summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/ExternalValidation.html232
-rw-r--r--doc/MonkeySpec81
-rw-r--r--doc/TODO51
-rw-r--r--doc/announcement.html56
-rw-r--r--doc/artwork/Makefile2
-rw-r--r--doc/artwork/Monkey.svg52
-rw-r--r--doc/artwork/logo.svg117
-rw-r--r--doc/conferences/lca2010/abstract65
-rw-r--r--doc/conferences/lca2010/bio23
-rw-r--r--doc/conferences/lca2010/experience26
-rw-r--r--doc/conferences/lca2010/outline62
-rw-r--r--doc/conferences/lca2010/techrequirements1
-rw-r--r--doc/conferences/lca2010/title1
-rw-r--r--doc/conferences/lca2010/videoabstract1
-rw-r--r--doc/conferences/seminar/abstract17
-rw-r--r--doc/conferences/seminar/outline43
-rw-r--r--doc/george/changelog281
-rw-r--r--doc/george/host-key-publication28
-rw-r--r--doc/george/keyserver-local24
-rw-r--r--doc/george/policy33
-rw-r--r--doc/george/user-id-configuration40
-rw-r--r--doc/ikiwiki.setup.sample29
-rw-r--r--doc/zimmermann/changelog71
-rw-r--r--doc/zimmermann/https-proxy14
-rw-r--r--doc/zimmermann/index.html73
25 files changed, 0 insertions, 1423 deletions
diff --git a/doc/ExternalValidation.html b/doc/ExternalValidation.html
deleted file mode 100644
index d176957..0000000
--- a/doc/ExternalValidation.html
+++ /dev/null
@@ -1,232 +0,0 @@
-<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
-<base href="http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation"><div style="margin:-1px -1px 0;padding:0;border:1px solid #999;background:#fff"><div style="margin:12px;padding:8px;border:1px solid #999;background:#ddd;font:13px arial,sans-serif;color:#000;font-weight:normal;text-align:left">This is Google&#39;s cache of <a href="http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation" style="text-decoration:underline;color:#00c">http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation</a>. It is a snapshot of the page as it appeared on Dec 15, 2008 14:31:48 GMT. The <a href="http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation" style="text-decoration:underline;color:#00c">current page</a> could have changed in the meantime. <a href="http://www.google.com/intl/en/help/features_list.html#cached" style="text-decoration:underline;color:#00c">Learn more</a><br><br><div style="float:right"><a href="http://74.125.47.132/search?q=cache:TK3CfB0McV4J:redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation+http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation&amp;hl=en&amp;gl=us&strip=1" style="text-decoration:underline;color:#00c">Text-only version</a></div>
-<div>These terms only appear in links pointing to this page: <span style="font-weight:bold">http</span>&nbsp;<span style="font-weight:bold">redmine</span>&nbsp;<span style="font-weight:bold">josefsson</span>&nbsp;<span style="font-weight:bold">org</span>&nbsp;<span style="font-weight:bold">wiki</span>&nbsp;<span style="font-weight:bold">gnutls</span>&nbsp;<span style="font-weight:bold">gnutlsexternalvalidation</span>&nbsp;&nbsp;</div></div></div><div style="position:relative">
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-<head>
-<title>GnuTLS - GnuTLSExternalValidation - Redmine</title>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<meta name="description" content="Redmine" />
-<meta name="keywords" content="issue,bug,tracker" />
-<link href="/stylesheets/application.css?1227251496" media="all" rel="stylesheet" type="text/css" />
-<script src="/javascripts/prototype.js?1224248241" type="text/javascript"></script>
-<script src="/javascripts/effects.js?1224248241" type="text/javascript"></script>
-<script src="/javascripts/dragdrop.js?1224248241" type="text/javascript"></script>
-<script src="/javascripts/controls.js?1224248241" type="text/javascript"></script>
-<script src="/javascripts/application.js?1224248241" type="text/javascript"></script>
-<link href="/stylesheets/jstoolbar.css?1224248241" media="screen" rel="stylesheet" type="text/css" />
-<!--[if IE]>
- <style type="text/css">
- * html body{ width: expression( document.documentElement.clientWidth < 900 ? '900px' : '100%' ); }
- body {behavior: url(/stylesheets/csshover.htc?1224248241);}
- </style>
-<![endif]-->
-
-<!-- page specific tags -->
-
- <link href="/stylesheets/scm.css?1224248241" media="screen" rel="stylesheet" type="text/css" />
-</head>
-<body>
-<div id="wrapper">
-<div id="top-menu">
- <div id="account">
- <ul><li><a href="/login" class="login">Sign in</a></li>
-<li><a href="/account/register" class="register">Register</a></li></ul> </div>
-
- <ul><li><a href="/" class="home">Home</a></li>
-<li><a href="/projects" class="projects">Projects</a></li>
-<li><a href="http://www.redmine.org/guide" class="help">Help</a></li></ul></div>
-
-<div id="header">
- <div id="quick-search">
- <form action="/search/index/gnutls" method="get">
- <a href="/search/index/gnutls" accesskey="4">Search</a>:
- <input accesskey="f" class="small" id="q" name="q" size="20" type="text" />
- </form>
-
- </div>
-
- <h1>GnuTLS</h1>
-
- <div id="main-menu">
- <ul><li><a href="/projects/show/gnutls">Overview</a></li>
-<li><a href="/projects/activity/gnutls">Activity</a></li>
-<li><a href="/projects/roadmap/gnutls">Roadmap</a></li>
-<li><a href="/projects/gnutls/issues">Issues</a></li>
-<li><a href="/wiki/gnutls" class="selected">Wiki</a></li>
-<li><a href="/repositories/show/gnutls">Repository</a></li></ul>
- </div>
-</div>
-
-<div class="" id="main">
- <div id="sidebar">
-
- <h3>Wiki</h3>
-
-<a href="/wiki/gnutls">Start page</a><br />
-<a href="/wiki/gnutls/Page_index/special">Index by title</a><br />
-<a href="/wiki/gnutls/Date_index/special">Index by date</a><br />
-
-
- </div>
-
- <div id="content">
-
-
- <div class="contextual">
-
-
-
-
-
-
-
-
-<a href="/wiki/gnutls/GnuTLSExternalValidation/history" class="icon icon-history">History</a>
-</div>
-
-
-
-
-
-<div class="wiki">
- <h1 id="GnuTLSExternalValidation">GnuTLSExternalValidation<a href="#GnuTLSExternalValidation" class="wiki-anchor">&para;</a></h1>
-
-
- <p>This page is intended to flesh out ideas to externalize the X.509 chain validation, X.509 private key handling, and possibly also OpenPGP validation and private key handling.</p>
-
-
- <p>It is important to realize that these are different problems, so the solution may be different. Let's first make the goals clear:</p>
-
-
- <ul>
- <li>Make it possible to store private keys in a process different from the process that runs the GnuTLS client/server.</li>
- <li>Make it possible to perform X.509 chain validation in a different process.</li>
- <li>Make it possible to perform OpenPGP key validation in a different process.</li>
- </ul>
-
-
- <p>One must decide whether the external agent should be responsible for making authentication decisions, authorization decisions, or both. Possibly it should be able to make both kind of decisions. The GnuTLS process can always make further authorization decisions as well.</p>
-
-
- <p>For private keys, there is the PKCS#11 interface. GnuTLS has a branch that supports it. However, PKCS#11 doesn't solve the problem with an external process. It seems better to move the PKCS#11 interface to the external agent, rather than adding PKCS#11 interface to GnuTLS itself. Btw, GnuTLS already has PKCS#11 support on a special branch, and has been tested against the Scute PKCS#11 provider together with a Swedish eID X.509 smartcard.</p>
-
-
- <p>The solution should allow simple integration with GNOME components such as <a href="http://live.gnome.org/Seahorse" class="external">SeaHorse</a>.</p>
-
-
- <h2 id="Private-key-protocol">Private key protocol<a href="#Private-key-protocol" class="wiki-anchor">&para;</a></h2>
-
-
- <p>Possible we should re-use GnuPG's external protocol here? What we need is an IPC protocol that does:</p>
-
-
- <pre><code>SIGN [ALG] [KEY-ID] [TLS-DATA]</code></pre>
-
-
- <p>Where KEY-ID somehow denotes a key to use, and TLS-DATA is the data that needs to be signed using the TLS algorithm. Given that TLS supports several algorithms, and even RSA is supported in more than one mode, there needs to be an ALG flag to indicate this.</p>
-
-
- <h2 id="X509-Chain-Validation">X.509 Chain Validation<a href="#X509-Chain-Validation" class="wiki-anchor">&para;</a></h2>
-
-
- <p>GnuPG's dirmngr <a href="http://www.gnupg.org/documentation/manuals/dirmngr/Dirmngr-Protocol.html#Dirmngr-Protocol" class="external">has a protocol for doing this</a>, using <a href="http://www.gnupg.org/documentation/manuals/assuan/" class="external">assuan</a>. Unfortunately, <a href="http://www.gnupg.org/documentation/manuals/assuan/Assuan.html#Assuan" class="external">assuan's design criteria</a> state "no protection against DoS needed". This might make it unsuitable for a TLS implementation or other online tool.</p>
-
-
- <p>It is not clear to me whether the trusted CAs should be sent over the IPC, or whether it is something that is assumed to be known by the agent. The latter seems safer, but the former may be useful in some scenarios. <em>(what scenarios?)</em> They aren't mutually incompatible, so maybe we can support both.</p>
-
-
- <p>Thus we need a command to send over a trusted certificate:</p>
-
-
- <pre><code>TRUSTED [b64pem...]</code></pre>
-
-
- <p>And also send over untrusted certificates provided by the TLS peer:</p>
-
-
- <pre><code>UNTRUSTED [b64pem...]</code></pre>
-
-
- <p>Finally, a request to perform chain validation on a particular certificate is performed using:</p>
-
-
- <pre><code>VALIDATE [b64pem...]</code></pre>
-
-
- <h2 id="Generic-Certificate-Validation">Generic Certificate Validation<a href="#Generic-Certificate-Validation" class="wiki-anchor">&para;</a></h2>
-
-
- <p>It would be nice to be able to hand the agent any kind of certificate (OpenPGP or X.509), or even to be able to hand the agent a raw public key to see if it validates.</p>
-
-
- <p>The crucial request would be:</p>
-
-
- <pre><code>VALIDATE {LABEL} {CERTTYPE} {PEERNAME} {CERTIFICATE}</code></pre>
-
-
- <p>This says "I'm a program called LABEL. I'm about to send you a certificate of type CERTTYPE. I want you to tell me whether the specified PEERNAME matches one of the names stored in the certificate, and that the matching name in the certificate is cryptographically valid based on your knowledge of trusted certifiers."</p>
-
-
- <p>The agent can respond with VALID or INVALID. We maybe should consider whether INVALID might be implemented as an extensible set of reasons for invalidity (e.g. EXPIRED, NOMATCH, UNTRUSTED, SELFSIGNED, etc): would the potential extensibility from this outweigh the added implementation and semantic complexity?</p>
-
-
- <p>The possible options for CERTTYPE could be:</p>
-
-
- <ul>
- <li>RAWPUBKEY (maybe modelled after <a href="http://tools.ietf.org/html/rfc4253#section-6.6" class="external">ssh-dss and ssh-rsa in RFC 4253</a> ?)</li>
- <li>OPENPGP (after <a href="http://tools.ietf.org/html/rfc4880#section-11.1" class="external">section 11.1 of RFC 4880</a> either base-64 encoded or raw)</li>
- <li>X509 (after <a href="http://tools.ietf.org/html/rfc5280" class="external">RFC 5280</a>, either PEM or DER encoded)</li>
- </ul>
-
-
- <p>This would allow numerous clients and servers to make use of the validation agent. For example:</p>
-
-
- <ul>
- <li><a href="http://www.lysator.liu.se/~nisse/lsh/" class="external">lsh</a> could feed its fetched host keys to the validation agent instead of having to maintain ~/.lsh/host-acls</li>
- <li><a href="http://www.openldap.org/doc/admin24/tls.html#Client%20Certificates" class="external">slapd</a> could use the validation agent to identify the DN of the remote client.</li>
- <li><a href="http://svnbook.red-bean.com/nightly/en/svn.serverconfig.httpd.html#svn.serverconfig.httpd.authn.sslcerts" class="external">subversion</a> could ask the validation agent to ensure that the OpenPGP certificate offered by a remote https server (using <a href="http://www.outoforder.cc/projects/apache/mod_gnutls/" class="external">mod_gnutls</a>) is in fact who it claims to be (and the mod_gnutls could validate the identity of the client in the same way).</li>
- </ul>
-
-
- <p>Additionally, it might be nice to have a command to offer intermediate certificates to the certificate store:</p>
-
-
- <pre><code>UNTRUSTED {LABEL} {CERTTYPE} {CERTIFICATE}</code></pre>
-
-
- <p>using UNTRUSTED with a RAWPUBKEY certificate wouldn't be a meaningful operation, but it could be used for intermediate X.509 certificates, or for the equivalent OpenPGP certificates (if such things were handy).</p>
-</div>
-
-
-
-
-
-
-<p class="other-formats">
-Also available in:
-<span><a href="/wiki/gnutls/GnuTLSExternalValidation?export=html&amp;version=9" class="html">HTML</a></span>
-<span><a href="/wiki/gnutls/GnuTLSExternalValidation?export=txt&amp;version=9" class="text">TXT</a></span>
-</p>
-
-
-
-
-
-
-
- </div>
-</div>
-
-<div id="ajax-indicator" style="display:none;"><span>Loading...</span></div>
-
-<div id="footer">
- Powered by <a href="http://www.redmine.org/">Redmine</a> &copy; 2006-2008 Jean-Philippe Lang
-</div>
-</div>
-
-</body>
-</html>
diff --git a/doc/MonkeySpec b/doc/MonkeySpec
deleted file mode 100644
index 66f44b0..0000000
--- a/doc/MonkeySpec
+++ /dev/null
@@ -1,81 +0,0 @@
-THE MONKEYSPHERE
-================
-
-Monkeysphere is authentication layer that allows the sysadmin to
-perform authorization on OpenPGP user identities instead of on keys.
