Hacker Factor on Nostr: You can disagree, but then how do you account for working examples of forgeries using ...
You can disagree, but then how do you account for working examples of forgeries using tools provided by C2PA members? (I don't just say there are problems; I demonstrate the problems.)
Creating a forged signing certificates: https://www.hackerfactor.com/blog/index.php?/archives/1037-C2PA-and-Untrusted-Certificates.html
Altering "cryptographically signed" timestamps with nothing more than hexedit: https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html
And a long list of other vulnerabilities: https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html
In my opinion, C2PA is nothing more than snake oil.
Creating a forged signing certificates: https://www.hackerfactor.com/blog/index.php?/archives/1037-C2PA-and-Untrusted-Certificates.html
Altering "cryptographically signed" timestamps with nothing more than hexedit: https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html
And a long list of other vulnerabilities: https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html
In my opinion, C2PA is nothing more than snake oil.