►
From YouTube: CNCF Notary Meeting 2020-07-27
Description
CNCF Notary Meeting 2020-07-27
C
A
A
C
A
Okay,
let
me
actually
pull
this
up.
A
So
the
I
wasn't
sure
if
my
house
was
gonna
make
it
today
for
to
cover
his
key
management
stuff,
so
he
didn't
get
on
the
agenda
and
I
pinged
him
so
we'll
we'll
see
how
that
goes.
The
main.
A
The
agenda
today
is
the
stuff
we've
been
talking
about
on
the
prototype.
If
you
remember
several
weeks
ago,
we
were
talking
about
how
we
wanted
to
kind
of
build
something
and
learn
a
little
bit.
The
we
have
lots
of
people
coming
in
with
their
expertise
in
different
directions,
and
we
were
kind
of
you
know,
making
the
analogy
of
you're
building
this
house,
and
you
have
lots
of
skilled
labor
coming
in
and
they
just
want
to
do
their
thing,
but
they
don't
know
where
to
do
their
thing
in
the
bigger
picture.
A
So
I
was
kind
of
using
the
analogy
of
in
fact,
let
me
gowdy
in
how
he's
created
some
of
his
sculptures
or
not
sculptures.
I
guess
they
are
sort
of
sculptures
where
he
created
a
model
and
that
helped
people
interact
and
figure
out
where
they
can
plug
in
so,
for
instance,
niaz
has
been
focused
on
the
key
management
portions.
A
He
doesn't
necessarily
know
as
much
about
the
images
and
you
know
artifacts
and
so
forth,
but
he
knows
the
key
management
scenario
is
really
well,
so
he's
been
driving
that
effort.
Likewise,
we've
been
talking
about
signatures
and
then
other
things
with
tufts,
so
we
wanted
to
be
able
to
kind
of
put
put
this
piece
in
place
and
we'll
keep
on
iterating
and
as
we
get
more
and
more
through
it,
we'll
learn
more
and
go
from
there.
A
Justin
and
I
were
joking
cormac
and
I
were
just
the
other
day
about
building
out
the
bathroom
for
this
house.
We
don't
know
what
the
whole
thing
looks
like
and
it
was
like.
It
doesn't.
A
A
So
we
put
out
this
pr-
that
is,
that
kind
of
next
iteration
that
we
we
had
the
original
one
which
just
kind
of
talked
about
the
process.
Well,
we
originally
had
the
scenarios
that
we've
been
talking
about
for
offline
management
and
so
forth
and
I'll
walk
through
those,
and
then
we
talked
about
how
we
wanted
to
build
out
this
model,
so
we
can
kind
of
build
and
learn
and
have
something
to
discuss
upon.
A
So
this
pr
here
talks
about
the
workflow
that
we've
been
talking
about,
that
in
a
build
environment
outside
of
any
public
registry.
It's
in
some
vendors,
some
projects,
environment,
whatever
that
might
be
they
can
create
everything
from
a
docker
image
to
an
s-bom
of
that
image,
to
maybe
packaging
the
source
and
bundle
it
and
sign
those
individually
or
assign
the
collection
of
the
index,
and
actually
that
alone
is
something
that
we
that
stirred
up
some
good
conversations.
A
So
we'll
talk
about
that,
wherever
that
thing's
built
it's
built
by
a
certain
entity,
it
would
be
signed
by
that
entity
and
from
that
their
registry,
which
is
like
the
original
registry
where
it's
created.
They
could
push
it
to
a
public
registry
and
then,
as
users
use
it,
they
could
pull
it
to
their
private
registry,
because
we've
been
talking
quite
a
bit
around
you
know
best
practices
are
always
about
pulling
them
into
your
own
registry,
even
though
it's
public
content.
A
So
this
way
you
have
your
own
life
cycle,
control
management,
your
security
boundaries,
your
isolation
from
dns,
as
we've
seen,
and
you
can
deploy
it
in
your
environment
and
in
that
environment
you
are
more
than
likely
going
to
put
secondary
keys
on
that
says.
Regardless
of
what
happened
upstream
this,
I
only
trust
stuff
in
my
environment
and
I'll
talk
about
this.
In
the
scenario
section
we
have
down
below.
A
So
the
prototype
focuses
on
the
stuff
that
we
put
in
the
nv2
org
or
the
notary
project
org,
where
we
have
the
distribution
spec.
That's
there
we'll
come
back
to
that
late.
Well,
rephrase!
Then
we
go
in
order.
We've
actually
numbered
these
things,
so
we
have
this
nv2
client
which
can
do
signing
and
verification.
That's
all
it
does.
It
doesn't
do
push
and
pull
its
job
for
this
prototype
is
just
do
signing
and
verification.
A
They
could
sign
any
oci
artifact
and
it
would
generate
a
signature
and
using
the
rs
client
we
can
push
and
pull
things
to
a
distribution
registry.
The,
like,
I
said,
the
distribution
registry
portions
will
come
later.
We've
been
working
on
some
stuff
there,
but
we
really
wanted
to
focus
on
the
signature
aspect
first,
because
we
know
we
can
push
and
pull
stuff
to
a
registry.
A
A
The
way
she
weigh
has
built
this,
which
is
really
cool,
is
that
there's
a
couple
of
different
ways.
You
can
do
verification
objects.
A
signature
is
one
of
them.
In
fact,
x-509
is
one
choice.
We
we
had
a
gpg
in
there,
but
it
seemed
like
that
was
adding
more
confusion.
So
we
pulled
that
out.
