diff options
-rw-r--r-- | website/index.mdwn | 51 | ||||
-rw-r--r-- | website/local.css | 66 | ||||
-rw-r--r-- | website/why.mdwn | 42 |
3 files changed, 77 insertions, 82 deletions
diff --git a/website/index.mdwn b/website/index.mdwn index 7c9030a..a7d074e 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,5 +1,3 @@ -[[toc ]] - The Monkeysphere project's goal is to extend OpenPGP's web of trust to new areas of the Internet to help us securely identify each other while we work online. @@ -14,7 +12,7 @@ monkeysphere manages the `known_hosts` and `authorized_keys` files used by OpenSSH for authentication, checking them for cryptographic validity. -## Conceptual overview ## +## Overview ## Everyone who has used secure shell is familiar with the prompt given the first time you log in to a new server, asking if you want to trust @@ -53,8 +51,6 @@ invites broader participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). -## Technical details ## - Under the Monkeysphere, both parties to an OpenSSH connection (client and server) explicitly designate who they trust to certify the identity of the other party. These trust designations are explicitly @@ -65,51 +61,10 @@ No modification is made to the SSH protocol on the wire (it continues to use raw RSA public keys), and no modification is needed to the OpenSSH software. -To emphasize: *no modifications to SSH are required to use the -Monkeysphere*. OpenSSH can be used as is; completely unpatched and +To emphasize: ***no modifications to SSH are required to use the +Monkeysphere***. OpenSSH can be used as is; completely unpatched and "out of the box". -## Philosophy ## - -Humans (and -[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) -have the innate capacity to keep track of the identities of only a -finite number of people. After our social sphere exceeds several dozen -or several hundred (depending on the individual), our ability to -remember and distinguish people begins to break down. In other words, -at a certain point, we can't know for sure that the person we ran into -in the produce aisle really is the same person who we met at the party -last week. - -For most of us, this limitation has not posed much of a problem in our -daily, off-line lives. With the Internet, however, we have an ability -to interact with vastly larger numbers of people than we had -before. In addition, on the Internet we lose many of our tricks for -remembering and identifying people (physical characteristics, sound of -the voice, etc.). - -Fortunately, with online communications we have easy access to tools -that can help us navigate these problems. -[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic -protocol commonly used for sending signed and encrypted email -messages) is one such tool. In its simplest form, it allows us to -sign our communication in such a way that the recipient can verify the -sender. - -OpenPGP goes beyond this simple use to implement a feature known as -the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web -of trust allows people who have never met in person to communicate -with a reasonable degree of certainty that they are who they say they -are. It works like this: Person A trusts Person B. Person B verifies -Person C's identity. Then, Person A can verify Person C's identity -because of their trust of Person B. - -The Monkeyshpere's broader goals are to extend the use of OpenPGP from -email communications to other activities, such as: - - * conclusively identifying the remote server in a remote login session - * granting access to servers to people we've never directly met - ## Links ## * [OpenSSH](http://openssh.com/) diff --git a/website/local.css b/website/local.css index 9e141a2..69defae 100644 --- a/website/local.css +++ b/website/local.css @@ -1,29 +1,28 @@ h2 { --moz-border-radius-topleft:4px; --moz-border-radius-topright:4px; -background-color:#B67B4E; -color:black; -display:block; -font-weight:bold; -padding:0 0 0 10px; + -moz-border-radius: 4px; + background-color: #B67B4E; + color: black; + display: block; + font-weight: bold; + padding: 0 0 0 10px; } body { -color:#3F403F; -font-family:"Liberation Sans",sans-serif; -font-size:0.95em; + color: #3F403F; + font-family: "Liberation Sans",sans-serif; + font-size: 0.95em; } *|*:visited -color:#f6a464; + color: #f6a464; } *|*:-moz-any-link { -text-decoration:none; + text-decoration: none; } :-moz-any-link { -cursor:pointer; + cursor: pointer; } a:link { @@ -40,23 +39,23 @@ a:hover { } pre { - background: #ddd; - border: 1px solid #aaa; - padding: 3px 3px 3px 3px; - margin-left: 2em; + background: #ddd; + border: 1px solid #aaa; + padding: 3px 3px 3px 3px; + margin-left: 2em; } table.sitenav { - border-bottom: 2px solid black; - padding: 0px; - width: 100%; - font-size: larger; + border-bottom: 2px solid black; + padding: 0px; + width: 100%; + font-size: larger; } table.sitenav img.logo { - margin: 0px; - padding: 0px; - vertical-align: bottom; + margin: 0px; + padding: 0px; + vertical-align: bottom; } table.sitenav a { @@ -71,19 +70,20 @@ table.sitenav span.selflink { } div.header { - text-align: right; - display: none; + text-align: right; + display: none; } div.actions { - text-align: right; - display: none; + text-align: right; + display: none; } #sidebar { - line-height: normal; - width: 100%; - float: none; - margin: 0; - padding: 0; + line-height: normal; + width: 100%; + float: none; + margin: 0; + padding: 0; } + diff --git a/website/why.mdwn b/website/why.mdwn index b9f4117..3366439 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -31,7 +31,7 @@ ever connected to? [Get started with the monkeysphere as a user!](/getting-started-user) -## As an system administrator ## +## As a system administrator ## As a system administrator, have you ever tried to re-key an SSH server? How did you communicate the key change to your users? How @@ -135,3 +135,43 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +## Philosophy ## + +Humans (and +[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) +have the innate capacity to keep track of the identities of only a +finite number of people. After our social sphere exceeds several dozen +or several hundred (depending on the individual), our ability to +remember and distinguish people begins to break down. In other words, +at a certain point, we can't know for sure that the person we ran into +in the produce aisle really is the same person who we met at the party +last week. + +For most of us, this limitation has not posed much of a problem in our +daily, off-line lives. With the Internet, however, we have an ability +to interact with vastly larger numbers of people than we had +before. In addition, on the Internet we lose many of our tricks for +remembering and identifying people (physical characteristics, sound of +the voice, etc.). + +Fortunately, with online communications we have easy access to tools +that can help us navigate these problems. +[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic +protocol commonly used for sending signed and encrypted email +messages) is one such tool. In its simplest form, it allows us to +sign our communication in such a way that the recipient can verify the +sender. + +OpenPGP goes beyond this simple use to implement a feature known as +the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web +of trust allows people who have never met in person to communicate +with a reasonable degree of certainty that they are who they say they +are. It works like this: Person A trusts Person B. Person B verifies +Person C's identity. Then, Person A can verify Person C's identity +because of their trust of Person B. + +The Monkeyshpere's broader goals are to extend the use of OpenPGP from +email communications to other activities, such as: + + * conclusively identifying the remote server in a remote login session + * granting access to servers to people we've never directly met |