Bonus signal

Witness countersign

Optional independent countersign of key PROD procurement pointers.

Keyring path

Witness public keys live under:

/trust/witnesses/

What this is

Independent witness countersign is an optional bonus signal. It is not required for GO.

When present, a witness publishes detached signatures over key PROD procurement pointers. This provides an external countersign path that helps defuse “self-assertion” critiques without changing the primary MVG trust model.

Where witness signatures live

Witness signatures MUST be placed under witness/ inside the normal *.sig/ directory (to avoid mixing with MVG signatures).

Target 1 — one-input contract

Payload

/.well-known/mvg-procurement-inputs.json

Witness signatures (optional)

/.well-known/mvg-procurement-inputs.json.sig/witness/<WITNESS_FPR>.asc

Target 2 — deploy latest pointer

Payload

/trust/deployments/prod/MVG_DEPLOY_TXN_LATEST.json

Witness signatures (optional)

/trust/deployments/prod/MVG_DEPLOY_TXN_LATEST.json.sig/witness/<WITNESS_FPR>.asc

How auditors verify (offline)

Import the witness public key, then verify a detached signature against the payload.

gpg --import /trust/witnesses/independent-witness-1/pgp.asc
gpg --verify /.well-known/mvg-procurement-inputs.json.sig/witness/<WITNESS_FPR>.asc /.well-known/mvg-procurement-inputs.json

Status aggregation will surface this as a bonus signal (PRESENT / OPTIONAL) based on actual signature verification.