[SCITT] Re: async completion 2.1.4 question
Jon Geater <jon.geater@datatrails.ai> Sat, 10 January 2026 14:01 UTC
Return-Path: <jon.geater@datatrails.ai>
X-Original-To: scitt@mail2.ietf.org
Delivered-To: scitt@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id F1684A5CD938 for <scitt@mail2.ietf.org>; Sat, 10 Jan 2026 06:01:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=datatrails.ai
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpZ3R6xNcJk2 for <scitt@mail2.ietf.org>; Sat, 10 Jan 2026 06:01:48 -0800 (PST)
Received: from LO0P265CU003.outbound.protection.outlook.com (mail-uksouthazon11022135.outbound.protection.outlook.com [52.101.96.135]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BC708A5CD09F for <scitt@ietf.org>; Sat, 10 Jan 2026 06:00:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ouz7iOSPyBBPses1/AYqKqivMqKItL9v5W2ofs/ghfBbf8CJbgdaWFk7BprFiieRg3c4ufnk+5+tEs5DUNmPBz8E2wPTdqzRsIDEolUZncRzQtuj4FF7utf2sEaiAyfNzEiiGtLRsrC6nPcj4kCbohNXMftxK3qEuqRgHZOJDwB3C87R/X4jYCE/LTqkAFd7k6l9xqPhzEc+2WaRbjKAXMBlr9c4xM92B4FQ6IP7YvoqL5PjF6c6K+xuAlqBdsPuo4juPMQ67Gg1gGK+6vGzEW2KiFMwMbvBK1kuwwWcTIUWrH+irtvBCB+Olb2QCS/cZlfjm5kVS9HhkzVRzt2STw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GNomVC1tmap8UXopDi3cBp7+1Ccef2nssRJyN08RYDw=; b=tkEJqAoRPndQ+liRFYVrFxMI8cNQGaYPmVaQjp4k8VUA0WT2NLsQUW/TS8RnJMB8rT1avsLjhYG5Z258Dqr1eLAr4mht2HKdYg3aJFWU/uaEqA5x6t21jcCckqNnvDEdhU9gtw40WVSHAdrYFq/3TIaovjxQ6J865otn2Ht/2B5zhKneM3AdmTb0JA+Pr9nYybUEV3RWBNt7dFHBUVzR+pJC2OGsuBu5jxQvZYYNJ7a8akRFfM638SLu0F1dD0Yh/Skvw8AFisRVn0CCG+8IvkVMOGRYQRziwSIVyl5v1KgTQeqGfd1ckSJB9MKHG5+FVI5ypJ9lWV6F6ykmDc7dlA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=datatrails.ai; dmarc=pass action=none header.from=datatrails.ai; dkim=pass header.d=datatrails.ai; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=datatrails.ai; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GNomVC1tmap8UXopDi3cBp7+1Ccef2nssRJyN08RYDw=; b=NRNKIm5Jfv6UW8PpcptbTys4l9zE6Q/1rPgiKpOx12hi4/7BkVIpEqRPm4g+1o0FONj6ePiiu3EvN9TetBQv1JI4HqUgcHGpRqhrGcd6+YCKJKpz2DF2FhVyhSvwioPcZ+1hsJcIe0dQxmgYF+XRH7m7l0E341NJm8RvZ3oR4Iu/RBQatP9nqQAKZg+W+qRvo5WCFS3gw/6MV+FhL1iRtVgaTd9DdZIwVn5MX2aNOIUCIkRLY9Nlsc4tjF7VOEkv4E7x/d2vlWd0igMbP4PAEOkCHd8uwBgtR+JNw3U4nzR7HQ2YICX9Irui6zUnFhf1jLGz0duqClOF7kL55tJDMA==
Received: from CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM (2603:10a6:400:1a8::6) by LO6P265MB5999.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:2a4::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9499.6; Sat, 10 Jan 2026 14:00:20 +0000
Received: from CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM ([fe80::5ccc:ba1d:ea70:ab6a]) by CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM ([fe80::5ccc:ba1d:ea70:ab6a%7]) with mapi id 15.20.9499.005; Sat, 10 Jan 2026 14:00:20 +0000
