Skip to content

Commit

Permalink
Signatures
Browse files Browse the repository at this point in the history 
- addresses parts of oasis-tcs#678
- add FAQ on signing
  • Loading branch information
@tschmidtb51
tschmidtb51 committed Apr 23, 2024
1 parent ba0742f commit 77935f1
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions csaf_2.0/guidance/faq.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ Starting with version CSAF 2.1, [CSAF will support TLP v2](https://github.com/oa

CSAF lister and CSAF aggregator choose on their own which producing parties they add to their lists. Please reach out to the CSAF lister or CSAF aggregator in question. Their contact details are available in the metadata of the list.

### How long should signatures of CSAF documents be valid?

At any given point in time, signatures MUST be valid for 30 more days and SHOULD be valid for at least 90 more days. When signing CSAF documents, the signing party SHOULD comply with or exceed current best practices and guidance on key length.

### I want to use a Content Delivery Network (CDN) to distribute CSAF files. What do I need to consider?

Please see our advise on [CDNs](./cdn.md).
Expand Down

0 comments on commit 77935f1

Please sign in to comment.