HuKeping
commented
6 years ago The trusted pin might help?
Open florianeichin opened 6 years ago
HuKeping
commented
6 years ago The trusted pin might help?
florianeichin
commented
6 years ago yeah, I know notary is using TOFU for initial trust, but isn't it (in worst case) kind of blind trust, if the user doesn't approve, that the used public key is the one he want's to trust?
justincormack
commented
6 years ago You don't have to use TOFU, you can trust pin via CA or a list of certificates, see https://github.com/theupdateframework/notary/blob/master/trustpinning/trustpin.go#L13-L34
Wouldn't it make sense to ask the user while first pull if the used public part of the rootkey should be trusted, similar to first ssh usage? As most of the security magic happens in background thourgh notary, the normal user has no possibility to verify the root of trust when first pulling an image. With a cmd question the attention for a secure image would grow, maybee.