Merge pull request #272 from contentauth/trust-cleanup

Trust cleanup

Author: crandmck

docs/conformance.mdx

@@ -12,7 +12,7 @@ The C2PA conformance program covers:
 - [Certificate authorities (CAs)](#certificate-authorities).
 
 :::info
-If you're developing a product that reads or creates Content Credentials, you can apply for the C2PA conformance program. If accepted, the product is added to the [conforming products list](https://github.com/c2pa-org/conformance-public/blob/main/conforming-products/conforming-products-list.json#L302), which indicates it is compliant with the C2PA Content Credentials specification.
+If you're developing a product that reads or creates Content Credentials, you can apply for the C2PA conformance program. If accepted, the product is added to the [conforming products list](https://github.com/c2pa-org/conformance-public/blob/main/conforming-products/conforming-products-list.json), which indicates it is compliant with the C2PA Content Credentials specification.
 
 **To start the process, fill out C2PA's [expression of interest form](https://docs.google.com/forms/d/e/1FAIpQLScERZH5rKfoeSu3y6gGbkllkyeAhmF0G-kXS0eXpb2vR238Rg/viewform).**
 :::

docs/getting-started/faqs.mdx

@@ -6,6 +6,10 @@ hide_table_of_contents: true
 
 import TOCInline from '@theme/TOCInline';
 
+:::tip See also
+[C2PA FAQs](https://c2pa.org/faqs/).
+:::
+
 <TOCInline toc={toc} />
 
 ### Are Content Credentials alone sufficient to prevent the spread of misinformation?
@@ -18,7 +22,7 @@ Content provenance is most effective when combining three key technologies:
 
 Using these technologies together creates a more robust content provenance system than any single approach alone.
 
-For more details, see [Durable Content Credentials](https://contentauthenticity.org/blog/durable-content-credentials) (April 8, 2024).
+For more details, see [Durable Content Credentials](../durable-cr/index.md).
 
 ### Are Content Credentials a blockchain system?
 
@@ -31,9 +35,9 @@ Notable implementations using blockchain:
 
 ### Are Content Credentials about digital rights management?
 
-No; Content Credentials do not enforce permissions for access to content. In many cases, the name displayed on the [Verify website](https://verify.contentauthenticity.org) is the name of the exporter of the content, not the rights owner.
+No; Content Credentials do not enforce permissions for access to content. In many cases, the name displayed by validator products such as the [**Inspect tool on Adobe Content Authenticity (Beta)**](https://verify.contentauthenticity.org) (ACA Inpsect) is the name of the exporter of the content, not the rights owner.
 
-The [Title and signgin information](verify.mdx#title-and-signing-information) in Verify refers to the name of the exporter. If the image was created with an Adobe Product such as Photoshop with Content Credentials (Beta) enabled, the "Produced by" section shows the name of the Adobe ID associated with the user who exported the image.
+The [Title and signing information](aca-inspect.mdx#title-and-signing-information) in ACA Inspect refers to the name of the exporter. If the image was created with an Adobe Product such as Photoshop with Content Credentials (Beta) enabled, the "Produced by" section shows the name of the Adobe ID associated with the user who exported the image.
 
 ### Do Content Credentials indicate if an image is fake or altered?
 
@@ -53,6 +57,8 @@ Conversely, if you use a C2PA-enabled camera to take a photo of an image, the ca
 
 The C2PA specification allows for recovery of metadata stripped from an asset through a lookup process using either a watermarked ID or a perceptual content-aware hash, also referred to as a [fingerprint](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_fingerprint).
 
+Durable Content Credentials helps content provenance to persist across content platforms by using C2PA manifest data. For more information, see [Durable Content Credentials](../durable-cr/index.md).
+
 ### What information is embedded in Content Credentials?
 
