summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-27 00:04:01 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-08-27 00:04:01 -0400
commit56aa562e2079a33904840dce37605e2f25048f99 (patch)
tree28c60345216719a30020ad1452bfc1de2a4c6441 /doc
parentcaf0fe076b0487c4a0c91028a21ea39b5e4b3e86 (diff)
draft of prospective d-a.org (and hence planet.debian.org) announcement.
Diffstat (limited to 'doc')
-rw-r--r--doc/announcement.html53
1 files changed, 53 insertions, 0 deletions
diff --git a/doc/announcement.html b/doc/announcement.html
new file mode 100644
index 0000000..489dae5
--- /dev/null
+++ b/doc/announcement.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
+<title>Announcing the Monkeysphere</title>
+</head>
+
+<!-- This is a draft of a wider announcement for the Monkeysphere.
+ dkg will probably post the final version in his blog at
+ https://www.debian-administration.org/users/dkg/weblog
+
+ Edits are welcome! -->
+
+<body>
+<h1>Monkeysphere: an OpenPGP-based PKI for SSH</h1>
+
+<p>Ever thought that there should be an automated way to handle ssh
+keys? Do you know the administrators of your servers, and wish that
+SSH could verify new host keys from them automatically, based on your
+personal connections to the web-of-trust? Do you wish you could
+revoke and rotate your old SSH authentication keys without having to
+log into every single machine?</p>
+
+<p>Do you administer servers, and wish you could re-key them without
+sowing massive pain and confusion among your users (or worse,
+encouraging bad security habits among them)? Do you wish you could
+identify the users to grant access by name, instead of by opaque
+string? Do you wish you could rapidly grant or revoke access to a
+user across a group of machines by enabling or disabling
+authentication for that user?</p>
+
+<p>A group of us have been working on a public key infrastructure for
+SSH. <a href="http://monkeysphere.info">Monkeysphere</a> makes use of
+the existing OpenPGP web-of-trust to fetch and cryptographically
+validate (and revoke!) keys. This works in either directions: both
+<code>authorized_keys</code> <em>and</em> <code>known_hosts</code> are
+handled. Monkeysphere gives users and admins tools to deal with SSH
+keys by thinking about the people and machines to whom the keys
+belong, instead of requiring humans to do tedious (and error-prone)
+manual key verification.</p>
+
+<p>We have <a href="http://monkeysphere.info/download">debian packages
+available</a> which should install against lenny, <a
+href="https://lists.riseup.net/www/info/monkeysphere">a mailing
+list</a>, and open ears for good questions, suggestions and
+criticism.</p>
+
+<p>If you have a chance to give it a try (<a href="???">as a user</a>
+or <a href="???">as an admin</a>), it would be great to <a
+href="https://lists.riseup.net/www/info/monkeysphere">get
+feedback</a>.</p>
+
+</body> </html>