-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarification: security properties of exclusion-instead-of-inclusion byte-range lists #40
Comments
@jayaddison I don't see why not - will add to our internal issues tracker to address! |
Thank you, @lrosenthol! |
Before responding further, a recap on since-published versions: v1.3 guidance:
v1.4 guidance (unchanged, apart from the hyperlink):
v2.0 guidance (change in terminology):
v2.1 guidance:
As an aside: it seems that version control is potentially being used in an unexpected way in this repository -- generally the authored source materials used to produce documents (and if necessary the resulting output from building those sources) would be committed to source control, with revision history available to browse only the diffs/patches applied for each revision. In this case it seems to me that subsequent versions are being added to source control as separate directories, meaning that common I haven't heard of the term In my experience, hashing the entire content of a file (without using include/exclude ranges) tends to be the preferred approach when using hashing to identify and/or de-duplicate content that may be bit-for-bit identical (with the caveat that hash collisions may be found for any lossy hash given sufficient compute resources). Edit: use permalinks for all documentation references |
Hi - I have a question about heading 4.1.2 of the C2PA v1.3 specification:
Would it be possible to share additional information about the types of attack that inclusion lists were found to be vulnerable to, and how exclusion lists defend against these?
Thank you,
James
The text was updated successfully, but these errors were encountered: