Signatures on an image is in itself not enough to verify that an image is proper. Signatures do not defend against downgrade attacks.
However, embedding a "parent pointer", like in a git commit, and then signing the result makes it possible to build a DAG where some images, by being pointed to by other images, are deemed to be obsolete or insecure.
The "parent pointers" that are needed in the manifest to do authentication securely, and not have downgrade attacks, are "deprecates: [list of images]".
Signatures on an image is in itself not enough to verify that an image is proper. Signatures do not defend against downgrade attacks.
However, embedding a "parent pointer", like in a git commit, and then signing the result makes it possible to build a DAG where some images, by being pointed to by other images, are deemed to be obsolete or insecure.
The "parent pointers" that are needed in the manifest to do authentication securely, and not have downgrade attacks, are "deprecates: [list of images]".