For
now
the
the
point
was
we
can
do
multiples,
and
this
belief
is
that's
where
we
were
bringing
something
like
tough
as
well.
A
So
the
things
like
with
docker
hub
makes
it
pretty
interesting
is
that
you
have
this
public
content
that
is
certified.
Well
sorry,
they
have
this
public
content
and
there's
these
two
categories,
there's
the
certified
certified
content,
which
today
is
really
a
badge,
but
we
were
trying
to
think
how
could
we
make
that
more
robust
and
more
trusted?
A
And
then
you
have
this
community
stuff
that
we
don't
want
to
limit,
which
also-
which
has
the
wide
range
of
some
of
the
best
projects
in
cncf
to
who
knows
what
that
is,
and
and
potentially
bad
content.
So
there's
this
wide
range
and
we
don't
it's
really
hard,
sometimes
to
judge
that
range
other
than
voting
and
so
forth.
But
we
definitely
wanted
to
distinguish
this
between
the
two,
so
the
public
content
would
actually
be
sorry.
The
certified
content
could
actually
be
signed
in
addition
to
the
vendor.
A
So
the
idea
is
that
in
the
public
content
we're
using
the
same
acme
rockets,
one
where
they're
building
from
public
content,
which
they
might
have
in
their
registry
and
then
they
but
in
their
environment-
that
they
run
their
code.
They
only
trust
stuff,
that's
from
docker
io
and
acme
rockets.
In
fact,
that's
part
of
the
build
process
that
we'll
walk
through
here.
So
the
user
discovers
some
certified
content.
They
wish
to
acquire
they
copy
the
url
and
they
pass
it
to
their
docker
run
command.
A
So
in
this
case
it's
docker
io
and
I've
shown
that
just
for
the
clarity
of
course,
we
don't
need
to
specify
that
hello
world
latest
the
user
already
has
the
docker.
I
o
certificate
certificate
enabling
all
certified
content
from
docker
hub
and
I'm
totally
hand
waving
here
on
how
they
acquire
the
certificate.
A
Because
what
we've
said
is
we
really
want
to
let
the
key
management
folks
kind
of
focus
on
what
they
want
to
do
there
so
we're
hand
waving
that
for
now,
one
very
just
justifiable
thought
and
I'm
totally
making
this
up-
is
that
because
this
is
the
actual
docker
client,
maybe
and
it's
working
with
docker
hub,
maybe
it
can
acquire
the
docker
hub
cert,
I'm
not
sure
I
buy
all
of
the
security
aspects,
I'm
not
even
going
to
try
to
defend
those
right
now,
honestly,
but
the
idea
is
that
there
is
this
experience
where
that
cert
is
trusted
and
there's
like
there's
no
tofu
model
in
this
case,
so
because
that
company
has
locked
them
down
to
only
allowing
these
two
certificates,
these
keys
to
be
used,
the
image
runs
and
verification
passes.
A
Now
the
secondary
to
one
is
the
user
discovers
some
content
same
thing?
There's
this
awesome
network
monitor
they.
That
thinks
looks
like
they
think
they
want
to
use
again.
They
copy
the
url.
They
try
to
run
it,
but
it
fails
because
in
acme
rockets
they've
got
trust
required
and
even
the
primer
name,
I'm
just
making
up.
A
You
know
enabled
and
as
a
policy-
and
they
don't
have
this
wabit
networks
certificate
so
when
they
try
to
run
it'll
fail
because
it
just
it's
not
allowed
so
the
user
can
to
say
in
again
experienced
here
aside.
You
know
the
user
can
either
disable
the
trust
required
key
assuming
their
enterprise
would
allow
that
policy
or
they
have
to
figure
out
how
to
acquire
that
key
and
there's
lots
of
ideas
of
how
they
might
do
that
again.
We're
going
to
ignore
that
for
now
so
the
user
acquires
the
web
it's
key.
A
A
So
I'm
going
to
pause
there
for
a
second,
and
I
realize
I
kind
of
skipped
on
the
agenda.
So
I
wanted
to
go
through
the
scenarios,
including
the
private
registry
scenario,
and
then
I
was
going
to
hand
off
to
sheeway
to
actually
go
into
the
detail
of
the
signature
design.
A
All
right,
it
is
7
a.m,
but
you
were
charming.
A
Okay,
I'm
not
getting
the
border.
I
had
the
border
that
whole
time.
Do
you
see
just
one
screen,
just
the
the
nv2
prototype
thing?
Yes,
okay,
all
right
whatever
I
must
have
gotten
some
update.
I
don't
even
know
whatever.
So
what
I
just
walked
through
was
this
experience
here.
This
picture
here
where
the
np2,
client
signs
and
artifacts
generates
a
signature.
The
aura's
client
pushes
it,
and
this
is
basically
the
content
of
the
read
be
of
that
pr.
A
So
I
went
through
this
section
here
and
the
only
thing
I
was
going
to
do
actually
did
I
even
cover
this
one?
No,
it's
actually.
Okay,
that's
fine,
because
now
that
I've
done
sharing
my
screen
and
walk
through
the
whole
thing,
I
was
gonna
hand
off
to
sheway.
Anyway,
any
questions
on
the
scenarios
before
we
drill
into
the
the
signature
stuff
itself.
F
I
was
when
I
was
in
the
meeting
mentioned
that
one
key
scenario
is,
you
know,
keep
the
signature
valid,
as
you
know,
when
it's
moved
from
red
one
registry
to
another,
if
that's
still
within
the
scope,
absolutely
absolutely.
