ietf-wg-scitt / draft-ietf-scitt-architecture

An Architecture for Trustworthy Digital Supply Chain Transparency Services
Other
11 stars 15 forks source link

Registration #279

Closed hannestschofenig closed 1 month ago

hannestschofenig commented 3 months ago

The three steps from Section 4.3 on Registration are essentially the same. To verify the signature you have to retrieve the issuer credentials and you have to do item 4.

  1. Issuer Verification: The Transparency Service MUST syntactically validate the Issuer's identity Claims, which may be different than the Client identity.

  2. Signature verification: The Transparency Service MUST verify the signature of the Signed Statement, as described in [RFC9360], using the signature algorithm and verification key of the Issuer.

  3. Signed Statement validation: The Transparency Service MUST check that the Signed Statement includes the required protected headers listed above. The Transparency Service MAY verify the Statement payload format, content and other optional properties.