CvEoVodkrM4kj1pVa27MGDjHjiIs+H3FamsQ0RK8U7+EwBzUsT8qu4q+L1og0mxdJ5Q5/X8vdKTRBiVgePQ4xu70XNSz+wTFSN9LVu89ErWy+4mNUH5X8N//kjZ4G5AZspBGZhQeq3IK6U8nYDiFXxaynKmuT/Pr0K6q5ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HqHm7pz5WW0wHrTMltCaRkEeKsdBI+mNPEBvDDrQm+M=; b=W/JxT/L+iL8HSNn8tsCZrzmhOmkgL7X6DlgrG8eX/Y3mG1HOyGdhnOT0q2QRiaZcRDsu3SRWe/HOR27/PLMLcCISGXGMlM8hnuY+ZYdhiA4tfy46+NMYE2lwT6P87bn04l75Q7raeQGmikKPu2OERTn1LWE/9wJzRoUDdtO6K4zsgW28URUqYjSMjH4L606FXJXXRS9QW1H6ysFUJyweDoHn1cnEmoxXJsSZTimk5HqOE6RVo5XEnu8Hk1Kxltbl6VD/wjGK223a6XOsuuo5uJhY6v4fvG+ZYrF+KYpPBgqzR3FG2yBYJVjtTXGMV9aB4gsEr4zzgP1PI8LCVWYOtQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adobe.com; dmarc=pass action=none header.from=adobe.com; dkim=pass header.d=adobe.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HqHm7pz5WW0wHrTMltCaRkEeKsdBI+mNPEBvDDrQm+M=; b=VFT2EXsBR1gDAP7ItnTjNAPE9ogMrYClz7OGkuVc8Lk/ZE12QJWS17oD2CUpOd2+10iOjp+D6clilI5y5tR54U99P1WB3OWuq/RmQgQEUimfkUJWiY3T0nxJbskMC33Laoiq9KbvM6qKMawlosSYwBPHSIEhlPtzMuhek4zwi/I=
Received: from DM8PR02MB8181.namprd02.prod.outlook.com (2603:10b6:8:a::14) by CH3PR02MB9138.namprd02.prod.outlook.com (2603:10b6:610:149::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7807.27; Tue, 30 Jul 2024 20:37:35 +0000
Received: from DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151]) by DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151%3]) with mapi id 15.20.7807.026; Tue, 30 Jul 2024 20:37:33 +0000
From: Leonard Rosenthol <lrosenth@adobe.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, "urn@ietf.org" <urn@ietf.org>
Thread-Topic: [urn] Registration for `c2pa` URN
Thread-Index: AQHa4q8wrEzjf9zLcEasq2MYGm4D9LIPucSAgAABQpY=
Date: Tue, 30 Jul 2024 20:37:33 +0000
Message-ID: <DM8PR02MB8181B46AB616ABB2440810DBCDB02@DM8PR02MB8181.namprd02.prod.outlook.com>
References: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com> <83dd2d3d-f79b-4811-bedf-1c0520230f2f@stpeter.im>
In-Reply-To: <83dd2d3d-f79b-4811-bedf-1c0520230f2f@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=adobe.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8PR02MB8181:EE_|CH3PR02MB9138:EE_
x-ms-office365-filtering-correlation-id: 9b990837-4d25-4e04-2d74-08dcb0d770c3
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: FVZs3Cuqo+yCPHLSlJOKTBjPsQzNpY/A1qxSofOCxY0AJqEYdiSb3MHJmCUYXrIGICDl9kVxvHeBMOutdxYCThln+gWcicl53jG3ZT6YTOLu2a+AFzyaY9HYjRypycgVWtveuvWm95Gy8F7EgZPSHPE0HYWBmYCbZ6gq6P/BYzIJtMLHFIT37HwUbgwExoIfoy7U8B/4aYyp8E8QfwnWCSCPXBZAHEu/fHOD9asXXVsdKDyyic1Y6SDO+UeLIB/iXT5I5xoXy3PKboASnQjXcH5URZ8022dNQM5XuGP2+4hhOCl3y3smGs+0dZ1jCvVn4zUm407NvM7SfBNN3l4t7Dg5q7duUKjU3YJuwy44o6FZ4DkYUBam4TGL5MGflyfZUULEgPQ1DcAnjfByIaWea5Rcc3PnsZG4RLB1qb8cLDlfnIpz9Tovoxg1Cg3T/5Sos0Iu50DZC6q9mr3C/6ZpbjhZDYxGuQrnyfwOQfqw7S9yW8gAi9n5wrsNMia7lwNaeu0YeZqdkWIh+sA32rzPInVVt3LRrjzgyX5o26ob49TYsj0LVAoAVpe6d5YmoiW7EI6pnEq6Mjn1gy2VwbS0BdQtpZBgtV1ZNKKaRsjDCESuKPSRQvNgGsouIrho7MTzEF1hAVcwxZ9av/+H/E3biDkg3NeJv1xNYdmCunrAeP9TjEimDZTdzyIyQyLVnIRZQupnaZgrg6zj6sXB1mZy3NkuQDI8YU37IJHARHUffcs0FfcZugcX0gSF3NveiQvrg6PYqxUOTUREF2QZ/iJX4vD7VPMU33XdaA5HEazdFXdsIoBt24VKJm6bbYqAcGs6Xv+b1Xh8VkPZPID+DpujXi0VyeUVrYdrQHrjphsh4etrGvDnd/ndGQio1oxx1nWeAr16Z0RbrAEYLN7lx7Xu8vu/