Signed name-assertion objects

[wking]

Spun off from #173:

On Thu, Jul 21, 2016 at 04:38:55PM -0700, Stephen Day wrote:

1. The trust model for naming must be clarified (how does one trust
   the names in a tar file?). File names aren't a very good
   authority if you can't verify the integrity of the underlying
   storage.

I have some notes on modeling this here, here, and here, but I think we need the following types:

• application/vnd.oci.image.named.blob.v1+json, with properties for a name string and a blob descriptor, asserting that that name applies to that descriptor.
• application/vnd.oci.image.signed.blob.v1+json, with properties for a blob descriptor and signatures array of descriptors.

The signature payloads would use existing media types like application/pgp-signature and application/jose+json.

I think that's enough to get started, and we can talk about blobs for public keys, signing algorithms, validity schemes, etc. later if there is demand for carrying them in-band.

[vbatts]

I don't see this conversation having traction or a common goal.

[wking]

I don't see this conversation having traction...

Yeah, over two years without a response sounds like "no traction" to me ;).

... or a common goal.

I think having a standardized way to sign images is a pretty clear goal. This proposal is one way to do that, and it has the benefit of allowing signed name-assertions to live in CAS where they are easy to mirror and distribute. #22 has discussion on many alternatives as well. It would be nice if image-spec maintainers eventually picked one approach and specified it.