summaryrefslogtreecommitdiff
path: root/doc/conferences
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-03-23 02:12:33 -0400
committerJameson Rollins <jrollins@finestructure.net>2010-03-23 02:12:33 -0400
commitdbeab30f940705e3813746ccf7480619d8261d37 (patch)
tree099a0b3224b666bfc1289462f1a6d01a24763102 /doc/conferences
parent0f6ef9923f4d70e2a79edd898f6ac46b617480c9 (diff)
parent2f9fe93b98ed32b662212899db6ba2174c1138d3 (diff)
Merge remote branch 'mjgoins/master'
Conflicts: doc/george/changelog
Diffstat (limited to 'doc/conferences')
-rw-r--r--doc/conferences/lca2010/abstract65
-rw-r--r--doc/conferences/lca2010/bio23
-rw-r--r--doc/conferences/lca2010/experience26
-rw-r--r--doc/conferences/lca2010/outline62
-rw-r--r--doc/conferences/lca2010/techrequirements1
-rw-r--r--doc/conferences/lca2010/title1
-rw-r--r--doc/conferences/lca2010/videoabstract1
-rw-r--r--doc/conferences/seminar/abstract17
-rw-r--r--doc/conferences/seminar/outline43
9 files changed, 0 insertions, 239 deletions
diff --git a/doc/conferences/lca2010/abstract b/doc/conferences/lca2010/abstract
deleted file mode 100644
index 2770675..0000000
--- a/doc/conferences/lca2010/abstract
+++ /dev/null
@@ -1,65 +0,0 @@
-The Monkeysphere uses the OpenPGP web of trust to provide a
-distributed Public Key Infrastructure (PKI) for users and
-administrators of ssh. This talk is about why the Monkeysphere is
-useful, how it works, and how you can use it to ease your workload and
-automatically fully authenticate people and servers.
-
-The Secure Shell protocol has offered public-key-based mutual
-authentication since its inception, but popular implementations offer
-no formalized public key infrastructure. This means there is no
-straightforward, computable method to signal re-keying events, key
-revocations, or even basic key-to-identity binding (e.g. "host
-foo.example.org has key X"). As a result, dealing with host keys is
-usually a manual process with the possibility of tedium, room for
-error, difficulty of maintenance, or users and administrators simply
-ignoring or skipping baseline cryptographic precautions.
-
-The OpenPGP specification offers a robust public key infrastructure
-that has traditionally only been used for e-mail and for encrypted
-storage. By its nature, the OpenPGP Web of Trust (WoT) is a
-distributed system, with no intrinsic chokepoints or global
-authorities. And the global key distribution network provides
-commonly-held, public infrastructure for rapid distribution of key
-changes, revocations, and identity binding.
-
-The Monkeysphere mixes the two to provide new functionality for ssh
-(key revocation, key expiry, re-keying, fewer unintelligible prompts,
-semantic authorization, etc) while taking advantage of existing but
-often-unused functionality in OpenPGP. Additionally, the Monkeysphere
-implementation does not require any patches to OpenSSH on the client
-or server, but takes advantage of existing hooks, which makes it easy
-to adopt.
-
-Specifically, the Monkeysphere allows users to automatically validate
-ssh host keys through the Web of Trust, and it allows servers to
-identify authorized users through the Web of Trust. Users decide
-which certifications in the Web of Trust they put stock in (so they
-are not spoofed by spurious certifications of host keys). Server
-administrators decide whose certifications the server should put stock
-in (so that the server is not spoofed by spurious certifications of
-user keys).
-
-This presentation will go over how the Monkeysphere works; how you can
-use it to increase the security of servers you maintain; how you can
-use it to increase the security of accounts you connect to with ssh;
-and we'll discuss future possibilities lurking in the ideas of the
-Monkeysphere.
-
-Monkeysphere is currently available in the main Debian repository and
-as a port in FreeBSD. A Slackbuild is available for Slackware, and
-Monkeysphere itself should work on any POSIX-ish system with the
-appropriate dependencies available.
