Other orgs will be looking for insight into how we implemented Notary in the pipeline and why we did so. Will need to create an ADR for reference. This template is **ONLY** used for enhancement requests. Bug reporting or new feature request issues should use the other template options for issue submission. ## Current Behavior <!--- What current feature should be improved? --> Notary needs to be fully documented. All decisions that we have made, all steps taken, etc. need to be put down on paper. Other orgs will be looking for insight into how we implemented Notary in the pipeline and why we did so. Will need to create an ADR for reference. ## Purpose <!--- If it is not obvious, state what purpose this enhancement would serve --> ## Plan <!--- What needs to be done in order to implement the enhancement? How do we test if implementation is successful? --> need to investigate whether the encyption algorithms are fips compliant - command line instructions to show how Docker Content Trust works, - key storage policy captured, - input from Jeff about his process concerns, - ci pipeline design need to investigate whether the- discuss FIPS compliancy, measures taken (RSA 4096 for root + delegation key, that targets key is autogenerated, etc) - TOFU - how to get new root, that it uses old root, root key is encryption algorithms are fips complianted ## Acceptance Criteria <!--- What is the acceptance criteria for this new feature? --> - -