In addition to the signature container format and abstract signing and verification routines, the signing-spec should also define public key formats that may be used to verify signing-spec signatures.

The extent of definition (i.e. key container only vs. every possible key type / signing scheme, etc...) is yet to be discussed. Same goes for where the definition should be hosted (i.e. part of the signing spec vs. appendix vs. separate document, etc...).

An exhaustive list of public key formats that are currently available in securesystemslib (used by TUF and in-toto python reference implementations) can be found in secure-systems-lab/securesystemslib#308 (see 'Expected behavior' for consistency concerns and consolidation ideas).

Note: This should also cover how KEYID is computed/used.

Note: This should also cover how KEYID is computed/used.

FYI: I just captured a few thoughts about KEYID in secure-systems-lab/securesystemslib#310 (comment).