-It also allows end users to authenticate/identify the ssh server they
-are connecting to by checking the sysadmin's certification.
-
-* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
-* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without
- modifying the openpgp spec, gpg or openssh
-* DESIGN GOALS - authentication, use the existing generic OpenSSH
- client, the admin can make it default, although end-user should be
- decide to use monkeysphere or not
-* DESIGN GOAL - use of monkeysphere should not radically change
- connecting-to-server experience
-
-Host identity piece of monkeysphere could be used without buying into
-the user authentication component.
-
-
-USE CASE
-========
-
-Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
-Backstory: http://www.conceptlabs.co.uk/alicebob.html
-
-Bob wants to sign on to the computer "mangabey.example.org" via
-monkeysphere framework. He doesn't yet have access to the machine,
-but he knows Alice, who is the admin of mangabey. Alice and Bob,
-being the conscientious netizens that they are, have already published
-their personal gpg keys to the web of trust, and being good friends,
-have both signed each other's keys and marked each others keys with
-"full" ownertrust.
-
-When Alice set up mangabey initially, she published an OpenPGP key for
-the machine with the special userid of "ssh://mangabey.example.org".
-She also signed mangabey's OpenPGP key and published this
-certification to commonly-used keyservers. Alice also configured
-mangabey to treat her own key with full ownertrust, so that it knows
-how to identify connecting users.
-
-Now, Alice creates a user account "bob" on mangabey, and puts Bob's
-userid ("Bob <bob@example.org>") in the authorized_user_ids file for
-user bob on mangabey. The monkeysphere automatically (via cron or
-inotify hook) takes each userid in bob's authorized_user_ids file, and
-looks on a keyserver to find all public keys associated with that user
-ID, with the goal of populating the authorized_keys file for
-bob@mangabey.
-
-In particular: for each key found, the server evaluates the calculated
-validity of the specified user ID based on the ownertrust rules it has
-configured ("trust alice's certifications fully", in this example).
-For each key for which the user ID in question is fully-valid, it
-extracts all DSA- or RSA-based primary or secondary keys marked with
-the authentication usage flag, and converts these OpenPGP public keys
-into ssh public keys. These keys are automatically placed into the
-authorized_keys file for bob.
-
-Bob now attempts to connect, by firing up a terminal and invoking:
-"ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client
-notices that mangabey.example.org isn't already available in bob's
-known_hosts file, and fetches the host key for mangabey from the
-public keyservers, with the goal of populating Bob's local known_hosts
-file.
-
-In particular: the monkeysphere queries its configured keyservers to
-find all public keys with User ID ssh://mangabey.example.org. For
-each public key found, it checks the relevant User ID's validity,
-converts any authentication-capable OpenPGP public keys into ssh
-public keys if the User ID validity is acceptable, and finally insert
-those keys into Bob's known_hosts file.
-
-On Bob's side, since mangabey's key had "full" validity (it was signed
-by Alice, whom he fully trusts), Bob's ssh client deems mangabey
-"known" and no further host key checking is required.
-
-On mangabey's side, since Bob's key has "full" validity (it had been
-signed by Alice, mangabey's trusted administrator), Bob is
-authenticated and therefore authorized to log into his account.
-
diff --git a/doc/TODO b/doc/TODO
deleted file mode 100644
index d365ac7..0000000
--- a/doc/TODO
+++ /dev/null
@@ -1,51 +0,0 @@
-Next-Steps Monkeysphere Projects:
----------------------------------
-
-Detail advantages of monkeysphere: detail the race conditions in ssh,
- and how the monkeysphere can help you reduce these threat vectors:
- threat model reduction diagrams.
-
-Handle unverified monkeysphere hosts in such a way that they're not
- always removed from known_hosts file. Ask user to lsign the host
- key?
-
-Resolve the bugs listed in openpgp2ssh(1):BUGS.
-
-Understand and document the output of gpg --check-trustdb:
- gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
- gpg: depth: 0 valid: 2 signed: 20 trust: 0-, 0q, 0n, 0m, 0f, 2u
- gpg: depth: 1 valid: 20 signed: 67 trust: 15-, 0q, 1n, 3m, 1f, 0u
- gpg: next trustdb check due at 2008-10-09
-
-Understand and document the numeric values between sig! and the keyid
- in "gpg --check-sigs $KEYID" . Compare with the details found from
- "gpg --with-colons --check-sigs $KEYID". This has to do with trust
- signatures.
-
-Fix gpg's documentation to clarify the difference between validity and
- ownertrust. Include better documentation for trust signatures.
-
-Make it easier to do domain-relative ssh host trust signatures with
- gnupg. (e.g. "i trust Jamie McClelland (keyID 76CC057D) to properly
- identify ssh servers in the mayfirst.org domain") See:
- http://tools.ietf.org/html/rfc4880#section-5.2.3.21 and grep for
- "tsign" in gpg(1).
-
-Fix the order of questions when user does a tsign in gpg or gpg2.
-
-When using ssh-proxycommand, if only host keys found are expired or
- revoked, then output loud warning with prompt, or fail hard.
-
-File bug against enigmail about lack of ability to create subkeys.
-
-Test and document what happens when any filesystem that the
- monkeysphere-server relies on and modifies (/tmp, /etc, and /var?)
- fills up.
-
-Optimize keyserver access, particularly on monkeysphere-server
- update-users -- is there a way to query the keyserver all in a
- chunk?
-
-Think about packaging monkeysphere for other (non-apt-based) operating
- systems. RPM-based linux systems, FreeBSD ports, and Mac OS X seem
- like the most likely candidates.
diff --git a/doc/announcement.html b/doc/announcement.html
deleted file mode 100644
index 0dbb249..0000000
--- a/doc/announcement.html
+++ /dev/null
@@ -1,56 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
-<title>Announcing the Monkeysphere</title>
-</head>
-
-<!-- This is a draft of a wider announcement for the Monkeysphere.
- dkg will probably post the final version in his blog at
- https://www.debian-administration.org/users/dkg/weblog
-
- Edits are welcome! -->
-
-<body>
-<h1>Monkeysphere: an OpenPGP-based PKI for SSH</h1>
-
-<p>Ever thought that there should be an automated way to handle ssh
-keys? Do you know the administrators of your servers, and wish that
-SSH could verify new host keys from them automatically, based on your
-personal connections to the web-of-trust? Do you wish you could
-revoke and/or rotate your old SSH authentication keys without having
-to log into every single machine you have an account on?</p>
-
-<p>Do you administer servers, and wish you could re-key them without
-sowing massive confusion among your users (or worse, encouraging bad
-security habits among them)? Do you wish you could grant access to
-your users by name, instead of by opaque string? Do you wish you
-could rapidly revoke access to a user (or compromised key) across a
-group of machines by disabling authentication for that user?</p>
-
-<p>A group of us have been working on a public key infrastructure for
-SSH. <a href="http://web.monkeysphere.info">Monkeysphere</a> makes use
-of the existing OpenPGP web-of-trust to fetch and cryptographically
-validate (and revoke!) keys. This works in both direction:
-<code>authorized_keys</code> <em>and</em> <code>known_hosts</code> are
-handled. Monkeysphere gives users and admins tools to deal with SSH
-keys by thinking about the people and machines to whom the keys
-belong, instead of requiring humans to do tedious (and error-prone)
-manual key verification.</p>
-
-<p>We have <a href="http://web.monkeysphere.info/download">debian
-packages available</a> which should install against lenny (for i386,
-amd64, powerpc, and arm architectures at the moment), <a
-href="https://lists.riseup.net/www/info/monkeysphere">a mailing
-list</a>, and open ears for good questions, suggestions and
-criticism.</p>
-
-<p>If you have a chance to give it a try (<a
-href="http://web.monkeysphere.info/getting-started-user/">as a
-user</a> or <a
-href="http://web.monkeysphere.info/getting-started-admin/">as an
-admin</a>), it would be great to <a
-href="https://lists.riseup.net/www/info/monkeysphere">get
-feedback</a>.</p>
-
-</body> </html>
diff --git a/doc/artwork/Makefile b/doc/artwork/Makefile
deleted file mode 100644
index b0cb37a..0000000
--- a/doc/artwork/Makefile
+++ /dev/null
@@ -1,2 +0,0 @@
-logo.png: logo.svg
- inkscape -e logo.png logo.svg
diff --git a/doc/artwork/Monkey.svg b/doc/artwork/Monkey.svg
deleted file mode 100644
index a458809..0000000
--- a/doc/artwork/Monkey.svg
+++ /dev/null
@@ -1,52 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
- xmlns:dc="http://purl.org/dc/elements/1.1/"
- xmlns:cc="http://web.resource.org/cc/"
- xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
- xmlns:svg="http://www.w3.org/2000/svg"
- xmlns="http://www.w3.org/2000/svg"
- xmlns:sodipodi="http://inkscape.sourceforge.net/DTD/sodipodi-0.dtd"
- xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
- id="svg2"
- sodipodi:version="0.32"
- inkscape:version="0.43"
- width="200"
- height="200"
- sodipodi:docbase="C:\Documents and Settings\clint\My Documents\Working\Chinese Zodiac"
- sodipodi:docname="monkey.svg"
- version="1.0">
- <metadata
- id="metadata7">
- <rdf:RDF>
- <cc:Work
- rdf:about="">
- <dc:format>image/svg+xml</dc:format>
- <dc:type
- rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
- </cc:Work>
- </rdf:RDF>
- </metadata>
- <defs
- id="defs5" />
- <sodipodi:namedview
- inkscape:window-height="540"
- inkscape:window-width="749"
- inkscape:pageshadow="2"
- inkscape:pageopacity="0.0"
- borderopacity="1.0"
- bordercolor="#666666"
- pagecolor="#ffffff"
- id="base"
- inkscape:showpageshadow="false"
- inkscape:zoom="0.71078191"
- inkscape:cx="186.89786"
- inkscape:cy="180.28334"
- inkscape:window-x="66"
- inkscape:window-y="66"
- inkscape:current-layer="svg2" />
- <path
- style="fill:#000000"
