microsoft / scitt-ccf-ledger

Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)
MIT License
35 stars 18 forks source link

COSE Receipts #230

Open achamayou opened 4 weeks ago

achamayou commented 4 weeks ago

Switch to COSE receipts, embedded in unprotected headers of signed statement, as per:

Also see consolidated (receipt) schema: https://github.com/microsoft/CCF/blob/main/cddl/ccf-receipt.cddl

I have had to disable a few testcases with mark.skip, for which I need to investigate possible solutions. All the common paths now work with current-draft-compliant receipts and statements. There is also work to do in future PRs before this can PR to main, including :

achamayou commented 4 weeks ago

Draft verification logic: https://github.com/microsoft/CCF/pull/6603