Just wanted to write this group, to let you know that the C2PA (https://c2pa.org) has adopted this document as a normative reference for our upcoming 2.1 version of our specification, to enable a stronger counter-signature model than we currently offer.
The relevant updated section of our document is: v2 time-stamps shall be stored in a COSE unprotected header whose label is the string `sigTst2`. When present, the value of this header shall be a `tstContainer` defined by <<tstContainer-CDDL>>. NOTE: A v2 time-stamp is equivalent to the "CTT" model of https://datatracker.ietf.org/doc/draft-ietf-cose-tsa-tst-header-parameter/[COSE<https://datatracker.ietf.org/doc/draft-ietf-cose-tsa-tst-header-parameter/%5bCOSE> Header parameter for RFC 3161 Time-Stamp Tokens Draft]. It requires that the complete signature structure be completed prior to time-stamping, thus enabling the time-stamp to serve as a countersignature on the entire signature structure, including the actual certificate. As such, I would strongly support the move of this document to WGLC. Leonard Rosenthol Senior Principal Architect, PDF & Content Authenticity, Adobe Chair, Technical Working Group, C2PA
_______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
