Lightweight PKI option anchoring to a web domain

creator-assertions / identity-assertion

Creator Assertions Working Group :: Identity Assertion

https://creator-assertions.github.io/identity/

Other

6 stars 7 forks source link

Lightweight PKI option anchoring to a web domain #57

Open scouten-adobe opened 7 months ago

scouten-adobe commented 7 months ago

Per 26 February 2024 meeting, Christian Paquin offered to work on a proposal for a lightweight PKI option anchoring to a web domain.

christianpaquin commented 6 months ago

See proposal; I just updated it with a proof of concept.

scouten-adobe commented 6 months ago

Proof of concept: https://github.com/christianpaquin/c2pa-explorations/blob/main/web-domain-trust-anchor/web-domain-trust-anchor.md

christianpaquin commented 4 months ago

Given the existing support for trust lists, this feature might be achieved by creating a trust list of one entry and hosting it on the target web domain. This would be simpler allowing to achieve this without introducing a new mechanism.

I created a demo illustrating this technique for a C2PA signature; this should also work for X.509-based identity assertions.