summaryrefslogtreecommitdiff
path: root/doc/conferences/seminar
diff options
context:
space:
mode:
authorMatthew James Goins <mjgoins@openflows.com>2010-03-20 15:07:30 -0400
committerMatthew James Goins <mjgoins@openflows.com>2010-03-20 15:07:30 -0400
commit2f9fe93b98ed32b662212899db6ba2174c1138d3 (patch)
tree099a0b3224b666bfc1289462f1a6d01a24763102 /doc/conferences/seminar
parent072e05ac7a9872edc3a3e18e103bbba2706254bf (diff)
Removed docs and website. They will now reside (for my repo) at git://lair.fifthhorseman.net/~mjgoins/monkeysphere.info/
Diffstat (limited to 'doc/conferences/seminar')
-rw-r--r--doc/conferences/seminar/abstract17
-rw-r--r--doc/conferences/seminar/outline43
2 files changed, 0 insertions, 60 deletions
diff --git a/doc/conferences/seminar/abstract b/doc/conferences/seminar/abstract
deleted file mode 100644
index 83fddfc..0000000
--- a/doc/conferences/seminar/abstract
+++ /dev/null
@@ -1,17 +0,0 @@
-Monkeysphere provides a robust, decentralized, out-of-band Public Key
-Infrastructure (PKI) based on OpenPGP's Web of Trust. It is intended
-to support any protocol which needs public-key authentication or
-binding between public keys and real-world entities. Current
-implementations include mutual authentication (both server and client)
-for SSH and authentication of servers for HTTPS. The technique is
-resistant to X.509's inherent single-issuer policy bias, allows use of
-a single key for a host offering multiple services, and handles
-initial contact, re-keying, and revocation better than OpenSSH's
-traditional key continuity management (KCM) scheme. It also requires
-no changes to on-the-wire protocols, and is transparently
-interoperable with existing tools, so the migration path to the new
-PKI is smooth (and encouraged). Discussion will include the merits
-and drawbacks of the Monkeysphere, as well as its relationship to
-in-band measures (such as the Server Name Indication (SNI) TLS
-extension and the subjectAltName (sAN) extended attribute for X.509v3
-certificates) which provide some pieces of similar functionality.
diff --git a/doc/conferences/seminar/outline b/doc/conferences/seminar/outline
deleted file mode 100644
index 1531353..0000000
--- a/doc/conferences/seminar/outline
+++ /dev/null
@@ -1,43 +0,0 @@
-outline for 1 hr seminar talk to CS/security academics
-
- - key-based authentication is here to stay. (e.g. https, ssh).
- - host vs. user
-
- - raises key management/distribution issues
-
- - what PKIs are available? X.509, OpenPGP, SPKI
-
- - social vulnerabilities - single-signer vs. multi-signer
-
- - protocol vulnerabilities - single cert vs. multi-cert (server
- vs. client again)
-
- - utility for group-internal work, phased approach to public
-
-
-
-Stream-based communications over the public network have an
-authentication problem. Most data streams are not authenticated in
-either direction, and most of those that are authenticated in at least
-one direction use authentication regimes which suffer from a range of
-known structural problems.
-
-Public-key-based authentication offers security advantages over
-shared-secret approaches, but it introduces additional questions of
-key distribution, binding, and revocation. Two common solutions to
-these problems on today's network are X.509 certificates (used by TLS
-connections like HTTPS) and so-called "key continuity management"
-(KCM) (used by popular SSH implementations and the "security
-exceptions" interface for some web browsers). Both of these schemes
-present security concerns of their own: KCM has trouble with initial
-contact, key revocation, and re-keying; and X.509's single-issuer
-certificate format has a systemic bias that selects for unaccountable
-third-party authorities. New work ("the Monkeysphere") extends the
-OpenPGP Web of Trust into authenticating stream-based communications
-(instead of its traditional message-based environment of e-mails and
-files) by means of a protocol-independent overlay. As a simple,
-alternative PKI, the Monkeysphere resolves these failings, and also
-provides features currently only available as protocol extensions
-(such as SNI).
-
-