Notary is an open-source project that is trying to make the internet more secure. It consists of a server and client that can be used to run and interact with trusted collections.
According to the project’s GitHub page, most of the web relies on TLS to secure communications to a web server, but if that server is compromised, any malicious content could be substituted in place of the original, legitimate content.
Notary solves this issue by allowing publishers to sign content offline with keys that are kept highly secure. When the publisher is ready to make content publicly available, they can then push the signed collection to their Notary server. Then, consumers who have acquired the publisher’s public key can communicate with a Notary server or mirror and depend on the key to determine the validity of the content.
The project is based on The Update Framework, which is a secure design for distributing and updating software.
It offers a number of benefits, such as survivable key compromise, freshness guarantees, configurable trust thresholds, signing delegation, use of existing distributions, and untrusted mirrors and transport.
The project is currently Incubating at the Cloud Native Computing Foundation (CNCF), which accepted it in October 2017.