- d="M 123.78062,197.77013 C 159.09976,188.37786 185.23571,164.11558 196.09485,130.64001 C 201.32083,114.52987 201.29925,90.989024 196.04443,75.638354 C 184.27168,41.247215 160.13061,18.721762 125.38252,9.7053782 C 118.10971,7.8182612 109.44267,4.8466272 106.12247,3.1017942 C 100.01352,-0.10860683 93.617589,-0.82563983 86.882849,0.94482717 L 83.189129,1.9158772 L 86.882849,4.9388272 C 91.458489,8.6835112 89.426889,9.0066112 83.847679,5.4215272 C 79.903219,2.8869102 79.552029,2.9569602 75.684349,7.0496782 C 73.461519,9.4018782 70.467849,11.326395 69.031799,11.326395 C 67.595729,11.326395 61.265769,13.872295 54.965229,16.983946 C 47.411809,20.714329 43.287759,21.988613 42.858209,20.724829 C 41.956259,18.071229 26.658809,30.845814 26.658809,34.252581 C 26.658809,35.736965 23.768089,40.527332 20.234979,44.897832 C 6.2102795,62.246654 0.26075947,79.936054 0.0082094708,105.03722 C -0.18004053,123.74526 2.8336195,135.23544 12.267789,151.77971 C 24.120559,172.56528 50.120429,191.44391 75.568519,197.74272 C 87.681119,200.74078 112.55646,200.75493 123.78062,197.77013 z M 79.282929,192.6597 C 36.849809,183.25731 5.0762095,145.86533 5.0762095,105.33144 C 5.0762095,86.164734 13.388709,61.634564 24.123259,49.12355 C 28.386729,44.154482 28.480279,44.131382 33.344849,46.845766 C 38.724779,49.847733 39.914959,53.658304 35.472609,53.658304 C 33.010859,53.658304 33.061999,53.975554 35.887659,56.233454 C 39.066199,58.773334 39.064899,58.795564 35.789929,57.857614 C 32.469549,56.906614 32.469549,56.906614 35.789929,59.286484 C 41.847209,63.627934 53.222049,78.519284 53.222049,82.107784 C 53.222049,88.196034 70.152599,91.034974 83.599169,87.201424 C 94.360849,84.133304 95.658249,82.748784 93.382439,76.761174 C 92.466939,74.352654 91.159549,70.916704 90.477049,69.125754 C 89.794589,67.334774 89.411799,64.507204 89.626439,62.842224 C 89.860799,61.024154 89.299569,60.249604 88.221389,60.903114 C 87.233969,61.501584 86.426089,63.323654 86.426089,64.952124 C 86.426089,69.998474 82.097379,72.098224 73.951419,71.003234 C 67.959569,70.197834 66.503649,70.483684 66.503649,72.465654 C 66.503649,73.820624 68.184619,75.591824 70.239119,76.401684 C 72.766969,77.398134 73.101029,77.907534 71.272499,77.977354 C 68.253119,78.092674 64.762299,74.617084 64.213349,70.948904 C 64.015049,69.623934 60.425469,65.178654 56.236479,61.070554 C 47.167399,52.176534 44.049899,45.704583 45.818899,39.443598 C 46.519609,36.963648 46.937129,33.381964 46.746729,31.484331 C 46.507959,29.10468 48.102829,27.056564 51.886559,24.883747 C 60.770649,19.781963 71.484269,16.021345 71.484269,18.004596 C 71.484269,18.976662 69.922999,20.172396 68.014779,20.661779 C 65.227729,21.376546 64.752449,22.387363 65.598419,25.800847 C 66.177649,28.137947 66.944779,31.881797 67.303219,34.120514 C 67.661629,36.359215 68.318279,39.656215 68.762469,41.447182 C 69.206629,43.238166 69.627179,45.619299 69.697029,46.738666 C 69.766899,47.858033 71.634469,48.773866 73.847199,48.773866 C 76.059929,48.773866 80.089979,50.605533 82.802899,52.844254 C 90.034649,58.811864 96.148739,58.160404 105.72227,50.402003 C 111.41022,45.792466 115.31626,43.889416 119.08931,43.889416 C 123.67007,43.889416 124.32219,43.390999 123.72437,40.346715 C 123.34174,38.398248 123.82251,35.865981 124.79272,34.719498 C 125.79327,33.537198 125.95876,31.723281 125.17506,30.528514 C 124.41509,29.369897 123.79046,26.223963 123.78697,23.53753 C 123.78199,19.714096 122.96919,18.540046 120.04516,18.132796 C 117.99066,17.846646 116.30971,16.582812 116.30971,15.324245 C 116.30971,11.920145 124.70971,13.908395 140.38263,21.022129 C 163.16506,31.362864 181.49048,51.228864 189.61263,74.390824 C 195.1624,90.217124 194.96253,116.37997 189.16775,132.62721 C 178.6411,162.14159 154.28093,183.8794 122.61564,192.01503 C 107.54077,195.88818 94.714189,196.07902 79.282929,192.6597 z M 118.80001,190.36823 C 161.16361,180.33591 189.85438,147.61118 189.64067,109.5672 C 189.5222,88.475904 184.279,74.387584 171.08953,59.720804 C 162.44654,50.109803 153.11891,43.760882 141.21273,39.385048 C 136.19061,37.539282 130.72979,35.504548 129.07752,34.863465 C 126.44589,33.842314 126.13714,34.480998 126.58724,40.014715 L 127.10102,46.331649 L 120.07907,46.830666 C 114.90861,47.198116 111.74486,48.616633 108.08015,52.210584 C 103.11715,57.077784 98.069619,70.005554 98.023019,77.969034 C 97.977649,85.721904 94.326769,89.572554 82.275569,94.578174 L 70.654179,99.405244 L 61.272229,96.674644 C 44.355829,91.751154 31.026829,96.284024 20.909789,110.40089 C 16.426359,116.65689 15.868739,118.72946 15.878729,129.10054 C 15.888189,138.95072 16.650329,142.11364 20.779939,149.44158 C 26.169189,159.00464 41.076199,173.42263 52.161449,179.7936 C 65.181629,187.27663 77.844449,190.63711 95.557189,191.3101 C 104.6883,191.65701 115.14757,191.23316 118.80001,190.36823 z M 81.376149,184.86223 C 50.491249,179.45816 23.455039,155.95864 20.562039,132.00337 C 18.491389,114.85744 31.725159,100.1769 49.252029,100.1769 C 61.358429,100.1769 63.237149,102.46234 55.740399,108.06999 C 52.475729,110.512 48.519029,113.83085 46.947779,115.44517 C 45.376509,117.05949 42.490649,118.86179 40.534729,119.45032 C 38.578809,120.03882 36.578829,122.01929 36.090309,123.85132 C 35.471879,126.17052 35.868899,126.93139 37.397359,126.35617 C 39.042459,125.73709 39.418109,127.03091 38.896349,131.51906 C 38.355159,136.17427 39.131549,138.59587 42.382409,142.39253 C 45.458699,145.98523 46.566929,146.54888 46.572979,144.52379 C 46.577529,143.00956 45.834149,141.31781 44.921029,140.76439 C 42.134799,139.07564 43.063299,136.94927 46.826729,136.40019 C 50.807549,135.81937 54.632279,131.02169 52.657999,129.08552 C 51.955829,128.39689 50.715449,128.89004 49.901649,130.18141 C 49.087829,131.47276 47.949079,132.06556 47.371099,131.49874 C 46.793109,130.93192 48.620209,128.80047 51.431329,126.76227 C 54.242449,124.72406 56.542449,121.72887 56.542449,120.10631 C 56.542449,118.24162 57.764109,117.15619 59.862849,117.15619 C 61.689069,117.15619 63.235769,116.24036 63.299949,115.12102 C 63.364119,114.00165 64.058699,114.55114 64.843449,116.34212 C 66.063549,119.12659 66.287179,119.18557 66.386979,116.74914 C 66.451149,115.18206 67.330679,113.89989 68.341479,113.89989 C 69.352299,113.89989 69.734399,115.03694 69.190599,116.42667 C 68.623649,117.87561 68.901969,118.52914 69.843069,117.95874 C 70.745729,117.41166 71.484269,115.90826 71.484269,114.61787 C 71.484269,113.3275 72.231349,112.27174 73.144469,112.27174 C 75.265029,112.27174 75.235919,113.32375 73.001969,117.41729 C 71.408079,120.33804 71.600369,120.59579 74.662169,119.64276 C 77.788179,118.66977 78.125069,119.21429 78.125069,125.23952 C 78.125069,139.25676 70.388579,148.70421 57.338179,150.62343 C 43.165759,152.70769 29.979209,141.73643 29.979209,127.86066 C 29.979209,119.37832 33.503749,114.40967 42.217559,110.60777 C 47.575529,108.27002 48.238199,107.5922 45.253649,107.50232 C 32.617029,107.12164 23.304529,121.32604 26.649059,135.87991 C 28.650189,144.58801 38.693149,153.83571 47.784909,155.34209 C 69.735979,158.97911 87.898219,139.99054 83.166049,118.35122 C 81.748299,111.86805 81.815469,109.78255 83.476169,108.72217 C 88.269599,105.66152 91.895099,108.14182 94.614189,116.34212 C 97.844699,126.08472 106.36427,138.97744 118.03759,151.78888 C 130.14446,165.07616 127.13011,169.36506 109.83565,163.45891 C 102.57235,160.97844 93.066889,161.56969 93.066889,164.50193 C 93.066889,165.32626 95.725819,166.00071 98.975569,166.00071 C 102.49195,166.00071 104.46882,166.65991 103.8582,167.62886 C 103.29385,168.52435 100.28675,169.25701 97.175739,169.25701 C 91.153769,169.25701 79.785279,173.7833 79.785279,176.1809 C 79.785279,177.93596 86.063299,176.14071 90.530939,173.10808 C 92.332089,171.8855 94.946889,170.89766 96.341649,170.91293 C 97.736419,170.92821 95.142139,173.11373 90.576599,175.76963 C 86.011039,178.42551 83.396219,180.58506 84.765869,180.56861 C 86.135539,180.55215 89.123899,179.49161 91.406689,178.21183 C 93.689449,176.93208 96.677839,175.89216 98.047489,175.90088 C 99.417149,175.90963 97.175889,177.68221 93.066889,179.84 C 88.143889,182.42523 86.728389,183.76863 88.916389,183.7791 C 90.742599,183.78783 94.104519,182.7479 96.387289,181.46815 C 98.670069,180.18838 104.37844,179.11533 109.07255,179.08361 C 113.91056,179.05091 120.74204,177.63096 124.84447,175.80536 C 128.82491,174.03408 133.83252,172.56875 135.97249,172.54906 C 138.44834,172.52633 140.17916,171.32906 140.73168,169.25701 C 141.20924,167.46605 142.44671,165.98949 143.48161,165.97578 C 144.51649,165.96208 144.24259,165.24063 142.87293,164.37256 C 140.65933,162.96964 140.65933,162.79084 142.87293,162.76324 C 144.24259,162.74621 143.06241,161.35629 140.25033,159.67458 C 134.74511,156.38233 133.00801,152.99206 128.56996,136.87839 C 125.22302,124.72627 116.60342,114.52734 108.30435,112.89959 C 105.43205,112.3362 103.48752,111.23179 103.98312,110.44535 C 105.18517,108.53797 109.32689,108.62984 111.81424,110.61907 C 112.91707,111.50102 116.11287,114.01945 118.91599,116.21552 C 124.43834,120.54194 127.93652,127.40739 132.01504,141.92361 C 135.09866,152.89883 142.37758,159.52268 151.88256,160.00308 C 155.13706,160.16759 157.80319,160.82794 157.80729,161.47054 C 157.81826,163.19119 141.42618,174.89283 133.74182,178.6499 C 127.99057,181.46185 123.22006,182.72918 105.5184,186.1477 C 99.319519,187.34481 93.921919,187.05741 81.376149,184.86223 z M 134.10811,167.5643 C 134.59512,165.73779 135.36457,164.60719 135.81796,165.05184 C 136.71613,165.93266 135.12966,170.88515 133.94936,170.88515 C 133.54962,170.88515 133.62106,169.39076 134.10811,167.5643 z M 165.33958,158.92576 C 165.97373,153.26034 169.66896,148.31063 173.07643,148.56236 C 176.91783,148.84613 176.9176,148.84729 171.5114,156.34394 C 166.23988,163.65383 164.74011,164.28123 165.33958,158.92576 z M 103.0281,130.89937 C 103.0281,130.50449 103.7752,130.18141 104.6883,130.18141 C 105.6014,130.18141 106.3485,130.95731 106.3485,131.90564 C 106.3485,132.85397 105.6014,133.17707 104.6883,132.62362 C 103.7752,132.07021 103.0281,131.29427 103.0281,130.89937 z M 154.58961,100.06782 C 151.59393,92.700994 144.96764,84.897154 139.24303,81.993984 C 134.49112,79.584154 133.66637,79.613424 127.72652,82.402734 C 124.20756,84.055224 121.31986,85.774834 121.30936,86.224124 C 121.29889,86.673404 124.54797,88.735824 128.52956,90.807254 C 137.59313,95.522654 146.78318,104.65004 150.98254,113.10714 C 152.75531,116.67737 153.92959,119.87186 153.59206,120.20609 C 153.25454,120.54029 149.44896,117.76702 145.13523,114.0432 C 140.82151,110.31942 132.73299,105.13885 127.16077,102.5308 C 119.97857,99.169244 116.95541,96.825524 116.77519,94.479404 C 116.63541,92.659154 117.22329,90.744244 118.08164,90.223994 C 118.94001,89.703744 119.18544,87.492924 118.62706,85.311134 C 118.06867,83.129284 118.04899,80.226934 118.58329,78.861424 C 119.38236,76.819254 120.13421,76.733554 122.81997,78.378474 C 125.53514,80.041374 126.66017,79.867934 129.49846,77.348924 C 131.37576,75.682774 132.91172,72.601474 132.91172,70.501534 C 132.91172,68.401654 133.71819,66.683524 134.70382,66.683524 C 135.85601,66.683524 136.08317,68.573004 135.33999,71.975024 C 134.70421,74.885334 134.76112,76.725084 135.46644,76.063354 C 136.17176,75.401654 137.35678,72.104654 138.09976,68.736674 C 139.28606,63.359374 139.35709,63.605224 138.68274,70.753884 C 138.14876,76.414424 138.40943,78.150584 139.53833,76.452424 C 140.43128,75.109184 141.19604,71.445854 141.23779,68.311674 C 141.30079,63.581854 141.60631,63.106174 143.03501,65.513404 C 144.24146,67.546174 144.17873,70.130004 142.82519,74.152004 C 140.98624,79.616534 141.16559,80.148974 146.58359,85.309254 C 154.75253,93.089704 158.39734,101.58469 158.85056,113.89989 L 159.24003,124.48287 L 157.90646,114.71395 C 157.17303,109.34107 155.68043,102.7503 154.58961,100.06782 z M 111.40521,99.107094 C 112.42442,97.239454 113.66366,96.108844 114.15902,96.594654 C 115.52746,97.936674 113.33547,102.50284 111.32279,102.50284 C 110.09497,102.50284 110.12024,101.4617 111.40521,99.107094 z M 174.67961,70.094054 C 166.22248,57.294484 155.47173,49.593166 137.23964,43.273966 C 131.26124,41.201865 136.03302,40.315999 142.34664,42.325899 C 151.44281,45.221582 