From 43de29d8c4fc29dc200a4744646bcf3a6ab01df4 Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Thu, 4 Apr 2024 19:34:15 +0000
Subject: [PATCH 1/2] Add checkpoint key ID to trust root

This adds a string to represent the checkpoint key ID for a log, which
will differ for ed25519 logs. To simplify client implementation, we will
provide this string so that clients don't have to compute the checkpoint
key ID themselves using the public key. If it's not set, then a client
should assume the log ID is equal to the checkpoint key ID, which is
true for ecdsa and rsa logs.

Ref: https://github.com/sigstore/rekor/issues/2062

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 gen/jsonschema/schemas/Bundle.schema.json     |   4 +-
 gen/jsonschema/schemas/Checkpoint.schema.json |   2 +-
 .../schemas/CheckpointKeyId.schema.json       |  20 ++
 .../schemas/ClientTrustConfig.schema.json     |   9 +-
 .../schemas/InclusionProof.schema.json        |   2 +-
 gen/jsonschema/schemas/Input.schema.json      |  11 +-
 gen/jsonschema/schemas/LogId.schema.json      |   2 +-
 .../schemas/TransparencyLogEntry.schema.json  |   4 +-
 .../TransparencyLogInstance.schema.json       |   9 +-
 .../schemas/TrustedRoot.schema.json           |   9 +-
 .../schemas/VerificationMaterial.schema.json  |   4 +-
 gen/pb-go/common/v1/sigstore_common.pb.go     |   5 +-
 gen/pb-go/rekor/v1/sigstore_rekor.pb.go       |  17 +-
 .../trustroot/v1/sigstore_trustroot.pb.go     | 202 ++++++++++--------
 .../dev/sigstore/common/v1/__init__.py        |   7 +-
 .../dev/sigstore/rekor/v1/__init__.py         |  19 +-
 .../dev/sigstore/trustroot/v1/__init__.py     |  22 +-
 gen/pb-ruby/lib/sigstore_trustroot_pb.rb      |   1 +
 .../src/generated/dev.sigstore.common.v1.rs   |   5 +-
 .../src/generated/dev.sigstore.rekor.v1.rs    |  17 +-
 .../generated/dev.sigstore.trustroot.v1.rs    |  21 ++
 .../src/generated/file_descriptor_set.bin     | Bin 116786 -> 117953 bytes
 .../src/__generated__/sigstore_common.ts      |   7 +-
 .../src/__generated__/sigstore_rekor.ts       |  17 +-
 .../src/__generated__/sigstore_trustroot.ts   |  35 ++-
 protos/sigstore_common.proto                  |   5 +-
 protos/sigstore_rekor.proto                   |  17 +-
 protos/sigstore_trustroot.proto               |  20 ++
 28 files changed, 326 insertions(+), 167 deletions(-)
 create mode 100644 gen/jsonschema/schemas/CheckpointKeyId.schema.json

