Issue #174 - Remove use of 'digitally-signed'

google · Jun 15, 2017 · 8d5068f · 8d5068f
1 parent a74c4a4
commit 8d5068f
Showing 1 changed file with 18 additions and 13 deletions.
diff --git a/draft-ietf-trans-rfc6962-bis.md b/draft-ietf-trans-rfc6962-bis.md
@@ -935,18 +935,16 @@ which encapsulates a `SignedCertificateTimestampDataV2` structure:
         LogID log_id;
         uint64 timestamp;
         Extension sct_extensions<0..2^16-1>;
-        digitally-signed struct {
-            TransItem timestamped_entry;
-        } signature;
+        SignatureScheme algorithm;
+        opaque signature<0..2^16-1>;
     } SignedCertificateTimestampDataV2;
 ~~~~~~~~~~~
 
 `log_id` is this log's unique ID, encoded in an opaque vector as described in
 {{log_id}}.
 
-`timestamp` is equal to the timestamp from the
-`TimestampedCertificateEntryDataV2` structure encapsulated in the
-`timestamped_entry`.
+`timestamp` is equal to the timestamp from underlying the
+`TimestampedCertificateEntryDataV2` structure.
 
 `sct_extensions` is a vector of 0 or more SCT extensions. This vector MUST NOT
 include more than one extension with the same `extension_type`. The
@@ -956,10 +954,13 @@ extension that it does not understand, it SHOULD ignore that extension.
 Furthermore, an implementation MAY choose to ignore any extension(s) that it
 does understand.
 
-The encoding of the digitally-signed element is defined in [RFC5246].
+`algorithm` indicates the signature scheme used to compute the signature.  The
+SignatureScheme enumeration is defined in {{!I-D.ietf-tls-tls13}}.
 
-`timestamped_entry` is a `TransItem` structure that MUST be of type
-`x509_entry_v2` or `precert_entry_v2` (see {{tree_leaves}}).
+`signature` is the value of a signature computed using the appropriate signature
+algorithm for the log indicated by `log_id`.  The input to the signature is a
+`TransItem` structure that MUST be of type `x509_entry_v2` or `precert_entry_v2`
+(see {{tree_leaves}}).
 
 ## Merkle Tree Head    {#tree_head}
 
@@ -1012,9 +1013,8 @@ encapsulates a `SignedTreeHeadDataV2` structure:
     struct {
         LogID log_id;
         TreeHeadDataV2 tree_head;
-        digitally-signed struct {
-            TreeHeadDataV2 tree_head;
-        } signature;
+        SignatureScheme algorithm;
+        opaque signature<0..2^16-1>;
     } SignedTreeHeadDataV2;
 ~~~~~~~~~~~
 
@@ -1027,7 +1027,12 @@ timestamp of the previous update.
 
 `tree_head` contains the latest tree head information (see {{tree_head}}).
 
-`signature` is a signature over the encoded `tree_head` field.
+`algorithm` indicates the signature scheme used to compute the signature.  The
+SignatureScheme enumeration is defined in {{!I-D.ietf-tls-tls13}}.
+
+`signature` is the value of a signature over the encoded `tree_head` field,
+computed using the appropriate signature algorithm for the log indicated by
+`algorithm`.
 
 ## Merkle Consistency Proofs