Merge commit 'jrollins/master'

Conflicts:
	website/sidebar.mdwn

7 files changed, 66 insertions, 19 deletions

diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn
index af4c17a..2ec68d6 100644
--- a/website/bugs/use_getopts_instead_of_getopt.mdwn
+++ b/website/bugs/use_getopts_instead_of_getopt.mdwn
@@ -8,3 +8,12 @@ better for portability.
 So it looks like the sh built-in getopts does not include long options
 (eg. "--expire").  Is it worth getting rid of the long options for
 this?
+
+---
+
+Why not just get rid of getopts altogether and perform a simple
+argument-processing loop with bash string tests?  We're only invoking
+getopt in three places, and each invocation is no more complex than
+three arguments -- and most arguments take a separate parameter, which
+means that handling tricky arg blobs like -aCxr are not gonna be
+supported anyway.
diff --git a/website/local.css b/website/local.css
index c4b59e9..de0f196 100644
--- a/website/local.css
+++ b/website/local.css
@@ -58,31 +58,31 @@ pre {
   overflow: auto;
 }
 
-table.sitenav { 
+table.sitenav {
   border-bottom: 2px solid black;
   padding: 0px;
   width: 100%;
   font-size: larger;
 }
 
-table.sitenav img.logo { 
-  margin: 0px; 
-  padding: 0px; 
+table.sitenav img.logo {
+  margin: 0em;
+  padding: 0px;
   vertical-align: bottom;
 }
 
+table.sitenav img.title {
+  margin: 0px;
+  padding: 0px;
+  vertical-align: top;
+}
+
 table.sitenav a { 
   font-weight: bold;
   margin-right: 1em;
   font-size: smaller;
 }
 
-/* trying to align the sitenav links roughly with the text in the monkeysphere logo */
-td#sitenav { 
-  vertical-align: bottom;
-  padding-bottom: 30px;
-}
-
 table.sitenav span.selflink { 
   font-weight: bold;
   text-decoration: underline;
diff --git a/website/logo.simple.png b/website/logo.simple.png
new file mode 100644
index 0000000..5cc69eb
--- /dev/null
+++ b/website/logo.simple.png
diff --git a/website/logo.title.png b/website/logo.title.png
new file mode 100644
index 0000000..a203f8b
--- /dev/null
+++ b/website/logo.title.png
diff --git a/website/news/Monkeysphere-in-Debian.mdwn b/website/news/Monkeysphere-in-Debian.mdwn
index acba904..edad432 100644
--- a/website/news/Monkeysphere-in-Debian.mdwn
+++ b/website/news/Monkeysphere-in-Debian.mdwn
@@ -3,9 +3,9 @@
 [The Monkeysphere has made it into
 Debian!](http://packages.debian.org/sid/monkeysphere)
 
-It is in Debian unstable (sid) now, which means it won't make it into
-the next unstable release (lenny), but hopefully will be in the stable
-release after that (squeeze).
+It is in Debian unstable ("sid") now, which means it won't make it
+into the next stable release ("lenny"), but hopefully will make it
+into the stable release after that ("squeeze").
 
 Congratulations to all the work by all the [monkeysphere
 developers](/community), and to Micah Anderson for being our Debian
diff --git a/website/sidebar.mdwn b/website/sidebar.mdwn
index 381dff7..4783d2a 100644
--- a/website/sidebar.mdwn
+++ b/website/sidebar.mdwn
@@ -1,12 +1,19 @@
 <table class="sitenav" cellpadding="0" cellspacing="0">
-<tbody><tr><td>
-<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a>
-</td><td id="sitenav">
-
+<colgroup span="1" width="120" />
+<tr>
+<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td>
+<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td>
+</tr><tr>
+<td>
 [[WHY?|why]]
 [[DOWNLOAD|download]]
 [[DOCUMENTATION|doc]] 
 [[NEWS|news]]
 [[COMMUNITY|community]]
-[[BUGS|bugs]]
-</td></tr></tbody></table>
+<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a>
+<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a>
+[[VISION|vision]]
+</td>
+</tr>
+</table>
+
diff --git a/website/vision.mdwn b/website/vision.mdwn
new file mode 100644
index 0000000..281bc72
--- /dev/null
+++ b/website/vision.mdwn
@@ -0,0 +1,31 @@
+[[meta title="Our vision for the future of the monkeysphere"]]
+
+## External Validation Agent ##
+
+This is probably at the crux of the Monkeysphere vision for the future:
+
+* [Simon Josefsson proposed out-of-process certificate verification model in gnutls-devel](http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3231)
+* [Werner Koch's dirmngr](http://www.gnupg.org/documentation/manuals/dirmngr/)
+* [GnuTLS wiki external validation](http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation)
+* [Pathfinder PKI validation](http://code.google.com/p/pathfinder-pki/) (includes validation plugins for OpenSSL and LibNSS).
+
+## TLS transition strategies ##
+
+While [RFC 5081](http://tools.ietf.org/html/rfc5081) is quite a while
+off from widespread adoption, it would be good to have an interim
+translation step.  This is analogous to the SSH work we've done, where
+the on-the-wire protocol remains the same, but the keys themselves are
+looked up in the OpenPGP WoT.
+
+Firefox extensions that deal with certificate validation seem to be
+the easiest path toward demonstrating this technique.  We should look
+at:
+
+* [SSL Blacklist](http://codefromthe70s.org/sslblacklist.aspx)
+* [Perspectives](http://www.cs.cmu.edu/~perspectives/firefox.html)
+* there is another firefox extension that basically disables all TLS certificate checking.  The download page says things like "this is a bad idea" and "do not install this extension", but i'm unable to find it at the moment.
+
+## Related discussions ##
+
+* [Wandering Thoughts blog discussion about Web of Trust flaws](http://utcc.utoronto.ca/~cks/space/blog/tech/WebOfTrustFlaws?showcomments)
+* [Wandering Thoughts blog discussion about certificate authorities](http://utcc.utoronto.ca/~cks/space/blog/web/SSLCANeed?showcomments)