@tao It’s in their published threat model / security assumptions:

Attackers do not have access to private keys referenced within the C2PA ecosystem (e.g., claim signing private keys, Time-stamping Authority private keys, etc.). They may, however, attempt to access these keys via exploitation techniques…

And later, in the spoofing section.

Proper key handling is notoriously difficult. And with incentives like here, attackers would be motivated to hit it even more than some DRM system.

And anyway, no need for a breakthrough if you can walk in with a gag order and do what you need.