Skip to content

Commit c908c28

Browse files
FoxboronFoxboron
authored
Merge pull request #160 from hko-s/voa
specs(VOA): edits for clarity, minor fixes
2 parents 801eefd + 5bbf10b commit c908c28

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

specs/file_hierarchy_for_the_verification_of_os_artifacts.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -283,6 +283,8 @@ Either two or one _purpose_ directories may exist per _role_:
283283
The _purpose_ directory name must not contain characters outside of `0–9`, `a–z`, `"."`, `"_"`, and `"-"`.
284284
VOA implementations must not consider invalid directories and should raise a warning if such a directory is encountered.
285285

286+
A _role_'s name must not start with the string "trust-anchor-", so that there can be no confusion with a purpose with _trust anchor_ usage _mode_.
287+
286288
##### Two purpose directories: Verification relying on trust anchors
287289

288290
For example, verifiers for the "package" _role_ may be stored in two _purpose_ directories:
@@ -621,7 +623,7 @@ If the need arises, this specification should be extended accordingly.
621623
[SSH CA]: https://liw.fi/sshca/
622624
[PKCS#7]: https://en.wikipedia.org/wiki/PKCS_7
623625
[Privacy-Enhanced Mail]: https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail
624-
[VOA hierarchy]: #hierarchy
626+
[VOA hierarchy]: #file-hierarchy
625627
[Web of Trust (WoT)]: https://openpgp.dev/book/signing_components.html#wot
626628
[XDG Base Directory Specification]: https://specifications.freedesktop.org/basedir-spec/latest/
627629
[`signify`]: https://man.archlinux.org/man/signify.1
@@ -645,7 +647,7 @@ If the need arises, this specification should be extended accordingly.
645647
[point to point]: #point-to-point
646648
[public key infrastructure]: https://en.wikipedia.org/wiki/Public_key_infrastructure
647649
[purpose]: #purpose
648-
[role]: #role
650+
[role]: #purpose
649651
[signature verification models]: #signature-verification-models
650652
[ssh-keygen.1#KEY_REVOCATION_LISTS]: https://man.archlinux.org/man/ssh-keygen.1.en#KEY_REVOCATION_LISTS
651653
[sshd.8#SSH_KNOWN_HOSTS_FILE_FORMAT]: https://man.archlinux.org/man/sshd.8#SSH_KNOWN_HOSTS_FILE_FORMAT
@@ -655,4 +657,3 @@ If the need arises, this specification should be extended accordingly.
655657
[time stamp protocol]: https://en.wikipedia.org/wiki/Time_stamp_protocol
656658
[trust anchor]: https://en.wikipedia.org/wiki/Trust_anchor
657659
[verifier revocation]: #revocation-of-verifiers
658-
[version]: #version

0 commit comments

Comments
 (0)