Signatures

- addresses feedback of oasis-tcs#724
- change "check" to "verification"

Co-authored-by: Stefan Hagen <stefan@hagen.link>

csaf_2.0/guidance/faq.md

@@ -53,9 +53,9 @@ CSAF lister and CSAF aggregator choose on their own which producing parties they
 At all times, signatures MUST remain valid for a minimum of 30 days and ideally for at least 90 days. When executing CSAF document signatures, the signing party SHOULD adhere to or surpass the prevailing best practices and recommendations regarding key length.
 Tools SHOULD treat the violation of the rules given in the first sentence as:
 
-* warning if the signature is only valid for 90 days or less at the time of the check,
-* error, which MAY be ignored by the user per option, if the signature is only valid for 30 days or less at the time of the check and
-* error if the signature is expired at the time of the check.
+* warning if the signature is only valid for 90 days or less at the time of the verification,
+* error, which MAY be ignored by the user per option, if the signature is only valid for 30 days or less at the time of the verification and
+* error if the signature is expired at the time of the verification.
 
 ### I want to use a Content Delivery Network (CDN) to distribute CSAF files. What do I need to consider?