diff options
Diffstat (limited to 'website')
-rw-r--r-- | website/community.mdwn | 4 | ||||
-rw-r--r-- | website/expansion.mdwn | 49 | ||||
-rw-r--r-- | website/getting-started-admin.mdwn | 8 |
3 files changed, 57 insertions, 4 deletions
diff --git a/website/community.mdwn b/website/community.mdwn index 4b13ee0..492703b 100644 --- a/website/community.mdwn +++ b/website/community.mdwn @@ -38,6 +38,10 @@ the following from inside the monkeysphere top level directory: This command will build an upstream tarball, attach the debian packaging directory, and build a sample deb. +If you want to help extend the scope of the Monkeysphere, take a look +at our +[list of environments that could make use of the project](/expansion). + ### Individual developer repositories ### You might also be interested in the repositories of individual diff --git a/website/expansion.mdwn b/website/expansion.mdwn new file mode 100644 index 0000000..13f368a --- /dev/null +++ b/website/expansion.mdwn @@ -0,0 +1,49 @@ +[[meta title="Expanding the Monkeysphere"]] + +# Expanding the Monkeysphere # + +The Monkeysphere currently has implementations that support two +popular protocols in use on the internet today: + + * SSH: Monkeysphere supports the OpenSSH implementation of the Secure + Shell protocol, for authenticating both hosts and users. + + * HTTPS: Monkeysphere supports secure web traffic by allowing users + of Mozilla-based browsers (such as + [Firefox](http://www.mozilla.com/en-US/firefox) or + [Iceweasel](http://wiki.debian.org/Iceweasel)) to authenticate web + sites that are not authenticated by the browser's built-in X.509 + verification. This should work with any HTTPS-capable web server. + +But there are many protocols and implementations on the 'net that +could use the Monkeysphere for key-based authentication but currently +do not. Here are some examples of places we think it could be useful. +If you can help with these (or suggest others), please pitch in! + + * HTTPS client authentication: web servers should be able to + authenticate clients that use asymmetric crypto. That is, the + client holds an RSA secret key, offers a (potentially self-signed) + X.509 Cert to the server as part of the TLS handshake, and the + server verifies the key material and commonName or subjectAltName + in the cert via the OpenPGP web of trust. + + * Other TLS connections: for example, SMTP services using STARTTLS + (server-to-server and client-to-server), IMAP or POP daemons (using + STARTTLS or a direct TLS wrapper), LDAP servers (or LDAPS), XMPP + connections (client-to-server and server-to-server) + + * IRC connections: this could be at the TLS layer, or maybe via some + exchange with the NickServ? + + * [OTR](http://www.cypherpunks.ca/otr) client-to-client handshakes. + + * Integration with + [OpenPGP Certificates for TLS (RFC 5081)](http://tools.ietf.org/html/rfc5081) + -- TLS clients or servers who receive an OpenPGP certificate from + their peer should be able to ask some part of the Monkeysphere + toolchain if the particular certificate is valid for the + connection. + + * [PKINIT](http://tools.ietf.org/html/rfc4556) for + [Kerberos](http://web.mit.edu/Kerberos/) + diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index aad4251..ab0acc6 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -1,8 +1,8 @@ Monkeysphere Server Administrator README ======================================== - Note: This documentation is for Monkeysphere version 0.23 or later. - If you are running a version prior to 0.23, we recommend that you upgrade. + Note: This documentation is for Monkeysphere version 0.28 or later. + If you are running a version prior to 0.28, we recommend that you upgrade. As the administrator of an SSH server, you can take advantage of the Monkeysphere in two ways: @@ -25,11 +25,11 @@ To begin, you must first import an ssh host key. This assumes that you have the ssh server installed, and that you have generated a host RSA key. Once that has been done, import the key: - # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net + # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.net This will generate an OpenPGP certificate for the server. The primary user ID for this certificate will be the ssh service URI for the host, -(eg. `ssh://server.example.net`). Remember that the name you provide +(e.g. `ssh://server.example.net`). Remember that the name you provide here should probably be a fully qualified domain name for the host in order for your users to find it. |