diff --git a/docker/docker_client.go b/docker/docker_client.go
index 18b0278d..69126bfc 100644
--- a/docker/docker_client.go
+++ b/docker/docker_client.go
@@ -108,7 +108,7 @@ type dockerClient struct {
 	// The following members are not set by newDockerClient and must be set by callers if needed.
 	auth                 types.DockerAuthConfig
 	registryToken        string
-	signatureBase        signatureStorageBase
+	signatureBase        lookasideStorageBase
 	useCosignAttachments bool
 	scope                authScope
 
@@ -221,7 +221,7 @@ func newDockerClientFromRef(sys *types.SystemContext, ref dockerReference, regis
 		return nil, perrors.Wrapf(err, "getting username and password")
 	}
 
-	sigBase, err := registryConfig.signatureStorageBaseURL(ref, write)
+	sigBase, err := registryConfig.lookasideStorageBaseURL(ref, write)
 	if err != nil {
 		return nil, err
 	}
diff --git a/docker/docker_image_dest.go b/docker/docker_image_dest.go
index 1fa374b4..30897fda 100644
--- a/docker/docker_image_dest.go
+++ b/docker/docker_image_dest.go
@@ -585,7 +585,7 @@ func (d *dockerImageDestination) putSignaturesToLookaside(signatures []signature
 
 	// NOTE: Keep this in sync with docs/signature-protocols.md!
 	for i, signature := range signatures {
-		url := signatureStorageURL(d.c.signatureBase, manifestDigest, i)
+		url := lookasideStorageURL(d.c.signatureBase, manifestDigest, i)
 		err := d.putOneSignature(url, signature)
 		if err != nil {
 			return err
@@ -597,7 +597,7 @@ func (d *dockerImageDestination) putSignaturesToLookaside(signatures []signature
 	// is enough for dockerImageSource to stop looking for other signatures, so that
 	// is sufficient.
 	for i := len(signatures); ; i++ {
-		url := signatureStorageURL(d.c.signatureBase, manifestDigest, i)
+		url := lookasideStorageURL(d.c.signatureBase, manifestDigest, i)
 		missing, err := d.c.deleteOneSignature(url)
 		if err != nil {
 			return err
diff --git a/docker/docker_image_src.go b/docker/docker_image_src.go
index c96c8e19..b8df84f7 100644
--- a/docker/docker_image_src.go
+++ b/docker/docker_image_src.go
@@ -452,7 +452,7 @@ func (s *dockerImageSource) getSignaturesFromLookaside(ctx context.Context, inst
 	// NOTE: Keep this in sync with docs/signature-protocols.md!
 	signatures := []signature.Signature{}
 	for i := 0; ; i++ {
-		url := signatureStorageURL(s.c.signatureBase, manifestDigest, i)
+		url := lookasideStorageURL(s.c.signatureBase, manifestDigest, i)
 		signature, missing, err := s.getOneSignature(ctx, url)
 		if err != nil {
 			return nil, err
@@ -641,7 +641,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere
 	}
 
 	for i := 0; ; i++ {
-		url := signatureStorageURL(c.signatureBase, manifestDigest, i)
+		url := lookasideStorageURL(c.signatureBase, manifestDigest, i)
 		missing, err := c.deleteOneSignature(url)
 		if err != nil {
 			return err
diff --git a/docker/registries_d.go b/docker/registries_d.go
index 760d12de..523e6480 100644
--- a/docker/registries_d.go
+++ b/docker/registries_d.go
@@ -52,11 +52,11 @@ type registryNamespace struct {
 	UseCosignAttachments *bool  `json:"use-cosign-attachments,omitempty"`
 }
 
-// signatureStorageBase is an "opaque" type representing a lookaside Docker signature storage.
-// Users outside of this file should use SignatureStorageBaseURL and signatureStorageURL below.
-type signatureStorageBase *url.URL
+// lookasideStorageBase is an "opaque" type representing a lookaside Docker signature storage.
+// Users outside of this file should use SignatureStorageBaseURL and lookasideStorageURL below.
+type lookasideStorageBase *url.URL
 
-// SignatureStorageBaseURL reads configuration to find an appropriate signature storage URL for ref, for write access if “write”.
+// SignatureStorageBaseURL reads configuration to find an appropriate lookaside storage URL for ref, for write access if “write”.
 // the usage of the BaseURL is defined under docker/distribution registries—separate storage of docs/signature-protocols.md
 // Warning: This function only exposes configuration in registries.d;
 // just because this function returns an URL does not mean that the URL will be used by c/image/docker (e.g. if the registry natively supports X-R-S-S).
@@ -70,7 +70,7 @@ func SignatureStorageBaseURL(sys *types.SystemContext, ref types.ImageReference,
 		return nil, err
 	}
 
