diff --git a/core/images/image.go b/core/images/image.go
index 6bc106aac..9fcce9b4e 100644
--- a/core/images/image.go
+++ b/core/images/image.go
@@ -369,8 +369,8 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
 		}
 
 		return append([]ocispec.Descriptor{}, index.Manifests...), nil
-	} else if !IsLayerType(desc.MediaType) && !IsKnownConfig(desc.MediaType) {
-		// Layers and configs are childless data types and should not be logged.
+	} else if !IsLayerType(desc.MediaType) && !IsKnownConfig(desc.MediaType) && !IsAttestationType(desc.MediaType) {
+		// Layers, configs, and attestations are childless data types and should not be logged.
 		log.G(ctx).Debugf("encountered unknown type %v; children may not be fetched", desc.MediaType)
 	}
 	return nil, nil
diff --git a/core/images/mediatypes.go b/core/images/mediatypes.go
index d2e845b16..0c8600d86 100644
--- a/core/images/mediatypes.go
+++ b/core/images/mediatypes.go
@@ -58,6 +58,9 @@ const (
 
 	MediaTypeImageLayerEncrypted     = ocispec.MediaTypeImageLayer + "+encrypted"
 	MediaTypeImageLayerGzipEncrypted = ocispec.MediaTypeImageLayerGzip + "+encrypted"
+
+	// In-toto attestation
+	MediaTypeInToto = "application/vnd.in-toto+json"
 )
 
 // DiffCompression returns the compression as defined by the layer diff media
@@ -193,6 +196,16 @@ func IsKnownConfig(mt string) bool {
 	return false
 }
 
+// IsAttestationType returns true if the media type is an attestation type
+func IsAttestationType(mt string) bool {
+	switch mt {
+	case MediaTypeInToto:
+		return true
+	default:
+		return false
+	}
+}
+
 // ChildGCLabels returns the label for a given descriptor to reference it
 func ChildGCLabels(desc ocispec.Descriptor) []string {
 	mt := desc.MediaType
diff --git a/core/remotes/handlers.go b/core/remotes/handlers.go
index 16fcdbf84..a3e1ff984 100644
--- a/core/remotes/handlers.go
+++ b/core/remotes/handlers.go
@@ -80,6 +80,8 @@ func MakeRefKey(ctx context.Context, desc ocispec.Descriptor) string {
 		return "layer-" + key
 	case images.IsKnownConfig(desc.MediaType):
 		return "config-" + key
+	case images.IsAttestationType(desc.MediaType):
+		return "attestation-" + key
 	default:
 		log.G(ctx).Warnf("reference for unknown type: %s", desc.MediaType)
 		return "unknown-" + key