From: Jon Geater <jon.geater@datatrails.ai>
To: "dick@businesscyberguardian.com" <dick@businesscyberguardian.com>, "'Andrew R. Reiter'" <arr@watson.org>, "scitt@ietf.org" <scitt@ietf.org>, 'Amaury Chamayou' <amaury.chamayou@microsoft.com>, 'Henk Birkholz' <henk.birkholz@ietf.contact>
Thread-Topic: [SCITT] Re: async completion 2.1.4 question
Thread-Index: AQHcgjihG+U0sBe2nkig4Qaq0J7ZcbVLbPPQ
Date: Sat, 10 Jan 2026 14:00:20 +0000
Message-ID: <CWXP265MB5766460F13A884CFA4B38A929883A@CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM>
References: <64d7b394-799c-80ef-da5f-92b0307561bb@watson.org> <CWXP265MB57662217354011A79BD65E879883A@CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM> <260f01dc8238$98cb6c00$ca624400$@businesscyberguardian.com>
In-Reply-To: <260f01dc8238$98cb6c00$ca624400$@businesscyberguardian.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-reactions: allow
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=datatrails.ai;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CWXP265MB5766:EE_|LO6P265MB5999:EE_
x-ms-office365-filtering-correlation-id: e19686cf-e74a-4136-7bc2-08de505097bf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|4022899009|366016|376014|7053199007|38070700021|13003099007|8096899003|4053099003|4013099003;
x-microsoft-antispam-message-info: 57uCg6IrZC++M+vsFzD9W402W9ttWl+8XefbvVpbLzmvglSfFjkhsDI5EGvuDagmZfCUaaMooIDG2K3X4rCSZbsvQwWlv3tclLvRKF6BBhEXwoi1US+8nIoUqhVZh64Dm5N4lw0E+RD022fxp4AD15/Mlcd3lIYeMNVJLl+Vatv178Dmx4ghJF40ae/9nYbKqL7tkiQTNABLAbp325iXpdDC+1LX2oJya0gp373+lVkV1sVgG+kvLZQVwnQbQY+flFdle44qw8/EpOHJjae6sT4px0rRupY88t1w7rzkWwTw39ZMsziL3sZ3c04RKYu8VPEpefrogNuu/pNzZ/YuXcKKoGbp4bnrqiaGaf49G2lnwjB6rcN43RvKafSz3djp6QlDgWRiSSvmqtz6FNP/H2gG5OiLgocQn4o6ueijU52f8ONGAjRa/WA1MwiGV451UeevaS54vwuuXu2LEHXPc/TphnUOiXDk3M3nUnaIHjitHf7rf7M2ciHXZPTHwGRDwRCIABJtSC5uWOBBmx7mBvQ36y+q/i/V3el26Q+mIy9LFbL/H/1GtVcuyt4fXtwdhGiqyGTogeMcQPqwNyR5J2xmoH+jJULJYbSGRcC1vDWq2hdYYwJJgzHSPMwtGyAbMLrDCF9ruUqs3HyugAcgGcFXEzpxzZ3jYF7M1ZomjcwhFkd3kedEUTcD7lLkEetKJv+TRYjOME1wNC/6SlLgEE0e5zZv7D/Nkfe3WfMYQZX1VqssChblTtmSk1+buqdI6h3BWG+djMVzqpdMqcLM8mQwO9BqZ6NnHhUkddBRmDFh9T2lMwclfcli4JFSbFivszSBWvfJYCei+bXEg3ZqbiAxZtwKeWTw56G6h0FiupRaf0WnSDihoaxJ8AiQpuA5vus1wbxLvP3qNH63hgx/VRAmIbpwfGaDV5M/tD1dlT9z+02zTdg7srqirkBE6otOC+FCp/mHze+BszIUK02DzNqQNS8t86CejdqEHuNLt8sp1hhcu6ei18J3zba/6Jz8I1U/3PeRIeLwdP8zpC3kuxoqul+aO6AGF9HCTIUDTpTbC4DYsy90Mh2qPo98W4iyaIzlRvBEAZQCdtWqKRyo3OsWU1vHgmbdo8f1SY3dAfWWppN/cUme3/kVD6SODYmxUGTPqOYf7CXuhBOoAPlcN6bCB5uF1QMdWQXZz3AKmmAPagsUxc8GgQmc8iIZymHzRoAG7JJcraBo/+pH/3B0b5UIlsPNLrJMG8nPzsEQnodjyXF9KgU+0PutcNd+Lkxvu+60NM5r88q/1/xOKspyu4uyRuVJmkWxL9KXEq9jSTmI3reCl7WTW1Ae1u3t6UNyS3talmbZR2YHCUR0EIHHUuxwygiFr/X35GJzMdkU/nkqKH7AJ7LaCNk9aEHbvCB0rzpf9Xxo24J6o9tGywqrjlmPwvk+7TuxHGAX9N2qvRXOSJtUPhY31/4L3gDI1WVe6uvZ30tppu0BVZDD949H6Q==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(4022899009)(366016)(376014)(7053199007)(38070700021)(13003099007)(8096899003)(4053099003)(4013099003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: e3LXxST+MFYmlPO7Zm1KClowXU505X/6fMhy1x+tesG5ZAIjuvO1AG8hhT8DaNwaB0XYC36sHsV5ic1ByKWZRkYN2jtxdTxYQ+l0FRIfFcgSZew6Z0mWmTqlGX6Ju0hvR914xUchm757m+DYeJoJO1zeRP9m+q1Lxwcy5z/Zii7NK6eL+VU/jDKr7tuaG7duRZO+TZxwIzFEm6KXUak/6BZve56gmjpn7h+hg5e0AZqVXn1FzQvkKLwm05VUVBt96r2pbQ/KXtEUQ5TlUOOVZE7XpJoH5jNKbCeBOMGbtYgP8041Ta7iwgFJVHuiWngLmslLwGOideoXa3mJccS8H3kRfL0StTiGB2LkEkqai50h1efNwwT6lqu0hXEyo6CnN5uhtGWi3Pg1KYOJ5WPHWlfH30my7aN/6N2POFbuJgqbQUKU/hsaryVNcuxhoDoqDtBbB8WT4mk/L6RFt9IeA6VnBbAdwU8UKH2vL7adenZRzqM8/08WjkI1pdMpjdf4aUKQRO0E+Hdug24fEzZlJt73jgIxkqmcU0PNqC+iTJk6oJa4GyJzzYNr/o/LIP2d/xdNtf2c3cM6d/IqmG+f/wL9Cr1znJnGezs3NDfD982EH3ariUDkokuWk7UiTXy2RDrEoSWAxGnujiNIlH6ePR0g9jGoqROr6sP8ilU65tjbLY3081WUSy4oKYpvZl3fbtmwzcEe5MzhuQHu9OQEOf3qBj6pr7K6tiEyhXdR60sErrvUEh9QLctr1kMnIJ5o3wWJuzoQnDT3aIXiF37rHB4MLUyDe2tmB35sVzBGfeJMuVRLYpw/K3f0E9BPv7MzCtbRP85iNb8YgBEtYzkI4U4E8D8hrbI02Z32192mXL1vt9GiWM9AvotRSnI6wuYgclulY3bFHq7qqX1Ioat18qBflc8FJ/id1NF15HP12A1BA3uiBB8Za8ZjixOsBfHOsSmYjPJb4PGf3azL9O777R+ud4Rk9NSY5BNYNbVNTw/wBsBdT9thMmrF63YncKZJpn3zmNo2sG1DT0dvlPzSJkndfq7QGlm/hFIgKnYvAjqVZ+DK+1432CxLdK4flLwgA3GerGH1vyy6olmNxhukMoydOaAKPT3oCDh7BGj/QIMMev2saiq3kTzbbmDUo2kupP49jALDkTGxtFxIXDN/IanJ+hduLUFv+49Mw5p7SH0GPCzZyG9CqH+Gs2WTfk9sedokvf3+rdyRAwuQ/k5GxV7csWvExoBzAdtG+H/8VjWJ/v35F+xWklO9Ala0bFlj6lkiDiUCtRTrHsEbNSkxrDFXfDVJKvw98Zi7VoxvZ/B7iQGkHhn7ecwxh8YTVFsYKNUQiJkw+tCrBHJD8nUdHkcTFuML6bTt/+n+7P43qFxhY5ChsFPiIWsAo6oYpd8eSBvewtJzr38A5BAj7oeO+Kfqvn2I8Pmn/gY8VrihAYNpeTA5kiS0yJqXnG0ZY7/3yzqbAeyR9dzSj9aZgbFFPav4dixj++4u9mAmpqC6C362KUv9zVuE0OkiI53mo3JVwnjAnxzAztlBCTGBe6w2mYaoEW9whacWjEHPlnUa/Ruoddfn49DHttbfyZxyYZIL04vF2MIspXcK/nYkfe3UbNB8OFALRuG/CpV82m5VPWF6wLT3HaX60znAHvO/mfGK3fe1ZkZ+wsIBaguAdt8HtMjp2x2tXDh4T7Cjg7I7qezMSu2PftSh5eaJHst34Uc2xnUf1FWv/nLc3/DT336sl32Ml0r+rtxzF9UbML3a2FY=
Content-Type: multipart/related; boundary="_006_CWXP265MB5766460F13A884CFA4B38A929883ACWXP265MB5766GBRP_"; type="multipart/alternative"
MIME-Version: 1.0
X-OriginatorOrg: datatrails.ai
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CWXP265MB5766.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: e19686cf-e74a-4136-7bc2-08de505097bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jan 2026 14:00:20.5753 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: e6cd7cbd-4331-4942-b28d-a327d99a088a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EZgzRAZ0XVUDUXd98BM0BfLhGpxutUhmdzTttAImjyRAFAMIq6i+9rJj02VNc9Mr+G4LEr+ONknS+9+v/m5mYOtRcQ2a/Fcmj13ZZa62NWk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO6P265MB5999