diff --git a/gen/jsonschema/schemas/Bundle.schema.json b/gen/jsonschema/schemas/Bundle.schema.json
index 467e8a35..90d82ad2 100644
--- a/gen/jsonschema/schemas/Bundle.schema.json
+++ b/gen/jsonschema/schemas/Bundle.schema.json
@@ -136,7 +136,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
@@ -229,7 +229,7 @@
             "additionalProperties": false,
             "type": "object",
             "title": "Checkpoint",
-            "description": "The checkpoint MUST contain a signature of the tree head (root hash), size of the tree and the transparency log's unique identifier (log ID). It MAY also be followed by any optional data. The result is a string,  the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 The signature has the same format as InclusionPromise.signed_entry_timestamp. See below for more details."
+            "description": "The checkpoint MUST contain an origin string as a unique log identifier, the tree size, and the root hash. It MAY also be followed by optional data, and clients MUST NOT assume optional data. The checkpoint MUST also contain a signature over the root hash (tree head). The checkpoint MAY contain additional signatures, but the first SHOULD be the signature from the log. Checkpoint contents are concatenated with newlines into a single string. The checkpoint format is described in https://github.com/transparency-dev/formats/blob/main/log/README.md and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go"
         },
         "dev.sigstore.rekor.v1.InclusionPromise": {
             "properties": {
diff --git a/gen/jsonschema/schemas/Checkpoint.schema.json b/gen/jsonschema/schemas/Checkpoint.schema.json
index 05264683..3a73f36e 100644
--- a/gen/jsonschema/schemas/Checkpoint.schema.json
+++ b/gen/jsonschema/schemas/Checkpoint.schema.json
@@ -11,7 +11,7 @@
             "additionalProperties": false,
             "type": "object",
             "title": "Checkpoint",
-            "description": "The checkpoint MUST contain a signature of the tree head (root hash), size of the tree and the transparency log's unique identifier (log ID). It MAY also be followed by any optional data. The result is a string,  the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 The signature has the same format as InclusionPromise.signed_entry_timestamp. See below for more details."
+            "description": "The checkpoint MUST contain an origin string as a unique log identifier, the tree size, and the root hash. It MAY also be followed by optional data, and clients MUST NOT assume optional data. The checkpoint MUST also contain a signature over the root hash (tree head). The checkpoint MAY contain additional signatures, but the first SHOULD be the signature from the log. Checkpoint contents are concatenated with newlines into a single string. The checkpoint format is described in https://github.com/transparency-dev/formats/blob/main/log/README.md and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go"
         }
     }
 }
\ No newline at end of file
diff --git a/gen/jsonschema/schemas/CheckpointKeyId.schema.json b/gen/jsonschema/schemas/CheckpointKeyId.schema.json
new file mode 100644
index 00000000..de1ec94f
--- /dev/null
+++ b/gen/jsonschema/schemas/CheckpointKeyId.schema.json
@@ -0,0 +1,20 @@
+{
+    "$schema": "http://json-schema.org/draft-04/schema#",
+    "$ref": "#/definitions/CheckpointKeyId",
+    "definitions": {
+        "CheckpointKeyId": {
+            "properties": {
+                "keyId": {
+                    "type": "string",
+                    "description": "The key ID in a checkpoint, as a prefix to the signature. SHOULD be 4 bytes long, as a truncated hash.",
+                    "format": "binary",
+                    "binaryEncoding": "base64"
+                }
+            },
+            "additionalProperties": false,
+            "type": "object",
+            "title": "Checkpoint Key Id",
+            "description": "The checkpoint key ID, following the specification described here for ECDSA and Ed25519 signatures: https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA signatures, the key ID will match the ECDSA format of the hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed checkpoints, since witnesses do not support RSA signatures. This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key."
+        }
+    }
+}
\ No newline at end of file
diff --git a/gen/jsonschema/schemas/ClientTrustConfig.schema.json b/gen/jsonschema/schemas/ClientTrustConfig.schema.json
index 1135cbf1..24367583 100644
--- a/gen/jsonschema/schemas/ClientTrustConfig.schema.json
+++ b/gen/jsonschema/schemas/ClientTrustConfig.schema.json
@@ -41,7 +41,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
@@ -243,7 +243,12 @@
                 "logId": {
                     "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
                     "additionalProperties": false,
-                    "description": "The unique identifier for this transparency log."
+                    "description": "The unique identifier for this transparency log. Represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2"
+                },
+                "checkpointKeyId": {
+                    "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
+                    "additionalProperties": false,
+                    "description": "The checkpoint key identifier for the log used in a checkpoint. Optional, not provided for logs that do not generate checkpoints. For logs that do generate checkpoints, if not set, assume log_id equals checkpoint_key_id. Follows the specification described here for ECDSA and Ed25519 signatures: https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA signatures, the key ID will match the ECDSA format, the hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed checkpoints, since witnesses do not support RSA signatures. This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key. SHOULD be set for logs generating Ed25519 signatures. SHOULD be 4 bytes long, as a truncated hash."
                 }
             },
             "additionalProperties": false,
diff --git a/gen/jsonschema/schemas/InclusionProof.schema.json b/gen/jsonschema/schemas/InclusionProof.schema.json
index 8c1d1242..c7e7211a 100644
--- a/gen/jsonschema/schemas/InclusionProof.schema.json
+++ b/gen/jsonschema/schemas/InclusionProof.schema.json
@@ -47,7 +47,7 @@
             "additionalProperties": false,
             "type": "object",
             "title": "Checkpoint",
-            "description": "The checkpoint MUST contain a signature of the tree head (root hash), size of the tree and the transparency log's unique identifier (log ID). It MAY also be followed by any optional data. The result is a string,  the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 The signature has the same format as InclusionPromise.signed_entry_timestamp. See below for more details."
+            "description": "The checkpoint MUST contain an origin string as a unique log identifier, the tree size, and the root hash. It MAY also be followed by optional data, and clients MUST NOT assume optional data. The checkpoint MUST also contain a signature over the root hash (tree head). The checkpoint MAY contain additional signatures, but the first SHOULD be the signature from the log. Checkpoint contents are concatenated with newlines into a single string. The checkpoint format is described in https://github.com/transparency-dev/formats/blob/main/log/README.md and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go"
         }
     }
 }
\ No newline at end of file
diff --git a/gen/jsonschema/schemas/Input.schema.json b/gen/jsonschema/schemas/Input.schema.json
index 4d995c1f..68ffe779 100644
--- a/gen/jsonschema/schemas/Input.schema.json
+++ b/gen/jsonschema/schemas/Input.schema.json
@@ -182,7 +182,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
@@ -422,7 +422,7 @@
             "additionalProperties": false,
             "type": "object",
             "title": "Checkpoint",
-            "description": "The checkpoint MUST contain a signature of the tree head (root hash), size of the tree and the transparency log's unique identifier (log ID). It MAY also be followed by any optional data. The result is a string,  the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 The signature has the same format as InclusionPromise.signed_entry_timestamp. See below for more details."
+            "description": "The checkpoint MUST contain an origin string as a unique log identifier, the tree size, and the root hash. It MAY also be followed by optional data, and clients MUST NOT assume optional data. The checkpoint MUST also contain a signature over the root hash (tree head). The checkpoint MAY contain additional signatures, but the first SHOULD be the signature from the log. Checkpoint contents are concatenated with newlines into a single string. The checkpoint format is described in https://github.com/transparency-dev/formats/blob/main/log/README.md and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go"
         },
         "dev.sigstore.rekor.v1.InclusionPromise": {
             "properties": {
@@ -585,7 +585,12 @@
                 "logId": {
                     "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
                     "additionalProperties": false,
-                    "description": "The unique identifier for this transparency log."
+                    "description": "The unique identifier for this transparency log. Represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2"
+                },
+                "checkpointKeyId": {
+                    "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
+                    "additionalProperties": false,
+                    "description": "The checkpoint key identifier for the log used in a checkpoint. Optional, not provided for logs that do not generate checkpoints. For logs that do generate checkpoints, if not set, assume log_id equals checkpoint_key_id. Follows the specification described here for ECDSA and Ed25519 signatures: https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA signatures, the key ID will match the ECDSA format, the hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed checkpoints, since witnesses do not support RSA signatures. This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key. SHOULD be set for logs generating Ed25519 signatures. SHOULD be 4 bytes long, as a truncated hash."
                 }
             },
             "additionalProperties": false,
diff --git a/gen/jsonschema/schemas/LogId.schema.json b/gen/jsonschema/schemas/LogId.schema.json
index 7056b6ad..3f579b21 100644
--- a/gen/jsonschema/schemas/LogId.schema.json
+++ b/gen/jsonschema/schemas/LogId.schema.json
@@ -6,7 +6,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
diff --git a/gen/jsonschema/schemas/TransparencyLogEntry.schema.json b/gen/jsonschema/schemas/TransparencyLogEntry.schema.json
index 29e89e3b..cc3d6a2e 100644
--- a/gen/jsonschema/schemas/TransparencyLogEntry.schema.json
+++ b/gen/jsonschema/schemas/TransparencyLogEntry.schema.json
@@ -48,7 +48,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
@@ -67,7 +67,7 @@
             "additionalProperties": false,
             "type": "object",
             "title": "Checkpoint",
-            "description": "The checkpoint MUST contain a signature of the tree head (root hash), size of the tree and the transparency log's unique identifier (log ID). It MAY also be followed by any optional data. The result is a string,  the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 The signature has the same format as InclusionPromise.signed_entry_timestamp. See below for more details."
+            "description": "The checkpoint MUST contain an origin string as a unique log identifier, the tree size, and the root hash. It MAY also be followed by optional data, and clients MUST NOT assume optional data. The checkpoint MUST also contain a signature over the root hash (tree head). The checkpoint MAY contain additional signatures, but the first SHOULD be the signature from the log. Checkpoint contents are concatenated with newlines into a single string. The checkpoint format is described in https://github.com/transparency-dev/formats/blob/main/log/README.md and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go"
         },
         "dev.sigstore.rekor.v1.InclusionPromise": {
             "properties": {
diff --git a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json
index db691db2..8e65adaa 100644
--- a/gen/jsonschema/schemas/TransparencyLogInstance.schema.json
+++ b/gen/jsonschema/schemas/TransparencyLogInstance.schema.json
@@ -29,7 +29,12 @@
                 "logId": {
                     "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
                     "additionalProperties": false,
-                    "description": "The unique identifier for this transparency log."
+                    "description": "The unique identifier for this transparency log. Represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2"
+                },
+                "checkpointKeyId": {
+                    "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
+                    "additionalProperties": false,
+                    "description": "The checkpoint key identifier for the log used in a checkpoint. Optional, not provided for logs that do not generate checkpoints. For logs that do generate checkpoints, if not set, assume log_id equals checkpoint_key_id. Follows the specification described here for ECDSA and Ed25519 signatures: https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA signatures, the key ID will match the ECDSA format, the hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed checkpoints, since witnesses do not support RSA signatures. This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key. SHOULD be set for logs generating Ed25519 signatures. SHOULD be 4 bytes long, as a truncated hash."
                 }
             },
             "additionalProperties": false,
@@ -41,7 +46,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
diff --git a/gen/jsonschema/schemas/TrustedRoot.schema.json b/gen/jsonschema/schemas/TrustedRoot.schema.json
index 8ee8a154..eb64ff22 100644
--- a/gen/jsonschema/schemas/TrustedRoot.schema.json
+++ b/gen/jsonschema/schemas/TrustedRoot.schema.json
@@ -63,7 +63,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
@@ -235,7 +235,12 @@
                 "logId": {
                     "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
                     "additionalProperties": false,
-                    "description": "The unique identifier for this transparency log."
+                    "description": "The unique identifier for this transparency log. Represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2"
+                },
+                "checkpointKeyId": {
+                    "$ref": "#/definitions/dev.sigstore.common.v1.LogId",
+                    "additionalProperties": false,
+                    "description": "The checkpoint key identifier for the log used in a checkpoint. Optional, not provided for logs that do not generate checkpoints. For logs that do generate checkpoints, if not set, assume log_id equals checkpoint_key_id. Follows the specification described here for ECDSA and Ed25519 signatures: https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA signatures, the key ID will match the ECDSA format, the hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed checkpoints, since witnesses do not support RSA signatures. This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key. SHOULD be set for logs generating Ed25519 signatures. SHOULD be 4 bytes long, as a truncated hash."
                 }
             },
             "additionalProperties": false,
diff --git a/gen/jsonschema/schemas/VerificationMaterial.schema.json b/gen/jsonschema/schemas/VerificationMaterial.schema.json
index 4530cb2b..5bb1ac50 100644
--- a/gen/jsonschema/schemas/VerificationMaterial.schema.json
+++ b/gen/jsonschema/schemas/VerificationMaterial.schema.json
@@ -72,7 +72,7 @@
             "properties": {
                 "keyId": {
                     "type": "string",
-                    "description": "The unique id of the log, represented as the SHA-256 hash of the log's public key, calculated over the DER encoding of the key represented as SubjectPublicKeyInfo. See https://www.rfc-editor.org/rfc/rfc6962#section-3.2",
+                    "description": "The unique identity of the log, represented by its public key.",
                     "format": "binary",
                     "binaryEncoding": "base64"
                 }
@@ -146,7 +146,7 @@
             "additionalProperties": false,
             "type": "object",
             "title": "Checkpoint",
-            "description": "The checkpoint MUST contain a signature of the tree head (root hash), size of the tree and the transparency log's unique identifier (log ID). It MAY also be followed by any optional data. The result is a string,  the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114 The signature has the same format as InclusionPromise.signed_entry_timestamp. See below for more details."
+            "description": "The checkpoint MUST contain an origin string as a unique log identifier, the tree size, and the root hash. It MAY also be followed by optional data, and clients MUST NOT assume optional data. The checkpoint MUST also contain a signature over the root hash (tree head). The checkpoint MAY contain additional signatures, but the first SHOULD be the signature from the log. Checkpoint contents are concatenated with newlines into a single string. The checkpoint format is described in https://github.com/transparency-dev/formats/blob/main/log/README.md and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go"
         },
         "dev.sigstore.rekor.v1.InclusionPromise": {
             "properties": {
diff --git a/gen/pb-go/common/v1/sigstore_common.pb.go b/gen/pb-go/common/v1/sigstore_common.pb.go
index 37c003a8..0982c674 100644
--- a/gen/pb-go/common/v1/sigstore_common.pb.go
+++ b/gen/pb-go/common/v1/sigstore_common.pb.go
@@ -426,10 +426,7 @@ type LogId struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	// The unique id of the log, represented as the SHA-256 hash
-	// of the log's public key, calculated over the DER encoding
-	// of the key represented as SubjectPublicKeyInfo.
-	// See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
+	// The unique identity of the log, represented by its public key.
 	KeyId []byte `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
 }
 
diff --git a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
index a385e9fd..0ab50bf7 100644
--- a/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
+++ b/gen/pb-go/rekor/v1/sigstore_rekor.pb.go
@@ -95,13 +95,16 @@ func (x *KindVersion) GetVersion() string {
 	return ""
 }
 