67luIGFOrf73H5R7jJP47uM2dW+zzLHjGVsMy4682flsgS2k6i/UcIc5081MZgLoK59dvomHBEArBBk6TrM9NfOvm3TcnomYACzk1m5kSy4RKuCt17HxILQL2/WzMFYTmP2fjomUPi3ClKOjqqbVIKwiJQsurHLMXXjty9zKTQWadM+AZmAVQAs4a8v9DkoubX7Wc8aQ/31woNhrdJG1nNH+iJ/RtJ5o/axRFIE/NF2lOuXuvO7UrUpmJmMylUYemMekb0ztIyRvHi1b/82CE2TfYmKMPq13RZeY0DfrHjvv9rpeTcQwis/WUYFj2K55yqzIf9bWIDpmzAnb5kf/JEtekTdiUX0b541yVupCJJOPacgzVb9sTmCVIdLe94KvqxrjO7pJTzPOwNxj5Tdodv5v5Px2P2BGA8OwwAw2pnN6HtU/XPl0ZxKP8B8umppmKdX4rzCOT8c/4d8dmWo3AzykdpGata0H2bPnUPulTtcb4VaT8eC9nqpyoqZ8PQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM8PR02MB8181.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: SVkpG9kOBKk8OoAzg7S+YCk5Gh+rr/8OTO3cnRCN7svQeZJpwb02z4eLnGcW7lLFk6PIDTBg+Waa7a9H9vCEe642rIR4VnV7lf8+Q3VqgHS7YcajE7CdLtyvtP5pa54/S/JXIAhroXw0Njp+sOkSSyjZA0btk5/t+popkRBPUbpG1S0hJvRDFkzESS1IPAIFZ5bfyOAOx19AfTfJRARFlreeGQuTUajiMvCjCj3sLPlavxLj/k6Bb9gKKSlvx2rkYhXsmgqnmnhCsuORsktSFSPB3yfBFVFJEBe+Xcla8kTOoetoyM7niNatqDQxPdhsNu1Uxbi+qZfC3mrwcBUnNAQ+dlUTlxDeu/OMWgZ6OPZgjCDZbTpP6WxpKPqmY2BIjehaupQPWoSipGMyzfeGAkTr0FVx7X8BiWKHDT2De2ro+LmU90R1RaKiNMaMHhYg6O/6Y9rizYwfwpXBc+re/zSRMjYNQwenWMqkwLCOOvLadSf/HMRzLtI7Ej4RnUFA96b0E+ytZR7pcpdzi7Zbm+t1EYuvv+pjE1yLBex0jnB5UeyJikLkkIw2BR5NBpwC0aQJyKctW4ZChwZyCpPUwXoeN63G0fe17ihHSEve15dGhnPsXpTlJ1C4P6XOuqMhS/0r3OIM5R5DFu0Jj7NcIeKy23l0on46fClgO6ba+bduewfbV1Y/OL7X2OwVl0+s7fFDKEnL5WFlbnASZr7tXnOSYm2WRclUb2cp17lX4iHjFtZf+rRP+KT/zByaK0tX1VJ7oG+cvAd67+4Gud8R1OK6Vcbuqqyobh9Y5vkYT3rh7YAp32CeF6zQg1i1cllOgq+W9yPDDyak9xVIihr2ioQ61A9sz2JpM3BBEOWyxoVg0wd+mlV5LPndWW9X89YXl6Pa4qeN/czIFkU7o/7v6qMOch0k/cYTSqKH+UUG4NLyS1bKQ5cxnKR47S2Kc5m414iTm2QfWbwa3xcI7w2eHeMaURcOW2Y1UR6P00VkHECU1RuIOizEmuYD3ICdSjLnqCDL46V8zGCi8Y4JZ1VGfn7W9tgBUpG1H7x1wDWfKoyniv89TWYvvvTbRckUSV2v4Rk+lSMpvKbV0sYhSHDdR6YWUvqvDjYDnJSnGohOMd8vUZIgOp8k/6rIzwNxYcpMLc4w3ptnqRxrB1kRbdPO3d4k5G1qYyW7HdyXfvrPdwUDBK8PSyiPOMyaMGpBhpSZ6Gv0MXtryISJTkJLzbx/aYbRQx95d5ervRl7qq8K9iDYtATGGAxUQoO9Jc3NfDuB7ZNogmHYZiNVpxaPM/xYdgBey6OjfEimWrocS6dwP9V1KuT7KLz7xJk4OB9Hx0IPtLa872eklHDl31Lj1Y0ONrefoSt+ci3EOrckleUeisk1xO76D4CalytmbkJVgltshMF89EtfJJCmOFiPunHvGYvBBTokw6rndgVzqovYUQxt+0aaEJpzbH+viH57YWnbJzAiazwRiULNyf9YALKbCSdw4OLG9E7UUb3SCTKkBEOrPFNKO+k5agmCzXFAcJeLKDM3rMaBk9lCAmdYaZIqtNRohrpD57D34erBJI7uwEKKFhYOQb7jjTf/N3O9Lr1CmMjNobjQ4tVueVGk5ho9WQ==
Content-Type: multipart/alternative; boundary="_000_DM8PR02MB8181B46AB616ABB2440810DBCDB02DM8PR02MB8181namp_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR02MB8181.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9b990837-4d25-4e04-2d74-08dcb0d770c3
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Jul 2024 20:37:33.5721 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Bd59MvwbDO4WXLW2EJYTf2HUfNSlhn0AZHQY0fIACQb6doFJl54af1qq8+3riWiVxF/JpuXqhwbfwMQEwuJrNw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR02MB9138
Message-ID-Hash: XEMXECKCLMSOOZC24IQX74ZV37BVL43G
X-Message-ID-Hash: XEMXECKCLMSOOZC24IQX74ZV37BVL43G
X-MailFrom: lrosenth@adobe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [urn] Re: Registration for `c2pa` URN
List-Id: Revisions to URN RFCs <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/dhQ-K7nKQIq1F_WrvvUyJ0MNO1s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>

Excellent points, Peter – thanks!

Is it best to just provide just updated sections or would you rather a complete proposal?

Leonard

From: Peter Saint-Andre <stpeter@stpeter.im>
Date: Tuesday, July 30, 2024 at 4:32 PM
To: Leonard Rosenthol <lrosenth@adobe.com>, urn@ietf.org <urn@ietf.org>
Subject: Re: [urn] Registration for `c2pa` URN
EXTERNAL: Use caution when clicking on links or opening attachments.


Hi Leonard, thank you for this registration request. Because it's high
summer in the northern hemisphere, feedback from other members of the
expert review team might be delayed. However, in the meantime I have
provided several small comments inline.

On 7/30/24 12:36 PM, Leonard Rosenthol wrote:
> Namespace Identifier:  c2pa
>
> Version:  1
>
> Date:  2024-07-30
>
> Registrant:
>
> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance
> and Authenticity)
>
> lrosenth@adobe.com <mailto:lrosenth@adobe.com>, 1-215-808-4978

Typically it's a good idea to include a "role" email address (e.g.,
info@c2pa.org) instead of a personal one.

> Purpose:
>
> Each C2PA Manifest (aka Content Credential) created to incorporate
> provenance information about a given asset is given a unique identifier
> which has historically been an incorrectly formatted UUID URN.  This
> proposal, in conjunction with an updated specification, will define a
> new `c2pa` URN syntax for this purpose.
>
> The `c2pa` URN will consist of a UUID URN (as per RFC 9562) with
> additional information, specific to C2PA added.  These URNs are
> non-resolvable, simply serving as unique identifiers. In this way, the
> ability to unambiguously compare them is of significant importance.
>
> Syntax:
>
> A `c2pa` URN shall consist of two mandatory and two optional components,
> in the following order, with `:`'s between each section.
>
>                  - URN identifier (`urn:c2pa`): REQUIRED
>
>                  - UUID v4, in string representation (as per RFC 9562,
> section 4): REQUIRED
>
>                  - Claim Generator identifier string : OPTIONAL
>
>                  - Version and Reason string (as described below) : OPTIONAL
>
> When present, the "Version and Reason" string shall consist of a `v`
> followed by a monotonically increasing integer, starting with 1,
> followed by an underscore (`_`) and then an integer representing the
> reason for the re-labeling.

You provide information about the Version and Reason string but not
about the Claim Generator identifier string. For example: are there any
length restrictions? Can they include code points (characters) only from
the ASCII range? And so on. It would be good to clarify these matters,
since comparison is important for your use cases.

The remainder of the request looks good to me, although you might
consider pointing to the relevant sections of the c2pa spec regarding
security issues, since they seem to be covered quite extensively there.

Peter