proto: Add required/optional and explain PAE.

MarkLodato · MarkLodato · commit cd70f403808a · 2021-04-05T12:51:22.000-04:00
diff --git a/envelope.proto b/envelope.proto
@@ -5,22 +5,30 @@ package io.intoto;
 // An authenticated message of arbitrary type.
 message Envelope {
   // Message to be signed. (In JSON, this is encoded as base64.)
+  // REQUIRED.
   bytes payload = 1;
 
   // String unambiguously identifying how to interpret payload.
+  // REQUIRED.
   string payloadType = 2;
 
   // Signature over:
   //     le64(2) || le64(len(utf8(payloadType))) || utf8(payloadType) ||
   //         le64(len(payload)) || payload
-  // At least one signature must be present.
+  // where:
+  //     le64(n) := 64-bit little-endian encoding of integer `n`, 0 <= n < 2^63
+  //     len(s) := number of octets in byte sequence `s`
+  //     utf8(s) := UTF-8 encoding of unicode string `s`
+  // REQUIRED (length >= 1).
   repeated Signature signatures = 3;
 }
 
 message Signature {
   // Signature itself. (In JSON, this is encoded as base64.)
+  // REQUIRED.
   bytes sig = 1;
 
   // *Unauthenticated* hint identifying which public key was used.
+  // OPTIONAL.
   string keyid = 2;
 }
