[urn] Re: Registration for `c2pa` URN

Leonard Rosenthol <lrosenth@adobe.com> Thu, 01 August 2024 19:22 UTC

Return-Path: <lrosenth@adobe.com>
X-Original-To: urn@ietfa.amsl.com
Delivered-To: urn@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3837C169400 for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 12:22:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.153
X-Spam-Level:
X-Spam-Status: No, score=-2.153 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynjUTVZ4qBvK for <urn@ietfa.amsl.com>; Thu, 1 Aug 2024 12:22:37 -0700 (PDT)
Received: from DM1PR04CU001.outbound.protection.outlook.com (mail-centralusazon11010012.outbound.protection.outlook.com [52.101.61.12]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D770CC1522A0 for <urn@ietf.org>; Thu, 1 Aug 2024 12:22:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GpwuTroeWNgtRNuoW5YVmu4M/ahFpP7/1AiH75uT7vFMlSChLICzf80Y8uR+DCycczmt9ch2rRXXvbN0HmdrhCyI5jntO+KgJmf4+QCftFI46BAVO0kxQFUZE3RRRmIs3sOr6Q5OFyMN/CmSC/ZVCsVNwX1RuxupH/MZYbg7fP6pNI1McxXWtE9YZG9wjm0oqC3/Cb0uiTRwZ9xbwNI+I/AHYV6exVwZXepheJXBPP0bkodjSC8C1AlVwa+n2rN1k8oMhUnFxKDCkGus/t+dTMrSFli/W2FLoHVkxz0AjqXqsaRpUdPQY9GB8o5NY/WkVyRBy5jxYWs7F3KIyMQLLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C15Gbvlecx7FYyRLUdbpRdPcXH9Wu/j7AcoPfVDwzEQ=; b=vyqE1IEv0fic77pGNcKXNspV/mSOD9/x3gNwq47MXAMxhQjh8hmnhntrvChFsLEaODqop8O6k97ZeXcpUVX0FKJbiV1NsvWeXIvE8pDAwdo5jV726XJ8RCk1u7bCXIFL26omjB4dZN23SqtzTwpo7Ws0rSCetjQfV3bjv2W7HYrqoE3E1YwnCyGQwRlr8qVPCz0HyMIGmvXjDlB8j28gDFtWdQNRPa37b9+LnN4fZcg5Owmc8Cq0eMnY6nK3L5jePzeCz7AWLVtehmdHobJbM75SnZejOG3ckWqw9KJ0uGh7ILbmSyULVflNvOANLU53A/3RBvG83HMi22l28bdGRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=adobe.com; dmarc=pass action=none header.from=adobe.com; dkim=pass header.d=adobe.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C15Gbvlecx7FYyRLUdbpRdPcXH9Wu/j7AcoPfVDwzEQ=; b=AeEqlzeRNWNu9YKvENTwwgm981Ej7Us2yOMvk47YUCOvlCk64fenxjWH8iE59b9LGIchaJ9H8GaBEUZaWhjVs6scjp/FMzroCde0SlVf7f5iHYbQydaAwwLuv0TsxLNUDJAo5R4ToPEku17TcUjtFPVQb7Za4X7kRHGzbrrUA6k=
Received: from DM8PR02MB8181.namprd02.prod.outlook.com (2603:10b6:8:a::14) by BL0PR02MB6484.namprd02.prod.outlook.com (2603:10b6:208:17e::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.23; Thu, 1 Aug 2024 19:22:32 +0000
Received: from DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151]) by DM8PR02MB8181.namprd02.prod.outlook.com ([fe80::ea16:deea:f70c:5151%3]) with mapi id 15.20.7828.021; Thu, 1 Aug 2024 19:22:32 +0000
From: Leonard Rosenthol <lrosenth@adobe.com>
To: Peter Saint-Andre <stpeter@stpeter.im>, "Dale R. Worley" <worley@ariadne.com>
Thread-Topic: [urn] Re: Registration for `c2pa` URN
Thread-Index: AQHa5Eez7NP1iexUTkSaQomre/M+GrISx37j
