From f429aec066448e1d6b7be59cf0e786faa96a6fc4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Mon, 26 May 2008 23:36:06 -0400 Subject: fixing spelling, fqdns in MonkeySpec examples --- doc/MonkeySpec | 55 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 29 insertions(+), 26 deletions(-) (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 3b565db..b0a0d6a 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -61,40 +61,42 @@ USE CASE Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob Backstory: http://www.conceptlabs.co.uk/alicebob.html -Bob wants to sign on to the computer "mangabey" via monkeysphere -framework. He doesn't yet have access to the machine, but he knows -Alice, who is the admin of magabey. Alice and Bob, being the -contientious netizens that they are, have already published their +Bob wants to sign on to the computer "mangabey.example.org" via +monkeysphere framework. He doesn't yet have access to the machine, +but he knows Alice, who is the admin of magabey. Alice and Bob, being +the conscientious netizens that they are, have already published their personal gpg keys to the web of trust, and being good friends, have both signed each other's keys and marked each others keys with "full" trust. Alice uses howler to publish a gpg key for magabey with the special -"ssh://magabey" URI userid. Alice signs magabey's gpg key and -publishes her signature. Alice then creates a user "bob" on magabey, -and puts Bob's userid in the auth_user_ids file for user bob on -magabey. tamarin triggers on magabey, which triggers rhesus, which -takes all userids in bob's auth_user_ids file, look on a keyserver to -find the public keys for each user, converts the gpg public keys into -ssh public keys if the key validity is acceptable, and finally insert -those keys into an authorized_keys file for bob. - -Bob now adds the "ssh://magabey" userid to the auth_host_ids file in -his account on his localhost. Bob now goes to connect to bob@magabey. -Bob's ssh client, which is monkeysphere enabled, triggers marmoset, -which triggers rhesus on Bob's computer, which takes all server -userids in his auth_host_ids file, looks on a keyserver to find the -public key for each server (based on the server's URI), converts the -gpg public keys into ssh public keys if the key validity is -acceptable, and finally insert those keys into Bob's known_hosts file. +userid of "ssh://mangabey.example.org". Alice signs mangabey's gpg +key and publishes this signature as a certification. Alice then +creates a user "bob" on mangabey, and puts Bob's userid in the +auth_user_ids file for user bob on magabey. tamarin triggers on +mangabey, which invokes rhesus. rhesus takes all userids in bob's +auth_user_ids file, looks on a keyserver to find the public keys for +each user, converts the gpg public keys into ssh public keys if the +key validity is acceptable, and finally inserts those keys into an +authorized_keys file for bob. + +Bob now adds the "ssh://mangabey.example.org" userid to the +auth_host_ids file in his account on his localhost. Bob now goes to +connect to bob@mangabey.example.org. Bob's monkeysphere-enabled ssh +client triggers marmoset, which invokes rhesus on Bob's computer. +rhesus takes all server userids in his auth_host_ids file, looks on a +keyserver to find the public key for each server (based on the +server's URI), converts the gpg public keys into ssh public keys if +the key validity is acceptable, and finally insert those keys into +Bob's known_hosts file. On Bob's side, since mangabey's key had "full" validity (since it was -signed by Alice whom he fully trusts), Bob's ssh client deems magabey +signed by Alice whom he fully trusts), Bob's ssh client deems mangabey "known" and no further host key checking is required. -On magabey's side, since Bob's key has "full" validity (since it had -also been signed by Alice whom magabey fully trusts (since Alice told -him to)), Bob is authenticated to log into bob@magabey. +On mangabey's side, since Bob's key has "full" validity (since it had +also been signed by Alice, mangabey's trusted administrator), Bob is +authenticated and authorized to log into bob@mangabey. NOTES ===== @@ -136,4 +138,5 @@ perform authorization on user identities instead of on keys, it additionally allows the sysadmin also to authenticate the server to the end-user. -git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere +see doc/git-init for more detail on how to pull from the distributed +repositories. -- cgit v1.2.3 From 29b342e4ef7a4930e84748da233cec15db000be1 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Fri, 6 Jun 2008 17:06:56 -0400 Subject: updated MonkeySpec to be more user-friendly. --- doc/MonkeySpec | 83 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 51 insertions(+), 32 deletions(-) (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index b0a0d6a..6ac5f11 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -63,40 +63,59 @@ Backstory: http://www.conceptlabs.co.uk/alicebob.html Bob wants to sign on to the computer "mangabey.example.org" via monkeysphere framework. He doesn't yet have access to the machine, -but he knows Alice, who is the admin of magabey. Alice and Bob, being -the conscientious netizens that they are, have already published their -personal gpg keys to the web of trust, and being good friends, have -both signed each other's keys and marked each others keys with "full" -trust. - -Alice uses howler to publish a gpg key for magabey with the special -userid of "ssh://mangabey.example.org". Alice signs mangabey's gpg -key and publishes this signature as a certification. Alice then -creates a user "bob" on mangabey, and puts Bob's userid in the -auth_user_ids file for user bob on magabey. tamarin triggers on -mangabey, which invokes rhesus. rhesus takes all userids in bob's -auth_user_ids file, looks on a keyserver to find the public keys for -each user, converts the gpg public keys into ssh public keys if the -key validity is acceptable, and finally inserts those keys into an -authorized_keys file for bob. - -Bob now adds the "ssh://mangabey.example.org" userid to the -auth_host_ids file in his account on his localhost. Bob now goes to -connect to bob@mangabey.example.org. Bob's monkeysphere-enabled ssh -client triggers marmoset, which invokes rhesus on Bob's computer. -rhesus takes all server userids in his auth_host_ids file, looks on a -keyserver to find the public key for each server (based on the -server's URI), converts the gpg public keys into ssh public keys if -the key validity is acceptable, and finally insert those keys into -Bob's known_hosts file. - -On Bob's side, since mangabey's key had "full" validity (since it was -signed by Alice whom he fully trusts), Bob's ssh client deems mangabey +but he knows Alice, who is the admin of mangabey. Alice and Bob, +being the conscientious netizens that they are, have already published +their personal gpg keys to the web of trust, and being good friends, +have both signed each other's keys and marked each others keys with +"full" ownertrust. + +When Alice set up mangabey initially, she used howler to publish a gpg +key for the machine with the special userid of +"ssh://mangabey.example.org". She also signed mangabey's gpg key and +published this certification to commonly-used keyservers. Alice also +configured mangabey to treat her own key with full ownertrust (could +this be done as part of the howler invocation?) + +Now, Alice creates a user account "bob" on mangabey, and puts Bob's +userid ("Bob ") in the authorized_user_ids file for +user bob on mangabey. tamarin triggers on mangabey either by a +cronjob or an inotify hook, and invokes rhesus for the "bob" account. +rhesus automatically takes each userid in bob's authorized_user_ids +file, and looks on a keyserver to find all public keys associated with +that user ID, with the goal of populating the authorized_keys file for +bob@mangabey. + +In particular: for each key found, the server evaluates the calculated +validity of the specified user ID based on the ownertrust rules it has +configured ("trust alice's certifications fully", in this example). +For each key for which the user ID in question is fully-valid, it +extracts all DSA- or RSA-based primary or secondary keys marked with +usage flags for encrypted communications and authentication, and +converts these gpg public keys into ssh public keys. Finally, rhesus +inserts these calculated public keys into the authorized_keys file for +bob. + +Bob now attempts to connect, by firing up a terminal and invoking: +"ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client +notices that mangabey.example.org isn't already available in bob's +known_hosts file, and triggers rhesus (on Bob's computer) to fetch the +key for mangabey, with the goal of populating Bob's local known_hosts +file. + +In particular: rhesus queries its configured keyservers to find all +public keys with User ID ssh://mangabey.example.org. For each public +key found, rhesus checks the relevant User ID's validity, converts any +"encrypted comms, authentication" gpg public keys into ssh public keys +if the User ID validity is acceptable, and finally insert those keys +into Bob's known_hosts file. + +On Bob's side, since mangabey's key had "full" validity (it was signed +by Alice whom he fully trusts), Bob's ssh client deems mangabey "known" and no further host key checking is required. -On mangabey's side, since Bob's key has "full" validity (since it had -also been signed by Alice, mangabey's trusted administrator), Bob is -authenticated and authorized to log into bob@mangabey. +On mangabey's side, since Bob's key has "full" validity (it had been +signed by Alice, mangabey's trusted administrator), Bob is +authenticated and therefore authorized to log into his account. NOTES ===== -- cgit v1.2.3 From 69b8a040d98944d4c190c2d5ceb4ef5da5b41d80 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Sat, 7 Jun 2008 12:47:08 -0400 Subject: redefining tamarin to be more generic. --- doc/MonkeySpec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 6ac5f11..55ef9ee 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -43,8 +43,8 @@ server-side components - publishes server gpg keys - used to specify userids to trust for user authentication -* "tamarin": script to trigger rhesus during attempt to initiate - connection from client +* "tamarin": script to trigger or schedule rhesus at admin defined + points (e.g. via cron or during ssh connections). client-side components ---------------------- -- cgit v1.2.3 From c9b6d9a5b7b53766bc70f5dd381fb0db5769bd30 Mon Sep 17 00:00:00 2001 From: Jamie McClelland Date: Sat, 7 Jun 2008 13:44:46 -0400 Subject: redefining tamarin and marmaset as concepts not scripts. --- doc/MonkeySpec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 55ef9ee..6ee278f 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -43,12 +43,12 @@ server-side components - publishes server gpg keys - used to specify userids to trust for user authentication -* "tamarin": script to trigger or schedule rhesus at admin defined +* "tamarin": concept - how to trigger or schedule rhesus at admin defined points (e.g. via cron or during ssh connections). client-side components ---------------------- -* "marmoset": script to trigger rhesus during attempt to initiate +* "marmoset": concept - how to trigger rhesus during attempt to initiate connection to server - runs on connection to a certain host - triggers update to known_hosts file then makes connection -- cgit v1.2.3 From f016e55c785648e0032c88c6eed872f663e81e39 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sat, 7 Jun 2008 19:39:55 -0400 Subject: small change to correct usage of howler --- doc/MonkeySpec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 6ac5f11..9ed0724 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -41,7 +41,7 @@ server-side components * "howler": server gpg maintainer - generates gpg keys for the server - publishes server gpg keys - - used to specify userids to trust for user authentication + - used to specify keys to trust for user authentication * "tamarin": script to trigger rhesus during attempt to initiate connection from client -- cgit v1.2.3 From 6c335e70360c7502a2205d21e9f96d4bf2679cbd Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Jun 2008 01:50:49 -0400 Subject: small tweak to MonkeySpec --- doc/MonkeySpec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'doc/MonkeySpec') diff --git a/doc/MonkeySpec b/doc/MonkeySpec index fe5a0bf..54aaa72 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -39,9 +39,9 @@ common components server-side components ---------------------- * "howler": server gpg maintainer - - generates gpg keys for the server - - publishes server gpg keys - - used to specify keys to trust for user authentication + - generate gpg keys for the server + - publish server gpg keys + - give owner trust to keys for user authentication * "tamarin": concept - how to trigger or schedule rhesus at admin defined points (e.g. via cron or during ssh connections). -- cgit v1.2.3