I guess I have been asleep since I haven't even heard about this work-item 
before...

FWIW, I'm personally developing a e-receipt-scheme for the EU Wallet when used 
for payments.  It has almost nothing in common with RFC 9942.  The following 
are the most obvious differences:

- e-Receipt type is given by a top-level tag in analogy with the rest of the 
payment-related messages.  In my case object types are provided as URLs which 
is a de-facto standard outside of the CBOR community.

- There is no "bstr" wrapping of e-receipt data; deterministically encoded CBOR 
is trivial to accomplish in current mobile phones.  Embedded signatures does the rest.

- Since creating a global root for e-receipts seems unrealistic, compatible 
receipts are supposed to include a URL to the public key.  This URL must belong 
to the same domain as the payment request.  That is, trust is leveraging the 
trust in the WebPKI.

Anders
Predecessor using JSON: 
https://cyberphone.github.io/doc/defensive-publications/signed-e-receipts.pdf


On 2026-07-01 00:44, [email protected] wrote:
A new Request for Comments is now available in online RFC libraries.

         RFC 9942

         Title:      CBOR Object Signing and Encryption (COSE) Receipts
         Author:     O. Steele,
                     H. Birkholz,
                     A. Delignat-Lavaud,
                     C. Fournet
         Status:     Proposed Standard
         Stream:     IETF
         Date:       June 2026
         Mailbox:    [email protected],
                     [email protected],
                     [email protected],
                     [email protected]
         Pages:      20


         I-D Tag:    draft-ietf-cose-merkle-tree-proofs-18

         URL:        https://www.rfc-editor.org/info/rfc9942

         DOI:        10.17487/RFC9942

CBOR Object Signing and Encryption (COSE) Receipts prove properties of a 
Verifiable Data Structure (VDS) to a verifier. VDSs and associated Proof Types 
enable security properties, such as minimal disclosure, transparency, and 
non-equivocation. Transparency helps maintain trust over time and has been 
applied to certificates, end-to-end encrypted messaging systems, and supply 
chain security. This specification enables concise transparency-oriented 
systems by building on Concise Binary Object Representation (CBOR) and COSE. 
The extensibility of the approach is demonstrated by providing CBOR encodings 
for Merkle inclusion and consistency proofs.

This document is a product of the CBOR Object Signing and Encryption Working 
Group of the IETF.

STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, and requests discussion and
suggestions for improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
   https://www.ietf.org/mailman/listinfo/ietf-announce
   https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search/
For downloading RFCs, see https://www.rfc-editor.org/series/rfc-download/

Requests for special distribution should be addressed to either the
author of the RFC in question, or to [email protected].  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team

_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]

_______________________________________________
COSE mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to