A
A
Oh,
I
see
it's
in
the
signature
specification
goals
so
here
so
now
that
I
can
share
my
screen
and
everybody
can
see
it
so
we
have
offline.
So
on
the
signature
specification
page-
and
this
is
the
one
where
I
want
cheap
way
to
drive
but
I'll
just
do
the
goals
to
answer
your
question
daniel
and
then
I'll
get
out
of
the
way
so
offline,
signature
creation.
A
So
in
fact,
when
he
creates
the
signature,
we're
actually
doing
it
without
a
registry,
even
in
the
picture-
and
there
was
an
interesting
thing
around
images
that
we've
at
least
temporarily
filled
the
gap.
I
say
templates
because
I'm
not
sure
where
the
container
d
stuff
lands
in
the
space.
So
with
the
signature
created,
you
can
persist
it
with
an
oci
artifact
enabled
registry,
an
artifact
signature
is
copied
within
and
across.
A
So
when
I
say
within
it's
within
a
registry
where
you
can
go
from
repo
a
to
repo
b,
so
dev
to
staging
to
production
or
from
a
dev
registry
to
a
production
registry
or
from
docker
hub
to
a
private
registry
and
so
forth,
we
want
to
support
registry
public
registry
acquisition
of
content
where
the
public
content,
maybe
may
public
registry,
may
host
certified
content
as
well
as
public
content
so
or
non-certified.
A
That's
the
community
stuff
that
I
was
just
referring
to
we'll
support
private
registries
where
public
content
is
copied
into
and
the
new
content
is
originated
within.
So
within
my
acme
rockets
company.
I've
got
lots
of
secure
rocket
technology
that
I
don't
want
that
ip
public
so
I'll.
Keep
that
in
our
private
registry
and
air
gap,
environments
where
the
originating
registry
of
content
is
not
accessible.
A
We
also
want
to
support
multiple
signatures.
So
if
you,
what
I
was
just
referring
to
is
the
the
wabit
networks
has
their
own
key
that
they
build
themselves.
They
then
host
it
on
docker
hub
and
at
first
their
community
content.
They
actually
didn't
get
a
second
key,
so
we
walked
through
that
scenario
where
the
company
that
wanted
it
had
to
go,
get
the
wabit
networks
key
and
then
eventually
it
became
docker
certified.
So
now,
there's
a
docker
io
key
on
it
as
well.
A
So
there
is
that
multiple
signatures
and
the
last
one
here
is
maintain
the
original
artifact
digest
and
tags
so
that
when
the
devops
workflow
that
says,
deploy
network
monitor
version
v1
that
I
don't
have
to
change
that
tag
or
its
digest.
Depending
on
the
choice
I
make
to
move
it
through
the
workflow.
The
signatures
will
always
be
associated
with
that
tag
and
digest.
So
we're
not.
You
know
changing
along
the
way.
B
So
I
have
a
quick
question:
is,
is
revocation
included
in
this
signature
model
so
that
if
something
were
to
happen
to
one
of
the
private
keys
that
you
trust,
is
there
like
a
way
built
in
to
kind
of
revoke
trust
in
that
key.
A
Yeah,
so
key,
revocation
again
isn't
that
key
management
portion,
so
I
know
niaz
has
been
working
on
that
there's
so
I'll
defer
to
them
on
that
one.
But
yes,
we
definitely
want
to
keep
that
in
mind,
but
not
in
mind.
We
want
to
keep
that
as
a
very
core
scenario.
A
A
You
want
to
take
it.
You
want
to
share
your
screen
and
just
walk
through
your
signature,
design.
E
Yeah,
so
so
here's
the
thing
is
the
proposal
for
the
notre
v2
signatures.
So
basically
we
can
find
manifest
based
things
like
the
auxilia
image
index
or
image
manifest
docker
image,
manufacture,
list,
docker,
image
manifest
and
and
we
can
sign
all
everything
and
offline
yeah.
E
So
it's
pretty
simple
that
we
can
generate
some
x593
and
the
keys
for
this.
For
example,
here
we
generate
keys
for
the
for
the
registry
example.com,
and
the
key
is
the
example.
Key
and
third
is
the
example
of
sort
and
the
certificate
will
be
something
like
this
one,
so
it
has
two
parts.
The
first
part
is
the
actual
content.
E
So
in
this
scenario
it
is
the
the
expiry
time
or
before
and
if
you
add
digest
digest,
is
the
manifest
digest
and
the
size
is
the
manifest
size
and
the
excp
means
expiry.
E
So
as
the
signer,
I
want
this
fine
content
to
be
expired
after
certain
time
and
of
course,
this
kind
of
thing
cannot
be
valid
before
a
certain
time.
At
the
time
is
the
unix
epoch
time
and
here's
the
volume
called
the
issue
add.
Actually,
it's
the
time
that
the
signer
sees
this
this
manifest
and
there's
also
a
property
called
references.
That's
the
the
original
references
of
this
tagged
for
this
manifest
that
is
claimed
by
this
signer
and
in
the
signature
part.
Currently
we
only
support
the
x509
type.
E
It
has
a
signature
and
the
chain
of
the
x509
certificates
and
it's
used
assigning
algorithm
of
the
rs250
256,
which
is
the
ic
plus
the
sha
256.
So
basically,
only
the
people
who
has
the
key
for
the
search
of
the
registry.example.com
can
sign
content
with
the
reference
of
the
domain
name
of
the
registry.example.com.
E
E
So
this
file
is
just
a
file.
That
means
it
can
be
stored
on
your
file
system
or
it
can
be
stored
in
onto
a
oci
con
compatible
registry
via
a
ocean
artifact.
