diff --git a/docs/algorithm-registry.md b/docs/algorithm-registry.md
new file mode 100644
index 00000000..e5f991a4
--- /dev/null
+++ b/docs/algorithm-registry.md
@@ -0,0 +1,17 @@
+# Algorithm Registry
+
+This file is designed to act as a source of truth regarding what signing
+algorithms are permitted across the Sigstore ecosystem. Any changes to this file
+**must** be reflected in the `SupportedAlgorithm` enumeration in
+[sigstore_common.proto](../protos/sigstore_common.proto).
+
+Refer to the [Sigstore: Configurable Crypto Algorithms](https://docs.google.com/document/d/18vTKFvTQdRt3OGz6Qd1xf04o-hugRYSup-1EAOWn7MQ/)
+specification for the design rationale for this registry.
+
+| Algorithm | Name | Usage |
+| --- | --- | --- |
+| ECDSA | ecdsa-sha2-256-nistp256 | sign/verify |
+|| ecdsa-sha2-256-nistp521 | verify only |
+|| ecdsa-sha2-384-nistp384 | sign/verify |
+| EdDSA | ed25519 | sign/verify |
+|| ed25519-ph | sign/verify |
diff --git a/protos/sigstore_common.proto b/protos/sigstore_common.proto
index 8a4480e5..c5c3e509 100644
--- a/protos/sigstore_common.proto
+++ b/protos/sigstore_common.proto
@@ -73,6 +73,9 @@ message HashOutput {
 //
 // This is modelled as a linear set as we want to provide a small number of
 // opinionated options instead of allowing every possible permutation.
+//
+// Any changes to this enum MUST be reflected in the algorithm registry.
+// See: docs/algorithm-registry.md
 enum SupportedAlgorithm {
         SUPPORTED_ALGORITHM_UNSPECIFIED = 0;
         ECDSA_SHA2_256_NISTP256 = 1;