164.68136,54.192204 170.41248,61.343684 C 175.90481,68.197204 181.05756,75.876924 181.05756,77.209204 C 181.05756,79.200424 179.68403,77.668104 174.67961,70.094054 z M 86.141749,52.591884 C 84.471899,51.109864 83.105669,47.794733 83.105669,45.224916 C 83.105669,41.739149 82.051599,40.159499 78.955169,39.004965 C 74.632979,37.393381 74.274849,36.497348 74.725269,28.421964 C 75.018719,23.16123 80.031279,17.838996 84.692499,17.838996 C 86.276039,17.838996 88.924239,19.304729 90.577419,21.096179 L 93.583119,24.353347 L 95.909449,21.096179 C 98.550519,17.398329 105.98322,16.752812 109.98009,19.874179 C 113.38211,22.53103 114.97277,33.114248 112.44671,36.285265 C 111.37546,37.629998 109.00482,38.988832 107.1786,39.304865 C 104.73077,39.728465 103.98519,40.948599 104.34145,43.947866 C 105.39222,52.794264 93.000969,58.679564 86.141749,52.591884 z M 106.28815,31.749614 C 108.75279,28.83723 107.19042,25.979763 103.1334,25.979763 C 99.474569,25.979763 95.690219,30.069064 97.172449,32.421031 C 98.727369,34.888398 103.95792,34.503131 106.28815,31.749614 z M 90.425419,32.732231 C 90.906619,31.968664 90.333489,30.047214 89.151749,28.462314 C 86.716239,25.195847 79.785279,26.32308 79.785279,29.985681 C 79.785279,33.461881 88.541219,35.722065 90.425419,32.732231 z M 95.562249,27.59988 C 97.539549,24.462297 103.64145,22.997113 107.1786,24.810563 C 110.1487,26.33328 110.25862,26.227097 108.22047,23.804096 C 105.18654,20.197279 100.882,20.380446 97.293589,24.26903 C 94.392499,27.412797 94.321239,27.41113 89.742219,24.09108 C 86.116319,21.462079 84.454999,21.118113 82.037369,22.49598 C 79.320219,24.044546 79.529569,24.258463 83.805049,24.30208 C 86.472489,24.329313 89.946999,25.498347 91.526189,26.89988 C 93.565689,28.70998 94.734869,28.91273 95.562249,27.59988 z M 39.940429,34.216581 C 39.940429,33.373964 40.687509,32.231748 41.600649,31.678281 C 42.513749,31.124847 43.260849,31.814264 43.260849,33.210348 C 43.260849,34.606414 42.513749,35.748648 41.600649,35.748648 C 40.687509,35.748648 39.940429,35.059215 39.940429,34.216581 z M 68.821019,24.792563 C 70.508649,23.13753 71.901099,25.62923 70.516449,27.82643 C 69.470469,29.486197 69.079419,29.48748 68.517079,27.832997 C 68.132579,26.701763 68.269369,25.333563 68.821019,24.792563 z M 117.96991,24.351613 C 117.96991,23.456113 118.71701,22.723446 119.63011,22.723446 C 120.54322,22.723446 121.29032,23.456113 121.29032,24.351613 C 121.29032,25.24708 120.54322,25.979763 119.63011,25.979763 C 118.71701,25.979763 117.96991,25.24708 117.96991,24.351613 z M 94.727089,2.9934602 C 94.727089,2.0979772 95.474169,1.8181102 96.387289,2.3715602 C 97.300399,2.9249942 98.047489,4.1104942 98.047489,5.0059612 C 98.047489,5.9014442 97.300399,6.1813112 96.387289,5.6278772 C 95.474169,5.0744272 94.727089,3.8889442 94.727089,2.9934602 z M 89.534719,3.5926612 C 87.469639,1.0103272 87.528349,0.95274417 90.161539,2.9779442 C 91.759489,4.2069772 93.066889,5.4891442 93.066889,5.8272442 C 93.066889,7.1672612 91.703539,6.3047612 89.534719,3.5926612 z "
- id="path1308" />
-</svg>
diff --git a/doc/artwork/logo.svg b/doc/artwork/logo.svg
deleted file mode 100644
index 355ea73..0000000
--- a/doc/artwork/logo.svg
+++ /dev/null
@@ -1,117 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<!-- Created with Inkscape (http://www.inkscape.org/) -->
-<svg
- xmlns:dc="http://purl.org/dc/elements/1.1/"
- xmlns:cc="http://creativecommons.org/ns#"
- xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
- xmlns:svg="http://www.w3.org/2000/svg"
- xmlns="http://www.w3.org/2000/svg"
- xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
- xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
- width="343"
- height="85"
- id="svg2"
- sodipodi:version="0.32"
- inkscape:version="0.46"
- version="1.0"
- sodipodi:docname="logo.svg"
- inkscape:output_extension="org.inkscape.output.svg.inkscape">
- <defs
- id="defs4">
- <inkscape:perspective
- sodipodi:type="inkscape:persp3d"
- inkscape:vp_x="0 : 495 : 1"
- inkscape:vp_y="0 : 1000 : 0"
- inkscape:vp_z="765 : 495 : 1"
- inkscape:persp3d-origin="382.5 : 330 : 1"
- id="perspective11" />
- <inkscape:perspective
- id="perspective2456"
- inkscape:persp3d-origin="100 : 66.666667 : 1"
- inkscape:vp_z="200 : 100 : 1"
- inkscape:vp_y="0 : 1000 : 0"
- inkscape:vp_x="0 : 100 : 1"
- sodipodi:type="inkscape:persp3d" />
- <inkscape:perspective
- id="perspective2514"
- inkscape:persp3d-origin="372.04724 : 350.78739 : 1"
- inkscape:vp_z="744.09448 : 526.18109 : 1"
- inkscape:vp_y="0 : 1000 : 0"
- inkscape:vp_x="0 : 526.18109 : 1"
- sodipodi:type="inkscape:persp3d" />
- </defs>
- <sodipodi:namedview
- inkscape:document-units="in"
- pagecolor="#ffffff"
- bordercolor="#666666"
- borderopacity="1.0"
- inkscape:pageopacity="0.0"
- inkscape:pageshadow="2"
- inkscape:zoom="2.6997085"
- inkscape:cx="171.5"
- inkscape:cy="42.5"
- inkscape:current-layer="layer1"
- id="namedview6"
- showgrid="false"
- inkscape:window-width="1022"
- inkscape:window-height="745"
- inkscape:window-x="0"
- inkscape:window-y="-17" />
- <metadata
- id="metadata8">
- <rdf:RDF>
- <cc:Work
- rdf:about="">
- <dc:format>image/svg+xml</dc:format>
- <dc:type
- rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
- </cc:Work>
- </rdf:RDF>
- </metadata>
- <g
- inkscape:label="Layer 1"
- inkscape:groupmode="layer"
- id="layer1"
- transform="translate(-50.000004,-73.33332)">
- <g
- id="g2387"
- transform="matrix(0.5365886,0,0,0.5365886,17.937823,35.82463)">
- <path
- transform="matrix(0.8326217,0,0,0.8326217,17.150517,28.939396)"
- d="M 110.0912,92.488266 A 28.865374,28.865374 0 1 1 52.360449,92.488266 A 28.865374,28.865374 0 1 1 110.0912,92.488266 z"
- sodipodi:ry="28.865374"
- sodipodi:rx="28.865374"
- sodipodi:cy="92.488266"
- sodipodi:cx="81.225822"
- id="path2468"
- style="fill:#f69143;fill-opacity:1;stroke:none;stroke-width:2;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.83185838"
- sodipodi:type="arc" />
- <path
- style="fill:#000000"
- d="M 173.78063,271.10345 C 209.09977,261.71118 235.23572,237.4489 246.09486,203.97333 C 251.32084,187.86319 251.29926,164.32234 246.04444,148.97167 C 234.27169,114.58053 210.13062,92.055083 175.38253,83.038703 C 168.10972,81.151583 159.44268,78.179943 156.12248,76.435113 C 150.01353,73.224713 143.6176,72.507683 136.88286,74.278143 L 133.18914,75.249193 L 136.88286,78.272143 C 141.4585,82.016833 139.4269,82.339933 133.84769,78.754843 C 129.90323,76.220233 129.55204,76.290283 125.68436,80.383003 C 123.46153,82.735203 120.46786,84.659713 119.03181,84.659713 C 117.59574,84.659713 111.26578,87.205613 104.96524,90.317263 C 97.411823,94.047653 93.287773,95.321933 92.858223,94.058153 C 91.956273,91.404553 76.658823,104.17913 76.658823,107.5859 C 76.658823,109.07028 73.768103,113.86065 70.234993,118.23115 C 56.210293,135.57997 50.260773,153.26937 50.008223,178.37054 C 49.819973,197.07858 52.833633,208.56876 62.267803,225.11303 C 74.120573,245.8986 100.12044,264.77723 125.56853,271.07604 C 137.68113,274.0741 162.55647,274.08825 173.78063,271.10345 z M 129.28294,265.99302 C 86.849823,256.59063 55.076223,219.19865 55.076223,178.66476 C 55.076223,159.49805 63.388723,134.96788 74.123273,122.45687 C 78.386743,117.4878 78.480293,117.4647 83.344863,120.17908 C 88.724793,123.18105 89.914973,126.99162 85.472623,126.99162 C 83.010873,126.99162 83.062013,127.30887 85.887673,129.56677 C 89.066213,132.10665 89.064913,132.12888 85.789943,131.19093 C 82.469563,130.23993 82.469563,130.23993 85.789943,132.6198 C 91.847223,136.96125 103.22206,151.8526 103.22206,155.4411 C 103.22206,161.52935 120.15261,164.36829 133.59918,160.53474 C 144.36086,157.46662 145.65826,156.0821 143.38245,150.09449 C 142.46695,147.68597 141.15956,144.25002 140.47706,142.45907 C 139.7946,140.66809 139.41181,137.84052 139.62645,136.17554 C 139.86081,134.35747 139.29958,133.58292 138.2214,134.23643 C 137.23398,134.8349 136.4261,136.65697 136.4261,138.28544 C 136.4261,143.33179 132.09739,145.43154 123.95143,144.33655 C 117.95958,143.53115 116.50366,143.817 116.50366,145.79897 C 116.50366,147.15394 118.18463,148.92514 120.23913,149.735 C 122.76698,150.73145 123.10104,151.24085 121.27251,151.31067 C 118.25313,151.42599 114.76231,147.9504 114.21336,144.28222 C 114.01506,142.95725 110.42548,138.51197 106.23649,134.40387 C 97.167413,125.50985 94.049913,119.0379 95.818913,112.77692 C 96.519623,110.29697 96.937143,106.71528 96.746743,104.81765 C 96.507973,102.438 98.102843,100.38988 101.88657,98.217063 C 110.77066,93.115283 121.48428,89.354663 121.48428,91.337913 C 121.48428,92.309983 119.92301,93.505713 118.01479,93.995103 C 115.22774,94.709863 114.75246,95.720683 115.59843,99.134163 C 116.17766,101.47126 116.94479,105.21511 117.30323,107.45383 C 117.66164,109.69253 118.31829,112.98953 118.76248,114.7805 C 119.20664,116.57148 119.62719,118.95262 119.69704,120.07198 C 119.76691,121.19135 121.63448,122.10718 123.84721,122.10718 C 126.05994,122.10718 130.08999,123.93885 132.80291,126.17757 C 140.03466,132.14518 146.14875,131.49372 155.72228,123.73532 C 161.41023,119.12578 165.31627,117.22273 169.08932,117.22273 C 173.67008,117.22273 174.3222,116.72432 173.72438,113.68003 C 173.34175,111.73157 173.82252,109.1993 174.79273,108.05282 C 175.79328,106.87052 175.95877,105.0566 175.17507,103.86183 C 174.4151,102.70321 173.79047,99.557283 173.78698,96.870853 C 173.782,93.047413 172.9692,91.873363 170.04517,91.466113 C 167.99067,91.179963 166.30972,89.916133 166.30972,88.657563 C 166.30972,85.253463 174.70972,87.241713 190.38264,94.355453 C 213.16507,104.69618 231.49049,124.56218 239.61264,147.72414 C 245.16241,163.55044 244.96254,189.71329 239.16776,205.96053 C 228.64111,235.47491 204.28094,257.21272 172.61565,265.34835 C 157.54078,269.2215 144.7142,269.41234 129.28294,265.99302 z M 168.80002,263.70155 C 211.16362,253.66923 239.85439,220.9445 239.64068,182.90052 C 239.52221,161.80922 234.27901,147.7209 221.08954,133.05412 C 212.44655,123.44312 203.11892,117.0942 191.21274,112.71837 C 186.19062,110.8726 180.7298,108.83787 179.07753,108.19678 C 176.4459,107.17563 176.13715,107.81432 176.58725,113.34803 L 177.10103,119.66497 L 170.07908,120.16398 C 164.90862,120.53143 161.74487,121.94995 158.08016,125.5439 C 153.11716,130.4111 148.06963,143.33887 148.02303,151.30235 C 147.97766,159.05522 144.32678,162.90587 132.27558,167.91149 L 120.65419,172.73856 L 111.27224,170.00796 C 94.355843,165.08447 81.026843,169.61734 70.909803,183.73421 C 66.426373,189.99021 65.868753,192.06278 65.878743,202.43386 C 65.888203,212.28404 66.650343,215.44696 70.779953,222.7749 C 76.169203,232.33796 91.076213,246.75595 102.16146,253.12692 C 115.18164,260.60995 127.84446,263.97043 145.5572,264.64342 C 154.68831,264.99033 165.14758,264.56648 168.80002,263.70155 z M 131.37616,258.19555 C 100.49126,252.79148 73.455053,229.29196 70.562053,205.33669 C 68.491403,188.19076 81.725173,173.51022 99.252043,173.51022 C 111.35844,173.51022 113.23716,175.79566 105.74041,181.40331 C 102.47574,183.84532 98.519043,187.16417 96.947793,188.77849 C 95.376523,190.39281 92.490663,192.19511 90.534743,192.78364 C 88.578823,193.37214 86.578843,195.35261 86.090323,197.18464 C 85.471893,199.50384 85.868913,200.26471 87.397373,199.68949 C 89.042473,199.07041 89.418123,200.36423 88.896363,204.85238 