On Oct 20, 2024, at 3:02 AM, Phillip Hallam-Baker <phill@xxxxxxxxxxxxxxx> wrote:Signing and encrypting is good. OpenPGP is probably not the most relevant tool for this particular purpose.
Sony, Nikon and Canon have already come together to address authentication with the Content Authenticity Initiative’s (CAI) C2PA digital signature system which appears to be based on X.509/PKIX. I have not read the specs in depth but looks like they started with CMS.
Unless the technical approach the industry has picked is completely broken, this area has passed the point where IETF could add value by putting an alternative on the table. We would make matters worse.
Well, there is https://www.hackerfactor.com/blog/index.php?/archives/1046-C2PA-and-Authenticated-Disinformation.html
Regards, -drc
|
Attachment:
signature.asc
Description: OpenPGP digital signature
