From eae98688c75fb33a353ff2ac6025583655dee70e Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 24 Apr 2024 18:05:05 +0200 Subject: [PATCH] Signatures - addresses feedback of oasis-tcs/csaf#724 - change "check" to "verification" Co-authored-by: Stefan Hagen --- csaf_2.0/guidance/faq.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/csaf_2.0/guidance/faq.md b/csaf_2.0/guidance/faq.md index 66d0367c..3bc3d24c 100644 --- a/csaf_2.0/guidance/faq.md +++ b/csaf_2.0/guidance/faq.md @@ -53,9 +53,9 @@ CSAF lister and CSAF aggregator choose on their own which producing parties they At all times, signatures MUST remain valid for a minimum of 30 days and ideally for at least 90 days. When executing CSAF document signatures, the signing party SHOULD adhere to or surpass the prevailing best practices and recommendations regarding key length. Tools SHOULD treat the violation of the rules given in the first sentence as: -* warning if the signature is only valid for 90 days or less at the time of the check, -* error, which MAY be ignored by the user per option, if the signature is only valid for 30 days or less at the time of the check and -* error if the signature is expired at the time of the check. +* warning if the signature is only valid for 90 days or less at the time of the verification, +* error, which MAY be ignored by the user per option, if the signature is only valid for 30 days or less at the time of the verification and +* error if the signature is expired at the time of the verification. ### I want to use a Content Delivery Network (CDN) to distribute CSAF files. What do I need to consider?