David Tesar

@gokarnm - I think it's fair to keep out of scope read/update/delete here since the command we're targeting is `notation cert generate` and the target user scenario is as Steve...

It certainly would be a better user experience to not have to download a plugin to get a cert from the provider, but that said then you introduce a ton...

Steve - I believe we need to fill in more details on 238 because it is currently vague and not connected to this purpose as it is written. Key discovery...

I forgot about 172 and I believe this captures the notation flavor/idea intent to implement key discovery. However - @letmaik's [comment above ](https://github.com/notaryproject/notaryproject/issues/95#issuecomment-1076285953) is worth considering that isn't covered in...

Thank you @ianjmcm. Need to sign your commit so it passes [DCO check steps to resolve there](https://github.com/notaryproject/notaryproject/pull/167/checks?check_run_id=7239005886).

@priteshbandi @iamsamirzon @gokarnm - this is ready for merge now passing DCO checks upon one of your approvals.

@letmaik I fixed the merge conflicts. Let's use that PR to drive forward. https://github.com/notaryproject/notaryproject/pull/148

I just checked and [see here that notation-go ](https://github.com/notaryproject/notation-go/blob/52fcb4aae8bc9acf613f0ca77b1fdb9f27831e0c/signature/jws/spec.go#L44-L57) is enforcing a check for the signing bit set. When I try to go through our tutorial and create a certificate...

One valid comment which came up during the community call yesterday... is if someone wanted to use notation to sign documents, there is another valid [EKU for document signing](https://datatracker.ietf.org/doc/draft-ietf-lamps-documentsigning-eku/).

Per the discussion on the last call, I believe we came to a consensus that if PR #167 would be implemented, then we could close this out. Then we'd need...