Notary Issue #82 Timestamp Server Time Stamping Authorities (TSAs) defined by RFC3161 provide signed timestamp for a signature in order to prove that the signature was generated during the validity period of a certificate. Scenarios With TSA, signature can be considered valid even if the signing cerificate is expired. This technique is widely used by Authenticode with SignTool, NuGet, Adobe Acrobat, and many other industrial products. In the world of artifacts, including container images, scenarios are

Notary Issue #86 This document defines the requirements of the signature format and discusses the candidates for Notary V2. Definition A complete signature $\Sigma = (m, \mu, \hat\mu, \sigma) \gets \mathbf{Sign}(sk, m)$ is a tuple of Signed payload $m$. Signed signature metadata $\mu$. Unsigned signature metadata $\hat\mu$.