C 88.355173,209.50759 89.131563,211.92919 92.382423,215.72585 C 95.458713,219.31855 96.566943,219.8822 96.572993,217.85711 C 96.577543,216.34288 95.834163,214.65113 94.921043,214.09771 C 92.134813,212.40896 93.063313,210.28259 96.826743,209.73351 C 100.80756,209.15269 104.63229,204.35501 102.65801,202.41884 C 101.95584,201.73021 100.71546,202.22336 99.901663,203.51473 C 99.087843,204.80608 97.949093,205.39888 97.371113,204.83206 C 96.793123,204.26524 98.620223,202.13379 101.43134,200.09559 C 104.24246,198.05738 106.54246,195.06219 106.54246,193.43963 C 106.54246,191.57494 107.76412,190.48951 109.86286,190.48951 C 111.68908,190.48951 113.23578,189.57368 113.29996,188.45434 C 113.36413,187.33497 114.05871,187.88446 114.84346,189.67544 C 116.06356,192.45991 116.28719,192.51889 116.38699,190.08246 C 116.45116,188.51538 117.33069,187.23321 118.34149,187.23321 C 119.35231,187.23321 119.73441,188.37026 119.19061,189.75999 C 118.62366,191.20893 118.90198,191.86246 119.84308,191.29206 C 120.74574,190.74498 121.48428,189.24158 121.48428,187.95119 C 121.48428,186.66082 122.23136,185.60506 123.14448,185.60506 C 125.26504,185.60506 125.23593,186.65707 123.00198,190.75061 C 121.40809,193.67136 121.60038,193.92911 124.66218,192.97608 C 127.78819,192.00309 128.12508,192.54761 128.12508,198.57284 C 128.12508,212.59008 120.38859,222.03753 107.33819,223.95675 C 93.165773,226.04101 79.979223,215.06975 79.979223,201.19398 C 79.979223,192.71164 83.503763,187.74299 92.217573,183.94109 C 97.575543,181.60334 98.238213,180.92552 95.253663,180.83564 C 82.617043,180.45496 73.304543,194.65936 76.649073,209.21323 C 78.650203,217.92133 88.693163,227.16903 97.784923,228.67541 C 119.73599,232.31243 137.89823,213.32386 133.16606,191.68454 C 131.74831,185.20137 131.81548,183.11587 133.47618,182.05549 C 138.26961,178.99484 141.89511,181.47514 144.6142,189.67544 C 147.84471,199.41804 156.36428,212.31076 168.0376,225.1222 C 180.14447,238.40948 177.13012,242.69838 159.83566,236.79223 C 152.57236,234.31176 143.0669,234.90301 143.0669,237.83525 C 143.0669,238.65958 145.72583,239.33403 148.97558,239.33403 C 152.49196,239.33403 154.46883,239.99323 153.85821,240.96218 C 153.29386,241.85767 150.28676,242.59033 147.17575,242.59033 C 141.15378,242.59033 129.78529,247.11662 129.78529,249.51422 C 129.78529,251.26928 136.06331,249.47403 140.53095,246.4414 C 142.3321,245.21882 144.9469,244.23098 146.34166,244.24625 C 147.73643,244.26153 145.14215,246.44705 140.57661,249.10295 C 136.01105,251.75883 133.39623,253.91838 134.76588,253.90193 C 136.13555,253.88547 139.12391,252.82493 141.4067,251.54515 C 143.68946,250.2654 146.67785,249.22548 148.0475,249.2342 C 149.41716,249.24295 147.1759,251.01553 143.0669,253.17332 C 138.1439,255.75855 136.7284,257.10195 138.9164,257.11242 C 140.74261,257.12115 144.10453,256.08122 146.3873,254.80147 C 148.67008,253.5217 154.37845,252.44865 159.07256,252.41693 C 163.91057,252.38423 170.74205,250.96428 174.84448,249.13868 C 178.82492,247.3674 183.83253,245.90207 185.9725,245.88238 C 188.44835,245.85965 190.17917,244.66238 190.73169,242.59033 C 191.20925,240.79937 192.44672,239.32281 193.48162,239.3091 C 194.5165,239.2954 194.2426,238.57395 192.87294,237.70588 C 190.65934,236.30296 190.65934,236.12416 192.87294,236.09656 C 194.2426,236.07953 193.06242,234.68961 190.25034,233.0079 C 184.74512,229.71565 183.00802,226.32538 178.56997,210.21171 C 175.22303,198.05959 166.60343,187.86066 158.30436,186.23291 C 155.43206,185.66952 153.48753,184.56511 153.98313,183.77867 C 155.18518,181.87129 159.3269,181.96316 161.81425,183.95239 C 162.91708,184.83434 166.11288,187.35277 168.916,189.54884 C 174.43835,193.87526 177.93653,200.74071 182.01505,215.25693 C 185.09867,226.23215 192.37759,232.856 201.88257,233.3364 C 205.13707,233.50091 207.8032,234.16126 207.8073,234.80386 C 207.81827,236.52451 191.42619,248.22615 183.74183,251.98322 C 177.99058,254.79517 173.22007,256.0625 155.51841,259.48102 C 149.31953,260.67813 143.92193,260.39073 131.37616,258.19555 z M 184.10812,240.89762 C 184.59513,239.07111 185.36458,237.94051 185.81797,238.38516 C 186.71614,239.26598 185.12967,244.21847 183.94937,244.21847 C 183.54963,244.21847 183.62107,242.72408 184.10812,240.89762 z M 215.33959,232.25908 C 215.97374,226.59366 219.66897,221.64395 223.07644,221.89568 C 226.91784,222.17945 226.91761,222.18061 221.51141,229.67726 C 216.23989,236.98715 214.74012,237.61455 215.33959,232.25908 z M 153.02811,204.23269 C 153.02811,203.83781 153.77521,203.51473 154.68831,203.51473 C 155.60141,203.51473 156.34851,204.29063 156.34851,205.23896 C 156.34851,206.18729 155.60141,206.51039 154.68831,205.95694 C 153.77521,205.40353 153.02811,204.62759 153.02811,204.23269 z M 204.58962,173.40114 C 201.59394,166.03431 194.96765,158.23047 189.24304,155.3273 C 184.49113,152.91747 183.66638,152.94674 177.72653,155.73605 C 174.20757,157.38854 171.31987,159.10815 171.30937,159.55744 C 171.2989,160.00672 174.54798,162.06914 178.52957,164.14057 C 187.59314,168.85597 196.78319,177.98336 200.98255,186.44046 C 202.75532,190.01069 203.9296,193.20518 203.59207,193.53941 C 203.25455,193.87361 199.44897,191.10034 195.13524,187.37652 C 190.82152,183.65274 182.733,178.47217 177.16078,175.86412 C 169.97858,172.50256 166.95542,170.15884 166.7752,167.81272 C 166.63542,165.99247 167.2233,164.07756 168.08165,163.55731 C 168.94002,163.03706 169.18545,160.82624 168.62707,158.64445 C 168.06868,156.4626 168.049,153.56025 168.5833,152.19474 C 169.38237,150.15257 170.13422,150.06687 172.81998,151.71179 C 175.53515,153.37469 176.66018,153.20125 179.49847,150.68224 C 181.37577,149.01609 182.91173,145.93479 182.91173,143.83485 C 182.91173,141.73497 183.7182,140.01684 184.70383,140.01684 C 185.85602,140.01684 186.08318,141.90632 185.34,145.30834 C 184.70422,148.21865 184.76113,150.0584 185.46645,149.39667 C 186.17177,148.73497 187.35679,145.43797 188.09977,142.06999 C 189.28607,136.69269 189.3571,136.93854 188.68275,144.0872 C 188.14877,149.74774 188.40944,151.4839 189.53834,149.78574 C 190.43129,148.4425 191.19605,144.77917 191.2378,141.64499 C 191.3008,136.91517 191.60632,136.43949 193.03502,138.84672 C 194.24147,140.87949 194.17874,143.46332 192.8252,147.48532 C 190.98625,152.94985 191.1656,153.48229 196.5836,158.64257 C 204.75254,166.42302 208.39735,174.91801 208.85057,187.23321 L 209.24004,197.81619 L 207.90647,188.04727 C 207.17304,182.67439 205.68044,176.08362 204.58962,173.40114 z M 161.40522,172.44041 C 162.42443,170.57277 163.66367,169.44216 164.15903,169.92797 C 165.52747,171.26999 163.33548,175.83616 161.3228,175.83616 C 160.09498,175.83616 160.12025,174.79502 161.40522,172.44041 z M 224.67962,143.42737 C 216.22249,130.6278 205.47174,122.92648 187.23965,116.60728 C 181.26125,114.53518 186.03303,113.64932 192.34665,115.65922 C 201.44282,118.5549 214.68137,127.52552 220.41249,134.677 C 225.90482,141.53052 231.05757,149.21024 231.05757,150.54252 C 231.05757,152.53374 229.68404,151.00142 224.67962,143.42737 z M 136.14176,125.9252 C 134.47191,124.44318 133.10568,121.12805 133.10568,118.55823 C 133.10568,115.07247 132.05161,113.49282 128.95518,112.33828 C 124.63299,110.7267 124.27486,109.83067 124.72528,101.75528 C 125.01873,96.494553 130.03129,91.172313 134.69251,91.172313 C 136.27605,91.172313 138.92425,92.638053 140.57743,94.429503 L 143.58313,97.686663 L 145.90946,94.429503 C 148.55053,90.731653 155.98323,90.086133 159.9801,93.207503 C 163.38212,95.864353 164.97278,106.44757 162.44672,109.61858 C 161.37547,110.96332 159.00483,112.32215 157.17861,112.63818 C 154.73078,113.06178 153.9852,114.28192 154.34146,117.28118 C 155.39223,126.12758 143.00098,132.01288 136.14176,125.9252 z M 156.28816,105.08293 C 158.7528,102.17055 157.19043,99.313083 153.13341,99.313083 C 149.47458,99.313083 145.69023,103.40238 147.17246,105.75435 C 148.72738,108.22172 153.95793,107.83645 156.28816,105.08293 z M 140.42543,106.06555 C 140.90663,105.30198 140.3335,103.38053 139.15176,101.79563 C 136.71625,98.529163 129.78529,99.656403 129.78529,103.319 C 129.78529,106.7952 138.54123,109.05538 140.42543,106.06555 z M 145.56226,100.9332 C 147.53956,97.795613 153.64146,96.330433 157.17861,98.143883 C 160.14871,99.666603 160.25863,99.560413 158.22048,97.137413 C 155.18655,93.530603 150.88201,93.713763 147.2936,97.602353 C 144.39251,100.74611 144.32125,100.74445 139.74223,97.424403 C 136.11633,94.795403 134.45501,94.451433 132.03738,95.829303 C 129.32023,97.377863 129.52958,97.591783 133.80506,97.635403 C 136.4725,97.662633 139.94701,98.831663 141.5262,100.2332 C 143.5657,102.0433 144.73488,102.24605 145.56226,100.9332 z M 89.940443,107.5499 C 89.940443,106.70728 90.687523,105.56507 91.600663,105.0116 C 92.513763,104.45816 93.260863,105.14758 93.260863,106.54367 C 93.260863,107.93973 92.513763,109.08197 91.600663,109.08197 C 90.687523,109.08197 89.940443,108.39253 89.940443,107.5499 z M 118.82103,98.125883 C 120.50866,96.470853 121.90111,98.962553 120.51646,101.15975 C 119.47048,102.81951 119.07943,102.8208 118.51709,101.16631 C 118.13259,100.03508 118.26938,98.666883 118.82103,98.125883 z M 167.96992,97.684933 C 167.96992,96.789433 168.71702,96.056763 169.63012,96.056763 C 170.54323,96.056763 171.29033,96.789433 171.29033,97.684933 C 171.29033,98.580403 170.54323,99.313083 169.63012,99.313083 C 168.71702,99.313083 167.96992,98.580403 167.96992,97.684933 z M 144.7271,76.326783 C 144.7271,75.431293 145.47418,75.151433 146.3873,75.704883 C 147.30041,76.258313 148.0475,77.443813 148.0475,78.339283 C 148.0475,79.234763 147.30041,79.514633 146.3873,78.961193 C 145.47418,78.407743 144.7271,77.222263 144.7271,76.326783 z M 139.53473,76.925983 C 137.46965,74.343643 137.52836,74.286063 140.16155,76.311263 C 141.7595,77.540293 143.0669,78.822463 143.0669,79.160563 C 143.0669,80.500583 141.70355,79.638083 139.53473,76.925983 z"
- id="path1308" />
- <text
- sodipodi:linespacing="125%"
- id="text2460"
- y="177.11876"
- x="267.17868"
- style="font-size:65.59667206px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#f69143;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans"
- xml:space="preserve"><tspan
- y="177.11876"
- x="267.17868"
- id="tspan2462"
- sodipodi:role="line">monkey</tspan></text>
- <text
- sodipodi:linespacing="125%"
- id="text2464"
- y="177.11876"
- x="495.13577"
- style="font-size:65.59667206px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;text-align:start;line-height:125%;writing-mode:lr-tb;text-anchor:start;fill:#914c37;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Liberation Sans;-inkscape-font-specification:Liberation Sans"
- xml:space="preserve"><tspan
- y="177.11876"
- x="495.13577"
- id="tspan2466"
- sodipodi:role="line">sphere</tspan></text>
- </g>
- </g>
-</svg>
diff --git a/doc/conferences/lca2010/abstract b/doc/conferences/lca2010/abstract
deleted file mode 100644
index 2770675..0000000
--- a/doc/conferences/lca2010/abstract
+++ /dev/null
@@ -1,65 +0,0 @@
-The Monkeysphere uses the OpenPGP web of trust to provide a
-distributed Public Key Infrastructure (PKI) for users and
-administrators of ssh. This talk is about why the Monkeysphere is
-useful, how it works, and how you can use it to ease your workload and
-automatically fully authenticate people and servers.
