@@ -1109,13 +1109,14 @@ repo](https://github.com/theupdateframework/specification/issues).
11091109 cycle, report the potential freeze attack. On the next update cycle, begin
11101110 at step 0 and version N of the root metadata file.
11111111
1112- * ** 1.9** . ** If the timestamp and / or snapshot keys have been rotated, then
1113- delete the trusted timestamp and snapshot metadata files.** This is done in
1114- order to recover from fast-forward attacks after the repository has been
1115- compromised and recovered. A _ fast-forward attack_ happens when attackers
1116- arbitrarily increase the version numbers of: (1) the timestamp metadata, (2)
1117- the snapshot metadata, and / or (3) the targets, or a delegated targets,
1118- metadata file in the snapshot metadata. Please see [ the Mercury
1112+ * ** 1.9** . ** If any of the top-level roles other than root have been rotated,
1113+ then delete the trusted timestamp and snapshot metadata files. Also delete
1114+ the trusted targets metadata file, if targets keys have been rotated.** This
1115+ is done in order to recover from fast-forward attacks after the repository
1116+ has been compromised and recovered. A _ fast-forward attack_ happens when
1117+ attackers arbitrarily increase the version numbers of: (1) the timestamp
1118+ metadata, (2) the snapshot metadata, and / or (3) the targets, or a delegated
1119+ targets, metadata file. Please see [ the Mercury
11191120 paper] ( https://ssl.engineering.nyu.edu/papers/kuppusamy-mercury-usenix-2017.pdf )
11201121 for more details.
11211122
0 commit comments