-	return config.signatureStorageBaseURL(dr, write)
+	return config.lookasideStorageBaseURL(dr, write)
 }
 
 // loadRegistryConfiguration returns a registryConfiguration appropriate for sys.
@@ -158,9 +158,9 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) {
 	return &mergedConfig, nil
 }
 
-// signatureStorageBaseURL returns an appropriate signature storage URL for ref, for write access if “write”.
+// lookasideStorageBaseURL returns an appropriate signature storage URL for ref, for write access if “write”.
 // the usage of the BaseURL is defined under docker/distribution registries—separate storage of docs/signature-protocols.md
-func (config *registryConfiguration) signatureStorageBaseURL(dr dockerReference, write bool) (*url.URL, error) {
+func (config *registryConfiguration) lookasideStorageBaseURL(dr dockerReference, write bool) (*url.URL, error) {
 	topLevel := config.signatureTopLevel(dr, write)
 	var url *url.URL
 	if topLevel != "" {
@@ -171,7 +171,7 @@ func (config *registryConfiguration) signatureStorageBaseURL(dr dockerReference,
 		url = u
 	} else {
 		// returns default directory if no lookaside specified in configuration file
-		url = builtinDefaultSignatureStorageDir(rootless.GetRootlessEUID())
+		url = builtinDefaultLookasideStorageDir(rootless.GetRootlessEUID())
 		logrus.Debugf(" No signature storage configuration found for %s, using built-in default %s", dr.PolicyConfigurationIdentity(), url.Redacted())
 	}
 	// NOTE: Keep this in sync with docs/signature-protocols.md!
@@ -184,8 +184,8 @@ func (config *registryConfiguration) signatureStorageBaseURL(dr dockerReference,
 	return url, nil
 }
 
-// builtinDefaultSignatureStorageDir returns default signature storage URL as per euid
-func builtinDefaultSignatureStorageDir(euid int) *url.URL {
+// builtinDefaultLookasideStorageDir returns default signature storage URL as per euid
+func builtinDefaultLookasideStorageDir(euid int) *url.URL {
 	if euid != 0 {
 		return &url.URL{Scheme: "file", Path: filepath.Join(homedir.Get(), defaultUserDockerDir)}
 	}
@@ -272,10 +272,10 @@ func (ns registryNamespace) signatureTopLevel(write bool) string {
 	return ""
 }
 
-// signatureStorageURL returns an URL usable for accessing signature index in base with known manifestDigest.
+// lookasideStorageURL returns an URL usable for accessing signature index in base with known manifestDigest.
 // base is not nil from the caller
 // NOTE: Keep this in sync with docs/signature-protocols.md!
-func signatureStorageURL(base signatureStorageBase, manifestDigest digest.Digest, index int) *url.URL {
+func lookasideStorageURL(base lookasideStorageBase, manifestDigest digest.Digest, index int) *url.URL {
 	url := *base
 	url.Path = fmt.Sprintf("%s@%s=%s/signature-%d", url.Path, manifestDigest.Algorithm(), manifestDigest.Hex(), index+1)
 	return &url
diff --git a/docker/registries_d_test.go b/docker/registries_d_test.go
index 15689fe4..863c503f 100644
--- a/docker/registries_d_test.go
+++ b/docker/registries_d_test.go
@@ -271,7 +271,7 @@ func TestRegistryNamespaceSignatureTopLevel(t *testing.T) {
 	}
 }
 
-func TestSignatureStorageBaseSignatureStorageURL(t *testing.T) {
+func TestLookasideStorageURL(t *testing.T) {
 	const mdInput = "sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 	const mdMapped = "sha256=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 
@@ -291,17 +291,17 @@ func TestSignatureStorageBaseSignatureStorageURL(t *testing.T) {
 		require.NoError(t, err)
 		expectedURL, err := url.Parse(c.expected)
 		require.NoError(t, err)
-		res := signatureStorageURL(url, mdInput, c.index)
+		res := lookasideStorageURL(url, mdInput, c.index)
 		assert.Equal(t, expectedURL, res, c.expected)
 	}
 }
 
-func TestBuiltinDefaultSignatureStorageDir(t *testing.T) {
-	base := builtinDefaultSignatureStorageDir(0)
+func TestBuiltinDefaultLookasideStorageDir(t *testing.T) {
+	base := builtinDefaultLookasideStorageDir(0)
 	assert.NotNil(t, base)
 	assert.Equal(t, "file://"+defaultDockerDir, base.String())
 
-	base = builtinDefaultSignatureStorageDir(1000)
+	base = builtinDefaultLookasideStorageDir(1000)
 	assert.NotNil(t, base)
 	assert.Equal(t, "file://"+filepath.Join(os.Getenv("HOME"), defaultUserDockerDir), base.String())
 }