[urn] Re: Registration for `c2pa` URN
Leonard Rosenthol <lrosenth@adobe.com> Thu, 01 August 2024 19:22 UTC
Return-Path: <lrosenth@adobe.com>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3837C169400 for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 12:22:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.153
X-Spam-Level:
X-Spam-Status: No, score=-2.153 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynjUTVZ4qBvK for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 12:22:37 -0700 (PDT)
Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazon11010012.outbound.protection.outlook.com [52.101.61.12]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D770CC1522A0 for <urn@ietf.org>; Thu, 1 Aug 2024 12:22:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GpwuTroeWNgtRNuoW5YVmu4M/ahFpP7/1AiH75uT7vFMlSChLICzf80Y8uR+DCycczmt9ch2rRXXvbN0HmdrhCyI5jntO+KgJmf4+QCftFI46BAVO0kxQFUZE3RRRmIs3sOr6Q5OFyMN/CmSC/ZVCsVNwX1RuxupH/MZYbg7fP6pNI1McxXWtE9YZG9wjm0oqC3/Cb0uiTRwZ9xbwNI+I/AHYV6exVwZXepheJXBPP0bkodjSC8C1AlVwa+n2rN1k8oMhUnFxKDCkGus/t+dTMrSFli/W2FLoHVkxz0AjqXqsaRpUdPQY9GB8o5NY/WkVyRBy5jxYWs7F3KIyMQLLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C15Gbvlecx7FYyRLUdbpRdPcXH9Wu/j7AcoPfVDwzEQ=; b=vyqE1IEv0fic77pGNcKXNspV/mSOD9/x3gNwq47MXAMxhQjh8hmnhntrvChFsLEaODqop8O6k97ZeXcpUVX0FKJbiV1NsvWeXIvE8pDAwdo5jV726XJ8RCk1u7bCXIFL26omjB4dZN23SqtzTwpo7Ws0rSCetjQfV3bjv2W7HYrqoE3E1YwnCyGQwRlr8qVPCz0HyMIGmvXjDlB8j28gDFtWdQNRPa37b9+LnN4fZcg5Owmc8Cq0eMnY6nK3L5jePzeCz7AWLVtehmdHobJbM75SnZejOG3ckWqw9KJ0uGh7ILbmSyULVflNvOANLU53A/3RBvG83HMi22l28bdGRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adobe.com; dmarc=pass action=none header.from=adobe.com; dkim=pass header.d=adobe.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C15Gbvlecx7FYyRLUdbpRdPcXH9Wu/j7AcoPfVDwzEQ=; b=AeEqlzeRNWNu9YKvENTwwgm981Ej7Us2yOMvk47YUCOvlCk64fenxjWH8iE59b9LGIchaJ9H8GaBEUZaWhjVs6scjp/FMzroCde0SlVf7f5iHYbQydaAwwLuv0TsxLNUDJAo5R4ToPEku17TcUjtFPVQb7Za4X7kRHGzbrrUA6k=
Received: from DM8PR02MB8181.namprd02.prod.outlook.com (2603:10b6:8:a::14) by BL0PR02MB6484.namprd02.prod.outlook.com (2603:10b6:208:17e::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.23; Thu, 1 Aug 2024 19:22:32 +0000
Received: from DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151]) by DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151%3]) with mapi id 15.20.7828.021; Thu, 1 Aug 2024 19:22:32 +0000
From: Leonard Rosenthol <lrosenth@adobe.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, "Dale R. Worley" <worley@ariadne.com>
Thread-Topic: [urn] Re: Registration for `c2pa` URN
Thread-Index: AQHa5Eez7NP1iexUTkSaQomre/M+GrISx37j
Date: Thu, 01 Aug 2024 19:22:32 +0000
Message-ID: <DM8PR02MB8181FDED4644EB038037260CCDB22@DM8PR02MB8181.namprd02.prod.outlook.com>
References: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com> <87ttg4ayvi.fsf@hobgoblin.ariadne.com> <DM8PR02MB8181D0D0CDB79E455004F32ECDB22@DM8PR02MB8181.namprd02.prod.outlook.com> <115f84f9-8621-45da-9403-6ed6cfc1514b@stpeter.im>
In-Reply-To: <115f84f9-8621-45da-9403-6ed6cfc1514b@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=adobe.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8PR02MB8181:EE_|BL0PR02MB6484:EE_
x-ms-office365-filtering-correlation-id: fd15e8a3-8571-4d85-e681-08dcb25f4a7d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|366016|376014|38070700018;
