Skip to content

Commit

Permalink
Remove content covered in PR #334
Browse files Browse the repository at this point in the history 
Signed-off-by: steve lasker <[email protected]>
  • Loading branch information
@SteveLasker
SteveLasker committed Dec 23, 2024
1 parent b42f5ff commit 060ee7f
Showing 1 changed file with 2 additions and 5 deletions.
7 changes: 2 additions & 5 deletions draft-ietf-scitt-architecture.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,6 @@ normative:
RFC8392:
COSWID: RFC9393
I-D.draft-ietf-cose-merkle-tree-proofs: COMETRE
I-D.draft-ietf-cose-hash-envelope: COSE-HASH

CWT_CLAIMS_COSE: I-D.ietf-cose-cwt-claims-in-headers
IANA.cwt:
Expand Down Expand Up @@ -369,8 +368,7 @@ Envelope:
: metadata, created by the Issuer to produce a Signed Statement.
The Envelope contains the identity of the Issuer and information about the Artifact, enabling Transparency Service Registration Policies to validate the Signed Statement.
A Signed Statement is a COSE Envelope wrapped around a Statement, binding the metadata in the Envelope to the Statement.
In COSE, an Envelope consists of a protected header (included in the Issuer's signature) and an unprotected header (not included in the Issuer's signature) and the Payload.
The Payload may contain the contents of the Statement, or a hash using {{-COSE-HASH}}.
In COSE, an Envelope consists of a protected header (included in the Issuer's signature) and an unprotected header (not included in the Issuer's signature).

Equivocation:

Expand Down Expand Up @@ -409,7 +407,7 @@ Relying Party:
Signed Statement:

: an identifiable and non-repudiable Statement about an Artifact signed by an Issuer.
In SCITT, Signed Statements are encoded as COSE signed objects; the `payload` of the COSE structure may contain the contents of the Statement, or a hash of the Statement using {{-COSE-HASH}}.
In SCITT, Signed Statements are encoded as COSE signed objects; the `payload` of the COSE structure contains the issued Statement.

Statement:

Expand Down Expand Up @@ -659,7 +657,6 @@ For a software supply chain, payloads describing the software Artifacts may incl
- {{SLSA}}
- {{SWID}}

The contents of the Statement may be placed in the protected header `payload`, or the Issuer may use {{-COSE-HASH}}, storing a hash of the Statement.
Once all the Envelope headers are set, an Issuer MUST use a standard COSE implementation to produce an appropriately serialized Signed Statement.

Issuers can produce Signed Statements about different Artifacts under the same Identity.
Expand Down

0 comments on commit 060ee7f

Please sign in to comment.