Skip to content

Commit adc45d6

Browse files
MarkLodatoMarkLodato
committed
Link to TUF and in-toto projects.
1 parent 0804b1b commit adc45d6

File tree

1 file changed

+8
-6
lines changed

1 file changed

+8
-6
lines changed

specification.md

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ Version 0.1.0
1010
## Abstract
1111

1212
This document proposes a new signature scheme for use by, among others, the
13-
in-toto and TUF projects. This signature scheme (a) avoids relying on
13+
[in-toto] and [TUF] projects. This signature scheme (a) avoids relying on
1414
canonicalization for security and (b) reduces the possibility of
1515
misinterpretation of the payload. The serialized payload is encoded as a string
1616
and verified by the recipient _before_ deserializing. A backwards compatible
@@ -50,8 +50,8 @@ Parameters:
5050
* PAYLOAD_TYPE is an authenticated(*) URI indicating how to interpret
5151
SERIALIZED_BODY. It encompasses the content type (JSON, Canonical-JSON,
5252
CBOR, etc.), the purpose, and the schema version of the payload. This
53-
obviates the need for the `_type` field within in-toto/TUF payloads. This
54-
URI does not need to be resolved to a remote resource, nor does such a
53+
obviates the need for the `_type` field within [in-toto]/[TUF] payloads.
54+
This URI does not need to be resolved to a remote resource, nor does such a
5555
resource need to be fetched. Examples:
5656

5757
- https://in-toto.io/Link/v0.9
@@ -213,7 +213,7 @@ the presence of the `payload` field vs `signed` field.
213213

214214
## Motivation
215215

216-
There are two concerns with the current in-toto/TUF signature wrapper.
216+
There are two concerns with the current [in-toto]/[TUF] signature wrapper.
217217

218218
First, the signature scheme depends on [Canonical JSON], which has one practical
219219
problem and two theoretical ones:
@@ -320,8 +320,8 @@ Rationales for specific decisions:
320320

321321
The
322322
[old signature format](https://github.com/in-toto/docs/blob/master/in-toto-spec.md#42-file-formats-general-principles)
323-
used by TUF and in-toto has a BODY that is a regular JSON object and a signature
324-
over the [Canonical JSON] serialization of BODY.
323+
used by [TUF] and [in-toto] has a BODY that is a regular JSON object and a
324+
signature over the [Canonical JSON] serialization of BODY.
325325

326326
```json
327327
{
@@ -408,5 +408,7 @@ Signed wrapper:
408408

409409
[backwards compatible signature]: #backwards-compatible-signatures
410410
[Canonical JSON]: http://wiki.laptop.org/go/Canonical_JSON
411+
[in-toto]: https://in-toto.io
411412
[JWS]: https://tools.ietf.org/html/rfc7515
412413
[PASETO]: https://github.com/paragonie/paseto/blob/master/docs/01-Protocol-Versions/Version2.md#sig
414+
[TUF]: https://theupdateframework.io

0 commit comments

Comments
 (0)