-// The checkpoint MUST contain a signature of the tree head (root hash),
-// size of the tree and the transparency log's unique identifier (log ID).
-// It MAY also be followed by any optional data. The result is a string,
-// the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md
-// The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114
-// The signature has the same format as
-// InclusionPromise.signed_entry_timestamp. See below for more details.
+// The checkpoint MUST contain an origin string as a unique log identifier,
+// the tree size, and the root hash. It MAY also be followed by optional data,
+// and clients MUST NOT assume optional data. The checkpoint MUST also contain
+// a signature over the root hash (tree head). The checkpoint MAY contain additional
+// signatures, but the first SHOULD be the signature from the log. Checkpoint contents
+// are concatenated with newlines into a single string.
+// The checkpoint format is described in
+// https://github.com/transparency-dev/formats/blob/main/log/README.md
+// and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md.
+// An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go
 type Checkpoint struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
index 55e80eb5..c8e00755 100644
--- a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
+++ b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
@@ -55,7 +55,27 @@ type TransparencyLogInstance struct {
 	// This attribute contains the signature algorithm used by the log.
 	PublicKey *v1.PublicKey `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
 	// The unique identifier for this transparency log.
+	// Represented as the SHA-256 hash of the log's public key,
+	// calculated over the DER encoding of the key represented as
+	// SubjectPublicKeyInfo.
+	// See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
 	LogId *v1.LogId `protobuf:"bytes,4,opt,name=log_id,json=logId,proto3" json:"log_id,omitempty"`
+	// The checkpoint key identifier for the log used in a checkpoint.
+	// Optional, not provided for logs that do not generate checkpoints.
+	// For logs that do generate checkpoints, if not set, assume
+	// log_id equals checkpoint_key_id.
+	// Follows the specification described here
+	// for ECDSA and Ed25519 signatures:
+	// https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures
+	// For RSA signatures, the key ID will match the ECDSA format, the
+	// hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT
+	// use RSA-signed checkpoints, since witnesses do not support
+	// RSA signatures.
+	// This is provided for convenience. Clients can also calculate the
+	// checkpoint key ID given the log's public key.
+	// SHOULD be set for logs generating Ed25519 signatures.
+	// SHOULD be 4 bytes long, as a truncated hash.
+	CheckpointKeyId *v1.LogId `protobuf:"bytes,5,opt,name=checkpoint_key_id,json=checkpointKeyId,proto3" json:"checkpoint_key_id,omitempty"`
 }
 
 func (x *TransparencyLogInstance) Reset() {
@@ -118,6 +138,13 @@ func (x *TransparencyLogInstance) GetLogId() *v1.LogId {
 	return nil
 }
 
+func (x *TransparencyLogInstance) GetCheckpointKeyId() *v1.LogId {
+	if x != nil {
+		return x.CheckpointKeyId
+	}
+	return nil
+}
+
 // CertificateAuthority enlists the information required to identify which
 // CA to use and perform signature verification.
 type CertificateAuthority struct {
@@ -508,7 +535,7 @@ var file_sigstore_trustroot_proto_rawDesc = []byte{
 	0x6f, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70,
 	0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72,
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x15, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65,
-	0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xfa, 0x01,
+	0x5f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc5, 0x02,
 	0x0a, 0x17, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f,
 	0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x62, 0x61, 0x73,
 	0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x62, 0x61, 0x73,
@@ -524,79 +551,83 @@ var file_sigstore_trustroot_proto_rawDesc = []byte{
 	0x63, 0x4b, 0x65, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x04,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74,
 	0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x6f,
-	0x67, 0x49, 0x64, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x22, 0xfa, 0x01, 0x0a, 0x14, 0x43,
+	0x67, 0x49, 0x64, 0x52, 0x05, 0x6c, 0x6f, 0x67, 0x49, 0x64, 0x12, 0x49, 0x0a, 0x11, 0x63, 0x68,
+	0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18,
+	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73,
+	0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x4c,
+	0x6f, 0x67, 0x49, 0x64, 0x52, 0x0f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x70, 0x6f, 0x69, 0x6e, 0x74,
+	0x4b, 0x65, 0x79, 0x49, 0x64, 0x22, 0xfa, 0x01, 0x0a, 0x14, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+	0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x43,
+	0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x29, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63,
+	0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67,
+	0x75, 0x69, 0x73, 0x68, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a,
+	0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09,
+	0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x4b, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x63, 0x68,
+	0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x64, 0x65, 0x76, 0x2e,
+	0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e,
+	0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
+	0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, 0x43, 0x68, 0x61,
+	0x69, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x5f, 0x66, 0x6f, 0x72, 0x18,
+	0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73,
+	0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x54,
+	0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x46,
+	0x6f, 0x72, 0x22, 0x92, 0x03, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f,
+	0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70,
+	0x65, 0x12, 0x48, 0x0a, 0x05, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61,
+	0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74,
+	0x61, 0x6e, 0x63, 0x65, 0x52, 0x05, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x68, 0x0a, 0x17, 0x63,
+	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f,
+	0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64,
+	0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x16, 0x63,
 	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x69, 0x74, 0x79, 0x12, 0x43, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x01,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74,
-	0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69,
-	0x73, 0x74, 0x69, 0x6e, 0x67, 0x75, 0x69, 0x73, 0x68, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x52,
-	0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x4b, 0x0a, 0x0a, 0x63, 0x65,
-	0x72, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c,
-	0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f,
-	0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x52, 0x09, 0x63, 0x65,
-	0x72, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x5f, 0x66, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x64, 0x65, 0x76,
-	0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
-	0x2e, 0x76, 0x31, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x08, 0x76,
-	0x61, 0x6c, 0x69, 0x64, 0x46, 0x6f, 0x72, 0x22, 0x92, 0x03, 0x0a, 0x0b, 0x54, 0x72, 0x75, 0x73,
-	0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61,
-	0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65, 0x64,
-	0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18,
-	0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73,
+	0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x4a, 0x0a, 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x18,
+	0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73,
 	0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76,
 	0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x63, 0x79, 0x4c, 0x6f,
-	0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x05, 0x74, 0x6c, 0x6f, 0x67, 0x73,
-	0x12, 0x68, 0x0a, 0x17, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f,
-	0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28,
-	0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65,
-	0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x74, 0x79, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41,
-	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x4a, 0x0a, 0x06, 0x63, 0x74,
-	0x6c, 0x6f, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x64, 0x65, 0x76,
-	0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72,
-	0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65,
-	0x6e, 0x63, 0x79, 0x4c, 0x6f, 0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x06,
-	0x63, 0x74, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x64, 0x0a, 0x15, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
-	0x61, 0x6d, 0x70, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18,
-	0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73,
-	0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76,
-	0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74,
-	0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x14, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
-	0x70, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x79, 0x0a, 0x0d,
-	0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x15, 0x0a,
-	0x06, 0x63, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63,
-	0x61, 0x55, 0x72, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c,
-	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, 0x6c, 0x12,
-	0x1b, 0x0a, 0x09, 0x74, 0x6c, 0x6f, 0x67, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03,
-	0x28, 0x09, 0x52, 0x08, 0x74, 0x6c, 0x6f, 0x67, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x19, 0x0a, 0x08,
-	0x74, 0x73, 0x61, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07,
-	0x74, 0x73, 0x61, 0x55, 0x72, 0x6c, 0x73, 0x22, 0xd8, 0x01, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65,
-	0x6e, 0x74, 0x54, 0x72, 0x75, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a,
-	0x0a, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x09, 0x52, 0x09, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, 0x0c,
-	0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0b, 0x32, 0x26, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72,
-	0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54,
-	0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52,
-	0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x54, 0x0a, 0x0e,
-	0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03,
-	0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74,
-	0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31,
-	0x2e, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x03,
-	0xe0, 0x41, 0x02, 0x52, 0x0d, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66,
-	0x69, 0x67, 0x42, 0x88, 0x01, 0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74,
-	0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72,
-	0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f,
-	0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
-	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e,
-	0x2f, 0x70, 0x62, 0x2d, 0x67, 0x6f, 0x2f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74,
-	0x2f, 0x76, 0x31, 0xea, 0x02, 0x17, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a,
-	0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x67, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x52, 0x06, 0x63, 0x74, 0x6c, 0x6f, 0x67,
+	0x73, 0x12, 0x64, 0x0a, 0x15, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x5f, 0x61,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b,
+	0x32, 0x2f, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e,
+	0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72,
+	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
+	0x79, 0x52, 0x14, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x41, 0x75, 0x74, 0x68,
+	0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x79, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x69,
+	0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x75,
+	0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x63, 0x61, 0x55, 0x72, 0x6c, 0x12,
+	0x19, 0x0a, 0x08, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x07, 0x6f, 0x69, 0x64, 0x63, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6c,
+	0x6f, 0x67, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x74,
+	0x6c, 0x6f, 0x67, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x73, 0x61, 0x5f, 0x75,
+	0x72, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x74, 0x73, 0x61, 0x55, 0x72,
+	0x6c, 0x73, 0x22, 0xd8, 0x01, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x72, 0x75,
+	0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x65, 0x64, 0x69,
+	0x61, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x65,
+	0x64, 0x69, 0x61, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, 0x0c, 0x74, 0x72, 0x75, 0x73, 0x74,
+	0x65, 0x64, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e,
+	0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74, 0x72, 0x75,
+	0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x65,
+	0x64, 0x52, 0x6f, 0x6f, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73,
+	0x74, 0x65, 0x64, 0x52, 0x6f, 0x6f, 0x74, 0x12, 0x54, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x69,
+	0x6e, 0x67, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x28, 0x2e, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x74,
+	0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e,
+	0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d,
+	0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x88, 0x01,
+	0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2e, 0x76,
+	0x31, 0x42, 0x0e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x50, 0x72, 0x6f, 0x74,
+	0x6f, 0x50, 0x01, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
+	0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75,
+	0x66, 0x2d, 0x73, 0x70, 0x65, 0x63, 0x73, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x62, 0x2d, 0x67,
+	0x6f, 0x2f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x72, 0x6f, 0x6f, 0x74, 0x2f, 0x76, 0x31, 0xea, 0x02,
+	0x17, 0x53, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x3a, 0x3a, 0x54, 0x72, 0x75, 0x73, 0x74,
+	0x52, 0x6f, 0x6f, 0x74, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -629,20 +660,21 @@ var file_sigstore_trustroot_proto_depIdxs = []int32{
 	5,  // 0: dev.sigstore.trustroot.v1.TransparencyLogInstance.hash_algorithm:type_name -> dev.sigstore.common.v1.HashAlgorithm
 	6,  // 1: dev.sigstore.trustroot.v1.TransparencyLogInstance.public_key:type_name -> dev.sigstore.common.v1.PublicKey
 	7,  // 2: dev.sigstore.trustroot.v1.TransparencyLogInstance.log_id:type_name -> dev.sigstore.common.v1.LogId
-	8,  // 3: dev.sigstore.trustroot.v1.CertificateAuthority.subject:type_name -> dev.sigstore.common.v1.DistinguishedName
-	9,  // 4: dev.sigstore.trustroot.v1.CertificateAuthority.cert_chain:type_name -> dev.sigstore.common.v1.X509CertificateChain
-	10, // 5: dev.sigstore.trustroot.v1.CertificateAuthority.valid_for:type_name -> dev.sigstore.common.v1.TimeRange
-	0,  // 6: dev.sigstore.trustroot.v1.TrustedRoot.tlogs:type_name -> dev.sigstore.trustroot.v1.TransparencyLogInstance
-	1,  // 7: dev.sigstore.trustroot.v1.TrustedRoot.certificate_authorities:type_name -> dev.sigstore.trustroot.v1.CertificateAuthority
-	0,  // 8: dev.sigstore.trustroot.v1.TrustedRoot.ctlogs:type_name -> dev.sigstore.trustroot.v1.TransparencyLogInstance
-	1,  // 9: dev.sigstore.trustroot.v1.TrustedRoot.timestamp_authorities:type_name -> dev.sigstore.trustroot.v1.CertificateAuthority
-	2,  // 10: dev.sigstore.trustroot.v1.ClientTrustConfig.trusted_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot
-	3,  // 11: dev.sigstore.trustroot.v1.ClientTrustConfig.signing_config:type_name -> dev.sigstore.trustroot.v1.SigningConfig
-	12, // [12:12] is the sub-list for method output_type
-	12, // [12:12] is the sub-list for method input_type
-	12, // [12:12] is the sub-list for extension type_name
-	12, // [12:12] is the sub-list for extension extendee
-	0,  // [0:12] is the sub-list for field type_name
+	7,  // 3: dev.sigstore.trustroot.v1.TransparencyLogInstance.checkpoint_key_id:type_name -> dev.sigstore.common.v1.LogId
+	8,  // 4: dev.sigstore.trustroot.v1.CertificateAuthority.subject:type_name -> dev.sigstore.common.v1.DistinguishedName
+	9,  // 5: dev.sigstore.trustroot.v1.CertificateAuthority.cert_chain:type_name -> dev.sigstore.common.v1.X509CertificateChain
+	10, // 6: dev.sigstore.trustroot.v1.CertificateAuthority.valid_for:type_name -> dev.sigstore.common.v1.TimeRange
+	0,  // 7: dev.sigstore.trustroot.v1.TrustedRoot.tlogs:type_name -> dev.sigstore.trustroot.v1.TransparencyLogInstance
+	1,  // 8: dev.sigstore.trustroot.v1.TrustedRoot.certificate_authorities:type_name -> dev.sigstore.trustroot.v1.CertificateAuthority
+	0,  // 9: dev.sigstore.trustroot.v1.TrustedRoot.ctlogs:type_name -> dev.sigstore.trustroot.v1.TransparencyLogInstance
+	1,  // 10: dev.sigstore.trustroot.v1.TrustedRoot.timestamp_authorities:type_name -> dev.sigstore.trustroot.v1.CertificateAuthority
+	2,  // 11: dev.sigstore.trustroot.v1.ClientTrustConfig.trusted_root:type_name -> dev.sigstore.trustroot.v1.TrustedRoot
+	3,  // 12: dev.sigstore.trustroot.v1.ClientTrustConfig.signing_config:type_name -> dev.sigstore.trustroot.v1.SigningConfig
+	13, // [13:13] is the sub-list for method output_type
+	13, // [13:13] is the sub-list for method input_type
+	13, // [13:13] is the sub-list for extension type_name
+	13, // [13:13] is the sub-list for extension extendee
+	0,  // [0:13] is the sub-list for field type_name
 }
 
