Require digest verification for related resources.

index.html

@@ -3191,12 +3191,14 @@ <h2>Integrity of Related Resources</h2>
         </p>
 
         <p>
-Specification authors that write algorithms that fetch a resource based on the
-`id` of an object inside a [=conforming document=] need to consider whether
-that resource's content is vital to the validity of that document. If it is, the
-specification MUST produce a validation error unless the resource matches the
-expected media type and cryptographic digest.
+A [=conforming verifier implementation=] that makes use of a resource based on
+the `id` of a `relatedResource` object inside a [=conforming document=] with a
+corresponding cryptographic digest appearing in a `relatedResource` object value
+MUST compute the digest of the retrieved resource. If the digest provided by the
+[=issuer=] does not match the digest computed for the retrieved resource, the
+[=conforming verifier implementation=] MUST produce an error.
         </p>
+
         <p>
 Implementers are urged to consult appropriate sources, such as the
 <a href="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf">