Docker images/tags should be signed.

[homotechsual]

If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.

My operating system is (include version):

Ubuntu 20.04 (Server)

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

Docker

I ran this command and it produced this output:

docker trust inspect --pretty certbot/certbot

No signatures or cannot access certbot/certbot

Certbot's behavior differed from what I expected because:

Given the security-focussed nature of what certbot does and the space in which it operates the docker images should be signed to help defend against supply-chain attacks or copy-cat images trying to MITM the official Certbot images.

https://docs.docker.com/engine/security/trust/

[alexzorin]

Hi,

Thanks for the suggestion.

I think we'd want to verify that this would measurably improve the security for users.

e.g. If Docker Hub does centralized key distribution, what stops them from MITMing our keys and images? If users still have to trust Docker Hub, what does signing achieve that downloading the images over HTTPS doesn't?

If you (or anyone) has a more in-depth understanding of Docker Content Trust, any input would be great.

[github-actions]

We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed.

[github-actions]

This issue has been closed due to lack of activity, but if you think it should be reopened, please open a new issue with a link to this one and we'll take a look.