So
in
this
case,
this
is
a
command
showing
that
we
can
use
auras
to
push
the
signature
to
the
remote
registry
as
an
artifact.
A
When
your
screen
sharing
it's
a
little
hidden
hover
over
the
screen,
shared
one
always
at
the
bottom,
yeah
just
look
for
the
screen
chat
session
there
or
let
me
I
can
actually.
E
Send
out
the
url.
A
So
I
I
will
say
I
I
apologize
I
did
say
last
week
we
were
going
to
get
up
the
pr
early
so
that
people
had
a
chance
to
review
early
and
not
assume
they
can
review
it
on
the
weekend.
I
didn't
get
it
out
as
early
as
I
wanted,
so
we're,
obviously
not
looking
for
final
feedback.
Today
we
want
people
to
have
a
chance
to
digest.
H
A
So,
just
to
rearrange
like
what
I
think
I
heard
you
talk
about.
Milos
was
the
this
is
a
sketch
like.
We
don't
expect
this
to
be
the
final.
This
is
like
putting
the
bathroom
design
out
and
justin
comes
over
and
says,
but
where's
the
bidet,
I'm
like.
Oh,
we
didn't
think
about
it.
So
where
do
we
need
bidets
ralph
in
colleges?
We
absolutely
have
to
have
bidets
so
where's,
the
bidet
that
belongs
in
here.
A
One
of
the
things
that
came
up
was
some
encoding
conversations,
because
we
we
focused
mostly
on
the
content
of
the
signature
in
this
one.
We
know
that
there's
a
long
standing
conversation
with
canonical
jason
and
others,
and
we've
been
reaching
out
to
trishank
and
radu
for
some
of
the
stuff
they
did
with
cnab
to
understand
how
they,
you
know
were
dealt
with
it.
A
There
we've
talked
about
it
in
coding
and
some
other
stuff
derek
had
given
some
feedback
that
honestly,
I
I
had
to
record
it
and
we
we
need
to
incorporate
that
feedback,
so
we
can
bring
that
forward
as
well.
But
what
would
so?
I
wouldn't
view
this
as
any
kind
of
final
design.
Yet
it's
like,
I
said
it's
that
sketch
to
facilitate
that
conversation
but
milo's
what
what
is
what
are
you?
You
were
saying
something
there
that
you
felt
like
we
were
missing
already
or
what
was
the
concern.
H
Not
really
a
concern
from
my
point
and
just
once
you
have
a
cli
or
a
model
that
works
with
individual
files
like
this.
I
imagine
that
modifying
is
these
two
also
support
or
somehow
intercour
incorporate
or
abstract
the
tough
model,
especially
the
recent
versions
that
have
a
single
para
registry
state
that
is
signed
all
over.
A
Yeah,
I
I
guess
I
just
kind
of
reinforce
that
we're
not
done
yet
we
kind
of
think
about
as
a
phase
one
and
we'll
do
more.
We
don't
expect
anybody
to
start
using
this
yet
other
than
to
say:
hey
where's,
the
bidet.
You
know
what,
where
else,
what
else
do
we
need?
So,
for
instance,
the
encoding
was
one
of
the
things
that
came
up,
that
we
want
to
be
able
to
that.
We
just
need
to
digest
a
little
bit
and,
and
put
you
know,
put
that
feedback
in.
A
I
would
say
that,
as
far
as
like
a
a
notary,
v1
or
docker
content,
trust,
we've
said
from
the
beginning
that
this
is
a
breaking
change,
we're
not
trying
to
incorporate
that.
We
don't
have
enough
usage
of
the
old
one.
That
says
we
have
to
absolutely
support
that
for
the
registries
that
do
support
docker
content,
trust
that
can
stay
there
as
long
as
they
want
for
customers
to
move
over.
We
in
acr
we
we
follow
this
carrot
and
stick
model.
You
know
we,
we
don't
try
to
deprecate
something
and
force
people
over.
A
We
try
to
provide
a
new
feature
and
the
new
feature
should
be
so
much
better
that
customers
move
over
self-select
and
then
only
after
the
majority
of
customers
have
moved
over
and
there's
always
some
remnant,
because
the
remnant
is
doesn't
care
about
the
new
scenarios.
They've
automated
some
tooling
around
it.
It's
not
important,
then
we
come
back
and
we
contact
them
and
do
the
stick
kind
of
thing.
So
my
hope
is
whatever
we
do
with
notary
v2,
the
in
the
final
design,
with
the
bidet
that
customers
will
opt
in
themselves
and
we
won't
have
any.
H
A
The
their
content,
they
were
using
docker
content,
trust
and
notary.
V1
they'll
resign.
It
with
mp2
notary
v2
and
you
know,
they'll
make
a
smooth
transition
over.
A
You
also
mentioned
something
about
the
registry.
There
is
some
stuff
in
there
about
the
registry,
apis
we're
still
early
on
that
we're
even
debating
amongst
ourselves.
So
hopefully
we
can
get
to
that
next
week.
If
not,
it
might
be
the
following
week,
but
we
certainly
want
to
get
more
feedback
on
there.
A
We
just
don't
have
enough
of
the
the
thoughts
written
down
to
have
a
good
discussion
over
it.
So
that's
why
we're
we're
not
ready
to
kind
of
delve
into
that
part.
We've
got
a
bit
of
a
teased
in
here
just
to
get
the
ideas
out
there.
F
Yeah,
I'm
talking
to
another
guy
in
a
chat
window,
but
I
mean,
in
this
json
object,
there's
a
reference
which
has
the
host
name
right.
