summaryrefslogtreecommitdiff
path: root/website
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2008-09-03 15:28:30 -0400
committerMicah Anderson <micah@riseup.net>2008-09-03 15:28:30 -0400
commit86f97d40d6fb60f7dde3c7e3a8aab0124f151d35 (patch)
tree94f62ff48a5ad9e4e65deec7b2fe606f2190555b /website
parent1e26301ec4cd2afc45c968c3fe3d77bf296b03fb (diff)
parent52d692d728d7d56ec0f17e0a9afbb6579a7eece9 (diff)
Merge commit 'dkg/master'
Diffstat (limited to 'website')
-rw-r--r--website/archive-key.mdwn26
-rw-r--r--website/bugs.mdwn3
-rw-r--r--website/bugs/done.mdwn2
-rw-r--r--website/bugs/handle-passphrase-locked-secret-keys.mdwn20
-rw-r--r--website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn4
-rw-r--r--website/bugs/setup-test-server-for-public.mdwn7
-rw-r--r--website/community.mdwn7
-rw-r--r--website/doc.mdwn1
-rw-r--r--website/download.mdwn4
-rw-r--r--website/index.mdwn70
-rw-r--r--website/local.css62
-rw-r--r--website/mirrors.mdwn81
-rw-r--r--website/news.mdwn1
-rw-r--r--website/news/apt-repo-moved.mdwn7
-rw-r--r--website/news/release-0.12-1.mdwn9
-rw-r--r--website/sidebar.mdwn (renamed from website/templates/nav.mdwn)0
-rw-r--r--website/similar.mdwn1
-rw-r--r--website/trust-models.mdwn21
-rw-r--r--website/why.mdwn44
19 files changed, 262 insertions, 108 deletions
diff --git a/website/archive-key.mdwn b/website/archive-key.mdwn
index 898c7e5..45ac86e 100644
--- a/website/archive-key.mdwn
+++ b/website/archive-key.mdwn
@@ -1,5 +1,4 @@
[[meta title="Monkeysphere archive signing key"]]
-[[!template id="nav"]]
[[toc ]]
## Verifying the key ##
@@ -70,8 +69,21 @@ ly087Guvw8G8TdQcubteFYQDIxIc2atZkjEn3oCjtZgk8mdDlCjLQYgHV1/o+eWd
S31RCBx16I7tJya0fwJJRC7qZWf7hrPdi7eqcecqyr26X5upV+Irjv5qYu/6HAGb
59W6n+8KTfMxEMaBQI6qZXxhaBr3HzEaSrz7jtkl+xxym2TGkbarXcm7e7MP66Hu
GD5UCC3svhAAxKXf4K/8v7WhwBpekF9mXtgpq72Du2JG9q+OAWhxzZXbZku+RY7T
-a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVd
-=Xex0
+a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVdiEYEEBEC
+AAYFAki9wXQACgkQ9n4qXRzy1ioXYwCgmzCV+o+Ai0gNx0pt9shofcjfJoAAoInV
+mhn36lBeDh/E6cigrUlkdDGWiQIcBBABAgAGBQJIvdcSAAoJEO00zqvie6q8sB4Q
+AKDLTKqtiONf4FkMCZFcMxQyiALcy76zTW9L2oK90zKRhKSt5RPnVmDVyiinBcRJ
+h0lEkpxoqSrs+0XvASWC3RzWLEbW6XXsuHO1RXFsC3FNbe0HkHenirenFkitPMDX
+Q5gHmCJ6yiq2ssuzXAG9vZ4HjkUINBgkeMASiTRC7o0we7jFSRzOTCs4WWdsavrx
+7bhCadeC35ISldTSo6nOP3laPctPcLD83cJszzQyHr/LjF6KYr6n85NAwIt/oxHh
+EUxmezx+lMwWHdr9TQzXzU8cxLSBZ+c+PuZ/NuHz9fOv87eaFDNEqKli9zhzh4eA
+EMeiWKQXHYlmEUUWnZoea46jdjBrvHphogqlCjzMDHtg/pWOsYrGeXjjZ352SGN4
+vyinkdxwUppGQATz55WyiWIzCY1Kt7lqaQHfAM1NgVdoCQ0stlulIO4LVepHRiAY
+HO4EPeQO6pVGGHWCzJyEcMcaBsYGpr9DndSNd66O+Gyeq8QobKnvTH25kwVt/8t1
+9nS+7NLwBrqXCISeDrOQYq5XeCdvpAuJy4CEN5muQWRdUPekE2dh7qcVUdROepq0
+1wMemkmgTLlA0Md7ZdZqsllKhVQ7/HOFzshEaj/VcFrQshuIAjDZFN/OrGLX/NcL
+tcaBmD9lZSQ3CyxnBUTeMdJCOLOK050jNvsEsM89FL+g
+=bJWl
-----END PGP PUBLIC KEY BLOCK-----
</pre>
@@ -94,17 +106,17 @@ tag `$TAG` on architecture `$ARCH`, do:
git clone git://git.monkeysphere.info/monkeysphere
cd monkeysphere
