diff --git a/protos/sigstore_bundle.proto b/protos/sigstore_bundle.proto
index 08d78a86..3d4c5e0f 100644
--- a/protos/sigstore_bundle.proto
+++ b/protos/sigstore_bundle.proto
@@ -48,7 +48,14 @@ message TimestampVerificationData {
 }
 
 // VerificationMaterial captures details on the materials used to verify
-// signatures.
+// signatures. This message may be embedded in a DSSE envelope as a signature
+// extension. Specifically, the `ext` field of the extension will expect this
+// message when the signature extension is for Sigstore. This is identified by
+// the `kind` field in the extension, which must be set to
+// application/vnd.dev.sigstore.verificationmaterial;version=0.1 for Sigstore.
+// When used as a DSSE extension, if the `public_key` field is used to indicate
+// the key identifier, it MUST match the `keyid` field of the signature the
+// extension is attached to.
 message VerificationMaterial {
         oneof content {
                 dev.sigstore.common.v1.PublicKeyIdentifier public_key = 1 [(google.api.field_behavior) = REQUIRED];