-
-The Monkeysphere project began to coalesce in early 2008, and remains
-an ongoing collaboration of many people, including:
-
- * Micah Anderson
- * Mike Castleman
- * Daniel Kahn Gillmor
- * Ross Glover
- * Matthew James Goins
- * Greg Lyle
- * Jamie McClelland
- * Jameson Graef Rollins
-
-The project's main web site is http://web.monkeysphere.info/
diff --git a/doc/conferences/lca2010/bio b/doc/conferences/lca2010/bio
deleted file mode 100644
index f358e02..0000000
--- a/doc/conferences/lca2010/bio
+++ /dev/null
@@ -1,23 +0,0 @@
-Daniel Kahn Gillmor (dkg) is a freelance Technology Advisor with a
-particular interest in cryptography, user interface design, and
-distributed systems as means to pursue the goals of user autonomy and
-resistance to centralized control. He contributes discussion and
-patches on several crypto-related lists, and is an active participant
-in what remains of the IETF OpenPGP Working Group. He co-administers
-one of the OpenPGP keyservers, and was dubiously involved in
-publicizing the ongoing transition to a post-SHA1 Web of Trust.
-
-dkg works with schools, NGOs, activist groups, and some corporations
-to help them understand their tech needs and risks, possible
-solutions, and how to use and understand the tools they choose. He
-works with several technology-focused organizations, including May
-First/People Link (http://mayfirst.org/) and Riseup
-(http://riseup.net).
-
-He is also a contributor to The Organic Internet
-(http://mayfirst.org/organicinternet), which includes his essay about
-structural flaws in the X.509 certificate model.
-
-dkg began working with free software in 2002, began work with the
-other Monkeysphere developers in 2008, and became a Debian Developer
-in 2009. People seem to laugh when they see his business card.
diff --git a/doc/conferences/lca2010/experience b/doc/conferences/lca2010/experience
deleted file mode 100644
index 8ca2a8e..0000000
--- a/doc/conferences/lca2010/experience
+++ /dev/null
@@ -1,26 +0,0 @@
-I've given several workshops and skillshares about the ideas behind
-OpenPGP and how to use gpg and its various frontends to
-small-to-medium groups (5 to 25 people).
-
-I led an effective skillshare on the nature of X.509-based
-certifications and how they are used in SSL and TLS back in 2003 or
-2004.
-
-I co-led a surprisingly large (~>50 people? packed room!) discussion
-about free software and why it should matter to users as well as
-developers a the Grassroots Media Conference a few years ago with
-Alfredo Lopez and Laura Quilter. This was a very active discussion,
-and topics ranged from motivation and policy to moderately technical
-concerns.
-
-I presented a poster with a colleague on a novel acoustic correlation
-method at ICASSP (the IEEE's International Conference on Acoustics,
-Speech, and Signal Processing) 2001 (though i've recently let my IEEE
-membership lapse).
-
-I've introduced numerous people to the monkeysphere via IRC
-discussions, and have a strong handle on both:
-
- * the necessary details to keep a technical audience engaged
-
- * the bigger-picture goals to keep a non-technical audience engaged
diff --git a/doc/conferences/lca2010/outline b/doc/conferences/lca2010/outline
deleted file mode 100644
index 15c4868..0000000
--- a/doc/conferences/lca2010/outline
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
-The presentation is in three parts:
-
-Background
-----------
-
- * Why authentication using asymmetric crypto (as opposed to shared
- secrets) is important on today's network.
-
- * Overview of how ssh uses asymmetric crypto authentication (user ->
- host, host -> user)
-
- * Overview of relevant bits of OpenPGP (key -> User ID bindings,
- certifications, usage flags, key -> subkey bindings)
-
- * Overview of keyservers (the idea of gossip, One Big Network,
- propagation, issues around redundancy, logging, private access)
-
-
-How
----
-
- * How does the monkeysphere do it? (very brief under-the-hood)
-
- * How does a server administrator publish a host's ssh key to the Web
- of Trust? How do they maintain it?
-
- * How does a user incorporate WoT-based host-key checking into their
- regular ssh usage?
-
- * How does a user publish their own ssh identity to the WoT for hosts
- to find it? How do they maintain it?
-
- * How does a server administrator tell a server to admit certain
- people (as identified by the WoT) to certain accounts? How do they
- tell the server which certifications are trustworthy?
-
-Possible Futures
-----------------
-
- * Use the Monkeysphere with ssh implementations other than OpenSSH
- (dropbear, lsh, putty, etc)
-
- * Expansion of the Monkeysphere's out-of-band PKI mechanism for
- authentication in protocols other than SSH (TLS, HTTPS) without
- protocol modification.
-
- * Use of OpenPGP certificates directly in SSH. OpenPGP is referenced
- in RFC 4253 already: optional, rarely implemented, and deliberately
- ambiguous about how to calculate key->identity bindings.
