v1 did not have any defined way to secure the core data model with COSE / COSE Sign1.

v2 has this section https://w3c.github.io/vc-jose-cose/#with-cose

Is this proposed path compatible with C2PA ?

Does C2PA use additional CBOR claims in the COSE Sign 1 "payload" ?

Because currently the v2 proposal dedicates the entire "payload" to the JSON-LD object.

Does C2PA use COSE Sign1 protected headers, specifically cty ?

(You can ignore the media types in the examples, they are still in flux).

@OR13 Will review and make sure we can align these two!

@kevinmkane @scouten-adobe

@OR13 @scouten-adobe I am going to close this one since you are both working on this in CAWG