Date: Thu, 01 Aug 2024 19:22:32 +0000
Message-ID: <DM8PR02MB8181FDED4644EB038037260CCDB22@DM8PR02MB8181.namprd02.prod.outlook.com>
References: <DM8PR02MB8181343606D747A3E984B8DECDB02@DM8PR02MB8181.namprd02.prod.outlook.com> <87ttg4ayvi.fsf@hobgoblin.ariadne.com> <DM8PR02MB8181D0D0CDB79E455004F32ECDB22@DM8PR02MB8181.namprd02.prod.outlook.com> <115f84f9-8621-45da-9403-6ed6cfc1514b@stpeter.im>
In-Reply-To: <115f84f9-8621-45da-9403-6ed6cfc1514b@stpeter.im>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=adobe.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8PR02MB8181:EE_|BL0PR02MB6484:EE_
x-ms-office365-filtering-correlation-id: fd15e8a3-8571-4d85-e681-08dcb25f4a7d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|366016|376014|38070700018;
x-microsoft-antispam-message-info: B+1y4F3T+FLalBiB+XMKe0VcRJzlrXDI3UQ1G6tsTi1AD+zVITdox6kx8m+mCgc4FD3wh21VwqjNbqJttFR57+0VJjDonwzcSS/p0gS59YDVnne8Dh5i/n72sdCk2XCpG/2EUhG5qnViaiXX+TI9csd3e68ujLkTa1WEfAGJQx/C+GEJpMIbdahyGKMoN9JGWcQmkp445ECqrG28IuX5NKXcyDBZt1nEZEuOfRUcmF0QoDEeqC3LCYFV03xodOZsKxDyW6QvjKc2DBwCl5Obt91L/5eT/Fp64Z3dU52TkVsD8htd7UzjFGx45S+O1NWsAuemNUBC1CbzYpDjgUhS6l9ujEMaN0N6AY9plxjid+H8INdpouLIuO5qIBL4i5/vL1vdkmCsuoCTNqKx7v6IWxL0DGow0pLr7lrwxdylduZ9BMDnwgzfZ12UzT3UTd5PK7b7Q7W0iEYTAI6jhIeuOFKq8F4wlLJTJoWNQs38D9YqUG/YIz4F+14TnB6iGUoS019Z+mwQ4NNxm8ItcmesYaWTqaUmufmlU8VjpXsoIlAboii097KkZlvfdW43TJr5+LnN8ifgtIkhRvd7ErN71r9JLzkX43LjYwgt/6BAndYIXK+0ImaDO2BNpniggKEnv507iJ07FEkaccIYmO7YCN7yY49XLM8BubaRHAJln7i3pvSpJ0MS3YV+gLkFwux2SnID8/+Gn+hLjbTFNjUbUMzYSRc7oIuHGXuCR6tM2lFVe3ZWY6oExs7kYRgSRj7DGW0OdFkAaBqrG6XEthM+gS5dgn4DHP39ugTDfKXlZE7DK8gJNrzN3GRGbkrfrwMx0j6HX+FdPRhJsA8a1YHi0k6AxiHSF+5B0Pubt33sOh0+KVTV7tk+GUNXH70U++hKVjo6uZFQBsE1PQFubQqoI0DJIxxGVf9Fn36j7fKaLHoYOOk+pNGAqhc45QSL3/XGfZ10FOqkpyrYB5yVDUq5h77b1S4Jz3XnXmcKj03vWGhTRZQLcFxjOeSnDwyPIEDQo06Oa+I4ek0OenN5BKKOjht+GtU93A/R91PF3B9pz0JEjwzlpvlrTj65xM6n1aBszs6a6u/4zz2iLqo6QbvPSWellTfQoeNj4yDsFFoIUfxF8BaN5KhHyNpyDEy6DuSJe/+LsovaOfBbatwY2+y5+R655vU+nHUUjPNs2a8dJAf+GmMeuKjEOoXFn0+ywnyI4L2RowDannXaSwo4Y0qDhzz8u2ZMJ73aPRCUtSYskLM8nJblpu/QY2s7fEWK0WK/t3XVt8zJusAh3GstEWxAFYsZEHZY5bwXfNIA6TwAcPGFFblvBXSfdQdoqzEYnZZQtrWHCWMxzSW+gFDU7KLhOiHh3NgmB2+7RXYr+XzNP4A=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM8PR02MB8181.namprd02.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(366016)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ISzgNSN8eYV5v5gnpczFHzP8mltbhvTWg5KJx2LTCWdySQCUWmgH1PeaDYg1X3C4Z9tVqy3PCn9l4XANQ46Hgkr12eB8dXLf8eijQaPYWTQN11Y/quevBXiqIDhKlYupc3PirxnUrcAsUOzFivus3mHSynAuj8BRTY/PIs9+RXKWWjsfXL3KwI6cbUPlDKSkFu+8E6P/QD2yEvl9UrEMJezdqpBaZcmwODlebudorwQacJum/7xZyC1TEb0ZnMMbtOgbgWtMxNYg3JumnQ6VZ0HGypLittzEN5gNTX7UnsuxBXSe60CRrpPyvjGy1Fjsxqcg49qJr61UyqAvYvU6jWVI8zphMnSoIrRTS9F2NkDi+KzQ32bFmLZUafhecu5opw3n9i/Lnk5119vLBqQj6Fjv/8Vj3TQPiLdLGP6Cwt8fM7vQ5qQFrYqmGMrWjeUxx6ws+UsuFXSOgMciCmFOOwrIN8JDrLH+eC9YKTzrv/qV3jVgLSAEoUCiOWzL6p50gosGYf2+mUHcmpZ+Af4DqJrGtZ8QTDHqB17FBqbw4SU6NpmVV2ZN/OtPpaE5UdccewA7ydty3ngmu+Ole2FyTkgVElM5pIy0zEBpUNIo2xWj0Q9isiXqX3DVwBOa30N43FXmhuuqnEM50G63TX+TsuEgB1XICa+MaJeY0GvCZo6BBJki9EcbGiS+xIa643Obl7ElKx4i93aqoL5Ln28XhTns6jTWiM1saAtELgOHeo+a8VCAKZCGeTnwp2Pmmd3cZ9EhucKE6Pm64LcGIRMhdLkN4PHEwJSJyxT4YGnWFW7FoNJMfpIx9ClwF/Kf2peWn/K5aIt+OO4RAwhfw5NOZ+qr/J88FJ9ojcR6X8GKd7lGagni6MB86JCLEK13qidwPAb5566sbsrAYqtiVNW8g2WOtM/vVcnfSbesg3bKvbVN1aNRwYODtvusLF0JHArPyIe5Cgt7+tS6fiKaniP4QxHEh+5yLat0/KHNAcnnW50oR4MJdvDWFfjtYVQjlVhDBpz6rRGEE3jGoCmYr7gYlvLfQcIfo26a77ndeUUN6LGNAUkp01A+Ty4lKbCWI2HGBYAy3TpojRlV48tHunoYuSnXyahfu0eeojYZfArWJvZvHCGIajmNbjUrUPq/6TO5xxwsQweZ+xNabawmH+sFGuqhP/AhdKx1cLmbT/spU2SRPt8yiHmyNBFgZ93Dx5BQUS6PxlgSpezGLmk8sYfdYg/mcmpJWzg+xwb77qcNQuAg9X6Kqd6HHpm1m9Pb5FlIHFFw/GR2AYZHG1GVNzWYZpZUK3F/znHMy0VonPmkon8eaoSj6NLOPzjuuejUeQRQslD8fydy1wEXHZvDT3Aa/Sjs/Aebkw+WLlSFK124CgloJW7m0jGTykgLqIu/2BGW03ZDNPvvjgSBNacGBwPRkymIS+Teu4Las3L3mPJnXw86CJ+jhgp4UCAS60uFLDwbumvyZV1ZSxyi1f8Vg1KzVsEOG6Kwl+Edl1ek+KfTx/g4C+F+6vPz60n2nl6tpLWOfMxobNrQhentAL7dsZyHpQQfrJbSk6rrpBrd8GUC4l7vuNHbZ730eJTUr0x/nf83p5sYVl2PpgwOTnBggFfms1SYEcifRXCgaqc6twXRTusp2QUrvA9TcX2vB7hegNwMVLXeNbeux7Nzo+hIsuoJvQ==
Content-Type: multipart/alternative; boundary="_000_DM8PR02MB8181FDED4644EB038037260CCDB22DM8PR02MB8181namp_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8PR02MB8181.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fd15e8a3-8571-4d85-e681-08dcb25f4a7d
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2024 19:22:32.0741 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: haSEJ1ORFO1PaVGfiRCobyKzn52kFVTsHJnY7Q5xfWBD9Gve0kBMeiiVCjcpjHTJu4mOxr533uWf7Azu+NSMkA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR02MB6484
Message-ID-Hash: WCVQSIMEEKLNG2YMXQZTZ4VVE7GOQFEE
X-Message-ID-Hash: WCVQSIMEEKLNG2YMXQZTZ4VVE7GOQFEE
X-MailFrom: lrosenth@adobe.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-urn.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "urn@ietf.org" <urn@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [urn] Re: Registration for `c2pa` URN
List-Id: Revisions to URN RFCs <urn.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/urn/nf7Xw_CBIu7WUN9WWrjgkmSNCk0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/urn>
List-Help: <mailto:urn-request@ietf.org?subject=help>
List-Owner: <mailto:urn-owner@ietf.org>
List-Post: <mailto:urn@ietf.org>
List-Subscribe: <mailto:urn-join@ietf.org>
List-Unsubscribe: <mailto:urn-leave@ietf.org>

I thought about doing that, but since RFC 9562 didn’t do it – I figured it wasn’t allowed for some reason.

