Reader of logs, juggler of hashes, defender of bits.
A Docker image walks into a Notary
Secure software distribution is a hard problem. A testament to this fact are the thousands of different software update systems in use today, most of which vulnerable to a myriad of attacks that leave the end users potentially vulnerable to compromise. With the explosion in popularity of containers, more and more software is being distributed in the form of a Docker image. This gives us the unique opportunity to leapfrog the status quo, and create a better way to ensure the security of software distribution. Enter Notary, an application built at Docker that aims to make the internet more secure by making it easy for people to publish and verify content. Notary follows a flexible security framework called TUF (The Update Framework), allowing publishers to sign their content offline and manage their keys securely. In this talk I will go over Notary, its security guarantees, TUF and how we’ve integrated it into Docker 1.8 to provide content trust.