{
"path": "/3mfd2zatm4c2s",
"site": "at://did:plc:2zmxikig2sj7gqaezl5gntae/site.standard.publication/3lusxwydhqs2i",
"tags": [],
"$type": "site.standard.document",
"title": "S2PA and MUXL: Bringing Video to Content-Addressed Systems",
"content": {
"$type": "pub.leaflet.content",
"pages": [
{
"id": "019c7cce-513f-7887-a303-8212e73d49e1",
"$type": "pub.leaflet.pages.linearDocument",
"blocks": [
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "Video is the most important media format on the web, but content-addressed systems don't really know what to do with it."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 4,
"byteStart": 0
},
"features": [
{
"uri": "https://dasl.ing/",
"$type": "pub.leaflet.richtext.facet#link"
}
]
},
{
"index": {
"byteEnd": 19,
"byteStart": 14
},
"features": [
{
"uri": "https://dasl.ing/drisl.html",
"$type": "pub.leaflet.richtext.facet#link"
}
]
},
{
"index": {
"byteEnd": 79,
"byteStart": 75
},
"features": [
{
"uri": "https://dasl.ing/cid.html",
"$type": "pub.leaflet.richtext.facet#link"
}
]
}
],
"plaintext": "DASL gives us DRISL for deterministic serialization of structured data and CIDs for content identifiers. But MP4 files — the dominant container format for video — resist content-addressing entirely. Run the same video through ffmpeg twice with identical settings and you'll get different bytes. Different bytes means different hashes. Different hashes means no stable CID."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "Meanwhile, the Coalition for Content Provenance and Authenticity (C2PA) has developed useful techniques for embedding signed provenance metadata inside media files, but their design assumes a certificate-authority model that doesn't align with decentralized identity systems. X.509 certificates. The whole PKI stack. That doesn't fit systems built on decentralized identity — atproto, IPFS, web3, anything using DIDs and secp256k1 keypairs."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 135,
"byteStart": 131
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
},
{
"index": {
"byteEnd": 144,
"byteStart": 140
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "We've been shipping workarounds for both problems in Streamplace since launch. Now we're formalizing them into two specifications: S2PA and MUXL."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"facets": [
{
"index": {
"byteEnd": 30,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Two specs, opposite directions"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "Here's the elegant part: S2PA and MUXL solve complementary problems by moving in opposite directions from C2PA."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 4,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
},
{
"index": {
"byteEnd": 140,
"byteStart": 134
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#code"
}
]
},
{
"index": {
"byteEnd": 170,
"byteStart": 163
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#code"
}
]
},
{
"index": {
"byteEnd": 179,
"byteStart": 172
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#code"
}
]
},
{
"index": {
"byteEnd": 188,
"byteStart": 181
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#code"
}
]
}
],
"plaintext": "S2PA, the Simple Standard for Provenance and Authenticity, is a superset of C2PA. It adds capabilities above C2PA: secp256k1 signing (ES256K), DID-based identity (did:key, did:plc, did:web), and verification that resolves through DID documents rather than certificate authorities. This opens C2PA's provenance model to applications that don't have — and don't want — a certificate authority."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 4,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "MUXL is a strict subset of C2PA. It constrains C2PA below: a canonical form for MP4 files with deterministic behavior specified all the way down to individual atoms. Atom ordering. Timestamp bases. Chunk layout. Metadata fields. Same logical content → same bytes → same CID."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "One expands the identity model upward. The other locks down the container format downward. Together they extend DASL to cover video."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"facets": [
{
"index": {
"byteEnd": 20,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "The problem with MP4"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "MP4 is a container format, not a codec. It's a box-based structure (Apple calls them \"atoms,\" ISO calls them \"boxes\") that can hold nearly anything: video, audio, subtitles, chapters, metadata."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "There's no canonical ordering of atoms. No required timestamp base. Metadata fields are optional and inconsistently populated. Two muxers can produce functionally identical MP4 files — same video frames, same audio samples, same duration — that differ at the byte level. For content-addressing, this is fatal. A CID is a hash of bytes. If the bytes aren't stable, the CID isn't stable."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "MUXL defines the \"right answer\" for all of this: a deterministic canonical form for the ISO Base Media File Format. Given the same logical content, a MUXL-compliant muxer produces identical bytes every time, on every platform."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 151,
"byteStart": 121
},
"features": [
{
"uri": "https://github.com/WebAssembly/profiles/blob/main/proposals/profiles/Overview.md",
"$type": "pub.leaflet.richtext.facet#link"
}
]
}
],
"plaintext": "The reference implementation will be written in Rust and compile to WASM, providing deterministic execution through the WASM 3.0 deterministic profile. The core operations are:"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.unorderedList",
"children": [
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 17,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Canonicalization: taking an arbitrary MP4 and producing the MUXL canonical form"
},
"children": []
},
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 14,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Concatenation: combining MUXL segments while preserving per-segment signatures."
