On Wed, 2016-08-24 at 18:25 -0400, Randy Barlow wrote: > Signing > ------- > > Patrick raised the question of signing. Docker supported signing > within > the manifest with the schema 1 version, but with schema 2 the > embedded > signatures have been removed in favor of the Notary service[5]. This > may be an option for Fedora, or there may be alternatives we could > look > into if desired. I'm happy to dig more if we would prefer not to use > Notary for some reason. > > The Blobs (Docker calls the Image layers Blobs) themselves are not > signed, but they are referenced by checksum in the Manifest. You can > see an example Manifest at [6]. Thus, theoretically, if the user > trusts > the Manifest because it is signed by Fedora, they should be able to > trust the Blob layers that they download so long as they do match the > expected checksum. The Docker client does seem to check the checksum > in > my experience. > > By the way, the Manifest response from Mirror List will include the > expected checksums for the Blobs that the client is trying to pull. > Thus, in addition to Fedora signing the Manifest itself, we can also > have the client validate the checksums of the Blobs they receive from > the mirror. If we ensure that clients always communicate with Mirror > List over TLS, this will add another layer of validation for us. I was thinking some more about this over the past few days, and I realized that signing the Manifest itself might be a problem since the Manifest would be dynamically generated under the current proposal (so that the urls of the Blobs can be set to mirrors near the requester). I would guess that we don't want sigul to have any connection to mirror list, so having automated signing here probably isn't ideal. One thing that may work is to have the Manifest Lists be signed instead of the Manifests themselves. The Manifest Lists are the list of Manifests that are available, one per supported arch. During docker pull, we can give the client this list in response to the initial request. The list contains URLs for each available Manifest, referenced by checksum. Thus, if the initial list is signed, the client should make follow up requests for the Manifest by checksum (it's part of the URL) and should validate the checksum of the Manifest it receives. Thus, if we sign the Manfest list, we've signed the checksum of the Manifest, which references the Blobs by checksums as well. How does all that sound? I really don't know much about the Notary service, or about how the Docker client uses it, so I'm not sure that the Mirror List can be signed or not. I'm not even sure that we want to go with Notary, but I did want to bring up this issue early on.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