 The information embedded in Content Credentials is totally up to each implementor.

docs/getting-started/index.mdx

@@ -87,11 +87,15 @@ In practice, to use a certificate with the CAI SDK, follow this process:
 For more information on getting and using certificates, see [Signing and certificates](signing/index.md).
 :::
 
-### Interim trust list
+### Trust lists
 
 import verify_unknown_source from '@site/static/img/verify-cc-unknown-source.png';
 
-The C2PA [Verify tool](https://verify.contentauthenticity.org) uses a list of _known certificates_ (sometimes referred to as a "trust list") to determine whether a Content Credential was issued by a known source. Currently, it uses the [interim trust list](verify-known-cert-list) but it will be updated soon to use the official [C2PA trust list](conformance.mdx#c2pa-trust-lists).
+The _C2PA trust list_ is a curated list of certification authorities (CAs) that are authorized to issue signing certificates for conforming generator products.
+
+Conforming validator products such as the [Inspect tool on Adobe Content Authenticity (Beta)](https://verify.contentauthenticity.org) use the C2PA trust list to determine whether a Content Credential was issued using a certificate that can be traced back to a CA on the C2PA trust list.
+
+Before the introduction of the C2PA trust list, during the early adoption phase of C2PA the C2PA [Verify tool](https://verify.contentauthenticity.org) used [the interim trust list](trust-list.mdx) to determine which certificates were considered valid and prevent unknown signers from appearing as valid. Verify will be updated to use the official [C2PA trust list](conformance.mdx#c2pa-trust-lists).
 
 ## Identity
 
@@ -141,14 +145,15 @@ The example shown below illustrates one way to implement levels of disclosure:
 
 ## Example uses
 
-Numerous Adobe tools and products implement Content Credentials. You can optionally attach credentials to images you create or modify using [Photoshop](https://helpx.adobe.com/photoshop/using/content-credentials.html) and [Lightroom](https://helpx.adobe.com/lightroom-cc/using/content-credentials-lightroom.html). Additionally, all images created using the [Firefly](https://blog.adobe.com/en/publish/2023/03/21/bringing-gen-ai-to-creative-cloud-adobe-firefly) generative AI tool automatically have attached Content Credentials. [Behance displays Content Credentials](https://www.behance.net/blog/cai-on-behance) if they are attached to media shared on the site, and still images provided through [Adobe Stock](https://stock.adobe.com/) automatically have Content Credentials attached.
+Numerous Adobe tools and products implement Content Credentials. For example, you can optionally attach credentials to images you create or modify using [Photoshop](https://helpx.adobe.com/photoshop/using/content-credentials.html) and [Lightroom](https://helpx.adobe.com/lightroom-cc/using/content-credentials-lightroom.html). Additionally, all images created using the [Firefly](https://blog.adobe.com/en/publish/2023/03/21/bringing-gen-ai-to-creative-cloud-adobe-firefly) generative AI tool automatically have attached Content Credentials. [Behance displays Content Credentials](https://www.behance.net/blog/cai-on-behance) if they are attached to media shared on the site, and still images provided through [Adobe Stock](https://stock.adobe.com/) automatically have Content Credentials attached. Other Adobe products also support Content Credentials.
 
-The C2PA's [Verify website](https://verify.contentauthenticity.org/) inspects image files and displays their Content Credentials if they exist. See [Using the Verify tool](verify/) for more information.
+The [Inspect tool on Adobe Content Authenticity (Beta)](https://verify.contentauthenticity.org) inspects image files and displays their Content Credentials if they exist. See [Using ACA Inspect](aca-inspect.mdx) for more information.
 
 Additionally, several other organizations have implemented CAI solutions, including:
 
-- [**PixelStream**](https://contentauthenticity.org/eyes-on-provenance-pixelstream): A version-controlled sharing platform for authentic media. It's kind of like GitHub for authentic media assets, but it's built on top of C2PA tooling instead of Git.
+- [**PixelStream**](https://pixelstream.com/): Provides a complete end-to-end C2PA Content Credentials based authenticity platform that encapsulates the entire authenticity lifecycle of an asset from capture/creation, through editing, distribution via CDN, and finally to display.
+- [**ProofMode**](https://proofmode.org/): Provides an ecosystem of open-source tools and systems, including CAPTURE, a camera app with built-in provenance and authentication for chain-of-custody and VERIFY, a multi-purpose tool to inspect metadata and detect AI in images, audio, and video.
 - [**SmartFrame Technologies**](https://smartframe.io/blog/smartframe-and-cai-working-together-to-validate-provenance-and-improve-image-protection/): Validating provenance with secure capture to enhance innovative image streaming delivery.
 - [**The New York Times R&D**](https://rd.nytimes.com/projects/using-secure-sourcing-to-combat-misinformation): Using secure sourcing to combat misinformation in news publishing.
 
-For more case studies, see [https://contentauthenticity.org/case-studies](https://contentauthenticity.org/case-studies).
+For more case studies, see [CAI Blog](https://contentauthenticity.org/blog).