diff --git a/tuf-spec.md b/tuf-spec.md
index 4208112..90b3740 100644
--- a/tuf-spec.md
+++ b/tuf-spec.md
@@ -560,7 +560,7 @@ All KEYs have the format:
::
A string denoting a public key signature system, such as "rsa", "ed25519", and "ecdsa-sha2-nistp256".
+ for="keytype">"ecdsa".
: SCHEME
::
@@ -572,9 +572,21 @@ All KEYs have the format:
::
A dictionary containing the public portion of the key.
-The reference implementation defines three signature schemes, although TUF
-is not restricted to any particular signature scheme, key type, or
-cryptographic library:
+The reference implementation defines three KEYTYPEs:
+"rsa", "ed25519", and
+"ecdsa"; and three signature SCHEMEs:
+"rsassa-pss-sha256", "ed25519", and
+"ecdsa-sha2-nistp256". These are documented below.
+
+TUF is not restricted to any particular signature SCHEMEs,
+KEYTYPEs, or cryptographic library. Adopters can define and use any
+particular KEYTYPE, signing SCHEME, and cryptographic library.
+
+Implementing the KEYTYPEs and SCHEMEs below is RECOMMENDED for
+all implementations, as this enables interoperability. Conversely,
+implementations SHOULD NOT implement the KEYTYPEs and SCHEMEs
+that are defined in a different manner than specified, so as to avoid confusion
+across implementations.
: "rsassa-pss-sha256"
::
@@ -594,11 +606,6 @@ cryptographic library:
[https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm)
-We define three keytypes below: "rsa", "ed25519", and "ecdsa-sha2-nistp256", but adopters
-can define and use any particular keytype, signing scheme, and cryptographic
-library.
-
The "rsa" format is:
@@ -631,11 +638,11 @@ The "ed25519" format is:
::
64-byte hex encoded string.
-The "ecdsa-sha2-nistp256" format is:
+The "ecdsa" format is:
{
- "keytype" : "ecdsa-sha2-nistp256",
+ "keytype" : "ecdsa",
"scheme" : "ecdsa-sha2-nistp256",
"keyval" : {
"public" : PUBLIC