diff options
-rw-r--r-- | website/index.mdwn | 57 |
1 files changed, 34 insertions, 23 deletions
diff --git a/website/index.mdwn b/website/index.mdwn index f7f9c06..d7892c8 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,33 +1,44 @@ -Monkeysphere is a framework to leverage the OpenPGP web of trust for -OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and added -to the authorized\_keys and known\_hosts files used by OpenSSH for -connection authentication. +The Monkeysphere project's goal is to extend the web of trust model and other +features of OpenPGP to other areas of the Internet to help us securely identify +each other while we work online. + +Specifically, the Monkeysphere is a framework to leverage the OpenPGP web of +trust for OpenSSH authentication. In other words, it allows you to use your +OpenPGP keys when using secure shell to both identify yourself and the servers +you administer or connect to. OpenPGP keys are tracked via GnuPG, and added to +the authorized\_keys and known\_hosts files used by OpenSSH for connection +authentication. [[bugs]] | [[download]] | [[news]] | [[documentation|doc]] ## Conceptual overview ## -[OpenSSH](http://openssh.com/) provides a functional way for -management of explicit RSA and DSA keys (without any type of [Public -Key Infrastructure -(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure)). The -basic idea of this project is to create a framework that uses -[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and -public keyservers to generate files that OpenSSH will accept and -handle as intended. This offers users of OpenSSH an effective PKI, -including the possibility for key transitions, transitive -identifications, revocations, and expirations. It also actively -invites broader participation in the +Everyone who has used secure shell is familiar with the prompt given the first +time you login, asking if you want to trust the server's fingerprint. In +addition, many of us take advantage of OpenSSH's ability to use RSA or DSA keys +for authenticating to a server, rather than relying on a password exchange. + +[OpenSSH](http://openssh.com/) already provides a functional way for managing +the RSA and DSA keys required for these interactions. However, it lacks any +type of [Public Key Infrastructure +(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure). + +The basic idea of the Monkeysphere is to create a framework that uses +[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and public +keyservers to generate files that OpenSSH will accept and handle as intended. + +This offers users of OpenSSH an effective PKI, including the possibility for +key transitions, transitive identifications, revocations, and expirations. It +also actively invites broader participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). -Under the Monkeysphere, both parties to an OpenSSH connection (client -and server) have a responsibility to explicitly designate who they -trust to certify the identity of the other party. This trust -designation is explicitly indicated with traditional GPG keyring trust -model. No modification is made to the SSH protocol on the wire (it -continues to use raw RSA public keys), and it should work with -unpatched OpenSSH software. +Under the Monkeysphere, both parties to an OpenSSH connection (client and +server) have a responsibility to explicitly designate who they trust to certify +the identity of the other party. This trust designation is explicitly indicated +with traditional GPG keyring trust model. No modification is made to the SSH +protocol on the wire (it continues to use raw RSA public keys), and it should +work with unpatched OpenSSH software. Monkeysphere does not modify ssh in any way, and ssh can be used "out of the box". Monkeysphere is a set of tools that manages keys in the @@ -57,7 +68,7 @@ Fortunately, with online communications we have easy access to tools that can help us navigate these problems. [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic protocol commonly used for sending signed and encrypted email -messagess) is one such tool. In its simplest form, it allows us to +messages) is one such tool. In its simplest form, it allows us to sign our communication in such a way that the recipient can verify the sender. |