Update keytype for ecdsa keys and clarify references

We claim that the spec is just documenting the signature _schemes_ from
the reference implementation, but that we define three _keytypes_ within
the spec. This change first updates the _keytypes_ to match the reference
implementation (we have defaulted to a generic "ecdsa" keytype since
secure-systems-lab/securesystemslib#267).

Further, we update the specification to clarify that within we are
documenting the keytypes and schemes from the reference implementation,
and that we recommend implementing these keytypes and schemes as specified.

Signed-off-by: Joshua Lock <[email protected]>

Author: joshuagl

tuf-spec.md

@@ -560,7 +560,7 @@ All <dfn>KEY</dfn>s have the format:
       ::
         A string denoting a public key signature system, such as <a
         for="keytype">"rsa"</a>, <a for="keytype">"ed25519"</a>, and <a
-        for="keytype">"ecdsa-sha2-nistp256"</a>.
+        for="keytype">"ecdsa"</a>.
 
       : <dfn>SCHEME</dfn>
       ::
@@ -572,9 +572,21 @@ All <dfn>KEY</dfn>s have the format:
       ::
         A dictionary containing the public portion of the key.
 
-The reference implementation defines three signature schemes, although TUF
-is not restricted to any particular signature scheme, key type, or
-cryptographic library:
+The reference implementation defines three <a>KEYTYPE</a>s:
+<a for="keytype">"rsa"</a>, <a for="keytype">"ed25519"</a>, and
+<a for="keytype">"ecdsa"</a>; and three signature <a>SCHEME</a>s:
+<a for="scheme">"rsassa-pss-sha256"</a>, <a for="scheme">"ed25519"</a>, and
+<a for="scheme">"ecdsa-sha2-nistp256"</a>. These are documented below.
+
+TUF is not restricted to any particular signature <a>SCHEME</a>s,
+<a>KEYTYPE</a>s, or cryptographic library. Adopters can define and use any
+particular <a>KEYTYPE</a>, signing <a>SCHEME</a>, and cryptographic library.
+
+Implementing the <a>KEYTYPE</a>s and <a>SCHEME</a>s below is RECOMMENDED for
+all implementations, as this enables interoperability. Conversely,
+implementations SHOULD NOT implement the <a>KEYTYPE</a>s and <a>SCHEME</a>s
+that are defined in a different manner than specified, so as to avoid confusion
+across implementations.
 
   : <dfn for="scheme">"rsassa-pss-sha256"</dfn>
   ::
@@ -594,11 +606,6 @@ cryptographic library:
     [https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
     ](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm)
 
-We define three keytypes below: <a for="keytype">"rsa"</a>, <a
-for="keytype">"ed25519"</a>, and <a for="keytype">"ecdsa-sha2-nistp256"</a>, but adopters
-can define and use any particular keytype, signing scheme, and cryptographic
-library.
-
 The <dfn for="keytype">"rsa"</dfn> format is:
 
 <pre highlight="json">
@@ -631,11 +638,11 @@ The <dfn for="keytype">"ed25519"</dfn> format is:
   ::
     64-byte hex encoded string.
 
-The <dfn for="keytype">"ecdsa-sha2-nistp256"</dfn> format is:
+The <dfn for="keytype">"ecdsa"</dfn> format is:
 
 <pre highlight="json">
 {
-  "keytype" : <a for="keytype">"ecdsa-sha2-nistp256"</a>,
+  "keytype" : <a for="keytype">"ecdsa"</a>,
   "scheme" : <a for="scheme">"ecdsa-sha2-nistp256"</a>,
   "keyval" : {
     "public" : <a for="keyval-ecdsa">PUBLIC</a>