{"service": "stateless SCITT/COSE verifier", "summary": "A free, stateless verification endpoint for SCITT receipts and signed statements (RFC9162_SHA256 profile). It verifies; it stores nothing; it issues nothing.", "does": ["verify a SCITT COSE_Sign1 Signed Statement signature (if a key is given)", "report the statement's issuer / subject / content-type / alg (payload-opaque)", "verify a COSE Receipt inclusion proof + log signature (RFC 9162 SHA-256)"], "does_not": ["operate a Transparency Service (register / issue receipts / anchor)", "store, log, or retain submitted statements, payloads, or keys", "validate any application profile's payload semantics (payload is opaque)", "require authentication or an account (public read-only utility)"], "retention": "nothing retained; only an anonymous request count and the verdict", "privacy": ["stateless \u2014 nothing persists across requests; no database, no queue", "retains nothing \u2014 no statement, payload, key, or header is stored", "payload-opaque \u2014 payload bytes are never parsed for semantics and never echoed back (the response reports only payload_len)", "no accounts, no authentication, no cookies, no analytics", "operational logging only: HTTP method + status code + an anonymous request count \u2014 never bodies, query strings, or keys"], "boundary": {"this_service": "hosted SCITT-only verifier (read-only, stateless)", "is_not": "a SCITT Transparency Service", "rows": [{"dimension": "Operation", "verifier": "verify only", "transparency_service": "register statements, issue receipts, anchor"}, {"dimension": "State", "verifier": "none (stateless)", "transparency_service": "a durable, append-only log"}, {"dimension": "Trust commitment", "verifier": "none \u2014 verify it yourself", "transparency_service": "uptime, integrity, non-equivocation, witnessing"}, {"dimension": "Risk class", "verifier": "low (read-only utility)", "transparency_service": "high (operational trust infrastructure)"}, {"dimension": "Who must trust whom", "verifier": "nobody trusts the operator", "transparency_service": "the ecosystem trusts the log operator"}]}, "attribution": {"operated_by": "Action State Group", "license": "Apache-2.0", "source": "https://github.com/action-state-group/scitt-cose", "foundation_intent": "we intend to contribute this project to an appropriate open-source foundation"}, "draft_tracking": "scitt-cose tracks draft-ietf-scitt-architecture-22 and draft-ietf-cose-merkle-tree-proofs-18 \u2014 IETF Internet-Drafts (Work in Progress), currently in the RFC Editor Queue, NOT yet published as RFCs. Substrate RFCs used: RFC 9052, RFC 9053, RFC 9162, RFC 9597, RFC 9964 (9964 recognized, ML-DSA signing not implemented)."}