Finalize reserved prefix for annotation keys to store notary specific metadata in signature envelope.

[priteshbandi]

We need to finalize notary v2 reserved prefix for annotation keys to store notary specific metadata.
See #102

once we have finalized the prefix please update signature-specification.md > Payload section with following blurb.

The prefix `TBD` is reserved for use in Notary v2 and MUST NOT be used outside this specification. In Notary v2 annotations are being used to store signed attributes

Resources: https://github.com/opencontainers/image-spec/blob/main/annotations.md#rules

[SteveLasker]

how about: org.cncf.notary.*
This follows the annotations convention under the image manifest
It's also aligned with org.cncf.oras.artifact.* from PR #82

[priteshbandi]

org.cncf.notary.* sounds good to me. Is there any legal or any other formality required?

[jonjohnsonjr]

how about: org.cncf.notary.*

What relationship does notary have to the Christina Noble Children's Foundation?

[SteveLasker]

I think what @jonjohnsonjr is trying to say is:

The image spec calls out a suggestion to use internet reverse namespaces for annotations. You might want to consider this reverse domain pattern...

• Keys MUST be unique within this map, and best practice is to namespace the keys.
• Keys SHOULD be named using a reverse domain notation - e.g. com.example.myKey.

We've been using the logical namespace of org.cncf.notary.* but this is confusing when you consider reverse domains, vs. logical ownership. While I don't think we'll have a true collision with the Christina Noble Chidren's Foundation, it's a good thing to cleanup.

How about io.cncf.notary