x-microsoft-antispam-message-info: B+1y4F3T+FLalBiB+XMKe0VcRJzlrXDI3UQ1G6tsTi1AD+zVITdox6kx8m+mCgc4FD3wh21VwqjNbqJttFR57+0VJjDonwzcSS/p0gS59YDVnne8Dh5i/n72sdCk2XCpG/2EUhG5qnViaiXX+TI9csd3e68ujLkTa1WEfAGJQx/C+GEJpMIbdahyGKMoN9JGWcQmkp445ECqrG28IuX5NKXcyDBZt1nEZEuOfRUcmF0QoDEeqC3LCYFV03xodOZsKxDyW6QvjKc2DBwCl5Obt91L/5eT/Fp64Z3dU52TkVsD8htd7UzjFGx45S+O1NWsAuemNUBC1CbzYpDjgUhS6l9ujEMaN0N6AY9plxjid+H8INdpouLIuO5qIBL4i5/vL1vdkmCsuoCTNqKx7v6IWxL0DGow0pLr7lrwxdylduZ9BMDnwgzfZ12UzT3UTd5PK7b7Q7W0iEYTAI6jhIeuOFKq8F4wlLJTJoWNQs38D9YqUG/YIz4F+14TnB6iGUoS019Z+mwQ4NNxm8ItcmesYaWTqaUmufmlU8VjpXsoIlAboii097KkZlvfdW43TJr5+LnN8ifgtIkhRvd7ErN71r9JLzkX43LjYwgt/6BAndYIXK+0ImaDO2BNpniggKEnv507iJ07FEkaccIYmO7YCN7yY49XLM8BubaRHAJln7i3pvSpJ0MS3YV+gLkFwux2SnID8/+Gn+hLjbTFNjUbUMzYSRc7oIuHGXuCR6tM2lFVe3ZWY6oExs7kYRgSRj7DGW0OdFkAaBqrG6XEthM+gS5dgn4DHP39ugTDfKXlZE7DK8gJNrzN3GRGbkrfrwMx0j6HX+FdPRhJsA8a1YHi0k6AxiHSF+5B0Pubt33sOh0+KVTV7tk+GUNXH70U++hKVjo6uZFQBsE1PQFubQqoI0DJIxxGVf9Fn36j7fKaLHoYOOk+pNGAqhc45QSL3/XGfZ10FOqkpyrYB5yVDUq5h77b1S4Jz3XnXmcKj03vWGhTRZQLcFxjOeSnDwyPIEDQo06Oa+I4ek0OenN5BKKOjht+GtU93A/R91PF3B9pz0JEjwzlpvlrTj65xM6n1aBszs6a6u/4zz2iLqo6QbvPSWellTfQoeNj4yDsFFoIUfxF8BaN5KhHyNpyDEy6DuSJe/+LsovaOfBbatwY2+y5+R655vU+nHUUjPNs2a8dJAf+GmMeuKjEOoXFn0+ywnyI4L2RowDannXaSwo4Y0qDhzz8u2ZMJ73aPRCUtSYskLM8nJblpu/QY2s7fEWK0WK/t3XVt8zJusAh3GstEWxAFYsZEHZY5bwXfNIA6TwAcPGFFblvBXSfdQdoqzEYnZZQtrWHCWMxzSW+gFDU7KLhOiHh3NgmB2+7RXYr+XzNP4A=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM8PR02MB8181.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ISzgNSN8eYV5v5gnpczFHzP8mltbhvTWg5KJx2LTCWdySQCUWmgH1PeaDYg1X3C4Z9tVqy3PCn9l4XANQ46Hgkr12eB8dXLf8eijQaPYWTQN11Y/quevBXiqIDhKlYupc3PirxnUrcAsUOzFivus3mHSynAuj8BRTY/PIs9+RXKWWjsfXL3KwI6cbUPlDKSkFu+8E6P/QD2yEvl9UrEMJezdqpBaZcmwODlebudorwQacJum/7xZyC1TEb0ZnMMbtOgbgWtMxNYg3JumnQ6VZ0HGypLittzEN5gNTX7UnsuxBXSe60CRrpPyvjGy1Fjsxqcg49qJr61UyqAvYvU6jWVI8zphMnSoIrRTS9F2NkDi+KzQ32bFmLZUafhecu5opw3n9i/Lnk5119vLBqQj6Fjv/8Vj3TQPiLdLGP6Cwt8fM7vQ5qQFrYqmGMrWjeUxx6ws+UsuFXSOgMciCmFOOwrIN8JDrLH+eC9YKTzrv/qV3jVgLSAEoUCiOWzL6p50gosGYf2+mUHcmpZ+Af4DqJrGtZ8QTDHqB17FBqbw4SU6NpmVV2ZN/OtPpaE5UdccewA7ydty3ngmu+Ole2FyTkgVElM5pIy0zEBpUNIo2xWj0Q9isiXqX3DVwBOa30N43FXmhuuqnEM50G63TX+TsuEgB1XICa+MaJeY0GvCZo6BBJki9EcbGiS+xIa643Obl7ElKx4i93aqoL5Ln28XhTns6jTWiM1saAtELgOHeo+a8VCAKZCGeTnwp2Pmmd3cZ9EhucKE6Pm64LcGIRMhdLkN4PHEwJSJyxT4YGnWFW7FoNJMfpIx9ClwF/Kf2peWn/K5aIt+OO4RAwhfw5NOZ+qr/J88FJ9ojcR6X8GKd7lGagni6MB86JCLEK13qidwPAb5566sbsrAYqtiVNW8g2WOtM/vVcnfSbesg3bKvbVN1aNRwYODtvusLF0JHArPyIe5Cgt7+tS6fiKaniP4QxHEh+5yLat0/KHNAcnnW50oR4MJdvDWFfjtYVQjlVhDBpz6rRGEE3jGoCmYr7gYlvLfQcIfo26a77ndeUUN6LGNAUkp01A+Ty4lKbCWI2HGBYAy3TpojRlV48tHunoYuSnXyahfu0eeojYZfArWJvZvHCGIajmNbjUrUPq/6TO5xxwsQweZ+xNabawmH+sFGuqhP/AhdKx1cLmbT/spU2SRPt8yiHmyNBFgZ93Dx5BQUS6PxlgSpezGLmk8sYfdYg/mcmpJWzg+xwb77qcNQuAg9X6Kqd6HHpm1m9Pb5FlIHFFw/GR2AYZHG1GVNzWYZpZUK3F/znHMy0VonPmkon8eaoSj6NLOPzjuuejUeQRQslD8fydy1wEXHZvDT3Aa/Sjs/Aebkw+WLlSFK124CgloJW7m0jGTykgLqIu/2BGW03ZDNPvvjgSBNacGBwPRkymIS+Teu4Las3L3mPJnXw86CJ+jhgp4UCAS60uFLDwbumvyZV1ZSxyi1f8Vg1KzVsEOG6Kwl+Edl1ek+KfTx/g4C+F+6vPz60n2nl6tpLWOfMxobNrQhentAL7dsZyHpQQfrJbSk6rrpBrd8GUC4l7vuNHbZ730eJTUr0x/nf83p5sYVl2PpgwOTnBggFfms1SYEcifRXCgaqc6twXRTusp2QUrvA9TcX2vB7hegNwMVLXeNbeux7Nzo+hIsuoJvQ==
