Joined: 14 Oct 2017
|Posted: Sat Nov 04, 2017 8:00 am Post subject: Docker registry security ?
Is it possible to sign images with a CA-cert such that a customer can verify that the image is signed by some delegate of the CA-cert trust chain? It seems like DTR has a binary mode of trust: either and image is signed or it is not, but not qualified by who.
As far as I know, the security model is such that on a per-machine basis, you create a root, taret, timestamp and snapshot keys. Are we able to have these derive from an existing certificate or is this impossible?
I didn't find the right solution from the Internet.