Registry Security Overview

Security posture for the public transparency log at registry.attestlayer.com.

This page describes registry.attestlayer.com only: public log entries, checkpoints, witnesses, anchors, public keys, verification bundles, and other public registry endpoints.

Trust model

The Registry is built as a public append-only transparency surface. Trust comes from published public keys, signed checkpoints, Merkle proofs, and public continuity material rather than from a private account session.

Checkpoint signatures are published and independently reviewable.
Issuer and registry keys are exposed through public JWKS endpoints.
The registry is read-only for the public surface described here.

Operational protections

Registry is served over HTTPS and protected with baseline browser and delivery controls.
The public service exposes verification and transparency material, not customer account mutation endpoints.
Operational logging, integrity reconciliation, and abuse controls are used to protect availability and traceability.
External witnessing or anchoring must not be inferred unless the registry explicitly states it is active.

What Registry does not claim

The Registry does not certify a submitter's underlying controls.
It does not prove facts that are not represented by the published cryptographic commitments.
It is not a substitute for legal review, procurement review, or an audit report.

Security reports should be sent through the Registry-specific disclosure page at /vulnerability-disclosure.

Registry is a public read-only transparency surface. It is not a checkout, subscription, or customer account portal.