 func init() { file_sigstore_trustroot_proto_init() }
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py
index 8caa8d69..75333527 100644
--- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py
+++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/common/v1/__init__.py
@@ -142,12 +142,7 @@ class LogId(betterproto.Message):
     """LogId captures the identity of a transparency log."""
 
     key_id: bytes = betterproto.bytes_field(1)
-    """
-    The unique id of the log, represented as the SHA-256 hash of the log's
-    public key, calculated over the DER encoding of the key represented as
-    SubjectPublicKeyInfo. See https://www.rfc-
-    editor.org/rfc/rfc6962#section-3.2
-    """
+    """The unique identity of the log, represented by its public key."""
 
 
 @dataclass(eq=False, repr=False)
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
index 81f2c522..d45068f6 100644
--- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
+++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/rekor/v1/__init__.py
@@ -28,14 +28,17 @@ class KindVersion(betterproto.Message):
 @dataclass(eq=False, repr=False)
 class Checkpoint(betterproto.Message):
     """
-    The checkpoint MUST contain a signature of the tree head (root hash), size
-    of the tree and the transparency log's unique identifier (log ID). It MAY
-    also be followed by any optional data. The result is a string,  the format
-    is described here https://github.com/transparency-
-    dev/formats/blob/main/log/README.md The details are here https://github.com
-    /sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/sign
-    ed_note.go#L114 The signature has the same format as
-    InclusionPromise.signed_entry_timestamp. See below for more details.
+    The checkpoint MUST contain an origin string as a unique log identifier,
+    the tree size, and the root hash. It MAY also be followed by optional data,
+    and clients MUST NOT assume optional data. The checkpoint MUST also contain
+    a signature over the root hash (tree head). The checkpoint MAY contain
+    additional signatures, but the first SHOULD be the signature from the log.
+    Checkpoint contents are concatenated with newlines into a single string.
+    The checkpoint format is described in https://github.com/transparency-
+    dev/formats/blob/main/log/README.md and
+    https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md. An example
+    implementation can be found in
+    https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go
     """
 
     envelope: str = betterproto.string_field(1)
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
index 6a9cd168..e50f2cfd 100644
--- a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
+++ b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
@@ -33,7 +33,27 @@ class TransparencyLogInstance(betterproto.Message):
     """
 
     log_id: "__common_v1__.LogId" = betterproto.message_field(4)
-    """The unique identifier for this transparency log."""
+    """
+    The unique identifier for this transparency log. Represented as the SHA-256
+    hash of the log's public key, calculated over the DER encoding of the key
+    represented as SubjectPublicKeyInfo. See https://www.rfc-
+    editor.org/rfc/rfc6962#section-3.2
+    """
+
+    checkpoint_key_id: "__common_v1__.LogId" = betterproto.message_field(5)
+    """
+    The checkpoint key identifier for the log used in a checkpoint. Optional,
+    not provided for logs that do not generate checkpoints. For logs that do
+    generate checkpoints, if not set, assume log_id equals checkpoint_key_id.
+    Follows the specification described here for ECDSA and Ed25519 signatures:
+    https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA
+    signatures, the key ID will match the ECDSA format, the hashed DER-encoded
+    SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed
+    checkpoints, since witnesses do not support RSA signatures. This is
+    provided for convenience. Clients can also calculate the checkpoint key ID
+    given the log's public key. SHOULD be set for logs generating Ed25519
+    signatures. SHOULD be 4 bytes long, as a truncated hash.
+    """
 