- git tag -v $TAG
- git checkout $TAG
+ git tag -v "$TAG"
+ git checkout "$TAG"
debuild -uc -us
cd repo
- reprepro -C monkeysphere include experimental ../$TAG_$ARCH.changes
+ reprepro -C monkeysphere include experimental "../$TAG_$ARCH.changes"
When you get a binary package built from a separate architecture
`$NEWARCH` that you want to include with the archive, do:
cd repo
- reprepro -C monkeysphere includedeb experimental ../$TAG_$NEWARCH.deb
+ reprepro -C monkeysphere includedeb experimental "../$TAG_$NEWARCH.deb"
To publish the archive, make sure you have access to
`archivemaster@george.riseup.net`, and then do:
diff --git a/website/bugs.mdwn b/website/bugs.mdwn
index 06a4d3a..30bccd1 100644
--- a/website/bugs.mdwn
+++ b/website/bugs.mdwn
@@ -1,5 +1,4 @@
-[[!template id="nav"]]
-[[meta title="Bugs"]]
+[[meta title="Open Bugs"]]
This is Monkeysphere's bug list. You can also browse our [completed bugs](done).
If you don't have commit access to the public repo, we'd appreciate
diff --git a/website/bugs/done.mdwn b/website/bugs/done.mdwn
index 282e804..dc331f9 100644
--- a/website/bugs/done.mdwn
+++ b/website/bugs/done.mdwn
@@ -1,4 +1,4 @@
-[[!template id="nav"]]
+[[meta title="Completed Bugs"]]
Recently fixed [[bugs]].
diff --git a/website/bugs/handle-passphrase-locked-secret-keys.mdwn b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
index bc2a64c..b58650e 100644
--- a/website/bugs/handle-passphrase-locked-secret-keys.mdwn
+++ b/website/bugs/handle-passphrase-locked-secret-keys.mdwn
@@ -1,4 +1,4 @@
-[[meta title="MonkeySphere needs to be able to cleanly export passphrase-locked secret keys from the GPG keyring"]]
+[[meta title="MonkeySphere can't deal with passphrase-locked primary keys"]]
At the moment, the only tool we have to export passphrase-locked
secret keys from the GPG keyring is `gpg` itself (and `gpg2`, which
@@ -100,6 +100,18 @@ Other alternatives?
Can this bug be closed? dkg [reported in a comment for a related
bug](/bugs/install-seckey2sshagent-in-usr-bin/):
- Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent
- subcommand, which works cleanly in the presence of a
- functionally-patched GnuTLS.
+ Version 0.11-1 now has the monkeysphere subkey-to-ssh-agent
+ subcommand, which works cleanly in the presence of a
+ functionally-patched GnuTLS.
+
+--------
+
+Even with the patched GnuTLS, monkeysphere currently can't currently
+deal with passphrase-locked primary keys. I've changed the title of
+this bug, but i'd like to keep it open until we are able to deal with
+that. The other comments here seem still quite relevant to that
+need.
+
+I've changed the title of this bug to reflect the narrowed scope.
+
+ --dkg
diff --git a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn
index 4070d0a..b814d35 100644
--- a/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn
+++ b/website/bugs/monkeysphere-ssh-proxycommand-quiet-option.mdwn
@@ -245,3 +245,7 @@ I'll leave the bug open for a bit until it get more tested and 0.12
gets pushed out.
