Notary v2
Generated by GPT-5-miniExpansion Funnel Raw 1 → Dedup 0 → NER 0 → Enqueued 0
| Notary v2 | |
|---|---|
| Name | Notary v2 |
| Developer | Cloud Native Computing Foundation |
Notary v2 Notary v2 is a specification and ecosystem project for container image signing, content trust, and supply chain integrity. It builds on work by the Cloud Native Computing Foundation, the Open Container Initiative, and partners including Google, Red Hat, Microsoft, Amazon, and VMware to provide standardized metadata, cryptographic signing, and verification for software artifacts. The project aims to interoperate with registries, registrars, package managers, and orchestration systems such as Kubernetes, Docker, and containerd.
Overview
Notary v2 defines an interoperable protocol and data model to sign, verify, and distribute attestations for artifacts stored in registries like Docker Hub, GitHub Container Registry, Quay, and Amazon ECR. It interacts with standards and bodies such as the Open Container Initiative, Cloud Native Computing Foundation, Linux Foundation, and Software Package Data Exchange to align cryptographic practices with registries and supply chain projects including Sigstore, Tekton, Argo CD, and SPDX. Major vendors and projects—Google, Red Hat, Microsoft, Amazon, VMware, Rancher, Harbor, Podman—participate in implementations and integrations.
Background and Motivation
The initiative arose from needs highlighted by incidents involving SolarWinds, Log4Shell, and supply chain compromises that affected projects and organizations like Microsoft, SolarWinds, the European Union Agency for Cybersecurity, and the US Cybersecurity and Infrastructure Security Agency. Prior efforts such as The Update Framework, TUF, and Notary v1 influenced design choices; stakeholders including CNCF technical committees, OCI Image Format maintainers, and distribution operators sought a replacement that addresses scalability, key management, and registry neutrality for ecosystems including Kubernetes, OpenShift, and Cloud Foundry.
Architecture and Components
Notary v2 specifies components such as signing clients, verification libraries, repository backends, and transport adapters that integrate with registries (Docker Registry HTTP API V2), content-addressable stores, and provenance systems. It leverages cryptographic primitives from projects like TUF, Sigstore’s Rekor and Fulcio, and standards from the IETF, FIPS, and NIST. Implementations interact with container runtimes such as containerd, CRI-O, runc, and Kubernetes controllers, and with CI/CD platforms like Jenkins, GitLab CI, GitHub Actions, and Tekton Pipelines. Metadata formats align with OCI Image Format, SPDX, and Cloud Native Buildpacks.
Standard Specifications
The specification defines canonical metadata schemas, transport semantics, signature envelopes, and discovery mechanisms for registries like Docker Hub, Quay, GitHub Container Registry, and Google Container Registry. It references formats from the Open Container Initiative, the Software Package Data Exchange, and cryptographic suites endorsed by NIST and IETF. The spec describes layering with provenance attestations for projects such as SLSA, in-toto, and Grafeas, and enumerates requirements for interoperation with registries maintained by Amazon, Google, Red Hat, and Redox.
Security Model and Threats
Notary v2 models threats including supply chain sabotage observed in incidents involving SolarWinds, state-level intrusion patterns tied to actors referenced in public advisories, and compromise vectors documented by agencies like CISA and ENISA. The model builds on defenses from TUF, key rotation practices in SIGSTORE, transparency logs similar to Certificate Transparency, and provenance tracking akin to in-toto and SLSA. It addresses attacker classes that target CI/CD systems such as Jenkins, GitLab, and GitHub Actions, and runtime compromise scenarios in Kubernetes, OpenShift, and Docker Swarm.
Adoption and Implementations
Adopters and implementers include Google, Red Hat, Microsoft, Amazon, VMware, Docker, GitHub, Cloudflare, and project ecosystems like Harbor, Notary v1 maintainers, Cosign, and Sigstore. Integrations exist for Kubernetes admission controllers, OpenShift operator frameworks, GitLab CI pipelines, Jenkins shared libraries, Tekton tasks, and cloud registries including Google Artifact Registry and Amazon ECR. Distributor and registry projects such as Quay, Harbor, Docker Hub, and GHCR implement compliance layers, while runtime projects containerd and CRI-O add verification hooks.
Comparison with Notary v1
Compared with Notary v1 and The Update Framework derivatives used by Docker Content Trust, the specification emphasizes registry-native storage, simplified trust models for key management, support for modern cryptographic suites, and tighter alignment with OCI artifacts and registries like Docker Hub, Quay, and GitHub Container Registry. It addresses scalability and usability gaps that affected projects including Docker, Kubernetes, and Cloud Foundry, and complements complementary tools such as Cosign, Sigstore, and Grafeas.
Limitations and Future Work
Ongoing challenges include cross-registry policy harmonization among vendors such as Google, Amazon, Microsoft, and Red Hat; key management interoperability for enterprises using Vault, Azure Key Vault, AWS KMS, and HashiCorp Vault; and richer provenance integration with SPDX, SLSA, and in-toto. Future work targets tighter integration with orchestration platforms like Kubernetes and OpenShift, improved developer ergonomics for GitHub Actions, GitLab CI, and Jenkins, and expanded registry support in projects such as Quay, Harbor, Docker Hub, and Google Artifact Registry.