Cool, that mostly just works (had a socket error the first time I tried).
However, there's some usability problems here that I'd like to bring to your attention:
- There is no indication that the pull is different; no output from trust verification that it is indeed signed. This means I have to trust that Docker did the right thing, with no means of verification.
- Inspecting the image after pulling gives no indication that the image is signed, and gives me no way to do my own signature validation on the image.
- It does fail properly when pulling an unsigned image. Yay!
- Docker run initiates a connection back to notary, and fails if it can not connect. This makes me uneasy - it makes me wonder what data is passed, how it's being used, what changes are being made according to the response, and so forth.
- Using trust is a per-command decision, instead of a daemon setting.
- There's no clear method to revoke a signing key if identified to be malicious.
- This seems like a good candidate for "secure by default" once some of the usability issues are resolved.
However, there's some usability problems here that I'd like to bring to your attention:
- There is no indication that the pull is different; no output from trust verification that it is indeed signed. This means I have to trust that Docker did the right thing, with no means of verification.
- Inspecting the image after pulling gives no indication that the image is signed, and gives me no way to do my own signature validation on the image.
- It does fail properly when pulling an unsigned image. Yay!
- Docker run initiates a connection back to notary, and fails if it can not connect. This makes me uneasy - it makes me wonder what data is passed, how it's being used, what changes are being made according to the response, and so forth.
- Using trust is a per-command decision, instead of a daemon setting.
- There's no clear method to revoke a signing key if identified to be malicious.
- This seems like a good candidate for "secure by default" once some of the usability issues are resolved.