Message-ID-Hash: VK7ITIWB3ZJVPBAHGKAJVH2JXKFIQKGM
X-Message-ID-Hash: VK7ITIWB3ZJVPBAHGKAJVH2JXKFIQKGM
X-MailFrom: jon.geater@datatrails.ai
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [SCITT] Re: async completion 2.1.4 question
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/BqjSWCK2_bOCRl-28cZcoevPCjY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Owner: <mailto:scitt-owner@ietf.org>
List-Post: <mailto:scitt@ietf.org>
List-Subscribe: <mailto:scitt-join@ietf.org>
List-Unsubscribe: <mailto:scitt-leave@ietf.org>
Yes that was discussed at length in the ‘adjacent services’ debate as well. It makes sense for the use cases you're focusing on, but not all use cases for a SCITT VDS/TS. The *mandatory minimal interoperable* functionality of the VDS and proofs is _only_ the receipt, as in the discussion here. However it can be useful (subject to confidentiality and access controls) to additionally construct the whole Transparent Statement, and some more feature full trust services incorporating a SCITT Transparency Service may even go as far as storing and returning a payload that was the preimage source to a Signed Statement input. It’s very useful functionality, it’s what DataTrails chose to do, but it’s on different (optional) endpoints to enable the simple stuff to be simple and separate, and to allow the use case to determine the most appropriate place for the preimages to be stored. Jon ________________________________ From: Dick Brooks <dick@businesscyberguardian.com> Sent: Saturday, January 10, 2026 2:54:08 PM To: Jon Geater <jon.geater@datatrails.ai>; 'Andrew R. Reiter' <arr@watson.org>; scitt@ietf.org <scitt@ietf.org>; 'Amaury Chamayou' <amaury.chamayou@microsoft.com>; 'Henk Birkholz' <henk.birkholz@ietf.contact> Subject: RE: [SCITT] Re: async completion 2.1.4 question Jon, We should also ensure that SCRAPI enables the public to “retrieve the payload of the Transparent Statement” so that a Trust Registry can also serve as a repository for the Signed Statement “payload” materials that others can retrieve, i.e. an SBOM or a URL to an SBOM. Thanks, Dick Brooks [cid:image002.png@01DC820E.AE4AC140] [cid:image004.png@01DC820E.AE4AC140] [cid:image006.png@01DC820E.AE4AC140] Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Lifetime IEEE Member Never trust software, always verify and report!