We read with great interest Docker's blog post
for their 1.3 release, "The Docker Engine will now automatically verify the provenance and integrity of all Official Repos using digital signatures.
" That is, any Docker images submitted for redistribution by Docker through its repository
will be digitally signed and verified, certifying it hasn't been changed by unknown parties.
A valid signature provides an added level of trust by indicating that the Official Repo image has not been tampered with.
This is wrong on so many levels
Images have a lifetime which means that signing keys must be managed.
Key management is really hard
(even the world’s leading security company can't manage it
). It also requires all customers
to blindly trust Docker
, their procedures, their administrators, their security.
Trust is a failed model. Just as in the real world trust doesn’t scale across time (secrets eventually leak) and it doesn’t scale across number of participants (trust is not a transitive relation: If A trusts B and B trusts C it does not imply that A trusts C).
We suspect that this is nothing more than lipstick on a pig. Docker is insecure to start with and adding signatures won’t solve the problem – in fact it will make it worse – as it will just lead to a false (and entirely unjustified) sense of security.
Enter the Blockchain One of the most significant trends over the last few years, (spearheaded by Bitcoin) has been the move away from centralized trust authorities to decentralized "consensus" trust models – assertions about what is and what is not true can be verified independently using a public ledger built using consensus based decision making.
KSI is an example of a blockchain
– one were trust is eliminated for verifying the integrity and provenance
of the world’s data. If we think of the cloud as a giant logistics platform for data, then we can think of a transaction as a transport or processing of data. Data enters in to the cloud (network), it is processed (compute) and then is either returned to a consumer or kept for reuse at a later date (storage).
Imagine if the Blockchain contained every data transaction - every transport, compute and storage of data, i.e. every step in the data supply chain. There would be no need to trust Docker (or anyone for that matter) to verify provenance – the truth would be inside the block chain, which can be used to verify the status of infrastructure.
Such a system would give complete traceability, accountability and transparency for the cloud, entities who are either using or administrating the cloud can be held responsible for their actions, regulators get to audit all processes and everyone involved can verify what happened after the fact.
Of course a reasonable question to ask would be whether such as system could be built in reality. Even a modest petabyte cloud easily implies billions of data transactions every second that would need to be entered into the blockchain and distributed out to the edge. The implied network, storage and compute requirements would make it impossible to scale.
Right? Now here's a thought - imagine if that block chain wasn't just for one cloud - but for all clouds, and all data - every transport, compute and storage of data across all networks in the world. Imagine what such as a system would imply for accountability and transparency for global society. It would transform our society from one that is trust based to one that is truth based, i.e. humans can choose to trust each other, but they can also verify; they can prove what happened without trusting anyone - including Docker.