-
-The Secure Shell protocol has offered public-key-based mutual
-authentication since its inception, but popular implementations offer
-no formalized public key infrastructure. This means there is no
-straightforward, computable method to signal re-keying events, key
-revocations, or even basic key-to-identity binding (e.g. "host
-foo.example.org has key X"). As a result, dealing with host keys is
-usually a manual process with the possibility of tedium, room for
-error, difficulty of maintenance, or users and administrators simply
-ignoring or skipping baseline cryptographic precautions.
-
-The OpenPGP specification offers a robust public key infrastructure
-that has traditionally only been used for e-mail and for encrypted
-storage. By its nature, the OpenPGP Web of Trust (WoT) is a
-distributed system, with no intrinsic chokepoints or global
-authorities. And the global key distribution network provides
-commonly-held, public infrastructure for rapid distribution of key
-changes, revocations, and identity binding.
-
-The Monkeysphere mixes the two to provide new functionality for ssh
-(key revocation, key expiry, re-keying, fewer unintelligible prompts,
-semantic authorization, etc) while taking advantage of existing but
-often-unused functionality in OpenPGP. Additionally, the Monkeysphere
-implementation does not require any patches to OpenSSH on the client
-or server, but takes advantage of existing hooks, which makes it easy
-to adopt.
-
-Specifically, the Monkeysphere allows users to automatically validate
-ssh host keys through the Web of Trust, and it allows servers to
-identify authorized users through the Web of Trust. Users decide
-which certifications in the Web of Trust they put stock in (so they
-are not spoofed by spurious certifications of host keys). Server
-administrators decide whose certifications the server should put stock
-in (so that the server is not spoofed by spurious certifications of
-user keys).
-
-This presentation will go over how the Monkeysphere works; how you can
-use it to increase the security of servers you maintain; how you can
-use it to increase the security of accounts you connect to with ssh;
-and we'll discuss future possibilities lurking in the ideas of the
-Monkeysphere.
-
-Monkeysphere is currently available in the main Debian repository and
-as a port in FreeBSD. A Slackbuild is available for Slackware, and
-Monkeysphere itself should work on any POSIX-ish system with the
-appropriate dependencies available.
-
-The Monkeysphere project began to coalesce in early 2008, and remains
-an ongoing collaboration of many people, including:
-
- * Micah Anderson
- * Mike Castleman
- * Daniel Kahn Gillmor
- * Ross Glover
- * Matthew James Goins
- * Greg Lyle
- * Jamie McClelland
- * Jameson Graef Rollins
-
-The project's main web site is http://web.monkeysphere.info/
diff --git a/doc/conferences/lca2010/bio b/doc/conferences/lca2010/bio
deleted file mode 100644
index f358e02..0000000
--- a/doc/conferences/lca2010/bio
+++ /dev/null
@@ -1,23 +0,0 @@
-Daniel Kahn Gillmor (dkg) is a freelance Technology Advisor with a
-particular interest in cryptography, user interface design, and
-distributed systems as means to pursue the goals of user autonomy and
-resistance to centralized control. He contributes discussion and
-patches on several crypto-related lists, and is an active participant
-in what remains of the IETF OpenPGP Working Group. He co-administers
-one of the OpenPGP keyservers, and was dubiously involved in
-publicizing the ongoing transition to a post-SHA1 Web of Trust.
-
-dkg works with schools, NGOs, activist groups, and some corporations
-to help them understand their tech needs and risks, possible
-solutions, and how to use and understand the tools they choose. He
-works with several technology-focused organizations, including May
-First/People Link (http://mayfirst.org/) and Riseup
-(http://riseup.net).
-
-He is also a contributor to The Organic Internet
-(http://mayfirst.org/organicinternet), which includes his essay about
-structural flaws in the X.509 certificate model.
-
-dkg began working with free software in 2002, began work with the
-other Monkeysphere developers in 2008, and became a Debian Developer
-in 2009. People seem to laugh when they see his business card.
diff --git a/doc/conferences/lca2010/experience b/doc/conferences/lca2010/experience
deleted file mode 100644
index 8ca2a8e..0000000
--- a/doc/conferences/lca2010/experience
+++ /dev/null
@@ -1,26 +0,0 @@
-I've given several workshops and skillshares about the ideas behind
-OpenPGP and how to use gpg and its various frontends to
-small-to-medium groups (5 to 25 people).
-
-I led an effective skillshare on the nature of X.509-based
-certifications and how they are used in SSL and TLS back in 2003 or
-2004.
-
-I co-led a surprisingly large (~>50 people? packed room!) discussion
-about free software and why it should matter to users as well as
-developers a the Grassroots Media Conference a few years ago with
-Alfredo Lopez and Laura Quilter. This was a very active discussion,
-and topics ranged from motivation and policy to moderately technical
-concerns.
-
-I presented a poster with a colleague on a novel acoustic correlation
-method at ICASSP (the IEEE's International Conference on Acoustics,
-Speech, and Signal Processing) 2001 (though i've recently let my IEEE
-membership lapse).
-
-I've introduced numerous people to the monkeysphere via IRC
-discussions, and have a strong handle on both:
-
- * the necessary details to keep a technical audience engaged
-
- * the bigger-picture goals to keep a non-technical audience engaged
diff --git a/doc/conferences/lca2010/outline b/doc/conferences/lca2010/outline
deleted file mode 100644
index 15c4868..0000000
--- a/doc/conferences/lca2010/outline
+++ /dev/null
@@ -1,62 +0,0 @@
-
-
-
-The presentation is in three parts:
-
-Background
-----------
-
- * Why authentication using asymmetric crypto (as opposed to shared
- secrets) is important on today's network.
-
- * Overview of how ssh uses asymmetric crypto authentication (user ->
- host, host -> user)
-
- * Overview of relevant bits of OpenPGP (key -> User ID bindings,
- certifications, usage flags, key -> subkey bindings)
-
- * Overview of keyservers (the idea of gossip, One Big Network,
- propagation, issues around redundancy, logging, private access)
-
-
-How
----
-
- * How does the monkeysphere do it? (very brief under-the-hood)
-
- * How does a server administrator publish a host's ssh key to the Web
- of Trust? How do they maintain it?
-
- * How does a user incorporate WoT-based host-key checking into their
- regular ssh usage?
-
- * How does a user publish their own ssh identity to the WoT for hosts
- to find it? How do they maintain it?
-
- * How does a server administrator tell a server to admit certain
- people (as identified by the WoT) to certain accounts? How do they
- tell the server which certifications are trustworthy?
-
-Possible Futures
-----------------
-
- * Use the Monkeysphere with ssh implementations other than OpenSSH
- (dropbear, lsh, putty, etc)
-
- * Expansion of the Monkeysphere's out-of-band PKI mechanism for
- authentication in protocols other than SSH (TLS, HTTPS) without
- protocol modification.
-
- * Use of OpenPGP certificates directly in SSH. OpenPGP is referenced
- in RFC 4253 already: optional, rarely implemented, and deliberately
- ambiguous about how to calculate key->identity bindings.
-
- * Use of OpenPGP certificates for authentication directly in
- protocols. RFC 5081 provides a mechanism for OpenPGP certificates
- in TLS, but is similarly ambiguous about certificate verification.
-
- * Better end-user control over verification: Who or what are you
- really connecting to? How do you know? How can this information
- be effectively and intuitively displayed to a typical user?
-
- * What would you like to see?
diff --git a/doc/conferences/lca2010/techrequirements b/doc/conferences/lca2010/techrequirements
deleted file mode 100644
index cc0d1b9..0000000
--- a/doc/conferences/lca2010/techrequirements
+++ /dev/null
@@ -1 +0,0 @@
-no non-standard technical requirements should be necessary.
diff --git a/doc/conferences/lca2010/title b/doc/conferences/lca2010/title
deleted file mode 100644
index 36ef904..0000000
--- a/doc/conferences/lca2010/title
+++ /dev/null
@@ -1 +0,0 @@
-Using the Monkeysphere: effective, distributed key management for SSH using the Web of Trust
diff --git a/doc/conferences/lca2010/videoabstract b/doc/conferences/lca2010/videoabstract
deleted file mode 100644
index 7e1536c..0000000
--- a/doc/conferences/lca2010/videoabstract
+++ /dev/null
@@ -1 +0,0 @@
-do we have something like this?
diff --git a/doc/conferences/seminar/abstract b/doc/conferences/seminar/abstract
deleted file mode 100644
index 83fddfc..0000000
--- a/doc/conferences/seminar/abstract
+++ /dev/null
@@ -1,17 +0,0 @@
-Monkeysphere provides a robust, decentralized, out-of-band Public Key
-Infrastructure (PKI) based on OpenPGP's Web of Trust. It is intended
-to support any protocol which needs public-key authentication or
-binding between public keys and real-world entities. Current
-implementations include mutual authentication (both server and client)
-for SSH and authentication of servers for HTTPS. The technique is
-resistant to X.509's inherent single-issuer policy bias, allows use of
-a single key for a host offering multiple services, and handles
-initial contact, re-keying, and revocation better than OpenSSH's
-traditional key continuity management (KCM) scheme. It also requires
-no changes to on-the-wire protocols, and is transparently
-interoperable with existing tools, so the migration path to the new
-PKI is smooth (and encouraged). Discussion will include the merits
-and drawbacks of the Monkeysphere, as well as its relationship to
-in-band measures (such as the Server Name Indication (SNI) TLS
-extension and the subjectAltName (sAN) extended attribute for X.509v3
-certificates) which provide some pieces of similar functionality.
diff --git a/doc/conferences/seminar/outline b/doc/conferences/seminar/outline
deleted file mode 100644
index 1531353..0000000
--- a/doc/conferences/seminar/outline
+++ /dev/null
@@ -1,43 +0,0 @@
-outline for 1 hr seminar talk to CS/security academics
-
- - key-based authentication is here to stay. (e.g. https, ssh).
