Hi Leonard, On Wed, 14 Aug 2024 at 23:55, Leonard Rosenthol <[email protected]> wrote: > > The 3161-ctt COSE unprotected header parameter MUST be used for the mode > > described in Section 2.2. > > We are using a CTT-compatible timestamp in C2PA 2.1 – see > https://c2pa.org/specifications/specifications/2.1/specs/C2PA_Specification.html#_storing_the_time_stamp. > However, we are using our own unprotected header for > alignment/compatibility with our work. > > Does that mean we are violating you standard by doing so??
You are not violating the standard because: 1. There is no standard yet :-), and 2. You are using your custom header(s). Converging on a standard has clear benefits, but we need to make sure your requirements are covered and that's why your feedback is very important at this stage. Specifically, while the semantics of C2PA's `tstSig2` are remarkably similar to `3161-ctt`, there are two small differences: 1. C2PA allow multiple timestamps to be collected, whereas the CTT header is a single bstr. To cover C2PA usages, `3161-ctt` must allow an array of bstr's, one per TSA; 2. C2PA stores the whole `TimestampResponse` while `3161-ctt` only stores the inner `TimestampToken`. Since a `TimestampToken` exists only if the `TimestampResponse` has one of the two "granted" statuses (which are those allowed by C2PA), the latter seems redundant. What do you think? cheers, thanks! t _______________________________________________ COSE mailing list -- [email protected] To unsubscribe send an email to [email protected]