When
you
move
this
to
another
registry,
the
uri
of
the
you
know
the
artifact
will
change.
So
how
does
this
still
be
valid
because
the
hostname
has
changed
and
it's
moved
to
another
legislature,
great.
A
Question
so
from
a
scenario-
and
this
is
one
that
actually
was
pretty
cool-
that
we
that
we
were
discussing-
let
me
just
I'll
reshare
it
so
we
can,
I
will
actually
make
sure
I'm
sharing
it,
so
I
believe
that's
sharing
it
now
right.
Can
everybody
see?
A
A
The
idea
is
that
if-
and
I
I
was
debating
on
using
example
or
acme
rockets
and
or
rabbit
networks
or
whatever
so
imagine,
this
was
well
I'll.
Just
use
examples,
so
example.com
is
that
community
content
that
pushes
up
to
docker
hub-
and
now
I
pulled
it
from
docker
up-
it's
totally
valid
that
it's
from
dockerhub.
All
it's
saying
is
that
this
has
some
original
content
associated
with
example.com
wabitznetwork.com,
and
I
can
get
it
from
anywhere
there's
nothing
that
stops
where
I
get
it
from
what's
really
interesting
about.
A
This,
though,
is
I
promote
this
from
example
to
docker
hub.
I
now
pull
it
into
my
org,
the
acme
rockets
org
in
the
acme
rockets
org.
I
can
now
sign.
Well,
I
take
it.
I
scan
it.
I
run
some
unifi
and
verification
tests
against
the
thing,
and
I
decide
that
this
content
is
actually
good
for
my
environment.
So
now
it's
certified
for
my
environment.
A
So
now
I'll
give
it
a
secondary
or
it
might
be
a
third
because
there's
example
than
docker,
but
then
there's
an
acme
rockets
key
that
I
put
on
this
there's
a
whole
other
signature
object.
This
remember
this
is
this
object,
doesn't
expand.
There's
a
secondary
signature
object
that
now
has
acme
rockets,
registry.acme
rockets,
dot
io
example
latest
and
now
in
my.
A
A
I
I
I
something
and
or
dot
something
and
now
in
my
environment,
my
oppa
or
whatever
policy
agent
I
want
to
use,
will
say
I
will
only
deploy
content
that
has
the
acme
rockets
key
and
it
will
only
deploy
content
that
came
from
the
same
registry
that
I
want
to
secure.
So
there
would
be
another
signature
object
that
says:
registry.acmerockets.hello
sorry.com
hello
world
and
I
should
put
more
readme
content
out
there
to
explain.
H
B
A
You're
absolutely
right
and
I'm
sorry,
I
skipped
the
obvious
one.
If
you
remember
back
here
here
in
this
example,
the
customer
is
set
up
to
accept
anything
from
docker,
I
o
or
acme
rockets,
dot,
io
so
and
let's
say,
they're
public
content.
A
Let's
say
this
is
a
wabit
networks
and
that,
so
sorry,
I'm
having
a
hard
time
trying
to
explain
what
should
be
clear.
Yes,
whatever
search
they
want.
If
they
want
to
accept
the
public
cert
from
wabit
networks
to
in
their
production
environment.
That
is
totally
valid.
A
I
was
trying
to
explain
the
scenario
where
there's
an
extra
cert
that
you
can
put
for
your
limit,
because
in
the
case,
in
that
case,
the
this
url
when
it
comes
from
wabit
networks
or
in
this
case
this
case,
here's
the
third
that
actually
is
acme
rockets.
You
can
put
you
whoever
signed
it,
puts
the
registry
name
that
they
want
on
it.
F
F
I
would
say
it's
flawed,
so
they
make
all
this
hierarchy
stuff
to
solve
some
problem.
I
I
don't
recall
the
details
of
top,
but
I
I
think
you
know
in
some
session
of
top
they
mentioned
this
model
is
flawed
or
problematic.
B
Well,
I
think
that
one
concern
that
tap
has
is
that,
if
something
like
acne
rockets,
dot
io
was
compromised.
How
would
that
affect
the
security
of
the
system?
Because
if
the
system's
trusting
that
this
came
from
this
server,
if
that
server
is
compromised,
you
then
lose
the
that
integrity.
B
So
you
need
to
make
sure
there's
like
other
aspects
of
it
as
well,
so
that
you
make
sure
that
the
signature
can't
be
compromised
if
the
repository
is
compromised.
Basically,
so
whatever
key
is
used
to
sign
in
these
files,
I
think
this
might
get
into
the
key
management,
but
whatever
keys
used
to
sign
these
files,
if
that
is
also
stored
on
this
backing
rockets
server,
then
a
single
server
compromise
then
gets
rid
of
the
security
of
the
system,
which
would
be
the
concern
there.
I
think.
A
Okay,
so
yes,
we,
this,
doesn't
this
isn't
the
tough
model
at
this
point?
This
is
what
we
call
phase
one
we
as
we've
been
going
through
this
over
the
last
several
weeks.
One
of
the
things
we've
been
discussing
is
the
struggle
of
there
was
some
stuff
around
tough,
requiring
that
that,
whether
that
required,
the
assumption
is
the
client
is
that
secondary
has
some
metadata
on
it.
That's
a
secondary
validation
and
it
to
support
the
rollback
problem,
we're
not
trying
to
solve
the
rollback
problem
in
this
particular
prototype.
A
This
is
it's
a
pure
signature.
