Comment by alwa

CAI’s Content Credential standard accommodates what you suggest, as far as re-signing/provenance, with a chain kind of approach. It supports embedding “ingredient thumbnails” in an image’s manifest, and/or the image’s manifest can embed or link back to source images that are in turn also signed [2].

It feels like the approach assumes a media environment where a professional wants to provably “show their work,” where authenticity adds value to a skeptical audience.

In that spirit, then, I understand CAI’s intention [0] to be to vest that judgment with the creator, and ultimately the viewer: if my purpose is to prove myself, I’d want to show enough links in the chain that the viewer checking my work can say “oh I see how A relates to B, to C,” and so on. If I don’t want to prove myself, well… then I won’t.

I don’t know Adobe’s implementation well enough to know how often they save a CC manifest, and their beta is vague in just referring to “editing history.” [1] I get the impression that they’re still dialing in the right level of detail to capture by default. Maybe even just “came from Firefly” and “Photoshop wuz here.”

But if I want to prove this Nikon Z9 recorded these pixels at this time and place, or “I am the BBC and yes I published this,” or “only the flying monkey was GenAI, the rest was real” I could conceivably put together a toolchain (independently of Adobe) to prove it in more detail.

[0] https://spec.c2pa.org/specifications/specifications/2.2/spec...

[1] https://opensource.contentauthenticity.org/docs/manifest/und...

[2] https://opensource.contentauthenticity.org/docs/c2patool/doc...