-- BJ
+
+---
+
+I think this is [[/bugs/done]] as of version 0.12-1.
diff --git a/website/bugs/setup-test-server-for-public.mdwn b/website/bugs/setup-test-server-for-public.mdwn
index c926dc6..5b05759 100644
--- a/website/bugs/setup-test-server-for-public.mdwn
+++ b/website/bugs/setup-test-server-for-public.mdwn
@@ -75,3 +75,10 @@ and I'm not really willing to maintain it myself, but if someone else
wants to handle that, that would be fine with me.
-- jgr
+
+---
+
+i'm not really willing to maintain anything extra either, so i'm
+closing this ticket as [[bugs/done]].
+
+--dkg
diff --git a/website/community.mdwn b/website/community.mdwn
index b06637b..79e6da7 100644
--- a/website/community.mdwn
+++ b/website/community.mdwn
@@ -1,5 +1,3 @@
-[[!template id="nav"]]
-
[[meta title="Community"]]
## Mailing list ##
@@ -41,10 +39,11 @@ offering:
Micah Anderson:
git clone git://labs.riseup.net/~micah/monkeysphere
-
## Contact ##
Please feel free to contact any of the Monkeysphere developers or post
to the mailing list with questions, comments, bug reports, requests,
-etc.
+etc. If you contact a developer individually, please indicate if
+there is any part of your note that can be made public (we might want
+to post it to the web here).
diff --git a/website/doc.mdwn b/website/doc.mdwn
index 634afd9..997c34d 100644
--- a/website/doc.mdwn
+++ b/website/doc.mdwn
@@ -1,4 +1,3 @@
-[[!template id="nav"]]
[[meta title="Documentation"]]
## Dependencies ##
diff --git a/website/download.mdwn b/website/download.mdwn
index ad14bce..cc83adf 100644
--- a/website/download.mdwn
+++ b/website/download.mdwn
@@ -1,4 +1,4 @@
-[[!template id="nav"]]
+[[meta title="Download"]]
## Downloading and Installing ##
@@ -6,7 +6,7 @@ If you are running a Debian system, you can install Monkeysphere
by following these directions:
You can add this repo to your system by putting the following lines in
-/etc/apt/sources.list.d/monkeysphere.list:
+`/etc/apt/sources.list.d/monkeysphere.list`:
deb http://archive.monkeysphere.info/debian experimental monkeysphere
deb-src http://archive.monkeysphere.info/debian experimental monkeysphere
diff --git a/website/index.mdwn b/website/index.mdwn
index 5b757fa..a7d074e 100644
--- a/website/index.mdwn
+++ b/website/index.mdwn
@@ -1,17 +1,18 @@
-[[!template id="nav"]]
+The Monkeysphere project's goal is to extend OpenPGP's web of trust to
+new areas of the Internet to help us securely identify each other
+while we work online.
-The Monkeysphere project's goal is to extend the web of trust model
-and other features of OpenPGP to other areas of the Internet to help
-us securely identify each other while we work online.
+Specifically, monkeysphere currently offers a framework to leverage
+the OpenPGP web of trust for OpenSSH authentication.
-Specifically, monkeysphere is a framework to leverage the OpenPGP web
-of trust for OpenSSH authentication. In other words, it allows you to
-use your OpenPGP keys when using secure shell to both identify
-yourself and the servers you administer or connect to. OpenPGP keys
-are tracked via GnuPG, and managed in the `known_hosts` and
-`authorized_keys` files used by OpenSSH for connection authentication.
+In other words, it allows you to use secure shell as you normally do,
+but to identify yourself and the servers you administer or connect to
+with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and
+monkeysphere manages the `known_hosts` and `authorized_keys` files
+used by OpenSSH for authentication, checking them for cryptographic
+validity.
-## Conceptual overview ##
+## Overview ##
Everyone who has used secure shell is familiar with the prompt given
the first time you log in to a new server, asking if you want to trust
@@ -50,8 +51,6 @@ invites broader participation in the
[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of
trust](http://en.wikipedia.org/wiki/Web_of_trust).
-## Technical details ##
-
Under the Monkeysphere, both parties to an OpenSSH connection (client
and server) explicitly designate who they trust to certify the
identity of the other party. These trust designations are explicitly
@@ -62,51 +61,10 @@ No modification is made to the SSH protocol on the wire (it continues
to use raw RSA public keys), and no modification is needed to the
OpenSSH software.