Content-Type: multipart/alternative; boundary="_000_DM8PR02MB8181FDED4644EB038037260CCDB22DM8PR02MB8181namp_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR02MB8181.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd15e8a3-8571-4d85-e681-08dcb25f4a7d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2024 19:22:32.0741 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: haSEJ1ORFO1PaVGfiRCobyKzn52kFVTsHJnY7Q5xfWBD9Gve0kBMeiiVCjcpjHTJu4mOxr533uWf7Azu+NSMkA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB6484
Message-ID-Hash: WCVQSIMEEKLNG2YMXQZTZ4VVE7GOQFEE
X-Message-ID-Hash: WCVQSIMEEKLNG2YMXQZTZ4VVE7GOQFEE
X-MailFrom: lrosenth@adobe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "urn@ietf.org" <urn@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [urn] Re: Registration for `c2pa` URN
List-Id: Revisions to URN RFCs <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/nf7Xw_CBIu7WUN9WWrjgkmSNCk0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>
I thought about doing that, but since RFC 9562 didn’t do it – I figured it wasn’t allowed for some reason. Leonard From: Peter Saint-Andre <stpeter@stpeter.im> Date: Thursday, August 1, 2024 at 3:19 PM To: Leonard Rosenthol <lrosenth@adobe.com>, Dale R. Worley <worley@ariadne.com> Cc: urn@ietf.org <urn@ietf.org> Subject: Re: [urn] Re: Registration for `c2pa` URN EXTERNAL: Use caution when clicking on links or opening attachments. Hi Leonard, thanks for the quick turnaround. To simplify the ABNF, you could re-use some of the rules from RFC 3986 or RFC 5234 rather than (apparently) redefining them here. Other than that, it looks good to me. Peter On 8/1/24 12:58 PM, Leonard Rosenthol wrote: > Here is the revised registration proposal. The links to 2.1 will be > live tomorrow (2-Aug-2024). > > Leonard > > Namespace Identifier: c2pa > > Version: 1 > > Date: 2024-07-30 > > Registrant: > > Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance > and Authenticity) > > info@c2pa.org <mailto:info@c2pa.org>, 1-215-808-4978 > > Purpose: > > Each C2PA Manifest (aka Content Credential) created to incorporate > provenance information about a given asset is given a unique identifier > which has historically been an incorrectly formatted UUID URN. This > proposal, in conjunction with an updated specification, will define a > new `c2pa` URN namespace for this purpose. > > The `c2pa` URN will consist of a UUID URN (as per RFC 9562), with the > namespace changed to 'c2pa' and additional information that is specific > to C2PA added. These URNs are non-resolvable, serving as unique > identifiers. In this way, the ability to unambiguously compare them is > of significant importance. > > Syntax: > > A `c2pa` URN shall consist of two mandatory and two optional components, > in the following order, with `:`'s between each section. > > - URN identifier (`urn:c2pa`): REQUIRED > > - UUID v4, in string representation (as per RFC 9562, > section 4): REQUIRED > > - Claim Generator identifier string : OPTIONAL > > - Version and Reason string : OPTIONAL > > When present, the "Claim Generator identifier" string shall consist of > no more than 32 characters from the ASCII range (as per RFC 20), but > which are not Control Characters (RFC 20, 5.2), Graphic Characters (RFC > 20, 5.3), the `:` or the `_`. > > When present, the "Version and Reason" string shall consist of a `v` > followed by a monotonically increasing integer, starting with 1, > followed by an underscore (`_`) and then an integer representing