Require keyid uniqueness in metadata signatures list

Allowing multiple signatures per keyid is not useful and makes it easier to make an implementation mistake and count a single key multiple times in threshold calculation.
mnm678 · Jul 19, 2021 · c7809e8 · c7809e8
1 parent 4d69ee9
commit c7809e8
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/tuf-spec.md b/tuf-spec.md
@@ -529,6 +529,8 @@ All signed metadata objects have the format:
       ::
         The identifier of the key signing the <a for="role">ROLE</a> object,
         which is a hexdigest of the SHA-256 hash of the canonical form of the key.
+        The keyid MUST be unique in the "signatures" array: multiple
+        signatures with the same keyid are not allowed.
 
       : <dfn>SIGNATURE</dfn>
       ::