Merge remote branch 'dkg/master'

Conflicts:
	tests/basic

3 files changed, 57 insertions, 4 deletions

diff --git a/website/community.mdwn b/website/community.mdwn
index 4b13ee0..492703b 100644
--- a/website/community.mdwn
+++ b/website/community.mdwn
@@ -38,6 +38,10 @@ the following from inside the monkeysphere top level directory:
 This command will build an upstream tarball, attach the debian packaging
 directory, and build a sample deb.
 
+If you want to help extend the scope of the Monkeysphere, take a look
+at our
+[list of environments that could make use of the project](/expansion).
+
 ### Individual developer repositories ###
 
 You might also be interested in the repositories of individual
diff --git a/website/expansion.mdwn b/website/expansion.mdwn
new file mode 100644
index 0000000..13f368a
--- /dev/null
+++ b/website/expansion.mdwn
@@ -0,0 +1,49 @@
+[[meta title="Expanding the Monkeysphere"]]
+
+# Expanding the Monkeysphere #
+
+The Monkeysphere currently has implementations that support two
+popular protocols in use on the internet today:
+
+ * SSH: Monkeysphere supports the OpenSSH implementation of the Secure
+   Shell protocol, for authenticating both hosts and users.
+   
+ * HTTPS: Monkeysphere supports secure web traffic by allowing users
+   of Mozilla-based browsers (such as
+   [Firefox](http://www.mozilla.com/en-US/firefox) or
+   [Iceweasel](http://wiki.debian.org/Iceweasel)) to authenticate web
+   sites that are not authenticated by the browser's built-in X.509
+   verification.  This should work with any HTTPS-capable web server.
+   
+But there are many protocols and implementations on the 'net that
+could use the Monkeysphere for key-based authentication but currently
+do not.  Here are some examples of places we think it could be useful.
+If you can help with these (or suggest others), please pitch in!
+
+ * HTTPS client authentication: web servers should be able to
+   authenticate clients that use asymmetric crypto.  That is, the
+   client holds an RSA secret key, offers a (potentially self-signed)
+   X.509 Cert to the server as part of the TLS handshake, and the
+   server verifies the key material and commonName or subjectAltName
+   in the cert via the OpenPGP web of trust.
+   
+ * Other TLS connections: for example, SMTP services using STARTTLS
+   (server-to-server and client-to-server), IMAP or POP daemons (using
+   STARTTLS or a direct TLS wrapper), LDAP servers (or LDAPS), XMPP
+   connections (client-to-server and server-to-server)
+   
+ * IRC connections: this could be at the TLS layer, or maybe via some
+   exchange with the NickServ?
+   
+ * [OTR](http://www.cypherpunks.ca/otr) client-to-client handshakes.
+ 
+ * Integration with
+   [OpenPGP Certificates for TLS (RFC 5081)](http://tools.ietf.org/html/rfc5081)
+   -- TLS clients or servers who receive an OpenPGP certificate from
+   their peer should be able to ask some part of the Monkeysphere
+   toolchain if the particular certificate is valid for the
+   connection.
+   
+ * [PKINIT](http://tools.ietf.org/html/rfc4556) for
+   [Kerberos](http://web.mit.edu/Kerberos/)
+
diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn
index aad4251..ab0acc6 100644
--- a/website/getting-started-admin.mdwn
+++ b/website/getting-started-admin.mdwn
@@ -1,8 +1,8 @@
 Monkeysphere Server Administrator README
 ========================================
 
-	Note: This documentation is for Monkeysphere version 0.23 or later.
-	If you are running a version prior to 0.23, we recommend that you upgrade.
+	Note: This documentation is for Monkeysphere version 0.28 or later.
+	If you are running a version prior to 0.28, we recommend that you upgrade.
 
 As the administrator of an SSH server, you can take advantage of the
 Monkeysphere in two ways:
@@ -25,11 +25,11 @@ To begin, you must first import an ssh host key.  This assumes that
 you have the ssh server installed, and that you have generated a host
 RSA key.  Once that has been done, import the key:
 
-	# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net
+	# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.net
 
 This will generate an OpenPGP certificate for the server.  The primary
 user ID for this certificate will be the ssh service URI for the host,
-(eg. `ssh://server.example.net`).  Remember that the name you provide
+(e.g. `ssh://server.example.net`).  Remember that the name you provide
 here should probably be a fully qualified domain name for the host in
 order for your users to find it.