It's
a
trust
that
the
signature,
the
keys,
are
valid
until
they're
revoked.
So
it's
more
pivoted
on.
I
don't
think
it's
more
private
on
the
private
registry
scenario,
but
it's
the
ability
to
move
stuff
into
private
registries.
So
this
shows
that
how
we
could
sign
something
have
a
key
associated
with
it
and
move
it
across
environments.
A
As
we
get
more
of
this
figured
out-
and
you
know
in
those
details,
we
want
to
be
able
to
go
back
and
address
the
security
and
usability
aspects
of
tough
related
to
registries.
We
do
want
to
support
that
secondary
verification,
but
in
the
container
space
we
can't
assume
the
client
has
some
previous
state.
We
refer
to
it
as
the
ephemeral
clients,
where
every
time
I
start
up
a
new
environment
in
the
serverless
container
space
that
there
is
no
previous
state
on
there.
A
There
has
to
be
some
acquisition
of
keys
and
acquisition
of
to
to
validate,
and
we
want
to
dig
into
that
more
to
make
sure
we
can
get
both
the
security
and
the
usability
of
top
to
figure
to
fit
into
this
and
that'll
be
part
of
the
phase
two
work
steve.
If
I
may
yeah,
please.
D
So
I
that
makes
that
explanation
makes
perfect
sense
to
me.
The
thing
that
I'm
wondering
is
that,
without
the
assumption,
that
is
also
not
in
scope
for
the
prototype
currently
being
placed
somewhere,
that
the
question
of
an
incompleteness
of
where
we
are
right
now
will
be
abstract.
So
people
come
into
the
project,
go
out
on
the
project
for
a
moment
and
they'll
come
back
in
and
they
won't
really
know
what
this
addresses
and
doesn't
address.
D
So
I
think
it
might
be
really
helpful
like
what
you
said
where,
like
it's,
not
in
scope
for
this
step
of
the
prototype
right,
I
think
it
would
be
really
helpful
if
we
actually
documented
what
that
situation
was.
That
use
case
was
and
said
that
this
is
an
open
issue
for
future
phases
that
that
we,
you
know,
let's
draw
a
line
around
that
whole
scenario,
so
that
we
don't
get
distracted
by
what
this
doesn't
do
and
focus
on
what
it
does
do.
Does
that
make
sense.
A
No,
it
makes
perfect
sense.
I
was
just
making
a
note
that
we
should
we
we've
had
some
of
the
we've
had
all
the
scenarios
written
down
that
came
with
the
exact
numbers,
then
we'll
have
the
key
management
scenarios,
I
think,
probably
creating
some
kind
of
grid
that
shows
here's
what
we're
doing
in
phase
one
here's,
what
we're
doing
in
phase
two?
Here's
what
left
and
we
don't
know
what
phase
three
four
or
five
might
be
yet,
but
we
know
that
we
have
these
open
issues
that
we
want
to
solve.
D
I'll
I'll
volunteer
to
help
you
out
with
such
a
matrix,
because
I
think
that
would
be
for
people
who
aren't
here
every
single
week
that
come
in
and
go
and
of
course
we're
all
very
you
know
busy
with
the
entire
world
right
now.
That
would
be
super
super
helpful
for
people
to
understand
like
what
phase
what
has
been
tackled,
but
it's
still
not
addressed,
and
things
like
that.
I
think
that
would
be
good,
so
I'll
volunteer
for
that
help.
A
I
was
looking
for
the
chat
session.
I
explained
to
the
shoei
where
to
get
up,
and
now
I
can't
find
it-
you
have
to
stop
sharing
to
get
oh
there.
It
is
it's
the
orange
one
popped
up
right
there,
I'm
just
putting
the
hack
md
link
in
there,
because
I
noticed
people,
we
don't
have
any
notes
or
even
who's
here.
So
please
sign
yourself
in
there,
so
we
can
help
there.
A
D
D
Yeah,
I
think
it
also
helps
because
it
makes
it
makes
it
clear
the
progress
that
we
intend
to
have
through
the
work
that
we
do
and
that
I
think,
will
help
everybody
feel
a
lot
more
comfortable
at
how
we're
addressing
every
single
situation
and
what
isn't
addressed
explicitly.
D
A
That
sounds
good,
so
we
we
do
have
a
little
time
left.
One
of
the
things
we
said
is,
if
there's
some
time,
we
can
walk
through
what
we
what
we've
been
iterating
on
the
experience
and
the
experience
has
been
like
this
loop,
it's
hard
to
kind
of
come
up
with
this
design
without
having
the
mb2
like
a
nv2
client
experience
that
generates
it.
So
the
the
one
thing
that
I'd
actually
say
is
for
people
to
kind
of
take
a
look
at
this
is
the
one
area
of
this.
A
Is
the
signature
object
that
we
are
creating?
It's
actually
a
formatted
version.
The
signature
object
to
be
clear.
Normally,
it's
non-formatted
no
white
space
and
that's
part
of
the
canonical
conversation
we
need
to
drill
into,
but
we
also
got
some
feedback
that
you
know
basically
having
this
even
split
and
encoded
in
a
way,
so
you
can
retrieve
the
information
that
the
decoding
of
it
doesn't
create
opportunities
to
hack
into
it.
So
anything
along
those
lines
would
be
great
feedback
too.
E
Yeah
sure,
just
let
me
show
my.
E
Types:
okay,
so,
okay!
This
is
that's
good!
Okay,
so
so
you
can
see
this
window
right,
yep,
yep,
that's
good,
and
the
first
thing.
