gpeacock
commented
1 month ago Sorry for the very long delay in response to issues here. The C2PA spec and the SDK allow for cloud storage and it has been implemented in some cases. So, yes, you could retrieve the original data if the manifest is available in the cloud. The reference key would depend on the service, by each manifest, when created, has a unique label that it is referenced by, and it should be possible to find that label anywhere. The claim in the manifest cannot be altered without invalidating the signature. And the claim contains hashed references to its assertions. An assertion can be deleted or modified, but those changes would be detected on validation.
What could occur if the manifest undergoes manipulation using editing tools? For instance, if the owner or certain assertions were manually deleted. Is there a backup manifest stored on cloud servers that the system could utilize to recover the original manifest and highlight disparities between the actual and manipulated versions? Additionally, is there any unique reference key to the manifest stored in the cloud servers? I am contemplating enhancing the manifest's resilience to facilitate self-recovery in the face of potential alterations.