2.1.4. Signatures

Various data structures are signed. A log MUST use either elliptic curve signatures using the NIST P-256 curve (Section D.1.2.3 of the Digital Signature Standard [DSS]) or RSA signatures (RSASSA-PKCS1-V1_5 with SHA-256, Section 8.2 of [RFC3447]) using a key of at least 2048 bits.