Some fixes that were destined for the new site, but... #209
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
lrosenthol
commented
Jun 15, 2025
lrosenthol
commented
- link to 2.2 not 2.1
- add placeholders for the new DSTs
lrosenthol
requested review from
andyparsons,
sherifhanna-google and
darrellkindred
darrellkindred
approved these changes
Jun 15, 2025
sherifhanna-google
requested changes
Jun 16, 2025
|
|
||
| ## Introduction | ||
|
|
||
| TBD |
There was a problem hiding this comment.
Suggested change
| TBD | |
| ### Conforming Products | |
| The C2PA recognizes that parties that rely on media for critical decisions need assurance that files that contain C2PA Content Credentials were created using products, devices, or services that implement the C2PA Content Credentials specification correctly and securely. Likewise, those relying parties need assurances that products that validate files with C2PA Content Credentials do so correctly and securely. | |
| In response, the C2PA has created the C2PA Conformance Program to fulfill the above needs, whereby it evaluates C2PA implementations for: | |
| 1. Functional correctness with respect to the normative requirements of the C2PA Content Credentials specification | |
| 2. Security of implementation following a minimum set of widely-accepted secure design best practices | |
| The C2PA Conformance Program makes the results of that evaluation known by including said implementations on the public C2PA Conforming Products List with a status of `conformant`. Entities implementing Generator Products or Validator Products may wish to submit their implementations for evaluation by the C2PA Conformance Program, and if deemed to meet its requirements, to obtain the aforementioned public recognition that their implementations have been deemed by the C2PA Conformance Program to be Conforming Products. | |
| ### C2PA Trust List and C2PA TSA Trust List | |
| C2PA Content Credentials technology relies on the use cryptographic key pairs and digital certificates, as well as cryptographic time-stamps, to create digital signatures over the Claims in C2PA Manifests, thereby protecting their integrity and facilitating the authentication of the entities that produced them. This creates a dual need: | |
| 1. Entities implementing Generator Products which have been deemed “conformant” by the C2PA Conformance Program, require digital certificates and time-stamps to sign the C2PA Claims in media they produce, and need those digital certificates and time-stamps to be issued by Certification Authorities and Time-Stamping Authorities that are trusted to perform such functions by relying parties. | |
| 2. Relying parties need cryptographic assurance of the identity of the entities that sign over C2PA claim in C2PA assets. | |
| As such, the C2PA maintains the C2PA Trust List and the C2PA TSA Trust List. The former lists root or issuing Certification Authorities that issue claim signing certificates to instances of conformant Generator Products, and the latter lists root or issuing Certificiation Authorities that issue time-stamping certificates to Time-Stamping Authorities. | |
| The organzitions that operate the Certification Authorities on these lists have demonstrated conformance with the requirements outlined in the C2PA Certificate Policy, and as such have been deemed eligible by the C2PA Conformance Program to render Certificate Services and Time-Stamping Services to Generator Products. | |
|
|
||
| TBD | ||
|
|
||
| ## Checklist |
There was a problem hiding this comment.
Suggested change
| ## Checklist | |
| Machine-Readable Lists |
sherifhanna-google
requested changes
Jun 25, 2025
|
|
||
| ## Checklist | ||
|
|
||
| TBD |
There was a problem hiding this comment.
Suggested change
| TBD |
|
|
||
| TBD | ||
|
|
||
| ## Program Details |
There was a problem hiding this comment.
Suggested change
| ## Program Details | |
| ## Governing Documents |
|
|
||
| ## Program Details | ||
|
|
||
| https://github.com/c2pa-org/conformance-public |
There was a problem hiding this comment.
Suggested change
| https://github.com/c2pa-org/conformance-public | |
| https://github.com/c2pa-org/conformance-public/tree/main/docs/current |
|
|
||
| https://github.com/c2pa-org/conformance-public | ||
|
|
||
| ## Interested in participating? |
There was a problem hiding this comment.
Suggested change
| ## Interested in participating? | |
| ## Getign Started |
Comment on lines
+20
to
+21
| https://docs.google.com/forms/d/e/1FAIpQLSds0w9DHq_x9iFoQ3sM_a3n9-m_yPRkGEuInCDmc7FBbTCd4w/viewform | ||
|
|
There was a problem hiding this comment.
Suggested change
| https://docs.google.com/forms/d/e/1FAIpQLSds0w9DHq_x9iFoQ3sM_a3n9-m_yPRkGEuInCDmc7FBbTCd4w/viewform | |
| Entities that create Generator Products or Validator Products, or operate Certification Authorities, may begin the process of applying to the C2PA Conformance Program by filling out this [Expression of Interest](https://docs.google.com/forms/d/e/1FAIpQLScERZH5rKfoeSu3y6gGbkllkyeAhmF0G-kXS0eXpb2vR238Rg/viewform?usp=header) form. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.