summaryrefslogtreecommitdiff
path: root/website
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-07-29 09:21:12 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-07-29 09:21:12 -0400
commite90c5fcfae6bcc22058003f7d028fdb9ce84accb (patch)
treeb7ebe296496b0064d15016df4b8d863302724c47 /website
parent9b917f32a5d68abbb2f5993d32e2b60636a37dc5 (diff)
parent4ac01c98191fd4d6d0ab3654de427fa02f0e93f7 (diff)
Merge commit 'jrollins/master'
Diffstat (limited to 'website')
-rw-r--r--website/dev.mdwn13
-rw-r--r--website/doc.mdwn1
-rw-r--r--website/index.mdwn73
-rw-r--r--website/local.css9
4 files changed, 64 insertions, 32 deletions
diff --git a/website/dev.mdwn b/website/dev.mdwn
new file mode 100644
index 0000000..b149f9c
--- /dev/null
+++ b/website/dev.mdwn
@@ -0,0 +1,13 @@
+# Monkeysphere Development #
+
+The Monkeysphere is attempting to use a completely distributed
+development model. Please feel free to clone any of our developer git
+repositories, and send patches, modifications, or merge requests to
+any of the upstream developers.
+
+## Contacts ##
+
+Please feel free to contact any of the Monkeysphere developers with
+any questions, comments, bug reports, requests, etc:
+
+Jameson Graef Rollins <jrollins@phys.columbia.edu>
diff --git a/website/doc.mdwn b/website/doc.mdwn
index 4334e8b..33fe340 100644
--- a/website/doc.mdwn
+++ b/website/doc.mdwn
@@ -9,3 +9,4 @@
* [Initial specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
* [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
* [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
+* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
diff --git a/website/index.mdwn b/website/index.mdwn
index 3bc1fe1..c0cde58 100644
--- a/website/index.mdwn
+++ b/website/index.mdwn
@@ -9,26 +9,48 @@ yourself and the servers you administer or connect to. OpenPGP keys
are tracked via GnuPG, and managed in the known\_hosts and
authorized\_keys files used by OpenSSH for connection authentication.
-[[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
+[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] |
+[[development|dev]]
## Conceptual overview ##
Everyone who has used secure shell is familiar with the prompt given
-the first time you login, asking if you want to trust the server's
-fingerprint. In addition, many of us take advantage of OpenSSH's
-ability to use RSA or DSA keys for authenticating to a server, rather
-than relying on a password exchange.
-
-[OpenSSH](http://openssh.com/) already provides a functional way for
-managing the RSA and DSA keys required for these
-interactions. However, it lacks any type of [Public Key Infrastructure
-(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure).
+the first time you log in to a new server, asking if you want to trust
+the server's key by verifying the key fingerprint. Unfortunately,
+unless you have access to the server's key fingerprint through a
+secure out-of-band channel, there is no way to verify that the
+fingerprint you are presented with is in fact that of the server your
+really trying to connect to.
+
+Many users also take advantage of OpenSSH's ability to use RSA or DSA
+keys for authenticating to a server (known as "PubkeyAuthentication"),
+rather than relying on a password exchange. But again, the public
+part of the key needs to be transmitted to the server through a secure
+out-of-band channel (usually via a separate password-based SSH
+connection) in order for this type of authentication to work
+
+[OpenSSH](http://openssh.com/) currently provides a functional way to
+managing the RSA and DSA keys required for these interactions through
+the known\_hosts and authorized\_keys files. However, it lacks any
+type of [Public Key Infrastructure
+(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that
+can verify that the keys being used really are the one required or
+expected.
The basic idea of the Monkeysphere is to create a framework that uses
[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and
public keyserver communication to manage the keys that OpenSSH uses
for connection authentication.
+The Monkeysphere therefore provides an effective PKI for OpenSSH,
+including the possibility for key transitions, transitive
+identifications, revocations, and expirations. It also actively
+invites broader participation in the
+[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of
+trust](http://en.wikipedia.org/wiki/Web_of_trust).
+
+## Technical details ##
+
Under the Monkeysphere, both parties to an OpenSSH connection (client
and server) explicitly designate who they trust to certify the
identity of the other party. These trust designations are explicitly
@@ -39,26 +61,21 @@ modification is made to the SSH protocol on the wire (it continues to
use raw RSA public keys), and no modification is needed to the OpenSSH
software.
-To emphasize: *no SSH modification is required to use the
-Monkeysphere*.
-
-This offers users of OpenSSH an effective PKI, including the
-possibility for key transitions, transitive identifications,
-revocations, and expirations. It also actively invites broader
-participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp)
-[web of trust](http://en.wikipedia.org/wiki/Web_of_trust).
+To emphasize: *no modifications to SSH are required to use the
+Monkeysphere*. OpenSSH can be used as is; completely unpatched and
+"out of the box".
## Philosophy ##
Humans (and
[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
-have innate capacity to keep track of the identity of a finite number
-of people. After our social sphere exceeds several dozen or several
-hundred (depending on the individual), our ability to remember and
-distinguish people begins to break down. In other words, at a certain
-point, we can't know for sure that the person we ran into in the
-produce aisle really is the same person who we met at the party last
-week.
+have the innate capacity to keep track of the identities of only a
+finite number of people. After our social sphere exceeds several dozen
+or several hundred (depending on the individual), our ability to
+remember and distinguish people begins to break down. In other words,
+at a certain point, we can't know for sure that the person we ran into
+in the produce aisle really is the same person who we met at the party
+last week.
For most of us, this limitation has not posed much of a problem in our
daily, off-line lives. With the Internet, however, we have an ability
@@ -80,7 +97,8 @@ the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
of trust allows people who have never met in person to communicate
with a reasonable degree of certainty that they are who they say they
are. It works like this: Person A trusts Person B. Person B verifies
-Person C's identity. Then, Person A can verify Person C's identity.
+Person C's identity. Then, Person A can verify Person C's identity
+because of their trust of Person B.
The Monkeyshpere's broader goals are to extend the use of OpenPGP from
email communications to other activities, such as:
@@ -92,9 +110,8 @@ email communications to other activities, such as:
* [OpenSSH](http://openssh.com/)
* [GnuPG](http://www.gnupg.org/)
+* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252)
* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)
-* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
-
----
diff --git a/website/local.css b/website/local.css
index 6302a54..06b1750 100644
--- a/website/local.css
+++ b/website/local.css
@@ -1,12 +1,12 @@
body {
font-family:Verdana,Geneva,Arial,Helvetica,sans-serif;
- font-size:0.8em;
+ font-size:1em;
margin-left: 5%;
margin-right:20%;
}
h1 {
- font-size: 1.4em;
+ font-size: 1.5em;
}
h2 {
@@ -14,14 +14,15 @@ h2 {
}
h3 {
- font-size: 1.0em;
+ font-size: 1em;
}
h4 {
- font-size: .9em;
+ font-size: 1em;
}
.header span {
+ font-size: 1.5em;
color: #aaaaaa;
}