Story
As a user I want to have confidence that the bytes I am using are the bytes I think I'm using, and that the author is known.
As a user I want to have confidence that the bytes I am using are the bytes I should be using given the application I'm running
As an admin I want to know that bytes used by users are from trusted sources and are use in an appropriate manner
Details
All trust is associated with tags - in a VCH, the portlayer is unaware of tags (these are a personality facet) - the implication is that the verification must be done in the personality side.
Trust level that can be applied to entities:
blind (trust anything, don't vet signature)
insecure (trust anything, confirm signature)
TOFU (trust anything, confirm stable)
secure (require verification via prior knowledge - ie. known CA, referred to as Trust Pinning)
Remote entities involved in image publishing/acquisition:
notary
registry
repository
tag
Registry is a hierarchy of:
server
repository
tag
Each element in the registry should have:
trust setting
inheritable trust setting
specific trust setting overrides inherited?
Knowledge needed by a VCH:
default registry
notary configs
trust level
CA
registry configs
trust level
CA
repository configs
trust level
CA if secure & not TOFU
tag configs
trust level
CA if secure & not TOFU
Tasks - basic support for notary (client enforced):
[ ] image signature validation (#1331)
Tasks - VCH support for notary (appliance enforced):
[ ] provide basic notary configuration to VCH (#4766)
[ ] add notary client support to the personality (#4767)
[ ] default registry configuration (optional)
[ ] provide rich trust-level configuration (optional)
NOTE
Consider dropping some of the negative case testing in favour of whitelist - I think that's a better investment of time.
Story As a user I want to have confidence that the bytes I am using are the bytes I think I'm using, and that the author is known. As a user I want to have confidence that the bytes I am using are the bytes I should be using given the application I'm running As an admin I want to know that bytes used by users are from trusted sources and are use in an appropriate manner
Details All trust is associated with tags - in a VCH, the portlayer is unaware of tags (these are a personality facet) - the implication is that the verification must be done in the personality side.
Trust level that can be applied to entities:
Remote entities involved in image publishing/acquisition:
Registry is a hierarchy of:
Each element in the registry should have:
Knowledge needed by a VCH:
Tasks - basic support for notary (client enforced):
Tasks - VCH support for notary (appliance enforced):
NOTE Consider dropping some of the negative case testing in favour of whitelist - I think that's a better investment of time.