- - host vs. user
-
- - raises key management/distribution issues
-
- - what PKIs are available? X.509, OpenPGP, SPKI
-
- - social vulnerabilities - single-signer vs. multi-signer
-
- - protocol vulnerabilities - single cert vs. multi-cert (server
- vs. client again)
-
- - utility for group-internal work, phased approach to public
-
-
-
-Stream-based communications over the public network have an
-authentication problem. Most data streams are not authenticated in
-either direction, and most of those that are authenticated in at least
-one direction use authentication regimes which suffer from a range of
-known structural problems.
-
-Public-key-based authentication offers security advantages over
-shared-secret approaches, but it introduces additional questions of
-key distribution, binding, and revocation. Two common solutions to
-these problems on today's network are X.509 certificates (used by TLS
-connections like HTTPS) and so-called "key continuity management"
-(KCM) (used by popular SSH implementations and the "security
-exceptions" interface for some web browsers). Both of these schemes
-present security concerns of their own: KCM has trouble with initial
-contact, key revocation, and re-keying; and X.509's single-issuer
-certificate format has a systemic bias that selects for unaccountable
-third-party authorities. New work ("the Monkeysphere") extends the
-OpenPGP Web of Trust into authenticating stream-based communications
-(instead of its traditional message-based environment of e-mails and
-files) by means of a protocol-independent overlay. As a simple,
-alternative PKI, the Monkeysphere resolves these failings, and also
-provides features currently only available as protocol extensions
-(such as SNI).
-
-
diff --git a/doc/george/changelog b/doc/george/changelog
deleted file mode 100644
index ffb7cb0..0000000
--- a/doc/george/changelog
+++ /dev/null
@@ -1,281 +0,0 @@
-******************************************************************************
-* *
-* george system log *
-* *
-******************************************************************************
-* Please add new entries in reverse chronological order whenever you make *
-* changes to this system (first command at top, last at bottom) *
-******************************************************************************
-2010-03-09 - micah
- * setup /srv/micah.monkeysphere.info
- * replaced /etc/mathopd.conf virtual for daniel with one for me
- * removed /srv/daniel.monkeysphere.info - not used
-
-2010-03-08 - mjgoins
- * Adding self to webmaster's authorized_user_ids
- * updating ikiwiki to use the version from lenny backports
- * changing the ikiwki markup to be appropriate for version 3.2xxx
-
-2010-02-23 - dkg
- * add lenny-backports repo.
- * remove monkeysphere repo.
- * aptitude update && aptitude full-upgrade (including monkeysphere
- 0.28-1~bpo50+1, and backported gpg)
-
-2010-01-12 - dkg
- * aptitude update && aptitude full-upgrade (including monkeysphere
- 0.27-1)
-
-2009-10-26 - dkg
- * upgrade nginx in response to DSA-1920-1
-
-2009-09-14 - dkg
- * aptitude update && aptitude full-upgrade (bunch of lenny
- updates, plus ikiwiki security upgrade)
-
-2009-04-21 - jrollins
- * apt-get update && dist-upgrade (a bunch of stuff (monkeysphere,
- screen, gnupg, dash, onak, git-core...)
- * extended host key by 3 months
-
-2009-04-21 - micah
- * aptitude update && aptitude full-upgrade (git-core DSA)
-
-2009-04-12 - dkg
- * aptitude update && aptitude full-upgrade
- * (checked and found that monkeysphere version 0.24-1 is already
- installed; don't know how that happened, coulda been me, just
- sloppy about not noting it in the changelog)
- * extended host key by 4 months
-
-2009-02-22 - jrollins
- * fixed /etc/crontab line for update-users (was trying to run
- monkeysphere-server instead of monkeysphere-authentication).
-
-2009-02-21 - dkg
- * upgraded to the latest versions of packages for lenny.
- * upgraded george to monkeysphere 0.23.1. the transition upgrade
- failed due to the way that gpg exports self-signatures secret
- keys; it only exports the first self-sig for each user id, even if
- that one is expired. Then any subsequent import fails, even if
- the target import keyring knows about some valid self-signatures.
- * i man-handled the upgrade into place so that george doesn't just
- fail on us, but this is a pretty major bug in the transition process.
-
-2009-01-31 - jrollins
- * applied diff represented in commit
- f75a5747a8b99e04c02c475791c476f1fbd2b674 to change log level for
- unacceptable untranslatable keys.
-
-2009-01-30 - micah
- * Replaced nullmailer with postfix, nullmailer doesn't handle aliases
- and insisted either on constantly respooling mail when there was no
- where to go.
-
-2009-01-24 - micah
- * Configured /etc/aliases to have root go to mjgoins, micah, dkg, jrollins
- * Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work
- * Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs
- * Rotated the giant logs out
-
-2009-01-11 - dkg
- * extended the expiration date for george's key three months into
- the future.
- * aptitude update && aptitude full-upgrade (brings monkeysphere to
- 0.22-1)
-
-2008-10-29 - dkg
- * aptitude update && aptitude full-upgrade
- * brought monkeysphere up to 0.19-1
- * removed tasksel
-
-2008-10-25 - dkg
- * aptitude update && aptitude full-upgrade
- * brought monkeysphere up to 0.16-1
- * repointed keyserver usage to pool.sks-keyservers.net
-
-2008-09-04 - dkg
- * added two mime-type declarations in /etc/mathopd.conf so .debs
- and .tar.gz files come out reasonably; restarted mathopd for the
- re-read.
- * built monkeyshell (from src/monkeyshell) and installed as
- /usr/local/bin/monkeyshell, added to /etc/shells.
- * created new account "monkey" which has monkeyshell as the shell
- for non-privileged test access. To let someone test this out,
- make sure they're well-connected to george's web of trust, and
- then add their User ID to
- ~monkey/.monkeysphere/authorized_user_ids
- * more mime types for mathopd: image/png image/x-icon
-
-2008-09-03 - micah
- * migrated /home/*/.config/monkeysphere/authorized_user_ids to new
- agreed location: /home/*/.monkeysphere/authorized_user_ids and created
- a symlink in the original location for transition purposes. Also,
- did /root's as well. I used this hackish mechanism:
- $ for user in `find . -wholename './*/.config/monkeysphere/authorized_user_ids' \
- | cut -d/ -f2`; do mkdir -v ${user}/.monkeysphere; chown ${user}:${user} \
- ${user}/.monkeysphere; mv -v ${user}/.config/monkeysphere/authorized_user_ids \
- ${user}/.monkeysphere; ln -s /home/${user}/.monkeysphere/authorized_user_ids \
- ${user}/.config/monkeysphere/authorized_user_ids; done
-
- - dkg
- * added the monkeysphere archive repository signing key
- * aptitude update && aptitude full-upgrade (brings in monkeysphere 0.13-1)
- * cleaned up /etc/skel to reflect correct location of the
- monkeysphere config directory.
- * micah moved all the existing config stuff over, and left
- symlinks so people aren't disoriented.
-
-2008-09-01 - dkg
- * set up http://dkg.monkeysphere.info so that i could play around
- with ikiwiki updates
- * moved apt repository over to http://archive.monkeysphere.info/
- * aptitude update && aptitude dist-upgrade
- * canonicalizing hostname for normal web access to
- http://web.monkeysphere.info
-
-2008-08-26 - dkg
- * aptitude update && aptitude full-upgrade
- * added account 'daniel' for Dan Scott, and set him up with a way
- to publish to http://daniel.monkeysphere.info
-
-2008-08-20 - dkg
- * aptitude update && aptitude dist-upgrade: this includes
- monkeysphere 0.11-1 and OpenSSH 5.1p1-2
-
-2008-08-18 - dkg
- * moved monkeysphere apt repo entry to
- /etc/apt/sources.list.d/monkeysphere.list
- * aptitude update && aptitude full-upgrade (including monkeysphere
- 0.9-1)
- * switched george's monkeysphere-server preferred keyserver to
- monkeysphere.info for the moment. Both pgp.mit.edu and
- subkeys.pgp.net are sluggish right now :/
-
-2008-08-16 - jrollins
- * removed stale branches from jrollins from the master repo
- * aptitude update && aptitude full-upgrade
- * restarted services to clear up dependencies on old libraries
-
-2008-08-13 - dkg
- * aptitude update && aptitude full-upgrade
- * restarted services to clear up dependencies on old libraries
-
-2008-08-07 - dkg
- * aptitude update && aptitude dist-upgrade
- * removed debian's experimental from the sources.list
- * removed experimental stanza from /etc/apt/preferences (now the
- monkeysphere packages should upgrade automatically)
- * upgraded to monkeysphere 0.7-1
- * installed runit
- * set up a public git daemon service to serve git repos from
- george, using runit. (root-served repos are served from
- /srv/git, but ~USER/public_git is supported as well, if anyone
- wants to use that for publication).
-
-2008-08-03 - dkg
- * aptitude update && aptitude dist-upgrade
- * installed iproute
- * added my User ID to ~webmaster/.config/monkeysphere/authorized_user_ids
-
-2008-08-02 - jrollins
- * aptitude update && aptitude dist-upgrade
- * restarted cron, nullmailer, sshd
- * aptitude install git-core ikiwiki
- * adduser webmaster
- * su - webmaster
- * created a bare repo at ~webmaster/monkeysphere.git. I then
- pushed into this repo from my working directory on servo to verify
- that it was accepting.
- * cloned above repo at ~webmaster/monkeysphere
- * created ~webmaster/ikiwiki.setup
- * ikiwiki --setup ikiwiki.setup
- * linked post-receive to new post-commit hook in monkeysphere.git
- * changed default keyserver to be pgp.mit.edu (subkeys.pgp.net
- blows)
- * updated /etc/skel with ssh and monkeysphere stuff
- * made authorzied_user_ids file for webmaster and ran
- "monkeysphere-server u webmaster".
-
-2008-06-23 - dkg
- * added monkeysphere apt repository to /etc/apt/sources.list
- * added dkg's key to apt's list of trusted keys.
- * ran aptitude dist-upgrade
- * upgraded to monkeysphere 0.2-1
- * moved authorized_user_ids files into users' home directories.
- * installed lockfile-progs
-
-2008-06-22 - dkg
- * installed screen (mjgoins and i were collaborating)
-
-2008-06-21 - micah
- * Restored /etc/init.d/ssh to original package state and changed
- /etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead.
-
-2008-06-20 - micah
- * Commented out the 'export SSHD_OOM_ADJUST=-17' from the
- /etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from
- /etc/default/ssh in order to make this error go away:
- "error writing /proc/self/oom_adj: Operation not permitted"
- (c.f. Debian #487325)
-
-2008-06-20 - dkg
- * touched /etc/environment to get rid of some spurious auth.log
- entries.
- * turned up sshd's LogLevel from INFO to DEBUG
-
-2008-06-19 - dkg
- * installed rsync (for maintaining a public apt repo)
-
- * configured mathopd to listen on port 80, serving /srv/www as /
- and /srv/apt as /debian. We've got nothing in /srv/www at the
- moment, though.
-
- * installed lsof and psmisc as sysadmin utilities. sorry for the
- bloat!
-
- * installed strace to try to figure out why onak is segfaulting.
-
-2008-06-19 - dkg
- * removed etch sources, switched "testing" to "lenny", added
- lenny/updates, removed all contrib and non-free.
-
- * removed testing pin in /etc/apt/preferences
- * ran the upgrade
-
- * reset emacs22 to emacs22-nox (avoiding dependencies)
-
- * removed sysklog and klogd because of errors restarting klogd.
- Installed syslog-ng in their stead, which still gives errors
- related to /proc/kmsg unreadability, but the install completes :/
-
- * added experimental
- * juggled pinning: experimental: 1, unstable: 2
- * added mathopd onak, tweaked /etc/mathopd.conf and /etc/onak.conf
-
- * installed monkeysphere v0.1-1, changed host key, published
- them via the local keyserver (see host-key-publication)
-
- * added local unprivileged user accounts for everyone listed in
- /usr/share/doc/monkeysphere/copyright
-
- * configured authorized_user_ids for every user account based on
- my best guess at their OpenPGP User ID (see
- user-id-configuration).
-
- * set up a cronjob (in /etc/crontab) to run "monkeysphere-server
- update-users" at 26 minutes past the hour.
-
-2008-06-18 - jrollins
- * installed less, emacs;
- * aptitude update && aptitude dist-upgrade
-
-2008-06-18 - micah
- * debootstrap'd debian etch install
- * installed /etc/apt/sources.list with local proxy sources for etch,
- testing, unstable, backports and volatile
- * configured /etc/apt/preferences and apt.conf.d/local-conf to
- pin etch, but make testing, sid and backports available
- * added backports.org apt-key
- * installed openssh-server and openssh-client packages
- * added dkg, jrollins, mjgoins ssh public_keys to /root/.ssh/authorized_keys
diff --git a/doc/george/host-key-publication b/doc/george/host-key-publication
deleted file mode 100644
index 03e2510..0000000
--- a/doc/george/host-key-publication
+++ /dev/null
@@ -1,28 +0,0 @@
-2008-06-19 02:34:57-0400
-------------------------
-
-Adding george's host key to the monkeysphere was more complicated than
-it needed to be.
