-
Notifications
You must be signed in to change notification settings - Fork 643
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signed name-assertion objects #176
Comments
I don't see this conversation having traction or a common goal. |
Yeah, over two years without a response sounds like "no traction" to me ;).
I think having a standardized way to sign images is a pretty clear goal. This proposal is one way to do that, and it has the benefit of allowing signed name-assertions to live in CAS where they are easy to mirror and distribute. #22 has discussion on many alternatives as well. It would be nice if image-spec maintainers eventually picked one approach and specified it. |
Spun off from #173:
On Thu, Jul 21, 2016 at 04:38:55PM -0700, Stephen Day wrote:
I have some notes on modeling this here, here, and here, but I think we need the following types:
application/vnd.oci.image.named.blob.v1+json
, with properties for aname
string and ablob
descriptor, asserting that that name applies to that descriptor.application/vnd.oci.image.signed.blob.v1+json
, with properties for ablob
descriptor andsignatures
array of descriptors.The signature payloads would use existing media types like application/pgp-signature and application/jose+json.
I think that's enough to get started, and we can talk about blobs for public keys, signing algorithms, validity schemes, etc. later if there is demand for carrying them in-band.
The text was updated successfully, but these errors were encountered: