summaryrefslogtreecommitdiff
path: root/website
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-10-26 18:58:31 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-10-26 18:58:31 -0400
commit03468ed21363bda286207850fc42d1db51b892d7 (patch)
tree6ec9cfada0a67c86d44ce26d72d66089856a5f1d /website
parent2288f6b51836d24c3fa12f61dcf81b4048714e91 (diff)
parent20e88948f035c56d51f07c53de50b75df57fc816 (diff)
Merge commit 'micah/master'
Diffstat (limited to 'website')
-rw-r--r--website/getting-started-user.mdwn54
1 files changed, 54 insertions, 0 deletions
diff --git a/website/getting-started-user.mdwn b/website/getting-started-user.mdwn
index 947c2da..2260256 100644
--- a/website/getting-started-user.mdwn
+++ b/website/getting-started-user.mdwn
@@ -104,6 +104,60 @@ subkey to your ssh agent by running:
FIXME: using the key with a single ssh connection?
+Establish trust
+---------------
+
+Now that you have the above setup, you will need to establish an
+acceptable trust path to the admin(s) of a monkeysphere-enabled server
+that you will be connecting to. You need to do this because the admin
+is certifying the host, and you need a mechanism to validate that
+certification. The only way to do that is by indicating who you trust
+to certify hosts. This is a two step process: first you must sign the
+key, and then you have to indicate a trust level.
+
+The process of signing another key is outside the scope of this
+document, however the gnupg README details the signing process and you
+can find good [documentation
+](http://www.debian.org/events/keysigning) online detailing this
+process.
+
+If you have signed your admins' key, you need to denote some kind of
+trust to that key. To do this you should edit the key and use the
+'trust' command. For the Monkeysphere to trust the assertions that are
+made about a host, you need full calculated validity to the host
+certifiers. This can be done either by giving full trust to one
+host-certifying key, or by giving marginal trust to three different
+host-certifiers. In the following we demonstrate how to add full trust
+validity to a host-certifying key:
+
+ $ gpg --edit-key <admin_keyid>
+ Command> trust
+ pub 2048R/3B757F8C created: 2008-06-19 expires: 2008-11-16 usage: CA
+ trust: unknown validity: full
+ [ unknown ] (1). ssh://monkeysphere.info
+ [ unknown ] (2) ssh://george.riseup.net
+
+ Please decide how far you trust this user to correctly verify other users' keys
+ (by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+ m = back to the main menu
+
+ Your decision? 4
+
+Note: Due to a limitation with gnupg, it is not currently possible to
+limit the domain scope properly, which means that if you fully trust
+an admin, this admin can currently assert host verification for any
+hosts.
+
+Because the Monkeysphre relies on GPG's definition of the OpenPGP web
+of trust, it is important to understand [how GPG calculates User ID
+validity for a key](/trust-models).
+
Miscellaneous
-------------