Merge pull request #60 from erickt/delegated-keys

lukpueh · web-flow · commit 1a48b68c2675 · 2019-11-08T10:49:58.000+01:00
delegated targets are authorized by keys in the delegating target roles
diff --git a/tuf-spec.md b/tuf-spec.md
@@ -462,6 +462,9 @@ repo](https://github.com/theupdateframework/specification/issues).
 
     /ANOTHER_ROLE.json
 
+   Delegated target roles are authorized by the keys listed in the directly
+   delegating target role.
+
 ## **4. Document formats**
 
    All of the formats described below include the ability to add more
@@ -837,6 +840,10 @@ repo](https://github.com/theupdateframework/specification/issues).
          }, ... ]
        }
 
+   "keys" lists the public keys to verify signatures of delegated targets roles.
+   Revocation and replacement of delegated targets roles keys is done by
+   changing the keys in this field in the delegating role's metadata.
+
    ROLENAME is the name of the delegated role.  For example,
    "projects".
 
