November 30, 2019

187 words 1 min read

Redesigning Notary in a Multi-registry World

Redesigning Notary in a Multi-registry World

Notary, used to secure container image updates, is the most widely adopted implementation of the TUF protocol. However, since Notarys design around Docker Hub in 2015, container registries have proli …

Talk Title Redesigning Notary in a Multi-registry World
Speakers Justin Cormack (Engineer, Docker)
Conference KubeCon + CloudNativeCon North America
Conf Tag
Location San Diego, CA, USA
Date Nov 15-21, 2019
URL Talk Page
Slides Talk Slides
Video

Notary, used to secure container image updates, is the most widely adopted implementation of the TUF protocol. However, since Notary’s design around Docker Hub in 2015, container registries have proliferated and some of the design decisions don’t support the needs of a multi-registry world. This talk looks at redesigning the model to allow portability of container images between registries with signature data stored alongside the image data allowing it to be pushed and pulled alongside the image. This reworking of Notary will enable easier portability of images, and improve supply chain security by enabling mirrors and users of mirrors to validate image data, allowing users to easily work with cloud and local registries, offline caches and other common architectures.

comments powered by Disqus