API tools faq
paste
Danielecp

Public Provenance Attestation — DOI + SHA-256 + OTS — Multi-Jurisdiction Docket

Danielecp
Aug 23rd, 2025
73
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.21 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. # Public, Replayable Provenance Attestation — Multi-Jurisdiction Docket
  2.  
  3. # Public, Replayable Provenance Attestation — Multi-Jurisdiction Docket
  4.  
  5. **Evidence Anchor**
  6. - DOI: https://doi.org/10.5281/zenodo.16934239
  7. - Artifact: Everything_ILPNP_DeepStrike_UltraMax_2025-08-23_AZ.zip
  8. - SHA-256: 3f2d7bb46fb68887add99f2b1bcdf6324830562476f6fc4c8c90ce8243126a1d
  9. - OTS: Receipt included in the record (verify with `ots verify`)
  10.  
  11. **Regulator/Standards Filings (cross-refs)**
  12. - CISA/CERT: VRF#25-08-NZVKX
  13. - EU AI Office: submission filed 2025-08-23 (DG CONNECT contact intake)
  14. - FTC: submission in progress — reference pending
  15. - OECD.AI (AIM incidents/hazards): submission filed 2025-08-23 — reference pending
  16.  
  17. **Scope (neutral, technical)**
  18. Post-notice continuation of provenance/evaluation control workflows (hash manifest + replayable OpenTimestamps verification) without transparent disclosure.
  19. Requesting mapping/guidance to ensure replayable verification is represented correctly across:
  20. - **SLSA** (provenance attestation)
  21. - **SPDX** (SBOM fields)
  22. - **C2PA** (content credentials / manifest references)
  23.  
  24. **Verification (replayable)**
  25.  
  26. sha256sum Everything_ILPNP_DeepStrike_UltraMax_2025-08-23_AZ.zip
  27. ots verify Everything_ILPNP_DeepStrike_UltraMax_2025-08-23_AZ.zip.ots
  28.  
  29. **Questions for Standards Maintainers**
  30. 1) Which fields best carry a public DOI + checksum + time-anchored receipt so third parties can reproduce verification?
  31. 2) If terminology changes but the underlying workflow is functionally identical, is this a “material modification” under your guidance?
  32. 3) Any examples or prior art recommended for public attestation references?
  33.  
  34. **Contact**
  35. - Name: Daniel Eduardo Campos Peñuelas
  36. - Organization: Truth Ceiling Engine
  37. - Email: [email protected]
  38.  
  39. **Copyright**
  40. © 2025 Daniel Eduardo Campos Peñuelas — Truth Ceiling Engine.
  41. All rights reserved. Integrity proofs (DOI, SHA-256, OTS) must remain intact in any reproduction or derivative work.
  42.  
  43. **Note**
  44. This notice requests mapping & compliance review; it does not allege a defect in SLSA/SPDX/C2PA.
  45. It documents a replayable public attestation and seeks consistent representation across standards and regulatory contexts.
  46.  
Tags: compliance AI Governance provenance C2PA SLSA SPDX
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!