-To emphasize: *no modifications to SSH are required to use the
-Monkeysphere*. OpenSSH can be used as is; completely unpatched and
+To emphasize: ***no modifications to SSH are required to use the
+Monkeysphere***. OpenSSH can be used as is; completely unpatched and
"out of the box".
-## Philosophy ##
-
-Humans (and
-[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
-have the innate capacity to keep track of the identities of only a
-finite number of people. After our social sphere exceeds several dozen
-or several hundred (depending on the individual), our ability to
-remember and distinguish people begins to break down. In other words,
-at a certain point, we can't know for sure that the person we ran into
-in the produce aisle really is the same person who we met at the party
-last week.
-
-For most of us, this limitation has not posed much of a problem in our
-daily, off-line lives. With the Internet, however, we have an ability
-to interact with vastly larger numbers of people than we had
-before. In addition, on the Internet we lose many of our tricks for
-remembering and identifying people (physical characteristics, sound of
-the voice, etc.).
-
-Fortunately, with online communications we have easy access to tools
-that can help us navigate these problems.
-[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
-protocol commonly used for sending signed and encrypted email
-messages) is one such tool. In its simplest form, it allows us to
-sign our communication in such a way that the recipient can verify the
-sender.
-
-OpenPGP goes beyond this simple use to implement a feature known as
-the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
-of trust allows people who have never met in person to communicate
-with a reasonable degree of certainty that they are who they say they
-are. It works like this: Person A trusts Person B. Person B verifies
-Person C's identity. Then, Person A can verify Person C's identity
-because of their trust of Person B.
-
-The Monkeyshpere's broader goals are to extend the use of OpenPGP from
-email communications to other activities, such as:
-
- * conclusively identifying the remote server in a remote login session
- * granting access to servers to people we've never directly met
-
## Links ##
* [OpenSSH](http://openssh.com/)
diff --git a/website/local.css b/website/local.css
index b9d7287..69defae 100644
--- a/website/local.css
+++ b/website/local.css
@@ -1,29 +1,28 @@
h2 {
--moz-border-radius-topleft:4px;
--moz-border-radius-topright:4px;
-background-color:#B67B4E;
-color:black;
-display:block;
-font-weight:bold;
-padding:0 0 0 10px;
+ -moz-border-radius: 4px;
+ background-color: #B67B4E;
+ color: black;
+ display: block;
+ font-weight: bold;
+ padding: 0 0 0 10px;
}
body {
-color:#3F403F;
-font-family:"Liberation Sans",sans-serif;
-font-size:0.95em;
+ color: #3F403F;
+ font-family: "Liberation Sans",sans-serif;
+ font-size: 0.95em;
}
*|*:visited
-color:#f6a464;
+ color: #f6a464;
}
*|*:-moz-any-link {
-text-decoration:none;
+ text-decoration: none;
}
:-moz-any-link {
-cursor:pointer;
+ cursor: pointer;
}
a:link {
@@ -40,23 +39,23 @@ a:hover {
}
pre {
- background: #ddd;
- border: 1px solid #aaa;
- padding: 3px 3px 3px 3px;
- margin-left: 2em;
+ background: #ddd;
+ border: 1px solid #aaa;
+ padding: 3px 3px 3px 3px;
+ margin-left: 2em;
}
table.sitenav {
- border-bottom: 2px solid black;
- padding: 0px;
- width: 100%;
- font-size: larger;
+ border-bottom: 2px solid black;
+ padding: 0px;
+ width: 100%;
+ font-size: larger;
}
table.sitenav img.logo {
- margin: 0px;
- padding: 0px;
- vertical-align: bottom;
+ margin: 0px;
+ padding: 0px;
+ vertical-align: bottom;
}
table.sitenav a {
@@ -71,9 +70,20 @@ table.sitenav span.selflink {
}
div.header {
- text-align: right;
+ text-align: right;
+ display: none;
}
div.actions {
- text-align: right;
+ text-align: right;
+ display: none;
+}
+
+#sidebar {
+ line-height: normal;
+ width: 100%;
+ float: none;
+ margin: 0;
+ padding: 0;
}
+
diff --git a/website/mirrors.mdwn b/website/mirrors.mdwn
new file mode 100644
index 0000000..feee9bd
--- /dev/null
+++ b/website/mirrors.mdwn
@@ -0,0 +1,81 @@
+[[meta title="Mirroring the web site"]]
+
+In keeping with the philosophy of distributed development, our web site is
+stored in our git repositories and converted into html by
+[ikiwiki](http://ikiwiki.info/).
