On Tue, 2016-09-06 at 13:59 -0400, Randy Barlow wrote: > One thing that may work is to have the Manifest Lists be signed > instead > of the Manifests themselves. The Manifest Lists are the list of > Manifests that are available, one per supported arch. During docker > pull, we can give the client this list in response to the initial > request. The list contains URLs for each available Manifest, > referenced > by checksum. Thus, if the initial list is signed, the client should > make follow up requests for the Manifest by checksum (it's part of > the > URL) and should validate the checksum of the Manifest it receives. > Thus, if we sign the Manfest list, we've signed the checksum of the > Manifest, which references the Blobs by checksums as well. Aaaaaand I'm pretty sure we can't sign the Manifest Lists either since they would reference Manifests by digest, and the Manfest's digest will be dynamic due to the URL list changing in response to the requester. I feel silly for not realizing this when I proposed that last bit. I think we need to go back to the drawing board on the signing problem.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
