Skip to content

Commit c6ec4fc

Browse files
erickterickt
committed
Rollback check is unrelated to metadata expiration
Expiration has nothing to do with the rollback check, so it's not necessary to state this in section 5.2 for timestamps, and 5.3 for snapshots.
1 parent 4029396 commit c6ec4fc

File tree

1 file changed

+4
-12
lines changed

1 file changed

+4
-12
lines changed

tuf-spec.md

Lines changed: 4 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1160,17 +1160,13 @@ as FILENAME.EXT.
11601160

11611161
* **2.2**. **Check for a rollback attack.**
11621162

1163-
* **2.2.1**. Note that the trusted timestamp metadata file may be checked
1164-
for authenticity, but its expiration does not matter for the following
1165-
purposes.
1166-
1167-
* **2.2.2**. The version number of the trusted timestamp metadata file, if
1163+
* **2.2.1**. The version number of the trusted timestamp metadata file, if
11681164
any, must be less than or equal to the version number of the new timestamp
11691165
metadata file. If the new timestamp metadata file is older than the
11701166
trusted timestamp metadata file, discard it, abort the update cycle, and
11711167
report the potential rollback attack.
11721168

1173-
* **2.2.3**. The version number of the snapshot metadata file in the
1169+
* **2.2.2**. The version number of the snapshot metadata file in the
11741170
trusted timestamp metadata file, if any, MUST be less than or equal to its
11751171
version number in the new timestamp metadata file. If not, discard the new
11761172
timestamp metadadata file, abort the update cycle, and report the failure.
@@ -1205,17 +1201,13 @@ non-volatile storage as FILENAME.EXT.
12051201

12061202
* **3.3**. **Check for a rollback attack.**
12071203

1208-
* **3.3.1**. Note that the trusted snapshot metadata file may be checked
1209-
for authenticity, but its expiration does not matter for the following
1210-
purposes.
1211-
1212-
* **3.3.2**. The version number of the trusted snapshot metadata file, if
1204+
* **3.3.1**. The version number of the trusted snapshot metadata file, if
12131205
any, MUST be less than or equal to the version number of the new snapshot
12141206
metadata file. If the new snapshot metadata file is older than the trusted
12151207
metadata file, discard it, abort the update cycle, and report the potential
12161208
rollback attack.
12171209

1218-
* **3.3.3**. The version number of the targets metadata file, and all
1210+
* **3.3.2**. The version number of the targets metadata file, and all
12191211
delegated targets metadata files (if any), in the trusted snapshot metadata
12201212
file, if any, MUST be less than or equal to its version number in the new
12211213
snapshot metadata file. Furthermore, any targets metadata filename that was

0 commit comments

Comments
 (0)