fix targetArtifact references

Signed-off-by: rgnote <[email protected]>

specs/signing-and-verification-workflow.md

@@ -110,7 +110,7 @@ The user wants to consume an arbitrary blob only if it was signed by a trusted p
     1. Parse and validate the signature envelope using the detached signature's file extension as the envelope type.
     1. Verify the signature envelope using trust-store and trust-policy as mentioned in [signature evaluation](./trust-store-trust-policy.md#signature-evaluation) section.
     1. If the signature verification fails, exit.
-1. Calculate the blob's size and verify that it matches the size present in `targetArtifact.payload`. Fail signature verification if there is a mismatch.
-1. If provided by the user, verify blob's media type to the one present in `targetArtifact.payload`. Fail signature verification if there is a mismatch.
-1. Calculate the digest of the blob using the digest algorithm deduced from signing certificate's public key (see [Algorithm Selection](./signature-specification.md#algorithm-selection)) and match it with the digest specified at `targetArtifact.payload.digest`.  Fail signature verification if there is a mismatch.
-1. If there any user-defined/supplied custom annotations, match them against the ones present in `targetArtifact.payload`. If they match, signature verification is considered successful.
+1. Calculate the blob's size and verify that it matches the size present in `targetArtifact.size`. Fail signature verification if there is a mismatch.
+1. If provided by the user, verify blob's media type to the one present in `targetArtifact.mediaType`. Fail signature verification if there is a mismatch.
+1. Calculate the digest of the blob using the digest algorithm deduced from signing certificate's public key (see [Algorithm Selection](./signature-specification.md#algorithm-selection)) and match it with the digest specified at `targetArtifact.digest`.  Fail signature verification if there is a mismatch.
+1. If there any user-defined/supplied custom annotations, match them against the ones present in `targetArtifact.annotations`. If they match, signature verification is considered successful.

specs/trust-store-trust-policy.md

@@ -403,7 +403,7 @@ Notary Project allows user to execute custom validations during verification usi
     1. Using the public key of the signing certificate and signing algorithm identified in the previous step, validate the integrity of the signature envelope.
     1. Verify signature `payload`
         1. Verify the signature envelope's `payload` matches the source [`payload`](./signature-specification.md#payload) that is getting verified. Make sure the artifact's digest, media type and size match the ones present in the signature envelope.
-        1. Additionally for Blob artifacts, calculate the digest of the blob using the digest algorithm specified at `targetArtifact.payload.digest` and make sure the digests match.
+        1. Additionally for Blob artifacts, calculate the digest of the blob using the hashing algorithm deduced from signing certificate's public key (see [Algorithm Selection](./signature-specification.md#algorithm-selection)) and make sure the digests match.
 1. **Validate Authenticity.**
     1. For the applicable trust policy, **validate trust store and identities:**
         1. Validate that the signature envelope contains a complete certificate chain that starts from a code signing certificate and terminates with a root certificate. Also, validate that code signing certificate satisfies [certificate requirements](./signature-specification.md#certificate-requirements).