-
- * Use of OpenPGP certificates for authentication directly in
- protocols. RFC 5081 provides a mechanism for OpenPGP certificates
- in TLS, but is similarly ambiguous about certificate verification.
-
- * Better end-user control over verification: Who or what are you
- really connecting to? How do you know? How can this information
- be effectively and intuitively displayed to a typical user?
-
- * What would you like to see?
diff --git a/doc/conferences/lca2010/techrequirements b/doc/conferences/lca2010/techrequirements
deleted file mode 100644
index cc0d1b9..0000000
--- a/doc/conferences/lca2010/techrequirements
+++ /dev/null
@@ -1 +0,0 @@
-no non-standard technical requirements should be necessary.
diff --git a/doc/conferences/lca2010/title b/doc/conferences/lca2010/title
deleted file mode 100644
index 36ef904..0000000
--- a/doc/conferences/lca2010/title
+++ /dev/null
@@ -1 +0,0 @@
-Using the Monkeysphere: effective, distributed key management for SSH using the Web of Trust
diff --git a/doc/conferences/lca2010/videoabstract b/doc/conferences/lca2010/videoabstract
deleted file mode 100644
index 7e1536c..0000000
--- a/doc/conferences/lca2010/videoabstract
+++ /dev/null
@@ -1 +0,0 @@
-do we have something like this?
diff --git a/doc/conferences/seminar/abstract b/doc/conferences/seminar/abstract
deleted file mode 100644
index 83fddfc..0000000
--- a/doc/conferences/seminar/abstract
+++ /dev/null
@@ -1,17 +0,0 @@
-Monkeysphere provides a robust, decentralized, out-of-band Public Key
-Infrastructure (PKI) based on OpenPGP's Web of Trust. It is intended
-to support any protocol which needs public-key authentication or
-binding between public keys and real-world entities. Current
-implementations include mutual authentication (both server and client)
-for SSH and authentication of servers for HTTPS. The technique is
-resistant to X.509's inherent single-issuer policy bias, allows use of
-a single key for a host offering multiple services, and handles
-initial contact, re-keying, and revocation better than OpenSSH's
-traditional key continuity management (KCM) scheme. It also requires
-no changes to on-the-wire protocols, and is transparently
-interoperable with existing tools, so the migration path to the new
-PKI is smooth (and encouraged). Discussion will include the merits
-and drawbacks of the Monkeysphere, as well as its relationship to
-in-band measures (such as the Server Name Indication (SNI) TLS
-extension and the subjectAltName (sAN) extended attribute for X.509v3
-certificates) which provide some pieces of similar functionality.
diff --git a/doc/conferences/seminar/outline b/doc/conferences/seminar/outline
deleted file mode 100644
index 1531353..0000000
--- a/doc/conferences/seminar/outline
+++ /dev/null
@@ -1,43 +0,0 @@
-outline for 1 hr seminar talk to CS/security academics
-
- - key-based authentication is here to stay. (e.g. https, ssh).
- - host vs. user
-
- - raises key management/distribution issues
-
- - what PKIs are available? X.509, OpenPGP, SPKI
-
- - social vulnerabilities - single-signer vs. multi-signer
-
- - protocol vulnerabilities - single cert vs. multi-cert (server
- vs. client again)
-
- - utility for group-internal work, phased approach to public
-
-
-
-Stream-based communications over the public network have an
-authentication problem. Most data streams are not authenticated in
-either direction, and most of those that are authenticated in at least
-one direction use authentication regimes which suffer from a range of
-known structural problems.
-
-Public-key-based authentication offers security advantages over
-shared-secret approaches, but it introduces additional questions of
-key distribution, binding, and revocation. Two common solutions to
-these problems on today's network are X.509 certificates (used by TLS
-connections like HTTPS) and so-called "key continuity management"
-(KCM) (used by popular SSH implementations and the "security
-exceptions" interface for some web browsers). Both of these schemes
-present security concerns of their own: KCM has trouble with initial
-contact, key revocation, and re-keying; and X.509's single-issuer
-certificate format has a systemic bias that selects for unaccountable
-third-party authorities. New work ("the Monkeysphere") extends the
-OpenPGP Web of Trust into authenticating stream-based communications
-(instead of its traditional message-based environment of e-mails and
-files) by means of a protocol-independent overlay. As a simple,
-alternative PKI, the Monkeysphere resolves these failings, and also
-provides features currently only available as protocol extensions
-(such as SNI).
-
-