the > reason for the re-labeling. > > An ABNF for a `c2pa` URN looks like: > > c2pa_urn = c2pa-namespace UUID [":" claim-generator] > [":" version-reason] > > c2pa-namespace = "urn:c2pa:" > > ; this definition is taken from RFC 9562 > > UUID = 4hexOctet "-" > > > 2hexOctet "-" > > > 2hexOctet "-" > > > 2hexOctet "-" > > 6hexOctet > > hexOctet = HEXDIG HEXDIG > > DIGIT = %x30-39 > > HEXDIG = DIGIT / "A" / "B" / "C" / "D" / "E" / "F" > > ; ASCII, but not Control Characters, Graphic > Characters, `:` or `_` > > visible-char-except-space-colon-underscore = %x21-2B / > %x2D-3A / %x3C-7E / %x80-FF > > ; claim-generator-identifier is a string of > > ; 1 to 32 > visible-char-except-space-colon-underscore > > claim-generator = ":" claim-generator-identifier > > claim-generator-identifier = > 1*32visible-char-except-space-colon-underscore > > ; version-reason is a string consisting of a "v" > followed by > > ; a positive integer, an underscore and a > second positive integer > > version-reason = ":v" version "_" reason > > version = 1*DIGIT > > reason = 1*DIGIT > > EXAMPLES: > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4` > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme` > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1` > > - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:v2_1` > > Assignment: > > URNs conforming to this scheme are self-assigned, based on the creation > of the UUID (as per RFC 9562) and the optional inclusion of the Claim > Generator identifier string and Version and Reason. This process is > described at > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_unique_identifiers&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569277617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9rBAhiGg3vy2st66CDmMH0I%2BjICe7%2BhoXjUi6JGr2e4%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_unique_identifiers&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569291331%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QS4o5GL%2F8CmgEyyO64JNB4JM7smDzea2H0hlGNyEVWw%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers>> > > Security and Privacy: > > No known security or privacy issues exist for this specific URN, > however, the C2PA specification maintains a "Information Security" > section > (https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569299706%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=75jPvqVwa9EPv%2Bg9kYY9ih7B0IG24C8v9ch2ZL6RcCI%3D&reserved=0 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569305741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=OpLLVhlHfvfX6XTXIi5cMHMrUgtVEIf536P8blcSw7g%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_information_security>>) which documents any known threats and harms related to the core C2PA specification. > > Interoperability: > > A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if > there were to exist a workflow that required doing so. Beyond that, no > known concerns or requirements around interoperability exist. > > Resolution: > > As mentioned earlier in this document, these URNs are non-resolvable, > serving as unique identifiers. In this way, the ability to unambiguously > compare them is of significant importance. > > Documentation: > > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569310893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2Ble45Amx7pJw1NGQw7VcbTx6Fnb7IdoDXnli%2FpeWUE4%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569315849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=13IoUimLrQzpq7x9btLew5h26%2F%2F5RskucC85V5CH%2BpM%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html>> > > Additional Information: NONE > > Revision Information: N/A > > *From: *Dale R. Worley <worley@ariadne.com> > *Date: *Thursday, August 1, 2024 at 2:23 PM > *To: *Leonard Rosenthol <lrosenth@adobe.com> > *Cc: *urn@ietf.org <urn@ietf.org> > *Subject: *Re: [urn] Registration for `c2pa` URN > > EXTERNAL: Use caution when clicking on links or opening attachments. > > > The overall concept looks fine. I have the following comments. > >> Namespace Identifier: c2pa >> >> Version: 1 >> >> Date: 2024-07-30 >> >> Registrant: >> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance >> and Authenticity) >> lrosenth@adobe.com<mailto:lrosenth@adobe.com <mailto:lrosenth@adobe.com>>, 1-215-808-4978 > > As Peter says, the contact identification should be chosen to be stable > as long as possible. > >> Purpose: >> >> Each C2PA Manifest (aka Content Credential) created to incorporate >> provenance information about a given asset is given a unique >> identifier which has historically been an incorrectly formatted UUID >> URN. This proposal, in conjunction with an updated specification, >> will define a new `c2pa` URN syntax for this purpose. > > Change "URN syntax" to "URN namespace". > >> The `c2pa` URN will consist of a UUID URN (as per RFC 9562) with > > You probably want to add "the namespace changed to 'c2pa', with" here. > >> additional information, specific to C2PA added. These URNs are >> non-resolvable, simply serving as unique identifiers. In this way, the >> ability to unambiguously compare them is of significant importance. > > Though it seems from the 3rd and 4th fields, the URNs aren't *just* > unique identifiers, the identifier is tagged with some semantic > information. So you might want to expand on that here. > >> Syntax: >> >> A `c2pa` URN shall consist of two mandatory and two optional >> components, in the following order, with `:`'s between each section. >> >> - URN identifier (`urn:c2pa`): REQUIRED >> - UUID v4, in string representation (as per RFC 9562, section 4): REQUIRED >> - Claim Generator identifier string : OPTIONAL >> - Version and Reason string (as described below) : OPTIONAL > > You really ought to provide ABNF here. E.g., this text says that the > 3rd and 4th parts are both optional, but it's not clear, if only one of > them is present in a URN, which one is present. It appears from the > examples that if the 4th part is present, then the 3rd (or at least the > colon that starts it) must be. What you're looking for is something > like: > > c2pa_urn = "urn:c2pa:" > UUID ; from RFC 4122 > [ ":" [ claim_generator ] > [ ":" version_reason ] ] > > Of course, we need some idea what the syntax of "claim_generator" is. > At least it must not contain a colon! > >> When present, the "Version and Reason" string shall consist of a `v` >> followed by a monotonically increasing integer, starting with 1, >> followed by an underscore (`_`) and then an integer representing the >> reason for the re-labeling. > > version_reason = version "_" reason > version = "v" %31-39 *%30-39 ; "v" and a positive decimal > integer (see RFC 2234) > > But it's not clear what