First
that
says
we
have
to
generate
the
case
for
the
x49
certificate,
and
this
is
copied
from
the
I
mean
two
documentation.
So
just
let
me
send
out
the
link
for
you
guys.
G
E
Okay,
so
yes,
I
generated
next
step
is
to
just
let
me
have
a
hello
world
here
and
let
me
create
a
doc
file
to
to
create
an
image
so
from.
B
E
B
G
E
Hello,
hello
and
later
we
so
to
find.
B
E
We
have
to
generate
the
generated
manifest
for
this
image,
because
docker
does
not
store
the
manifest
in
the
system
where
you
build
it.
It's
only
generated
when
you
push
it
so
I
created
a
a
cli
plugin
to
generate
the
manifest.
So
just
let
me
send
out
the
link
for
the
tool
I
have.
E
So
here's
a
link
so
when,
if
you
have
the
generated
plugins
installed,
you
can
generate
generally
do
this
dog
generate
general
rate,
manifest
hello
and
how
to
put
it
to
a
manifest
dot
json
file.
A
You
guys
might
have
heard
a
couple
weeks
ago
where
we
were
having
this
conversation,
where
the
manifest
should
be
created,
stored,
saves
and
what
the
formatting
of
it
will
be
so
for
now,
chewy
just
built
this
manifest
generation
tool
which
is
pretty
cool
and
we'll
incorporate
that
later.
A
E
Sign
dash
m
x
file,
nine,
oh,
let's
support
the
small
keyboard
and
with
the
key,
which
is
the
example
key
and
the
third
with
the
example
does
that
and
we
can
specify
the
expiry
time
like
one
year,
that
is
8
000
760
hours
and
we
can
satisfy
the
the
references
like
a
registry
or
the
call
anything
here.
It's
a
registry
example
slash.
Maybe
a
call
hello
world,
slash
latest
or
3.0
and
a.
G
E
E
So
let
me
do
charastic
it's
the
signature,
it's
not
humor
readable,
so
let
me
pass
it
to
jq.
So
if
that's
how
the
signature
looks
like.
So
what?
If
you?
If
what?
If
you
try
to
assign
a
image
that
is
not
from
the
retrieve.example.com,
you
will
have
this
arrow,
so
the
certificate
is
only
valid
for
registry.example.com,
it's
not
valid
for
reaches2.example.com,
okay
and
of
course,
you
can
sign
without
any
references.
B
E
Okay,
so
let
me
find
the
original
one
to
verify
it.
You
type
the
iv
to
verify
and
of
course
I
need
to
specify
this
search.
For
the
I
mean
the
root
set
for
the
for
the
signature,
because
it's
a
it
is
a
self
science
signature.
If
it's
not
sales
sign,
it
is,
for
example,
it's
a
ca,
a
genera
that
is
a
certificate
from
the
system
pki.
Then
you
don't
need
to
pass
any
certificate
to
it.
B
E
And-
and
it's
very
advised
on
a
successful
verification,
it
outputs
the
digest
of
the
manifest
and
also
the
return
value
of
the
process
is
zero
and
that's
the
stunning
process
of
the
normal
v2
one
and
in
in
some
cases
you
don't
want
to
store
the
certificate
in
the
x
in
the
sig
file,
so
you
just
want
to
have
a
key
id
instead.
So
in
this,
in
that
case,
let
me
stick
to
and
remove
the
third
part
and
it
signs
and
of
course
you
can.
G
E
C3,
for
example-
oh
sorry,
x
example,
sir
and
file
manifest
also
take
the
the
stick
to
file
yeah
and
it's
verifies.
So
let
me
try
other
thing.
E
Let
me
sign
something
without
search
and
the
signs
to
another
registry,
for
example
register.exemple.com
in
that
case,
because
the
third
is
not
passed
to
the
mv2
sign,
so
the
domain
name
is
cannot
be
verified
at
the
starting
time.
E
B
E
G
A
One
thing
I
was
just
following:
I
think
I
see
what
the
difference
is,
but
can
originally
when
you
try
to
sign
with
registry
2,
because
the
cert
was
only
for
registry.example.com.
The.
E
A
H
E
E
A
A
Actually
sure
hold
on,
I
just
noticed
the
comment.
A
major
concern
for
me
is
that
the
verifier,
the
verify
step
must
at
least
allow
and
preferably
direct
default
to
verifying
the
reference
against
the
expected
value,
prevent
trial,
trivial,
substitutions
and
attack.
We'll
just
take
a
look
at
the
notes
there
in
the.
A
Background,
oh
okay,
so
you're
actually
asking
about
the
versioning
thing.
Is
that
kind
of
the
root
of
your
question.
H
A
Chile,
can
you
bring
up
the
full
signature
example
or
just
scroll
up.
You've
actually
got
it
in
your
output
there,
where
you've
got.
H
No,
I
I
know
that
the
signature
format
allows
it.
It's
just
the
verification,
implementation
current.
It
currently
doesn't
no.
A
A
Okay,
so
let
me
just
point
out
something
tell
me
what
I'm
missing
then,
because
I
this
is
exactly
the
bidet
conversation
right
like
where
I
want
to
make
sure
we're
all
I'm
capturing
what
you're
asking
so
we're.
The
thing
that
gets
signed
is
hello,
colon
v
1.0
and
you
could
put
hello
and
colon
latest
and
v1.
You
know
whatever
the
list
of
tags
that
you
want.
A
The
verification
is
just
saying
that
this
was
signed
by
registry.example.com,
it's
not
making
any
statement
on
the
which
the
specific
tags
and
so
forth
what
we
did
incorporated
here,
which
was
really
cool,
because
I
hadn't
thought
about
this
until
I
saw
what
he'd
come
up
with.
