Clarify delegated targets optional hash check

lukpueh · lukpueh · commit cc8a73b557a7 · 2020-03-06T10:33:50.000+01:00
Clarify that the hashes of delegated targets metadata in snapshot
metadata are optional and should only be match checked by the
client if present.
diff --git a/tuf-spec.md b/tuf-spec.md
@@ -1293,11 +1293,12 @@ non-volatile storage as FILENAME.EXT.
       in the snapshot metadata file.  In either case, the client MUST write the
       file to non-volatile storage as FILENAME.EXT.
 
-      * **4.5.2.5**. **Check against snapshot metadata.** The hashes (if any), and
-      version number of the new DELEGATEE metadata file MUST match the trusted
-      snapshot metadata, if any.  This is done, in part, to prevent a mix-and-match
-      attack by man-in-the-middle attackers. If the new DELEGATEE metadata file
-      does not match, abort the update cycle, and report the failure.
+      * **4.5.2.5**. **Check against snapshot metadata.**  The hashes and
+      version number of the new DELEGATEE metadata file MUST match the hashes
+      (if any) and version number listed in the trusted snapshot metadata. This
+      is done, in part, to prevent a mix-and-match attack by man-in-the-middle
+      attackers. If the new DELEGATEE metadata file does not match, abort the
+      update cycle, and report the failure.
 
       * **4.5.2.6**. **Check for an arbitrary software attack.** The new DELEGATEE
       metadata file MUST have been signed by a threshold of keys specified in the