Leonard

From: Peter Saint-Andre <stpeter@stpeter.im>
Date: Thursday, August 1, 2024 at 3:19 PM
To: Leonard Rosenthol <lrosenth@adobe.com>, Dale R. Worley <worley@ariadne.com>
Cc: urn@ietf.org <urn@ietf.org>
Subject: Re: [urn] Re: Registration for `c2pa` URN
EXTERNAL: Use caution when clicking on links or opening attachments.


Hi Leonard, thanks for the quick turnaround.

To simplify the ABNF, you could re-use some of the rules from RFC 3986
or RFC 5234 rather than (apparently) redefining them here.

Other than that, it looks good to me.

Peter

On 8/1/24 12:58 PM, Leonard Rosenthol wrote:
> Here is the revised registration proposal.   The links to 2.1 will be
> live tomorrow (2-Aug-2024).
>
> Leonard
>
> Namespace Identifier:  c2pa
>
> Version:  1
>
> Date:  2024-07-30
>
> Registrant:
>
> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance
> and Authenticity)
>
> info@c2pa.org <mailto:info@c2pa.org>, 1-215-808-4978
>
> Purpose:
>
> Each C2PA Manifest (aka Content Credential) created to incorporate
> provenance information about a given asset is given a unique identifier
> which has historically been an incorrectly formatted UUID URN.  This
> proposal, in conjunction with an updated specification, will define a
> new `c2pa` URN namespace for this purpose.
>
> The `c2pa` URN will consist of a UUID URN (as per RFC 9562), with the
> namespace changed to 'c2pa' and additional information that is specific
> to C2PA added.  These URNs are non-resolvable, serving as unique
> identifiers. In this way, the ability to unambiguously compare them is
> of significant importance.
>
> Syntax:
>
> A `c2pa` URN shall consist of two mandatory and two optional components,
> in the following order, with `:`'s between each section.
>
>                  - URN identifier (`urn:c2pa`): REQUIRED
>
>                  - UUID v4, in string representation (as per RFC 9562,
> section 4): REQUIRED
>
>                  - Claim Generator identifier string : OPTIONAL
>
>                  - Version and Reason string : OPTIONAL
>
> When present, the "Claim Generator identifier" string shall consist of
> no more than 32 characters from the ASCII range (as per RFC 20), but
> which are not Control Characters (RFC 20, 5.2), Graphic Characters (RFC
> 20, 5.3), the `:` or the `_`.
>
> When present, the "Version and Reason" string shall consist of a `v`
> followed by a monotonically increasing integer, starting with 1,
> followed by an underscore (`_`) and then an integer representing the
> reason for the re-labeling.