Is
you
have
this
combination
of
the
digest
and
the
list
of
tags,
the?
A
What
regex's
or
what
other
opa
policies
or
other
policies
you
put
on
looking
at
the
the
references
and
so
forth?
That's
completely
up
to
you
guys
and
what
whatever
the
user
wants
to
use
here.
So
all
we're
saying
here
is
that
this
thing
is
signed
by
the
entity
and
it's
not
making
any
attestation
to,
or
you
know,
trust
section
of
whether
it's
a
v1
or
v2
or
v3.
That's
you
know
you
in
your
deployment
scripts.
You
decide.
A
I
want
to
deploy
v1.0,
I
want
to
deploy
v3,
you
might
have
a
policy
that
says
I
won't
deploy
anything
that
it's
hard
to
say
less
than
with
tags,
but
certain
things
you
could
exclude
as
part
of
your
policy.
That's
the
versioning
history
is
not
really
in
scope
of.
What
we're
trying
to
accomplish
is
that
what
you're
getting
at.
H
Kind
of
I
mean
the
the
signature
format
clearly
allows
what
I
what
I
want
to
happen,
the
thing
that
the
clients
tuning
must
also
anticipated
and
supported
enough
to
be
practical
in
the
workflow.
H
So
if
there
is
a
verified
signature
step
that
just
says,
fine,
the
image
is
pulled
and
run,
and
the
user
is
then
tasked
with
somehow
matching
the
the
signature
with
the
expectations.
That's
difficult.
If
the
verification
step
explicitly
requires
the
the
reference
to
match,
then
we
will
have
to
talk
about
how
that
is
implemented.
What
is
the
policy?
How
is
it
configured
and
if
we
do
that,
together
with
the
configuration
that
specifies
the
trusted,
root,
keys
or
trusted
cas
and
so
on?
It
is
a
much
better
user
experience
because
it
does
logically
belong
together.
A
H
A
A
A
docker
dash
nv2
client
as
part
of
the
experience,
but
we
were
trying
to
be
careful
on
how
much
experience
we
got
into
what
I,
what
I
think,
you're
kind
of
getting
at
is
think
of
it
as
this
workflow
that
we
could
incorporate
together
there.
Imagine
you
had
the
first
to
just
verify
the
signature
is
good,
and
then
you
had
a
policy
manager
that
says
I
only
expect
this.
The
policy
manager
could
actually
incorporate
the
signature
part
as
well.
A
D
Well
now,
so,
if
I
understand
what's
what's
being
discussed-
and
I
and
I
want
to
so
I'm
going
to
try,
basically
what
we're
talking
about
here
is
componentizing
each
individual
step
that
must
be
required
in
the
manner
that
the
end
user,
of
course
expects
them
all
to
have
been
done.
But
this
particular
step
you're
demonstrating
here,
really
is
just
a
portion
of
that
and
the
end
user
experience
will
have
to
have
all
of
them
in
some
form.
We
just
haven't
demonstrated
what
specific
form
yet.
D
D
D
Yeah,
I
think
that's
a
good
way
to
approach
this
is
that,
does
that
seem
like
it
describes
the
world
you
feel
like
you're
looking.
A
A
Once
we
get
further
along
and
we're
at
time
so
we'll
wrap
up
here,
we
did
want
to
demonstrate
how
oppa,
for
instance,
as
an
example,
could
incorporate
this
as
well.
So
we'll
we'll
start
to
see
some
of
these
pieces
more
clearly
come
together.
But
the
point
your
point,
the
thing
you're
pointing
out
is
exactly
the
kind
of
pieces
that
we
want
to
componentize
to
make
enabled
through
the
experience.
A
The
problem
is:
if
we
put
too
many
of
them
together,
then
it
gets
overly
complex.
Just
to
start
and
that's
my
personal
opinion.
I
think
this
is
what
docker
did
really
well
docker
inc
and
their
cli
is
it's
it's
progressively
dis,
progressive
disclosure.
You
start
off
by
saying:
docker
run,
you
don't
do
a
pull.
You
don't
do
anything,
it
just
works
and
then
over
time
you
keep
on
passing
more
information
to
and
you
get
more
and
more
value.
So
the
first
step
here
is:
it's
just
signed.
It's
it's
valid.
A
It
came
from
example.com.
That's
like
the
trust
factor
I
want.
When
I
want
to
add
additional
policy.
It
says:
hey,
I
don't
want
these
other
versions.
I
only
want
this
version
and
these
other
things
specific
to
it.
That's
a
next
piece
we
could
layer
in,
and
this
has
been
the
longest,
the
biggest
part
of
the
whole
conversation.
The
usability
has
got
to
be
there.
A
A
If
there's
nothing
else,
I
do
want
to
respect
everybody's
time.
We
have
the
recording.
We
obviously
have
the
issue
up
for
or
the
pr
for
people
to
comment
on.
So
please
do
we
have
a
slack
channel
for
all
kinds
of
conversations
we'll
discuss
this
week,
whether
we
want
the
7
a.m
or
go
back
to
the
10
a.m.
Pacific
time,
sorry,
I
should
use
a
more
worldwide
clock
definition.
A
A
Thanks
folks
I'll
speak
to
you
next
week
or
well,
see
you
on
slack
also
thanks
for
all
the
work
thanks,
sheeway
he's
been
doing
a
ton
taking
a
lot
of
feedback.
So
thank
you.
Work.