},
"children": []
},
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 13,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Segmentation: reversed concatenation, taking MUXL segments and producing the precise input."
},
"children": []
}
]
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "These operations enable cryptographically verifiable video primitives that are maximally easy to work with. Livestreams can pass around tiny one-second MP4 files. After a six-hour stream, you have one six-hour MP4 file on your computer. Cryptographic security is preserved throughout the process. The patterns established here may also lay a trusted foundation for more radical changes to the video, such as bitexact verifiable transcoding."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"facets": [
{
"index": {
"byteEnd": 21,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "The problem with C2PA"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "C2PA is a good idea compromised by some outdated thinking."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "The Coalition — Adobe, Microsoft, Intel, BBC, others — designed a system for embedding signed provenance chains inside media files. Who created this? Who edited it? What tool was used? Each claim is signed, and the signatures chain back to a certificate authority. It's a reasonable model for institutional media: newsrooms, stock photo agencies, enterprise content management."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "But it assumes you have an X.509 certificate from a recognized CA. That you're operating within the existing PKI hierarchy. That trust flows from the top down."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "Decentralized systems work differently. The AT Protocol uses did:plc identifiers and secp256k1 keypairs. Bluesky users don't have certificates; they have DIDs. There's no certificate authority to appeal to — identity is cryptographic and self-sovereign."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "S2PA bridges this gap. It's C2PA plus:"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.unorderedList",
"children": [
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 17,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "ES256K signatures (ECDSA with secp256k1, per RFC 8812) instead of the RSA/ECDSA variants that require X.509"
},
"children": []
},
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 18,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "DID-based identity as the signing identity in C2PA manifests"
},
"children": []
},
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 31,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Verification via DID resolution — public keys come from DID documents or AT Protocol PDS records, not certificate chains"
},
"children": []
}
]
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "The Streamplace fork of c2pa-rs already implements this. Every livestream segment on Streamplace gets a C2PA manifest signed with the streamer's DID. The spec work formalizes what's already in production."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"facets": [
{
"index": {
"byteEnd": 17,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "What this enables"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "With S2PA and MUXL together, you can:"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 31,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Generate stable CIDs for video. A video file can have a canonical DASL CID that doesn't depend on which encoder produced it or what platform you're on. Same content, same hash, everywhere."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 36,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Verify video authorship without CAs. A signed video can prove it came from a specific DID — and you can verify that without trusting any certificate authority, just by resolving the DID."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 29,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Content-address live streams. Streamplace already does this: each 1-second segment is a canonical MP4 with an S2PA manifest. The segments are independently verifiable and content-addressable."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.header",
"level": 2,
"facets": [
{
"index": {
"byteEnd": 19,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Status and timeline"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "Both specs are in active development. S2PA is mostly documentation of existing implementation. MUXL will require more low-level video engineering work to canonicalize a \"right answer\" down to the level of individual atoms."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "Reference implementations:"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.unorderedList",
"children": [
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 9,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "Rust/WASM (Streamplace): primary implementation, compiles to browser and server"
},
"children": []
},
{
"$type": "pub.leaflet.blocks.unorderedList#listItem",
"content": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 3,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#bold"
}
]
}
],
"plaintext": "C++ (MistServer): independent implementation for validation"
},
"children": []
}
]
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "We're also working on integration with content identification standards — perceptual hashing, semantic identification, and \"soft binding\" between content and external manifests in collaboration with Liccium and Hypha."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [],
"plaintext": "The specs will be submitted as candidate DASL specifications. The goal is a media standard that's the obvious solution for all media in decentralized social."
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.horizontalRule"
}
},
{
"$type": "pub.leaflet.pages.linearDocument#block",
"block": {
"$type": "pub.leaflet.blocks.text",
"facets": [
{
"index": {
"byteEnd": 177,
"byteStart": 0
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#italic"
}
]
},
{
"index": {
"byteEnd": 178,
"byteStart": 177
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#italic"
},
{
"uri": "https://stream.place/",
"$type": "pub.leaflet.richtext.facet#link"
}
]
},
{
"index": {
"byteEnd": 193,
"byteStart": 178
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#underline"
},
{
"$type": "pub.leaflet.richtext.facet#italic"
},
{
"uri": "https://stream.place/",
"$type": "pub.leaflet.richtext.facet#link"
}
]
},
{
"index": {
"byteEnd": 194,
"byteStart": 193
},
"features": [
{
"$type": "pub.leaflet.richtext.facet#italic"
}
]
}
],
"plaintext": "Streamplace is the livestreaming platform for the AT Protocol. If you're building on Bluesky, IPFS, or any content-addressed system and need video support, reach out — or just start streaming."
}
}
]
}
]
},
"publishedAt": "2026-02-20T21:38:34.928Z"
}