Time-stamping (https://www.rfc-editor.org/rfc/rfc3161) extends the trust of signature beyond the validity period of a certificate. If a container image was signed before the expiry of corresponding certificate, with the support of Time-stamping, the authenticity and integrity of the image can still be ensured. Without the support of Time-stamping, if the certificate expires, the verification will fail. Signer can re-sign the image with new key/certificate, however this will cause usability issues and waste of resource since it is not necessary.
This issue is to ask for the support for Notary Project timestamped signature.
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this feature?
What would you like to be added?
Time-stamping (https://www.rfc-editor.org/rfc/rfc3161) extends the trust of signature beyond the validity period of a certificate. If a container image was signed before the expiry of corresponding certificate, with the support of Time-stamping, the authenticity and integrity of the image can still be ensured. Without the support of Time-stamping, if the certificate expires, the verification will fail. Signer can re-sign the image with new key/certificate, however this will cause usability issues and waste of resource since it is not necessary.
This issue is to ask for the support for Notary Project timestamped signature.
Anything else you would like to add?
No response
Are you willing to submit PRs to contribute to this feature?