An Architecture for Trustworthy and Transparent Digital Supply Chains
draft-ietf-scitt-architecture-22

• Status
• IESG evaluation record
• IESG writeups
• Email expansions
• History

Approval announcement
Draft of message to be sent after approval:

Announcement

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: The IESG <iesg@ietf.org>, amchamay@microsoft.com, debcooley1@gmail.com, draft-ietf-scitt-architecture@ietf.org, rfc-editor@rfc-editor.org, scitt-chairs@ietf.org, scitt@ietf.org
Subject: Protocol Action: 'An Architecture for Trustworthy and Transparent Digital Supply Chains' to Proposed Standard (draft-ietf-scitt-architecture-21.txt)

The IESG has approved the following document:
- 'An Architecture for Trustworthy and Transparent Digital Supply Chains'
  (draft-ietf-scitt-architecture-21.txt) as Proposed Standard

This document is the product of the Supply Chain Integrity, Transparency, and
Trust Working Group.

The IESG contact persons are Paul Wouters and Deb Cooley.

A URL of this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-scitt-architecture/

Ballot Text

Technical Summary

   Traceability in supply chains is a growing security concern.  While
   verifiable data structures have addressed specific issues, such as
   equivocation over digital certificates, they lack a universal
   architecture for all supply chains.  This document proposes a
   scalable architecture for single-issuer signed statement transparency
   applicable to any supply chain.  It ensures flexibility,
   interoperability between different transparency services, and
   compliance with various auditing procedures and regulatory
   requirements.

Working Group Summary

While there was active discussion on various aspects of this specification, 
concensus was reached.

Document Quality

Mediatypes:  An amended version was submitted on 30 June at:  
https://mailarchive.ietf.org/arch/msg/media-types/az47kuF_lIG6IX_pccuEn7C10Gg/

The document contains EDN and CDDL snippets, which have been reviewed by the
Working Group and by the cddlc validation tool.

There are at least three implementations of the contents of the document, from
Datatrails [0], Tradeverifyed [1] (formerly Transmute Industries), and
Microsoft [2], all Open Source. Other parties have expressed an interest in
implementing it as well, for example Dick Brooks, from Business Cyber Guardian
[3].

[0] https://www.datatrails.ai
[1] https://tradeverifyd.com
[2] https://www.microsoft.com
[3] https://businesscyberguardian.com

Personnel

   The Document Shepherd for this document is Amaury Chamayou. The
   Responsible Area Director is Deb Cooley.

RFC Editor Note