diff options
| author | Micah Anderson <micah@riseup.net> | 2008-09-03 15:28:30 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2008-09-03 15:28:30 -0400 |
| commit | 86f97d40d6fb60f7dde3c7e3a8aab0124f151d35 (patch) | |
| tree | 94f62ff48a5ad9e4e65deec7b2fe606f2190555b /website/index.mdwn | |
| parent | 1e26301ec4cd2afc45c968c3fe3d77bf296b03fb (diff) | |
| parent | 52d692d728d7d56ec0f17e0a9afbb6579a7eece9 (diff) | |
Merge commit 'dkg/master'
Diffstat (limited to 'website/index.mdwn')
| -rw-r--r-- | website/index.mdwn | 70 |
1 files changed, 14 insertions, 56 deletions
diff --git a/website/index.mdwn b/website/index.mdwn index 5b757fa..a7d074e 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,17 +1,18 @@ -[[!template id="nav"]] +The Monkeysphere project's goal is to extend OpenPGP's web of trust to +new areas of the Internet to help us securely identify each other +while we work online. -The Monkeysphere project's goal is to extend the web of trust model -and other features of OpenPGP to other areas of the Internet to help -us securely identify each other while we work online. +Specifically, monkeysphere currently offers a framework to leverage +the OpenPGP web of trust for OpenSSH authentication. -Specifically, monkeysphere is a framework to leverage the OpenPGP web -of trust for OpenSSH authentication. In other words, it allows you to -use your OpenPGP keys when using secure shell to both identify -yourself and the servers you administer or connect to. OpenPGP keys -are tracked via GnuPG, and managed in the `known_hosts` and -`authorized_keys` files used by OpenSSH for connection authentication. +In other words, it allows you to use secure shell as you normally do, +but to identify yourself and the servers you administer or connect to +with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and +monkeysphere manages the `known_hosts` and `authorized_keys` files +used by OpenSSH for authentication, checking them for cryptographic +validity. -## Conceptual overview ## +## Overview ## Everyone who has used secure shell is familiar with the prompt given the first time you log in to a new server, asking if you want to trust @@ -50,8 +51,6 @@ invites broader participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). -## Technical details ## - Under the Monkeysphere, both parties to an OpenSSH connection (client and server) explicitly designate who they trust to certify the identity of the other party. These trust designations are explicitly @@ -62,51 +61,10 @@ No modification is made to the SSH protocol on the wire (it continues to use raw RSA public keys), and no modification is needed to the OpenSSH software. -To emphasize: *no modifications to SSH are required to use the -Monkeysphere*. OpenSSH can be used as is; completely unpatched and +To emphasize: ***no modifications to SSH are required to use the +Monkeysphere***. OpenSSH can be used as is; completely unpatched and "out of the box". -## Philosophy ## - -Humans (and -[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) -have the innate capacity to keep track of the identities of only a -finite number of people. After our social sphere exceeds several dozen -or several hundred (depending on the individual), our ability to -remember and distinguish people begins to break down. In other words, -at a certain point, we can't know for sure that the person we ran into -in the produce aisle really is the same person who we met at the party -last week. - -For most of us, this limitation has not posed much of a problem in our -daily, off-line lives. With the Internet, however, we have an ability -to interact with vastly larger numbers of people than we had -before. In addition, on the Internet we lose many of our tricks for -remembering and identifying people (physical characteristics, sound of -the voice, etc.). - -Fortunately, with online communications we have easy access to tools -that can help us navigate these problems. -[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic -protocol commonly used for sending signed and encrypted email -messages) is one such tool. In its simplest form, it allows us to -sign our communication in such a way that the recipient can verify the -sender. - -OpenPGP goes beyond this simple use to implement a feature known as -the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web -of trust allows people who have never met in person to communicate -with a reasonable degree of certainty that they are who they say they -are. It works like this: Person A trusts Person B. Person B verifies -Person C's identity. Then, Person A can verify Person C's identity -because of their trust of Person B. - -The Monkeyshpere's broader goals are to extend the use of OpenPGP from -email communications to other activities, such as: - - * conclusively identifying the remote server in a remote login session - * granting access to servers to people we've never directly met - ## Links ## * [OpenSSH](http://openssh.com/) |