+
+We're mirrored on several servers. Rather than using ikiwiki's [pinger/pingee
+approach to distribution](http://ikiwiki.info/tips/distributed_wikis/), we've
+opted for a method that uses ssh.
+
+The steps for creating a new mirror are:
+
+## Steps to take on the mirror server ##
+
+Add etch-backports to your /etc/apt/sources.list:
+
+ deb http://www.backports.org/debian etch-backports main contrib non-free
+
+Add the following lines to your /etc/apt/preferences file:
+
+ Package: ikiwiki
+ Pin: release a=etch-backports
+ Pin-Priority: 999
+
+ # needed by ikiwiki
+ Package: libcgi-formbuilder-perl
+ Pin: release a=etch-backports
+ Pin-Priority: 999
+
+ Package: git-core
+ Pin: release a=etch-backports
+ Pin-Priority: 999
+
+Install git-core and ikiwiki
+
+ aptitude update; aptitutde install git-core ikiwiki
+
+Create a new user. Change the new users shell to git-shell:
+
+ adduser -s /usr/bin/git-shell <username>
+
+Add webmaster@george's public key to this user's ~/.ssh/authorized_keys file
+
+Add web site configuration that the user has write access to. If you are using Apache, include the following rewrite:
+
+ RewriteEngine On
+ RewriteCond %{HTTP_HOST} !^(YOURHOSTNAME|web)\.monkeysphere\.info$ [NC]
+ RewriteCond %{HTTP_HOST} !^$
+ RewriteRule ^/(.*) http://web.monkeysphere.info/$1 [L,R]
+
+Upload and edit ikiwiki.setup.sample from the docs directory
+
+As the new user, create two new git repos
+
+ mkdir monkeysphere.git; cd monkeysphere.git; git init --bare; cd ../
+ git clone monkeysphere.git # this will create a second git repo called monkeysphere
+
+Change the mode of monkeysphere.git/hooks/post-receive to 755
+
+ chmod 755 monkesphere.git/hooks/post-receive
+
+Edit the file so that it executes the post-receive hook ikiwiki generates (as
+you specified in the ikiwiki.setup file)
+
+## Admin steps to take to enable the configuration ##
+
+Add a new dns record for SERVERNAME.monkeysphere.info.
+
+Test the ssh connection by logging in as webmaster@george.riseup.net
+
+Add the new server as a remote on webmaster@george.riseup.net:monkeysphere.git
+
+ cd ~/monkeysphere.git
+ git add remote SERVERNAME USER@SERVERNAME.monkeysphere.info:/path/to/repo
+
+Test:
+
+ git push SERVERNAME
+
+
+
diff --git a/website/news.mdwn b/website/news.mdwn
index 7380eff..359e02b 100644
--- a/website/news.mdwn
+++ b/website/news.mdwn
@@ -1,4 +1,3 @@
-[[!template id="nav"]]
[[meta title="News"]]
Here are the latest announcements about the Monkeysphere.
diff --git a/website/news/apt-repo-moved.mdwn b/website/news/apt-repo-moved.mdwn
index 8f0bf81..501cc23 100644
--- a/website/news/apt-repo-moved.mdwn
+++ b/website/news/apt-repo-moved.mdwn
@@ -5,4 +5,11 @@ The monkeysphere APT repository has been moved from
`http://archive.monkeysphere.info/debian`. You'll probably want to
update your `sources.list` to match the [official lines](/download).
+The monkeysphere APT repository is also using [a new archive signing
+key](/archive-key):
+
+ pub 4096R/EB8AF314 2008-09-02 [expires: 2009-09-02]
+ Key fingerprint = 2E8D D26C 53F1 197D DF40 3E61 18E6 67F1 EB8A F314
+ uid [ full ] Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian)
+
Apologies for any confusion or hassle this causes!
diff --git a/website/news/release-0.12-1.mdwn b/website/news/release-0.12-1.mdwn
new file mode 100644
index 0000000..ed1ecbb
--- /dev/null
+++ b/website/news/release-0.12-1.mdwn
@@ -0,0 +1,9 @@
+[[meta title="MonkeySphere 0.12-1 released!"]]