the syntax or semantics of "reason" is. > >> EXAMPLES: >> >> - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4` >> - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme` >> - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1` > > It's always good to have examples! > >> Assignment: >> >> URNs conforming to this scheme are self-assigned, based on the >> creation of the UUID (as per RFC 9562) and the optional inclusion of >> the Claim Generator identifier string and Version and Reason. > > It would be helpful to have some description of the syntax and semantics > of the claim_generator and reason fields. If the C2PA web specification > has a concise description, a link to that would be sufficient. > >> Security and Privacy: >> >> No known security or privacy issues exist. > > As Peter says, not only does > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.0%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569322489%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=EC4nf%2FKJlFd%2FObrLd2YxdMNmlpzV7%2BpMcj2X0IPCwlg%3D&reserved=0<https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_information_security> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.0%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569327932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=vbRrtLI8NAkg3q%2FwT2Z50ikfsq9Yt52H8HWXC1gBIco%3D&reserved=0<https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_information_security>> > give extensive security discussion (which might just be pointed to here) > but its existence shows that there *are* known security issues, > contradicting this text. > >> Interoperability: >> >> A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if >> there were to exist a workflow that required doing so. Beyond that, >> no known concerns or requirements around interoperability exist. >> >> Resolution: N/A > > You might want to move the sentences "These URNs are non-resolvable ..." > to this section. > >> Documentation: https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569334597%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2B5xspyCmELLrJsmwbV2hJQmoCC6B5lO94P948hqvcF8%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569340845%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=JLize5PZoIg4o%2Fjme4XEReUyHWLDV%2BpbutHhl3LCc4w%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html>> >> >> NOTE: Version 2.1 is not yet published but will contain this documentation when published > > How shall we handle this? It's not proper to register a URN namespace > if its references do not exist. Is there an earlier version of the > specification which is "good enough" to link to as documentation? > > Of course, when new version(s) of the C2PA spec are published, it's easy > enough to register a new version of the URN to update the documentation > pointer. > >> Additional Information: NONE >> >> Revision Information: N/A > > Dale > > > _______________________________________________ > urn mailing list -- urn@ietf.org > To unsubscribe send an email to urn-leave@ietf.org
- [urn] Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN worley
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN worley
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol
- [urn] Re: Registration for `c2pa` URN Peter Saint-Andre
- [urn] Re: Registration for `c2pa` URN Leonard Rosenthol