 
 @dataclass(eq=False, repr=False)
diff --git a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
index d31a17fc..19c93e2e 100644
--- a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
+++ b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
@@ -13,6 +13,7 @@
       optional :hash_algorithm, :enum, 2, "dev.sigstore.common.v1.HashAlgorithm"
       optional :public_key, :message, 3, "dev.sigstore.common.v1.PublicKey"
       optional :log_id, :message, 4, "dev.sigstore.common.v1.LogId"
+      optional :checkpoint_key_id, :message, 5, "dev.sigstore.common.v1.LogId"
     end
     add_message "dev.sigstore.trustroot.v1.CertificateAuthority" do
       optional :subject, :message, 1, "dev.sigstore.common.v1.DistinguishedName"
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs
index 6e5d37cc..19c70b94 100644
--- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs
+++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.common.v1.rs
@@ -55,10 +55,7 @@ pub struct MessageSignature {
 #[allow(clippy::derive_partial_eq_without_eq)]
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct LogId {
-    /// The unique id of the log, represented as the SHA-256 hash
-    /// of the log's public key, calculated over the DER encoding
-    /// of the key represented as SubjectPublicKeyInfo.
-    /// See <https://www.rfc-editor.org/rfc/rfc6962#section-3.2>
+    /// The unique identity of the log, represented by its public key.
     #[prost(bytes = "vec", tag = "1")]
     pub key_id: ::prost::alloc::vec::Vec<u8>,
 }
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
index 6147a67a..9fed5246 100644
--- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
+++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.rekor.v1.rs
@@ -17,13 +17,16 @@ pub struct KindVersion {
     #[prost(string, tag = "2")]
     pub version: ::prost::alloc::string::String,
 }
-/// The checkpoint MUST contain a signature of the tree head (root hash),
-/// size of the tree and the transparency log's unique identifier (log ID).
-/// It MAY also be followed by any optional data. The result is a string,
-/// the format is described here <https://github.com/transparency-dev/formats/blob/main/log/README.md>
-/// The details are here <https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114>
-/// The signature has the same format as
-/// InclusionPromise.signed_entry_timestamp. See below for more details.
+/// The checkpoint MUST contain an origin string as a unique log identifier,
+/// the tree size, and the root hash. It MAY also be followed by optional data,
+/// and clients MUST NOT assume optional data. The checkpoint MUST also contain
+/// a signature over the root hash (tree head). The checkpoint MAY contain additional
+/// signatures, but the first SHOULD be the signature from the log. Checkpoint contents
+/// are concatenated with newlines into a single string.
+/// The checkpoint format is described in
+/// <https://github.com/transparency-dev/formats/blob/main/log/README.md>
+/// and <https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md.>
+/// An example implementation can be found in <https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go>
 #[derive(
     sigstore_protobuf_specs_derive::Deserialize_proto,
     sigstore_protobuf_specs_derive::Serialize_proto
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
index ec3c66fe..42d7f77f 100644
--- a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
+++ b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
@@ -25,8 +25,29 @@ pub struct TransparencyLogInstance {
     #[prost(message, optional, tag = "3")]
     pub public_key: ::core::option::Option<super::super::common::v1::PublicKey>,
     /// The unique identifier for this transparency log.
+    /// Represented as the SHA-256 hash of the log's public key,
+    /// calculated over the DER encoding of the key represented as
+    /// SubjectPublicKeyInfo.
+    /// See <https://www.rfc-editor.org/rfc/rfc6962#section-3.2>
     #[prost(message, optional, tag = "4")]
     pub log_id: ::core::option::Option<super::super::common::v1::LogId>,
+    /// The checkpoint key identifier for the log used in a checkpoint.
+    /// Optional, not provided for logs that do not generate checkpoints.
+    /// For logs that do generate checkpoints, if not set, assume
+    /// log_id equals checkpoint_key_id.
+    /// Follows the specification described here
+    /// for ECDSA and Ed25519 signatures:
+    /// <https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures>
+    /// For RSA signatures, the key ID will match the ECDSA format, the
+    /// hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT
+    /// use RSA-signed checkpoints, since witnesses do not support
+    /// RSA signatures.
+    /// This is provided for convenience. Clients can also calculate the
+    /// checkpoint key ID given the log's public key.
+    /// SHOULD be set for logs generating Ed25519 signatures.
+    /// SHOULD be 4 bytes long, as a truncated hash.
+    #[prost(message, optional, tag = "5")]
+    pub checkpoint_key_id: ::core::option::Option<super::super::common::v1::LogId>,
 }
 /// CertificateAuthority enlists the information required to identify which
 /// CA to use and perform signature verification.
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
index ed9dbd16116b9096880d56ef0f90299935269d1e..c8da0f5ad3da5349c68b983738cd37d95abc1d0f 100644
GIT binary patch
delta 5819
zcmZu#eQ;FO72mUOcX_$sZn8o`0))q>ge02;NF+p%K!S$P5Q2h=>1OvOS>5ceyBm<s
z*cH(!P$bqF`U(SLRc5e&Q^9c&C!K)P(Ge}B?eq`(F?3o-u(r0&bew+7w7+xjdz+wU
zlFa<>z2|q%J@>qG&b{ZJn{esKgeTvi?Pb~<+l93$LZy~BLILYL<y4eEP)2{yi;mwT
zCIr2H*Qfc%40?Go?YE{h(wf{x;qkcLuApZh>8mPM8r=h?F_efsHe?#HsF}#dvb&9B
zpOM9IJlS7kq|H>?%wWQd8oj%XST<v%hI-?%i1DboJ0!$y!pnSKNqCzBiJ^b812u+a
zQvnys)jH$yR#7Z;7S@mH(x8f!VySR@w4m=Gxt_C5Hqo8M2T89K&k(HE*y>^HvnKj(
zY?ySV3xm)#O#Vu#3lO@7Y1V89Le((MStnItR;e1MxogEFsPY7T&y(vYk(eknj|WuG
zlU^bsQ0HNFhppe;N#<RLNiUX!7{pEwQ%R`<A##|?3<pB{VVW~nbVvqFTGkUwX<e;F
zI&a?#TH;YEpX)$~Sain%(Je*XLC+EEpG)b!<wwSpx_ua>k_ubI4Td8$&0%nZ;RrKi
zup@8K_X4?Iwe~ery7&dsr-=(1h`qd<Q+ctBE>h?e>3&ItQBa+t!0iqM)hQ}16AMA*
z3;NEG>ox0(7OKjf;SEdzlaHCsl75dA0rE(w`~wL8oOS#I2>!EFR_-hY|5=(o!+|)R
zvsAf8o(>kP(>Y5s+r=^%Fd^uBom_7aRn%BV@1n-s>!i<;MoeHM&M{)20>MFm%Ef@t
zdXCDcJG0Pwj%FIRC??O3ttA)?sKRN2Je~98R}KM$=y`SsM@vo*`rahhTXwkUAbOMZ
za!ISRMS0RyBmjXHQ27}UYx5MCCM^O4ZJsJ;+M<}eK>AF3k}U#sL^)nAPymO&7<<*F
zNf&5Fr8KE1=zE)7Kea6?!qT@%FB2ggR1sS=@`DvrpBr)ZhcPS}A%B_F1qee%s6yEV
zhyxj+>22~r7|Jhmgl4Q}ZC-cKH%hMelr}Gi;V60KCcHAITq3=Ri5X!Muz_KYF#`J%
zEotN(17h|v=|OujZxK+Q0Z(G>WhySQ*8;s`e+!soQNW3|s9VnZ1L8Px1g5c{cj1AG
zLu72~Xfql@i$hIT=x!R$Vc5~9LFiqYQYu|2g1-03^()(j0`%{5&f!=W?7}Og*RV21
z2s1#HTmZ553eCC0nT75vw6I$ESrjSF_W|j@q#`vvS?A>+kiS%PN@}31R_99Us=Z3Z
zDxU}$epjhXeIS6Kyh_F_(I7=&_BHG3N?KfZZA^q6a*fJVunXydYaHx<Cxq<8pzkAc
z{n2V@rO%5$B7M5}E9cUQys_(6{VMu=#dRmoU=aJeP9-Xa0l|EoX4T3K0K%B-RNo-p
zVdhCe-zVhy)Y`F{F6TbstjQjm#Kbooj{$)ZP<^L>V7x)ImB#?Vc!NErL@{}j^u<!$
zBsU?k0II|S2&S7<ve228i>pHtPQf&&Zc@XdUSBGm%qAC$&z9%Ux6uYq(cwl_2%qLc
zxYeD1cpcTa1D|@a2XKU3^;GeDuXSVtRc=fe$#kqgmM}8ebS%+tgfm9isg9_Ic7^PV
zndurKOJp`}nnot}ZL`J*C!%sFolItpfpBIZWL0gX>A7So8%rj_aU&Yeh9So5BJmh1
zYR1^GbxXIgaZ@)GWrhY#<Ce7{S(_sRX5`USGM31y)!}$1X+)BVY&ezx8I<=Y!r7rT
zgm;?hTP-jaWYakqIADgORbQuT-R=+>;b=6b%oJmcnHr;aC@U%ZV(CoQ*mCctt?S#2
zUQ>>ZY3@rW2jvia6f#ziSqwWPS>7oug@p{m!1#+AyJFb^BVq1}#}a17!2XhQH;Mi@
zJSyEE5?}Q|Uot%y&Kj|d5j8WBbgUOVaD(;wR+?<Rw2>BR@UBE%s~2tQtdswG<H_E-
zLAa|f3;Sxv92y#oLPcxBFdq*Orl2;){|8}jn0;YH!U^7MUvdaX7E3Vif}A8uJ=$M4
zl#Rvf*av2`Cy~sWq5h=6kLE!#(?Uo!6Y)6^J_oH%Z%2T88F(4_9fXB-0WK|aP6I+B
zwvi5mJRCrW1UZ?9wYnLrCy8PH_>c&exZ17yP8#+v(Mv@eba4jOnye2yX-!8Haw!wZ
zJghY#-P;ICnrtPQgOVm&2_sJSS`%{pBa#m0HCqpDrg%qlfsQxVT%f~8r!^PokYBat
z0v##3X3%Ytbnc+mVwH5!=Cv&aI^-^`r9g+|t+f>B+@NbI(76>|3+N8HB_9^I=FfCd
zF>Px_mQWki;NezuXEp+TE0U>=SOU4!Mxbw<y;gb{NmJ3c&gl^QI6=DIo}kudP41=x
zYuj*`N(Ko-YrEayL!+v-75F^hYb)@16ki+oUgJ!I?6ldnC4ZxvUUQq9(Wr2Aa7U|k
z>0Oc?0JeA8t^tCsF8^F-4!XL~;;|jv#sXDsmbNpJ2iLW*Q~Ux&3QetdhwJJ5f9|JF
zw|@sxeiw9cJFE3r+aI9r4L!CJj6q3{?SCLB>9PF}1SLJT{~1XoJ@9|Mq=RHw-(E4t
z8a_y6R>^}@wl=IQb7haKh39czmmM#7!=X9{fj3;gO&X7tiZ|SFzpUWw`JiT6=?CdV
zhpFFg%W#~SlevLoK8_O;O}34|XU^MT^VxA?&R;LqOFOZ)-+JI7+PJpAux$-={eE?h
z9=FCz>~jPHUB7*fjO4caagH}RE<79;aqEkR=r7fA*%7lr92fEOg|<N)7xCJVcv%VH
zR8yAzFr8eR!k4OS_Cg?4Hs3)INL4xFUKo(7-eT{^s|-lhbcy#SNCQv@_vXKRnBLcB
z?sfV)kK2b@wwL_QMZ|}I+nc}MOMy!FpEg_nc#;zCpSi8@9{P7#utSuLWx*cY<9cGz
zsa~t$DVpmKjLobwcjvc1MLRu3KWSGb^pYx}R_%WJ9<9i~wV&Q|7eB+Fql?d^R<E!4
zk~kn1xs5JsUn5mkjJr(UG5+dUBdpOznl;UthZVQnHNzQU{kM@ibL=p%`<PxGIS|}e
zYljyQt44U8@<~H*K+E-(ile@-Ru5L8?zmjRk=IqZ<ib9bk(C4$Xl(na4VzNgoGjio
z22#9%&SEDBqEZxM85BK~qi9mj_L~VajnX!bA_I;!P;<-LZ(3Jl#QG#j#>}FXkllb_
zv7Sd_QNw&}2xWg9uYG2cJswZ)Vna|hQ)VRA7ek5V>NQp&2h6l7q|NQC+qSgI4x~N0
zsIjr3d0eqyrpjpUn+m5YbG5R}4Myh_DnIHvZ?6laV`DYa7<M-L?_IHY+(6Ba49HPs
zfGXp1osg{(T-w&&Rcj_9$sGH4OXs?d@y`rKr+jjV@8+%n?E;^c^r_Q82|hu#qgI(Z
z&R6JSGO<L&EQq3cPzRP7N~MzNthmMgUXu^4djLHKes4K(v@bi&1Uk2fi7v-(;kZdq
zJy|#&8H)4y<1EBD1NfnYUC|$dG*4Qa@1x1Nv1STqJ{D1Sba40i^)rHHV`5A29+O4u
z6i+7bP9s~@Y<fs`SW(r03YlMAe3Qo~;e0%ttd`H4+2l;(>sj8sOgznf1(L`r*LJFS
z+_1j&6nd(_vlREQLJ2YPX~|}$-P->w^;fs+^->;Vplfef>L9SSx7;Q6b5bBq+w1ew
z4$(xaUSH^YxQAFDP&E}xAh8}-v0rnxB+mYw*5+aQO?4-30{rn~3<8}?RyYU(ovo|H
zZ<Pw5ZTYU}Xb077(^Y{anIN`REwUvzL2PSm5*Kcht&?}RYnbvMeV_8az;2Y7|EYqH
z`k2eV_(LM9&e^uA_9++OE52-|K$OGlMIB6)7tuXrT{%MYH}Lfk1Gus5ac(St$kcnN
zWP!Y*0K&O@s7l>f0Fj~h;KCwa<@XufYlEHxgeSS9npJU(D)aXrr6=efMU0}ulj<sj
zr64{)CG%`zxCe0latDI=0Ih5lcS~NNgJhK+qb8e70~ub`95Q59z=D-Xt$<Z^HW^$8
zxM(rnW7tTD9wO_|F>1J1S%zi<BLy-<8eqXPj;BL3zr`lwF6a=gxLbV8v4&^9!{j<|
zX~*f$#du+xB7V%CKtB`ooXCH9oX$|_g!2p{`ytN>3QUn)fZ#eoQ_ICAK0S?naMHSV
zg5C+89Ft*}pCq){Y%JD5<|IFMe4u3D^3&Gk7wPBAPdi)C+-|(SoTd^-hKWzpRCR&H
zEGSOX+<D?NMFDuu`tV2ew-tDPQZCipXhQMcRG?s&o};O%G-H-!_>J&9djT(y7sz$V
z`qxWzE`V2`a>1_y=(mENi`K=L@j7tP*$)Q6bdeB_ydOX?UF6raW+{Tn5v%zXYT1bQ
z9`%5wUK>XUt&<XA7mToS8_M?{G*A2z>oj9nfbL1XV8TVC*5y}d-O5ouAtl8=8KqK(
dgncr~?~nE@I7bQHsp3=(nP)V=;Us-L`~U8{B0&HE

