diff options
Diffstat (limited to 'website/index.mdwn')
-rw-r--r-- | website/index.mdwn | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/website/index.mdwn b/website/index.mdwn deleted file mode 100644 index 42d75f7..0000000 --- a/website/index.mdwn +++ /dev/null @@ -1,82 +0,0 @@ -[[!meta title="The Monkeysphere Project"]] -[[!meta license="Unless otherwise noted, all content on this web site is licensed under the GPL version 3 or later"]] -[[!meta copyright="All content on this web site is copyright by the author of that content. [Look in the revision control system](community) for details about who authored a particular piece of content."]] - -# The Monkeysphere Project # - -The Monkeysphere project's goal is to extend OpenPGP's web of trust to -new areas of the Internet to help us securely identify each other -while we work online. - -Specifically, monkeysphere currently offers a framework to leverage -the OpenPGP web of trust for OpenSSH authentication. - -In other words, it allows you to use secure shell as you normally do, -but to identify yourself and the servers you administer or connect to -with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and -monkeysphere manages the `known_hosts` and `authorized_keys` files -used by OpenSSH for authentication, checking them for cryptographic -validity. - -## Overview ## - -Everyone who has used secure shell is familiar with the prompt given -the first time you log in to a new server, asking if you want to trust -the server's key by verifying the key fingerprint. Unfortunately, -unless you have access to the server's key fingerprint through a -secure out-of-band channel, there is no way to verify that the -fingerprint you are presented with is in fact that of the server -you're really trying to connect to. - -Many users also take advantage of OpenSSH's ability to use RSA or DSA -keys for authenticating to a server (known as -"`PubkeyAuthentication`"), rather than relying on a password exchange. -But again, the public part of the key needs to be transmitted to the -server through a secure out-of-band channel (usually via a separate -password-based SSH connection or a (hopefully signed) e-mail to the -system administrator) in order for this type of authentication to -work. - -[OpenSSH](http://openssh.com/) currently provides a functional way to -manage the RSA and DSA keys required for these interactions through -the `known_hosts` and `authorized_keys` files. However, it lacks any -type of [Public Key Infrastructure -(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that -can verify that the keys being used really are the one required or -expected. - -The basic idea of the Monkeysphere is to create a framework that uses -[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and -public keyserver communication to manage the keys that OpenSSH uses -for connection authentication. - -The Monkeysphere therefore provides an effective PKI for OpenSSH, -including the possibility for key transitions, transitive -identifications, revocations, and expirations. It also actively -invites broader participation in the -[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of -trust](http://en.wikipedia.org/wiki/Web_of_trust). - -Under the Monkeysphere, both parties to an OpenSSH connection (client -and server) explicitly designate who they trust to certify the -identity of the other party. These trust designations are explicitly -indicated with traditional GPG keyring trust models. Monkeysphere -then manages the keys in the `known_hosts` and `authorized_keys` files -directly, in such a way that is completely transparent to `ssh`. No -modification is made to the SSH protocol on the wire (it continues to -use raw RSA public keys), and no modification is needed to the OpenSSH -software. - -To emphasize: ***no modifications to SSH are required to use the -Monkeysphere***. OpenSSH can be used as is; completely unpatched and -"out of the box". - -## License ## - -All Monkeysphere software is copyright, 2007, by [the -authors](community), and released under [GPL, version 3 or -later](http://www.gnu.org/licenses/gpl-3.0.html). - ----- - -This wiki is powered by [ikiwiki](http://ikiwiki.info). |