>
> An ABNF for a `c2pa` URN looks like:
>
>                  c2pa_urn = c2pa-namespace UUID [":" claim-generator]
> [":" version-reason]
>
>                  c2pa-namespace = "urn:c2pa:"
>
>                  ; this definition is taken from RFC 9562
>
>                  UUID     =  4hexOctet "-"
>
>
> 2hexOctet "-"
>
>
> 2hexOctet "-"
>
>
> 2hexOctet "-"
>
>                                                                  6hexOctet
>
>                  hexOctet = HEXDIG HEXDIG
>
>                  DIGIT    = %x30-39
>
>                  HEXDIG   = DIGIT / "A" / "B" / "C" / "D" / "E" / "F"
>
>                  ; ASCII, but not Control Characters, Graphic
> Characters, `:` or `_`
>
>                  visible-char-except-space-colon-underscore = %x21-2B /
> %x2D-3A / %x3C-7E / %x80-FF
>
>                  ; claim-generator-identifier is a string of
>
>                  ;               1 to 32
> visible-char-except-space-colon-underscore
>
>                  claim-generator = ":" claim-generator-identifier
>
>                  claim-generator-identifier =
> 1*32visible-char-except-space-colon-underscore
>
>                  ; version-reason is a string consisting of a "v"
> followed by
>
>                  ;               a positive integer, an underscore and a
> second positive integer
>
>                  version-reason = ":v" version "_" reason
>
>                  version = 1*DIGIT
>
>                  reason = 1*DIGIT
>
> EXAMPLES:
>
>                  - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4`
>
>                  - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme`
>
>                  - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1`
>
>                  - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:v2_1`
>
> Assignment:
>
> URNs conforming to this scheme are self-assigned, based on the creation
> of the UUID (as per RFC 9562) and the optional inclusion of the Claim
> Generator identifier string and Version and Reason. This process is
> described at
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_unique_identifiers&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569277617%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9rBAhiGg3vy2st66CDmMH0I%2BjICe7%2BhoXjUi6JGr2e4%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_unique_identifiers&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569291331%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=QS4o5GL%2F8CmgEyyO64JNB4JM7smDzea2H0hlGNyEVWw%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_unique_identifiers>>
>
> Security and Privacy:
>
> No known security or privacy issues exist for this specific URN,
> however, the C2PA specification maintains a "Information Security"
> section
> (https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569299706%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=75jPvqVwa9EPv%2Bg9kYY9ih7B0IG24C8v9ch2ZL6RcCI%3D&reserved=0 <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569305741%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=OpLLVhlHfvfX6XTXIi5cMHMrUgtVEIf536P8blcSw7g%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_information_security>>) which documents any known threats and harms related to the core C2PA specification.
>
> Interoperability:
>
> A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if
> there were to exist a workflow that required doing so.  Beyond that, no
> known concerns or requirements around interoperability exist.
>
> Resolution:
>
> As mentioned earlier in this document, these URNs are non-resolvable,
> serving as unique identifiers. In this way, the ability to unambiguously
> compare them is of significant importance.
>
> Documentation:
>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569310893%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2Ble45Amx7pJw1NGQw7VcbTx6Fnb7IdoDXnli%2FpeWUE4%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569315849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=13IoUimLrQzpq7x9btLew5h26%2F%2F5RskucC85V5CH%2BpM%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html>>
>
> Additional Information:  NONE
>
> Revision Information:  N/A
>
> *From: *Dale R. Worley <worley@ariadne.com>
> *Date: *Thursday, August 1, 2024 at 2:23 PM
> *To: *Leonard Rosenthol <lrosenth@adobe.com>
> *Cc: *urn@ietf.org <urn@ietf.org>
> *Subject: *Re: [urn] Registration for `c2pa` URN
>
> EXTERNAL: Use caution when clicking on links or opening attachments.
>
>
> The overall concept looks fine.  I have the following comments.
>
>> Namespace Identifier:  c2pa
>>
>> Version:  1
>>
>> Date:  2024-07-30
>>
>> Registrant:
>> Leonard Rosenthol, on behalf of C2PA (Coalition for Content Provenance
>> and Authenticity)
>> lrosenth@adobe.com<mailto:lrosenth@adobe.com <mailto:lrosenth@adobe.com>>, 1-215-808-4978
>
> As Peter says, the contact identification should be chosen to be stable
> as long as possible.
>
>> Purpose:
>>
>> Each C2PA Manifest (aka Content Credential) created to incorporate
>> provenance information about a given asset is given a unique
>> identifier which has historically been an incorrectly formatted UUID
>> URN.  This proposal, in conjunction with an updated specification,
>> will define a new `c2pa` URN syntax for this purpose.
>
> Change "URN syntax" to "URN namespace".
>
>> The `c2pa` URN will consist of a UUID URN (as per RFC 9562) with
>
> You probably want to add "the namespace changed to 'c2pa', with" here.
>
>> additional information, specific to C2PA added.  These URNs are
>> non-resolvable, simply serving as unique identifiers. In this way, the
>> ability to unambiguously compare them is of significant importance.
>
> Though it seems from the 3rd and 4th fields, the URNs aren't *just*
> unique identifiers, the identifier is tagged with some semantic
> information.  So you might want to expand on that here.
