One of the scenario was discussed in https://github.com/notaryproject/specifications/pull/283#discussion_r1479399825
We need to update the threat model to call out that a signed blob artifact can be transformed as a signed OCI image and an adversary can lower the security of the hashing algorithm selected notation.
One of the scenario was discussed in https://github.com/notaryproject/specifications/pull/283#discussion_r1479399825 We need to update the threat model to call out that a signed blob artifact can be transformed as a signed OCI image and an adversary can lower the security of the hashing algorithm selected notation.