delta 4646
zcmYLNZE#f88QypA-ObGjZjvQrNx*O+0nFFRW@SxFSV@dZ!bcK}tw0Rjm=(5UvyxpX
z(oO>%ZB;}h)*i|rN>yqkDz(ZgS_(xwjvweS=pS{egHET4+L=x}{rEwj_ndo|{rB8+
z-sk-|?|IHSd-~T!FFaJV^F>-4GCo)*WTKNQ^J5|UmsNanxhM+y0-mq)TWorwf*z1F
z7SoM$z9C_nUau!;?k20F`Y&YnZ%W!*M^jt2ChgR){OMw<sz_w*9KPPXyuG<)am?P7
z$Zis{eGgU1^?PV83Hg&fR4wHm>Ro$<@G+fF@m(PtNDKoNE;Ja1X1dT~Sk*4dgvGYj
zK}&^Gy-c(UuW1DRd&%>#G-Gsa*<P}0#629d!7)$B6*2lnYJx273LoKWf&w*)8xXE0
zXzn~0!qo)Tu28Nps$ES`UALG9S7y-v2zeeQ5+%YgO;9~TR=Kzx?o4*KUoN?pl5P9R
zDpQ2`h(z~Od8G?svY$e>3*mh~)z*nF#el&B^5bi1Me_l&boQo~_$yV_IVJ>?1GMle
z(XULrLGz&OZ>8^b9K7t*>&I6ruXaqlU^qy#Tm~-~4l+X)8To?#!{nJFs!rOnZ<wab
zORco7>@Zog#LEU;_&Bel`P6sl1ci^16;P!33euxgI^BgJJxY}!(Ew6^(EmJnekc2u
zQ2qGxoXRvX`I+e$SvM&YAX7nIDL_=}m|H18@E@a4l{*>y$7uGIF2p(=qnaDlI$^S2
zr(-nd2Ju}4P!#mPNS-{hYLfq1LW{>=Bx|k;qKJcdi4k`m5K0B8iwy{`FHzNOcNAV<
zqB*u>ioxTT=Mn-2)Qwf7*6BC}bU^@NdYlWweKT$a{jZScHK%bb5WPZHm7=vcq7!84
zo&W+Zpsq6@=ANL^St=qx(4L^0IgTj?UnOgfGsqDEx~AMYuTm-6Ac|Zq71FD8WsM4{
zIOsn~p3_c5#h7}MtdIy}p^7=8Q*y&nS~PyjO%NY3=M)7(${8RcIYrevFhH!xDVp7>
zR)nG2q^Ic0>)D;p8}y$c&)eFak2~@V`BWA@B`&X%6=PyX7zB(k9A}Ikf1R#b%qat6
z^bN9t&ScIJP%Q!vV(uGMR_@FN`m?hwFvzBWC61|AjRs1^qmT;>BcHcWg6ap!?&<2Z
zBjIQ`Cilc??>IiY{tOtsMKdZ@4MouZE_pt5YA8VeF3S%$yWkq0C98>@F+!gKYMlYZ
z+_O}>&>e;Ev((Ti0&EI(^S?*d2UM(wD=eP=9tA2zuc8JzC!fEL)-<1^GA%7a_1`%P
z=^X+H%5!AT6%l2Eu+PizGKyY({;~-d<UECRw+mH)^W5!!C-iJd(EkZ}K9>(Iqi@ST
zA#1kynq{?w6T2Yyw$r!q3$EngBl5dI<+_Oh!F++{Hmd{x5zGZz6cJ~bd0No_C3(J<
zuXWI$#=m3%<%&&X;;-C_0f7-vZ&W}qens<i#Q?$h6<17~V(=naQRQx$m!K?wT3G<W
zbdky%+)*{TF|6PW41?+-MOudZcaCLpnW%WVEg$TpRc7&LQGF!t;v?}EZ~hP6)Z{Ha
zj^$+OZ}c=%^`t5Py^?CYc2+j`Q&p{f)mSEzv-t$9ZxVJkwIgX~?og*=ZY-I!6Qjd&
zOE1mvF3igE^)!9MRU?^=c2{S8SlC@TdsX{dJ28^Y*h5MCj?BnN=10k4d+08h-DPL)
z%%w7;i4l7^kxPWtF+7&cZXL<lsjQu_v$?U<=*A{nC}($M#?lFl$dYw9g^$LmME-L%
zwM^&3dpMa(q()#fmb5n|$K>HS)yQXiFy-Pc)GSZ;(Dd=zm66CbLOIE%HjXB8TY0i`
z&Sw*84o`VVWD)r2?IT;W2(EW5lTKxmVKzw)Z%B^j#_rmXOQn<9Tq1pE*uEJR7)l~5
zwzkt5a5}++1%8H!?QAq+vn5K<5rmE~nyeeJ#y$o<MgbRLW>YE4s~R(aphXU{fFMPs
zxG%s?Ns-Y6CECmFhpiCtbja&_X>TB6Rf<lyVhu8)^3z_ru`3ESVIHMKMiheQAoz$n
zJ}?F!QO5@(mOCQ~A3s!dh%P2GeKgV)E6{Oru>u|1&WIK0pfE<PKu4M`2D%<a=M5UI
zvThCab+;DiuzQWx0v+VbXf4orLDyQK^J=<Q&^_o?e3%^1|8WhK(XDap6P=)e0>^Px
zaS-U^kP`>71=PerppVb%Rt1J^X!>|<m$+Bo7R{j1E*JLG{oU<YOl^ZLW3*3q`EYA9
z+6#Op_}UA6rsiu0-*Y}J820CCPjCKz{q&qSxf*9RHwRzuj2>%^Vh2F%Jx*zW;HxK4
z=Z?Ww5AHi02jA&{>ibmejMT#QH1vx1d0(4B-#X8(eBf5<^#;~K^wz)^-|dV6IkJxW
zR}DB$@C{A|ocaU7$$(RTAUGLt>d#0y89@CPDLPmVT5GFo<+l$|NY<^VQ1_sv!&MhP
zV{kqzn-8A3O$NhPy9m64i*8lHV@&f7M!v7kFmB_ZF(mI<PmgsCS<@XG?vtSkzQZsd
z_sI}$oDKrt(EL>npVKEp3s#DiDo)HDmgxan-7{QB+W_5gK(C|eHF%1%jzFLrcGi)R
zN_!aV_&4qg(~G`HSyxwoMDkKURZ9CddcQHHu7?~NcSx$L!3m8!B-I=iPiRxDZ(7b8
zq^G*m*t0r%9}Lo=1ulX?y52SSA(V9E%}!=M9ZI@sjd-(2g@Q9-XI^Zew~RSE-8+uy
z^+VTpQoy~R`_Xzk^Zyv4(i-Eh%Y|I}48*i%7xkO}B@vS4cVqST?4r+n^MEVl+<T}Z
zf9_|r-YmY<rjL$i_0b`B-$%Rs4OIP@*H&iv=>0V14P1v<JiH|J)}rbbZikkbN(UeP
z{8cX$5K^songWO|&=hyGo+0G0=LWfDAKe`YqhpicRMHud#sqC_j97~lCBA_q5@~f2
zNFqzx#C<FYq|_w;$OM&8V{1WWS+ZJ7^%lkyShV8qbDo!kxY^p|+Yi%+jcqu3c}egM
z25r~GT?B)+_73rpb^+9xf9IEU8#Q)XdOwoNth2twvEa-)7so{Y3a!*h&yVxB{EG7a
z(j*%Cl9m_j#?ARzc!p8KW+zlF)|*TDPOYRHJe%=c;QOo!DlKn1L<^SdQCtv=bV2uU
zKQPkeIv&hL25B6}&P?#6BQ4@-ehc9W88o)x6@0*uk3Wt>^CTXY`A-kgR_f5xxx=>=
zi17|Hww2F!sJJxS7A$oUh_@|k7jeZ4uw5Q}oMH}-0iNvz9&Uy0g#ft~w%2P#z;<TS
zmZ<oS;(^%?S#_8qojM-qnX#k5gNK>1qYw{ow;c<XIPvgy+Y!G`e8DY+C-pA!JSHa&
z)8}Qo$eJOZ;rt<&c!}qK{u`R2F#ZnE4-F-^c%YZgP&X<-?3&#)vr3%i<uZ`BxljJ!
zNjekWci9GIHun(@aK0a74s7=EYvLVkgF{-%zNhHyQt4jg46hgO8%gD^4HHY6sc(oF
z1%;%#`QoCc06ZiIj?g#pLzgLV#+ipMQ=pcBGxdHqxR`)Y$KP`m@Y;WpJkQE|e@ib^
zJjw4hzJ5c_gXR(3^Q$|g{U|Mvxu<DiGd}2QU>KZ72%X580fO@gzg&5RpxHrlQoi{#
zEm=KD=x9BMi!n*iXa~Y%lEZKyo>r3tmFE9HT-C=H$h7|70L7Y;eUr3e*%Yspwqj3H
gROym%b*A{$?~H<Tif{~SPObdrRQ}^h`eNSy0S&^6{{R30

