diff options
Diffstat (limited to 'doc/conferences/lca2010/outline')
| -rw-r--r-- | doc/conferences/lca2010/outline | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/doc/conferences/lca2010/outline b/doc/conferences/lca2010/outline deleted file mode 100644 index 15c4868..0000000 --- a/doc/conferences/lca2010/outline +++ /dev/null @@ -1,62 +0,0 @@ - - - -The presentation is in three parts: - -Background ----------- - - * Why authentication using asymmetric crypto (as opposed to shared - secrets) is important on today's network. - - * Overview of how ssh uses asymmetric crypto authentication (user -> - host, host -> user) - - * Overview of relevant bits of OpenPGP (key -> User ID bindings, - certifications, usage flags, key -> subkey bindings) - - * Overview of keyservers (the idea of gossip, One Big Network, - propagation, issues around redundancy, logging, private access) - - -How ---- - - * How does the monkeysphere do it? (very brief under-the-hood) - - * How does a server administrator publish a host's ssh key to the Web - of Trust? How do they maintain it? - - * How does a user incorporate WoT-based host-key checking into their - regular ssh usage? - - * How does a user publish their own ssh identity to the WoT for hosts - to find it? How do they maintain it? - - * How does a server administrator tell a server to admit certain - people (as identified by the WoT) to certain accounts? How do they - tell the server which certifications are trustworthy? - -Possible Futures ----------------- - - * Use the Monkeysphere with ssh implementations other than OpenSSH - (dropbear, lsh, putty, etc) - - * Expansion of the Monkeysphere's out-of-band PKI mechanism for - authentication in protocols other than SSH (TLS, HTTPS) without - protocol modification. - - * Use of OpenPGP certificates directly in SSH. OpenPGP is referenced - in RFC 4253 already: optional, rarely implemented, and deliberately - ambiguous about how to calculate key->identity bindings. - - * Use of OpenPGP certificates for authentication directly in - protocols. RFC 5081 provides a mechanism for OpenPGP certificates - in TLS, but is similarly ambiguous about certificate verification. - - * Better end-user control over verification: Who or what are you - really connecting to? How do you know? How can this information - be effectively and intuitively displayed to a typical user? - - * What would you like to see? |