You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/conformance.mdx
+5-7Lines changed: 5 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,26 +45,24 @@ C2PA maintains two trust lists:
45
45
-[**C2PA trust list**](https://github.com/c2pa-org/conformance-public/blob/main/trust-list/C2PA-TRUST-LIST.pem): A list of X.509 certificate trust anchors (either root or subordinate certification authorities) that issue certificates to conforming generator products under the C2PA Certificate Policy.
46
46
-[**C2PA time-stamping authority (TSA) trust list**](https://github.com/c2pa-org/conformance-public/blob/main/trust-list/C2PA-TSA-TRUST-LIST.pem): A list of X.509 certificate trust anchors (either root or subordinate certification authorities) that issue time-stamp signing certificates to TSAs.
47
47
48
-
### Temporary trust list
48
+
### Interim trust list
49
49
50
-
With the introduction of the C2PA trust list, the existing [temporary (interim) trust list](trust-list.mdx) is being retired. It provided critical support during the early adoption phase of C2PA, and enabled the [C2PA Verify website](https://contentcredentials.org/verify) to determine which certificates were valid.
50
+
With the introduction of the C2PA trust list, the existing [interim (temporary) trust list](trust-list.mdx) is being retired.
51
51
52
52
### Timeline
53
53
54
54
**Through December 31, 2025**: The [temporary trust list](trust-list.mdx) will remain operational.
55
55
56
56
During this time:
57
57
58
-
- The Verify site will continue to display manifests signed by these certificates as trusted, but with a disclaimer that the manifests were made with an older version of the trust model.
58
+
- The [Verify site](https://contentcredentials.org/verify) will continue to display manifests signed by certificates on the temporary trust list as trusted, but with a disclaimer that the manifests were made with an older version of the trust model.
59
59
- New certificates will continue to be added to the temporary trust list when requested.
60
60
- Product developers are strongly encouraged to apply to the C2PA conformance program and use the official C2PA trust list.
61
61
62
-
**On January 1, 2026**: The temporary trust list will be frozen. No new entries will be added, and no updates will be made.
63
-
64
-
Starting then:
62
+
**On January 1, 2026**: The temporary trust list will be frozen.
65
63
66
64
- Existing certificates will remain valid for legacy support.
67
-
- No new certificates will be added to the interim trust list.
65
+
- No new certificates will be added to the list, and no updates will be made.
68
66
69
67
Eventually, the certificates on the temporary trust list will expire and will not be usable for signing. However, if content was signed during the temporary trust list certificate's validity period, the content will always be considered valid against the legacy trust model.
0 commit comments