@techreport{birkholz-scitt-receipts-03, number = {draft-birkholz-scitt-receipts-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-birkholz-scitt-receipts/03/}, author = {Henk Birkholz and Maik Riechert and Antoine Delignat-Lavaud and Cedric Fournet}, title = {{Countersigning COSE Envelopes in Transparency Services}}, pagetotal = 16, year = 2023, month = apr, day = 26, abstract = {A transparent and authentic Transparent Registry service in support of a supply chain's integrity, transparency, and trust requires all peers that contribute to the Registry operations to be trustworthy and authentic. In this document, a countersigning variant is specified that enables trust assertions on Merkle-tree based operations for global supply chain registries. A generic procedure for producing payloads to be signed and validated is defined and leverages solutions and principles from the Concise Signing and Encryption (COSE) space.}, }