Thanks for the kind words and your questions. The 'keyid_hash_algorithms' field
only exists in the reference implementation, and not in the TUF specification.
There is an ongoing discussion about the use of this field  and the related
issues, and there is also a draft TAP that proposes a more flexible way of
handling keyids in TUF metadata , which was motivated by this discussion.
I hope this helps.
On 17.07.2020 12:31 PM, Prashanth M wrote:
> Hi folks,
> I am sort of new to TUF; by 'sort of' I mean that I have been reading up on
> TUF for a while now but haven't been able to devote enough time to gain a
> good understanding. Got some time recently and read up a bit on TUF and I
> have some questions, but before I ask them, I would like to say thanks to
> the TUF team for the time and effort you all have put in towards developing
> TUF. I think that this framework addresses a major gap and I hope that it
> catches on widely.
> Here's my question. Has the "keyid_hash_algorithms" metadata attribute been
> removed from the latest TUF Specification (1.0.4)?
> I am a bit confused because I cannot find it either in root.json or
> targets.json examples in the TUF specification version 1.0.4 page at
> However I can see this attribute in two other places:
> 1) In the metadata examples given in
> 2) After installing TUF using pip and creating a basic repository using
> 'repo.py --init' command, I can see the attribute in all the root.json
> files under tufclient and tufrepo directories.
> Has the attribute been removed from the latest 1.0.4 spec? If yes, then
> does this mean that the other two places I have listed above are yet to be
> updated to conform to 1.0.4 spec?
PGP fingerprint: 8BA6 9B87 D43B E294 F23E 8120 89A2 AD3C 07D9 62E8