diff --git a/gen/pb-typescript/src/__generated__/sigstore_common.ts b/gen/pb-typescript/src/__generated__/sigstore_common.ts
index 9f0601b0..ca00cebd 100644
--- a/gen/pb-typescript/src/__generated__/sigstore_common.ts
+++ b/gen/pb-typescript/src/__generated__/sigstore_common.ts
@@ -332,12 +332,7 @@ export interface MessageSignature {
 
 /** LogId captures the identity of a transparency log. */
 export interface LogId {
-  /**
-   * The unique id of the log, represented as the SHA-256 hash
-   * of the log's public key, calculated over the DER encoding
-   * of the key represented as SubjectPublicKeyInfo.
-   * See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
-   */
+  /** The unique identity of the log, represented by its public key. */
   keyId: Buffer;
 }
 
diff --git a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
index 8ff7d451..d33b5933 100644
--- a/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
+++ b/gen/pb-typescript/src/__generated__/sigstore_rekor.ts
@@ -13,13 +13,16 @@ export interface KindVersion {
 }
 
 /**
- * The checkpoint MUST contain a signature of the tree head (root hash),
- * size of the tree and the transparency log's unique identifier (log ID).
- * It MAY also be followed by any optional data. The result is a string,
- * the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md
- * The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114
- * The signature has the same format as
- * InclusionPromise.signed_entry_timestamp. See below for more details.
+ * The checkpoint MUST contain an origin string as a unique log identifier,
+ * the tree size, and the root hash. It MAY also be followed by optional data,
+ * and clients MUST NOT assume optional data. The checkpoint MUST also contain
+ * a signature over the root hash (tree head). The checkpoint MAY contain additional
+ * signatures, but the first SHOULD be the signature from the log. Checkpoint contents
+ * are concatenated with newlines into a single string.
+ * The checkpoint format is described in
+ * https://github.com/transparency-dev/formats/blob/main/log/README.md
+ * and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md.
+ * An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go
  */
 export interface Checkpoint {
   envelope: string;
diff --git a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
index 5fb262d4..ef6e96b4 100644
--- a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
+++ b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
@@ -30,8 +30,34 @@ export interface TransparencyLogInstance {
   publicKey:
     | PublicKey
     | undefined;
-  /** The unique identifier for this transparency log. */
-  logId: LogId | undefined;
+  /**
+   * The unique identifier for this transparency log.
+   * Represented as the SHA-256 hash of the log's public key,
+   * calculated over the DER encoding of the key represented as
+   * SubjectPublicKeyInfo.
+   * See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
+   */
+  logId:
+    | LogId
+    | undefined;
+  /**
+   * The checkpoint key identifier for the log used in a checkpoint.
+   * Optional, not provided for logs that do not generate checkpoints.
+   * For logs that do generate checkpoints, if not set, assume
+   * log_id equals checkpoint_key_id.
+   * Follows the specification described here
+   * for ECDSA and Ed25519 signatures:
+   * https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures
+   * For RSA signatures, the key ID will match the ECDSA format, the
+   * hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT
+   * use RSA-signed checkpoints, since witnesses do not support
+   * RSA signatures.
+   * This is provided for convenience. Clients can also calculate the
+   * checkpoint key ID given the log's public key.
+   * SHOULD be set for logs generating Ed25519 signatures.
+   * SHOULD be 4 bytes long, as a truncated hash.
+   */
+  checkpointKeyId: LogId | undefined;
 }
 
 /**
@@ -194,7 +220,7 @@ export interface ClientTrustConfig {
 }
 
 function createBaseTransparencyLogInstance(): TransparencyLogInstance {
-  return { baseUrl: "", hashAlgorithm: 0, publicKey: undefined, logId: undefined };
+  return { baseUrl: "", hashAlgorithm: 0, publicKey: undefined, logId: undefined, checkpointKeyId: undefined };
 }
 
 export const TransparencyLogInstance = {
@@ -204,6 +230,7 @@ export const TransparencyLogInstance = {
       hashAlgorithm: isSet(object.hashAlgorithm) ? hashAlgorithmFromJSON(object.hashAlgorithm) : 0,
       publicKey: isSet(object.publicKey) ? PublicKey.fromJSON(object.publicKey) : undefined,
       logId: isSet(object.logId) ? LogId.fromJSON(object.logId) : undefined,
+      checkpointKeyId: isSet(object.checkpointKeyId) ? LogId.fromJSON(object.checkpointKeyId) : undefined,
     };
   },
 
@@ -214,6 +241,8 @@ export const TransparencyLogInstance = {
     message.publicKey !== undefined &&
       (obj.publicKey = message.publicKey ? PublicKey.toJSON(message.publicKey) : undefined);
     message.logId !== undefined && (obj.logId = message.logId ? LogId.toJSON(message.logId) : undefined);
+    message.checkpointKeyId !== undefined &&
+      (obj.checkpointKeyId = message.checkpointKeyId ? LogId.toJSON(message.checkpointKeyId) : undefined);
     return obj;
   },
 };
diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto
index d3d538a6..1f0fad33 100644
--- a/protos/sigstore_common.proto
+++ b/protos/sigstore_common.proto
@@ -133,10 +133,7 @@ message MessageSignature {
 
 // LogId captures the identity of a transparency log.
 message LogId {
-        // The unique id of the log, represented as the SHA-256 hash
-        // of the log's public key, calculated over the DER encoding
-        // of the key represented as SubjectPublicKeyInfo.
-        // See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
+        // The unique identity of the log, represented by its public key.
         bytes key_id = 1 [(google.api.field_behavior) = REQUIRED];
 }
 
diff --git a/protos/sigstore_rekor.proto b/protos/sigstore_rekor.proto
index 2eca88f7..424ff40c 100644
--- a/protos/sigstore_rekor.proto
+++ b/protos/sigstore_rekor.proto
@@ -34,13 +34,16 @@ message KindVersion {
         string version = 2 [(google.api.field_behavior) = REQUIRED];
 }
 
-// The checkpoint MUST contain a signature of the tree head (root hash),
-// size of the tree and the transparency log's unique identifier (log ID).
-// It MAY also be followed by any optional data. The result is a string, 
-// the format is described here https://github.com/transparency-dev/formats/blob/main/log/README.md
-// The details are here https://github.com/sigstore/rekor/blob/a6e58f72b6b18cc06cefe61808efd562b9726330/pkg/util/signed_note.go#L114
-// The signature has the same format as
-// InclusionPromise.signed_entry_timestamp. See below for more details.
+// The checkpoint MUST contain an origin string as a unique log identifier,
+// the tree size, and the root hash. It MAY also be followed by optional data,
+// and clients MUST NOT assume optional data. The checkpoint MUST also contain
+// a signature over the root hash (tree head). The checkpoint MAY contain additional
+// signatures, but the first SHOULD be the signature from the log. Checkpoint contents
+// are concatenated with newlines into a single string.
+// The checkpoint format is described in
+// https://github.com/transparency-dev/formats/blob/main/log/README.md
+// and https://github.com/C2SP/C2SP/blob/main/tlog-checkpoint.md.
+// An example implementation can be found in https://github.com/sigstore/rekor/blob/main/pkg/util/signed_note.go
 message Checkpoint {
         string envelope = 1 [(google.api.field_behavior) = REQUIRED];
 }
diff --git a/protos/sigstore_trustroot.proto b/protos/sigstore_trustroot.proto
index 755da4b8..32c07a91 100644
--- a/protos/sigstore_trustroot.proto
+++ b/protos/sigstore_trustroot.proto
@@ -39,7 +39,27 @@ message TransparencyLogInstance {
         // This attribute contains the signature algorithm used by the log.
         dev.sigstore.common.v1.PublicKey public_key = 3;
         // The unique identifier for this transparency log.
+        // Represented as the SHA-256 hash of the log's public key,
+        // calculated over the DER encoding of the key represented as
+        // SubjectPublicKeyInfo.
+        // See https://www.rfc-editor.org/rfc/rfc6962#section-3.2
         dev.sigstore.common.v1.LogId log_id = 4;
+        // The checkpoint key identifier for the log used in a checkpoint.
+        // Optional, not provided for logs that do not generate checkpoints.
+        // For logs that do generate checkpoints, if not set, assume
+        // log_id equals checkpoint_key_id.
+        // Follows the specification described here
+        // for ECDSA and Ed25519 signatures:
+        // https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures
+        // For RSA signatures, the key ID will match the ECDSA format, the
+        // hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT
+        // use RSA-signed checkpoints, since witnesses do not support
+        // RSA signatures.
+        // This is provided for convenience. Clients can also calculate the
+        // checkpoint key ID given the log's public key.
+        // SHOULD be set for logs generating Ed25519 signatures.
+        // SHOULD be 4 bytes long, as a truncated hash.
+        dev.sigstore.common.v1.LogId checkpoint_key_id = 5;
 }
 
 // CertificateAuthority enlists the information required to identify which

From 1bcf746f1bff3875610c2b150fdb7f8984f7faf6 Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Thu, 4 Apr 2024 21:35:07 +0000
Subject: [PATCH 2/2] Remove schema file

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 .../schemas/CheckpointKeyId.schema.json       | 20 -------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 gen/jsonschema/schemas/CheckpointKeyId.schema.json

diff --git a/gen/jsonschema/schemas/CheckpointKeyId.schema.json b/gen/jsonschema/schemas/CheckpointKeyId.schema.json
deleted file mode 100644
index de1ec94f..00000000
--- a/gen/jsonschema/schemas/CheckpointKeyId.schema.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-    "$schema": "http://json-schema.org/draft-04/schema#",
-    "$ref": "#/definitions/CheckpointKeyId",
-    "definitions": {
-        "CheckpointKeyId": {
-            "properties": {
-                "keyId": {
-                    "type": "string",
-                    "description": "The key ID in a checkpoint, as a prefix to the signature. SHOULD be 4 bytes long, as a truncated hash.",
-                    "format": "binary",
-                    "binaryEncoding": "base64"
-                }
-            },
-            "additionalProperties": false,
-            "type": "object",
-            "title": "Checkpoint Key Id",
-            "description": "The checkpoint key ID, following the specification described here for ECDSA and Ed25519 signatures: https://github.com/C2SP/C2SP/blob/main/signed-note.md#signatures For RSA signatures, the key ID will match the ECDSA format of the hashed DER-encoded SPKI public key. Publicly witnessed logs MUST NOT use RSA-signed checkpoints, since witnesses do not support RSA signatures. This is provided for convenience. Clients can also calculate the checkpoint key ID given the log's public key."
-        }
-    }
-}
\ No newline at end of file