-
-As the server admin, i did (accepting the defaults where possible):
-
- monkeysphere-server gen-key
- KEYID=$(GNUPGHOME=/etc/monkeysphere/gnupg gpg --with-colons --list-key =ssh://$(hostname --fqdn) | grep ^pub: | cut -f5 -d:)
- (umask 077 && GNUPGHOME=/etc/monkeysphere/gnupg gpg --export-secret-key $KEYID | openpgp2ssh $KEYID >/etc/monkeysphere/ssh_host_rsa_key)
- # modify /etc/ssh/sshd_config to remove old host keys lines, and
- # add new line: HostKey /etc/monkeysphere/ssh_host_rsa_key
- /etc/init.d/ssh restart
-
- KEYSERVER=george.riseup.net monkeysphere-server publish-key
- # (needed to publish by hand here because of reasonable sanity checks)
- monkeysphere-server show-fingerprint
-
- # then from a remote host:
- gpg --keyserver george.riseup.net --search =ssh://george.riseup.net
- gpg --fingerprint --sign-key =ssh://george.riseup.net
- KEYID=$(gpg --with-colons --list-key =ssh://george.riseup.net | grep ^pub: | cut -f5 -d:)
- gpg --keyserver george.riseup.net --send "$KEYID"
- gpg --keyserver george.riseup.net --send "$MYGPGID"
-
-
-How could this have been streamlined?
diff --git a/doc/george/keyserver-local b/doc/george/keyserver-local
deleted file mode 100644
index 7d532cf..0000000
--- a/doc/george/keyserver-local
+++ /dev/null
@@ -1,24 +0,0 @@
-Wed Jun 25 02:03:39 EDT 2008 matt goins <mjgoins@openflows.com>
-
-On Saturday (2008-6-22) dkg and I set up sks as a replacement for onak. onak
-had proven to be unstable, mostly in that it tended to corrupt its own database
-beyond repair.
-
-The sks instructions want the admin to download many huge dumps of keys from
-the world's keyservers (on the order of 5 GiB?), so we imported a dump
-containing only my key. We learned that sks won't start with an empty database,
-unlike onak.
-
-2008-06-25: Locally exported george's key to its keyserver. Tried a remote
-send-keys of squash's key and it appears to work.
-
-
-TODO:
-
- * Get some more keys in there.
-
- * Read up on syncing with other keyservers.
-
-
-
-
diff --git a/doc/george/policy b/doc/george/policy
deleted file mode 100644
index a17a310..0000000
--- a/doc/george/policy
+++ /dev/null
@@ -1,33 +0,0 @@
-Policy for maintaining george.riseup.net
-----------------------------------------
-
-Riseup graciously provided the MonkeySphere project with a vserver for
-testing and public documentation. This is known as george.riseup.net,
-for those who are curious about the MonkeySphere.
-
-george will be maintained as a debian lenny machine, with minimal
-packages from experimental as needed for installing and running what
-we build elsewhere.
-
-george will host 3 public-facing services: an ssh daemon on port 22,
-an http service on port 80, and an OpenPGP keyserver (the HKP
-protocol) on port 11371.
-
-Administration of george is a shared responsibility across the core
-members of the MonkeySphere development team. Administrators will log
-changes in their git repositories, in doc/george/changelog (a peer of
-this policy file).
-
-monkeysphere packages installed on george will use unique, tagged
-version numbers so we know what we're running.
-
-We will try to keep the installation as minimal as possible while
-still allowing for comfortable day-to-day administration.
-
-We will use aptitude for package management where possible.
-
-Outstanding questions:
-
-Who should have superuser access?
-
-Who should get regular user accounts?
diff --git a/doc/george/user-id-configuration b/doc/george/user-id-configuration
deleted file mode 100644
index 9a7f4d2..0000000
--- a/doc/george/user-id-configuration
+++ /dev/null
@@ -1,40 +0,0 @@
-2008-06-19 03:00:58-0400
-------------------------
-
-setting up authorized_user_id configuration on george was also more
-cumbersome than it needs to be. Here's what i (dkg) did:
-
-monkeysphere-server trust-keys 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
-
-monkeysphere-server update-user-userids dkg 'Daniel Kahn Gillmor <dkg@fifthhorseman.net>'
-monkeysphere-server update-user-userids jrollins 'Jameson Rollins <jrollins@fifthhorseman.net>'
-monkeysphere-server update-user-userids micah 'Micah Anderson <micah@riseup.net>'
-monkeysphere-server update-user-userids mjgoins 'Matthew Goins <mjgoins@openflows.com>'
-monkeysphere-server update-user-userids ross 'Ross Glover <ross@ross.mayfirst.org>'
-monkeysphere-server update-user-userids jamie 'Jamie McClelland <jamie@mayfirst.org>'
-monkeysphere-server update-user-userids mlcastle 'mike castleman <m@mlcastle.net>'
-monkeysphere-server update-user-userids enw 'Elliot Winard <enw@caveteen.com>'
-monkeysphere-server update-user-userids greg 'Greg Lyle <greg@stealthisemail.com>'
-
-
-then i added a scheduled:
-
- monkeysphere-server update-users
-
-to run hourly via /etc/crontab
-
-and made sure that root's keys were working with a temporary symlink
-(see TODO about that business)
-
-and then modified /etc/ssh/sshd_config with:
-
- AuthorizedKeysFile /var/cache/monkeysphere/authorized_keys/%u
-
-
-Some outstanding questions:
-
- * Should we ship a scheduled monkeysphere-server update-users cron
- job automatically?
-
- * why was i not prompted to confirm the trust-keys line, which seems
- like the most delicate/sensitive line of all of them?
diff --git a/doc/ikiwiki.setup.sample b/doc/ikiwiki.setup.sample
deleted file mode 100644
index 97e77c8..0000000
--- a/doc/ikiwiki.setup.sample
+++ /dev/null
@@ -1,29 +0,0 @@
-use IkiWiki::Setup::Standard {
- wikiname => "Monkeysphere",
- adminemail => 'webmaster@monkeysphere.info',
-
- srcdir => "/path/to/cloned/monkeysphere/repo/website",
- destdir => "/path/to/web/dir",
-
- url => "http://monkeysphere.info",
-
- rcs => "git",
-
- wrappers => [
- {
- wrapper => "/path/to/post-receive/hook",
- wrappermode => "0755",
- }
- ],
-
- rss => 1,
- atom => 1,
- verbose => 0,
- syslog => 0,
-
- add_plugins => [qw{goodstuff favicon toc sidebar}],
-
-
- tagbase => "tags",
-
-}
diff --git a/doc/zimmermann/changelog b/doc/zimmermann/changelog
deleted file mode 100644
index f3e8171..0000000
--- a/doc/zimmermann/changelog
+++ /dev/null
@@ -1,71 +0,0 @@
-******************************************************************************
-* *
-* zimmermann system log *
-* *
-******************************************************************************
-* Please add new entries in reverse chronological order whenever you make *
-* changes to this system (first command at top, last at bottom) *
-******************************************************************************
-
-2010-03-10 - micah
- * Updated /etc/monkeysphere/*.conf to use zimmermann
- for the keyserver
-
-2010-03-09 - dkg
- * transferred the https://z.m.o key from /root/.gnupg into the
- monkeysphere-host keyring with:
-
- gpg --export-secret-keys | GNUPGHOME=/var/lib/monkeysphere/host gpg --import
-
- * used undocumented "monkeysphere-host update-pgp-pub-file" to
- refresh the output of m-h s.
-
-2010-02-19 - dkg
- * upgraded to monkeysphere 0.28-1~bpo50+1 (includes gnupg from
- backports.org)
-
-2010-02-?? - dkg
- * manually created an OpenPGP certificate for zimmermann's https
- RSA key, stored in /root/.gnupg; published it to the keyserver
- network, certified it myself.
-
-2008-11-29 - dkg
- * zimmermann now uses an X.509 certificate signed by the MF/PL CA
- for its HTTPS connection.
-
-2008-11-19 - dkg
- * added 10 SKS peers as a result of feedback from sks-devel.
- * set localtime to America/New_York via dpkg-reconfigure tzdata
- * aptitude update && aptitude full-upgrade
- * set up /var/lib/sks/www/index.html based on
- doc/zimmermann/index.html from this repo.
- * made nginx proxy plain ol' HTTP on port 80 also so that SKS does
- not need to try to listen on a privileged port.
- * turned on initial_stat and stat_hour: 3 in /etc/sks/sksconf
-
-2008-11-19 - mlc
- * aptitude install nginx
- * get rid of /etc/nginx/sites-enabled/default
- * create /etc/nginx/sites-available/https-proxy and make a symlink
- to it in the sites-enabled directory
- * invoke-rc.d nginx start
-
-2008-11-17 - micah
- * verified the SHA256 values for the key material
- * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild)
- * chown -R debian-sks:debian-sks /var/lib/sks
- * edit /etc/default/sks to enable the initscript
- * /etc/init.d/sks start
- * rm -rf /var/lib/sks/dump
-
-2008-11-15 - micah
- * aptitude update && aptitude full-upgrade
- * aptitude install sks
- * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \
- http://nynex.net/keydump/ -e robots=off
- * install monkeysphere 0.21-2 package
- * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2
-
-2008-11-15 - jamie
- * aptitude install esmtp-run mailx
- * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org
diff --git a/doc/zimmermann/https-proxy b/doc/zimmermann/https-proxy
deleted file mode 100644
index c4521a7..0000000
--- a/doc/zimmermann/https-proxy
+++ /dev/null
@@ -1,14 +0,0 @@
-server {
- listen 443;
- server_name zimmermann.mayfirst.org;
- ssl on;
- ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
- ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
- ssl_ciphers HIGH:MEDIUM:!ADH;
-
- access_log off;
-
- location / {
- proxy_pass http://localhost:11371/;
- }
-}
diff --git a/doc/zimmermann/index.html b/doc/zimmermann/index.html
deleted file mode 100644
index e8e36e0..0000000
--- a/doc/zimmermann/index.html
+++ /dev/null
@@ -1,73 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
- <head>
- <title>SKS Search Page</title>
- <meta http-equiv="content-type" content="text/html; charset="utf-8">
- <meta name="author" content="Yaron M. Minsky/Jack Cummings/Daniel Kahn Gillmor">
- </head>
- <body text="#000000" bgcolor="#ffffff" link="#000099" vlink="#990099" alink="#000099">
- <h1><a href="http://www.nongnu.org/sks/">SKS OpenPGP Keyserver</a> <br> @zimmermann.mayfirst.org</h1>
- <p> SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. </p>
- <p>You can find out more about SKS, along with links to graphs of the network status <a href="http://www.nongnu.org/sks/">here</a>.</p>
- <table cellpadding="2" cellspacing="2" border="1" width="600" bgcolor="#ddddff">
- <tr>
- <td valign="top">
- <h3>Extract a key</h3>
- <p>You can extract a key by typing in some words that appear in the userid
- of the key you're looking for, or by typing in the keyid in hex format ("0x...")</p>
- <p>
- <form action="/pks/lookup" method="get">
- Search String: <input name="search" size="40"> <br>
- Show PGP "fingerprints" for keys
- <input type="checkbox" name="fingerprint"> <br>
- Show SKS full-key hashes
- <input type="checkbox" name="hash"> <br>
- Search for keys: <br>
- <input type="radio" name="op" value="index" CHECKED> get index of matching keys <br>
- <input type="radio" name="op" value="vindex"> get verbose index of matching keys <br>
- <input type="radio" name="op" value="get"> retrieve ascii-armored keys <br>
- <input type="radio" name="op" value="hget"> retrieve keys by full-key hash
- <br>
- <input type="reset" value="Reset">
- <input type="submit">
- </form>
- <br>
- </td>
- </tr>
- <tr>
- <td valign="top">
- <h3>Submit a key</h3>
- You can submit a key by simply pasting in the ASCII-armored version
- of your key and clicking on submit.
- <form action="/pks/add" method="post">
- <textarea name="keytext" rows="20" cols="66"></textarea> <br>
- <input type="reset" value="Reset">
- <input type="submit" value="Submit this key to the keyserver!">
- </form>
- </td>
- </tr>
- <tr>
- <td>
- <h3>
- Access
- </h3>
- To use this server directly via HKP add this to your .PGP keyserver list:<br>
-
-<pre>x-hkp://zimmermann.mayfirst.org
-http://zimmermann.mayfirst.org:11371</pre>
-
- You can also select a random server by adding this to your keyserver list:<br>
-
-<pre>x-hkp://pool.sks-keyservers.net
-http://pool.sks-keyservers.net:11371</pre>
-
- </td>
- </tr>
- </tbody>
- </table>
-
-<hr>
- [<a href="/pks/lookup?op=stats">Server Status</a>] If you have any questions
- about or problems with this server, please <a href="https://support.mayfirst.org/newticket?summary=zimmermann.mayfirst.org%20trouble">open a ticket</a>.
- </body>
-</html>