+
+# MonkeySphere 0.12-1 released! #
+
+MonkeySphere 0.12-1 has been released. This release includes
+documentation updates, and a re-organized logging subsystem with
+various levels of verbosity, modeled after LogLevel in OpenSSH.
+
+[[download]] it now!
diff --git a/website/templates/nav.mdwn b/website/sidebar.mdwn
index 33ab8ce..33ab8ce 100644
--- a/website/templates/nav.mdwn
+++ b/website/sidebar.mdwn
diff --git a/website/similar.mdwn b/website/similar.mdwn
index ae3f728..271d5ea 100644
--- a/website/similar.mdwn
+++ b/website/similar.mdwn
@@ -1,4 +1,3 @@
-[[!template id="nav"]]
[[meta title="Similar Projects"]]
The monkeysphere isn't the only project intending to implement a PKI
diff --git a/website/trust-models.mdwn b/website/trust-models.mdwn
new file mode 100644
index 0000000..60aa680
--- /dev/null
+++ b/website/trust-models.mdwn
@@ -0,0 +1,21 @@
+[[meta title
+You can see your trust database parameters like this:
+
+ gpg --with-colons --list-key bogusgarbagehere 2>/dev/null | head -n1
+
+for me, it looks like this:
+
+ tru::1:1220401097:1220465006:3:1:5
+
+These colon-delimited records say (in order):
+
+ * `tru`: this is a trust database record
+ * `<empty>`: the trust database is not stale (might be 'o' for old, or 't' for "built with different trust model and not yet updated")
+ * `1`: uses new "PGP" trust model: this is just the old trust model plus trust signatures. I'll go into trust signatures later.
+ * `1220401097`: seconds since the epoch that i created the trust db.
+ * `1220465006`: seconds after the epoch that the trustdb will need to be rechecked (usually due to the closest pending expiration, etc)
+ * `3`: Either 3 certifications from keys with marginal ownertrust are needed for full User ID+Key validity
+ * `1`: Or 1 certification from a key with full ownertrust is needed for full User ID+Key validity
+ * `5`: max_cert_depth (not sure exactly how this is used)
+
+
diff --git a/website/why.mdwn b/website/why.mdwn
index 5dc0e05..3366439 100644
--- a/website/why.mdwn
+++ b/website/why.mdwn
@@ -1,5 +1,3 @@
-[[!template id="nav"]]
-
[[meta title="Why should you be interested in the MonkeySphere?"]]
[[toc ]]
@@ -33,7 +31,7 @@ ever connected to?
[Get started with the monkeysphere as a user!](/getting-started-user)
-## As an system administrator ##
+## As a system administrator ##
As a system administrator, have you ever tried to re-key an SSH
server? How did you communicate the key change to your users? How
@@ -137,3 +135,43 @@ than the current infrastructure allows, and is more meaningful to
actual humans using these tools than some message like "Certified by
GloboTrust".
+## Philosophy ##
+
+Humans (and
+[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
+have the innate capacity to keep track of the identities of only a
+finite number of people. After our social sphere exceeds several dozen
+or several hundred (depending on the individual), our ability to
+remember and distinguish people begins to break down. In other words,
+at a certain point, we can't know for sure that the person we ran into
+in the produce aisle really is the same person who we met at the party
+last week.
+
+For most of us, this limitation has not posed much of a problem in our
+daily, off-line lives. With the Internet, however, we have an ability
+to interact with vastly larger numbers of people than we had
+before. In addition, on the Internet we lose many of our tricks for
+remembering and identifying people (physical characteristics, sound of
+the voice, etc.).
+
+Fortunately, with online communications we have easy access to tools
+that can help us navigate these problems.
+[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
+protocol commonly used for sending signed and encrypted email
+messages) is one such tool. In its simplest form, it allows us to
+sign our communication in such a way that the recipient can verify the
+sender.
+
+OpenPGP goes beyond this simple use to implement a feature known as
+the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
+of trust allows people who have never met in person to communicate
+with a reasonable degree of certainty that they are who they say they
+are. It works like this: Person A trusts Person B. Person B verifies
+Person C's identity. Then, Person A can verify Person C's identity
+because of their trust of Person B.
+
+The Monkeyshpere's broader goals are to extend the use of OpenPGP from
+email communications to other activities, such as:
+
+ * conclusively identifying the remote server in a remote login session
+ * granting access to servers to people we've never directly met