>
>> Syntax:
>>
>> A `c2pa` URN shall consist of two mandatory and two optional
>> components, in the following order, with `:`'s between each section.
>>
>>                 - URN identifier (`urn:c2pa`): REQUIRED
>>                 - UUID v4, in string representation (as per RFC 9562, section 4): REQUIRED
>>                 - Claim Generator identifier string : OPTIONAL
>>                 - Version and Reason string (as described below) : OPTIONAL
>
> You really ought to provide ABNF here.  E.g., this text says that the
> 3rd and 4th parts are both optional, but it's not clear, if only one of
> them is present in a URN, which one is present.  It appears from the
> examples that if the 4th part is present, then the 3rd (or at least the
> colon that starts it) must be.  What you're looking for is something
> like:
>
> c2pa_urn = "urn:c2pa:"
>             UUID         ; from RFC 4122
>             [ ":" [ claim_generator ]
>               [ ":" version_reason ] ]
>
> Of course, we need some idea what the syntax of "claim_generator" is.
> At least it must not contain a colon!
>
>> When present, the "Version and Reason" string shall consist of a `v`
>> followed by a monotonically increasing integer, starting with 1,
>> followed by an underscore (`_`) and then an integer representing the
>> reason for the re-labeling.
>
> version_reason = version "_" reason
> version        = "v" %31-39 *%30-39    ; "v" and a positive decimal
> integer (see RFC 2234)
>
> But it's not clear what the syntax or semantics of "reason" is.
>
>> EXAMPLES:
>>
>>                 - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4`
>>                 - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme`
>>                 - `urn:c2pa:F9168C5E-CEB2-4FAA-B6BF-329BF39FA1E4:acme:v2_1`
>
> It's always good to have examples!
>
>> Assignment:
>>
>> URNs conforming to this scheme are self-assigned, based on the
>> creation of the UUID (as per RFC 9562) and the optional inclusion of
>> the Claim Generator identifier string and Version and Reason.
>
> It would be helpful to have some description of the syntax and semantics
> of the claim_generator and reason fields.  If the C2PA web specification
> has a concise description, a link to that would be sufficient.
>
>> Security and Privacy:
>>
>> No known security or privacy issues exist.
>
> As Peter says, not only does
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.0%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569322489%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=EC4nf%2FKJlFd%2FObrLd2YxdMNmlpzV7%2BpMcj2X0IPCwlg%3D&reserved=0<https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_information_security> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.0%2Fspecs%2FC2PA_Specification.html%23_information_security&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569327932%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=vbRrtLI8NAkg3q%2FwT2Z50ikfsq9Yt52H8HWXC1gBIco%3D&reserved=0<https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_information_security>>
> give extensive security discussion (which might just be pointed to here)
> but its existence shows that there *are* known security issues,
> contradicting this text.
>
>> Interoperability:
>>
>> A standard UUID URN can be "losslessly upgraded" to a `c2pa` UUID, if
>> there were to exist a workflow that required doing so.  Beyond that,
>> no known concerns or requirements around interoperability exist.
>>
>> Resolution:  N/A
>
> You might want to move the sentences "These URNs are non-resolvable ..."
> to this section.
>
>> Documentation:  https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569334597%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=%2B5xspyCmELLrJsmwbV2hJQmoCC6B5lO94P948hqvcF8%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fc2pa.org%2Fspecifications%2Fspecifications%2F2.1%2Fspecs%2FC2PA_Specification.html&data=05%7C02%7Clrosenth%40adobe.com%7C4a00b8a175fa452bde2408dcb25ed445%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C638581367569340845%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=JLize5PZoIg4o%2Fjme4XEReUyHWLDV%2BpbutHhl3LCc4w%3D&reserved=0<https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html>>
>>
>> NOTE: Version 2.1 is not yet published but will contain this documentation when published
>
> How shall we handle this?  It's not proper to register a URN namespace
> if its references do not exist.  Is there an earlier version of the
> specification which is "good enough" to link to as documentation?
>
> Of course, when new version(s) of the C2PA spec are published, it's easy
> enough to register a new version of the URN to update the documentation
> pointer.
>
>> Additional Information:  NONE
>>
>> Revision Information:  N/A
>
> Dale
>
>
> _______________________________________________
> urn mailing list -- urn@ietf.org
> To unsubscribe send an email to urn-leave@ietf.org