<https://reliableenergyanalytics.com/products> ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: dick@businesscyberguardian.com Tel: +1 978-696-1788 From: Jon Geater <jon.geater=40datatrails.ai@dmarc.ietf.org> Sent: Saturday, January 10, 2026 8:01 AM To: Andrew R. Reiter <arr@watson.org>; scitt@ietf.org; Amaury Chamayou <amaury.chamayou@microsoft.com>; Henk Birkholz <henk.birkholz@ietf.contact> Subject: [SCITT] Re: async completion 2.1.4 question <chair hat off, document editor hat on> Ah yes, we had a big sweep on this a while ago to sort out the several inconsistencies we had on Receipt vs Transparent Statement (and where exactly they should be formed) and this must have slipped through. My belief (based on having actually written one and thinking about separation of concerns between ‘core SCITT’ and ‘adjacent services') is that indeed the endpoint should only return the Receipt. If the TS actually has a copy of the Statement stashed as well (which the DataTrails implementation does, but I think maybe the Microsoft one doesn’t?) then great, another endpoint could conveniently glue them together for you. But it shouldn’t be forced to. I think @Amaury Chamayou<mailto:amaury.chamayou@microsoft.com> / @Henk Birkholz<mailto:henk.birkholz@ietf.contact> this probably qualifies for an Issue and the example should be changed. Agree? Jon On 09/01/2026, 20:11, "Andrew R. Reiter" <arr@watson.org<mailto:arr@watson.org>> wrote: Hello, Apologies if this email contains question that is an obvious mistake by me: I am implementing SCRAPI 06 and noticed a possible ambiguity in section 2.1.4.2. The normative text says the 200 response to GET /entries/{id} "contains the Receipt", and the example body is a receipt COSE_Sign1 signed by the TS. However, the illustrative async flow immediately below says the final 200 response is a "Transparent Statement". These are different artifacts: a receipt is TS signed proof only, while a transparent statement is the issuer signed statement with receipts attached. I think the intended response is a receipt, given the 2.1.4.2 text and the receipt-shaped example body, but I would appreciate clarification. If it is a receipt, updating the flow line to "200 (Receipt)" would make it consistent. If it is a transparent statement, the 2.1.4.2 text and example body should be updated accordingly, and it would help to explain where the receipt is retrieved. Again... apologies if I am being obtuse :) Best, Andrew Reiter -- arr@watson.org<mailto:arr@watson.org> Victoria concordia crescit -- SCITT mailing list -- scitt@ietf.org<mailto:scitt@ietf.org> To unsubscribe send an email to scitt-leave@ietf.org<mailto:scitt-leave@ietf.org>
- [SCITT] async completion 2.1.4 question Andrew R. Reiter
- [SCITT] Re: async completion 2.1.4 question Jon Geater
- [SCITT] Re: async completion 2.1.4 question Dick Brooks
- [SCITT] Re: async completion 2.1.4 question Jon Geater
- [SCITT] Re: async completion 2.1.4 question Dick Brooks
- [SCITT] Re: [EXTERNAL] RE: Re: async completion 2… Amaury Chamayou
- [SCITT] Re: [EXTERNAL] RE: Re: async completion 2… Andrew R. Reiter
- [SCITT] Re: [EXTERNAL] RE: Re: async completion 2… Dick Brooks