From 2f9fe93b98ed32b662212899db6ba2174c1138d3 Mon Sep 17 00:00:00 2001 From: Matthew James Goins Date: Sat, 20 Mar 2010 15:07:30 -0400 Subject: Removed docs and website. They will now reside (for my repo) at git://lair.fifthhorseman.net/~mjgoins/monkeysphere.info/ --- doc/conferences/lca2010/abstract | 65 -------------------------------- doc/conferences/lca2010/bio | 23 ----------- doc/conferences/lca2010/experience | 26 ------------- doc/conferences/lca2010/outline | 62 ------------------------------ doc/conferences/lca2010/techrequirements | 1 - doc/conferences/lca2010/title | 1 - doc/conferences/lca2010/videoabstract | 1 - 7 files changed, 179 deletions(-) delete mode 100644 doc/conferences/lca2010/abstract delete mode 100644 doc/conferences/lca2010/bio delete mode 100644 doc/conferences/lca2010/experience delete mode 100644 doc/conferences/lca2010/outline delete mode 100644 doc/conferences/lca2010/techrequirements delete mode 100644 doc/conferences/lca2010/title delete mode 100644 doc/conferences/lca2010/videoabstract (limited to 'doc/conferences/lca2010') diff --git a/doc/conferences/lca2010/abstract b/doc/conferences/lca2010/abstract deleted file mode 100644 index 2770675..0000000 --- a/doc/conferences/lca2010/abstract +++ /dev/null @@ -1,65 +0,0 @@ -The Monkeysphere uses the OpenPGP web of trust to provide a -distributed Public Key Infrastructure (PKI) for users and -administrators of ssh. This talk is about why the Monkeysphere is -useful, how it works, and how you can use it to ease your workload and -automatically fully authenticate people and servers. - -The Secure Shell protocol has offered public-key-based mutual -authentication since its inception, but popular implementations offer -no formalized public key infrastructure. This means there is no -straightforward, computable method to signal re-keying events, key -revocations, or even basic key-to-identity binding (e.g. "host -foo.example.org has key X"). As a result, dealing with host keys is -usually a manual process with the possibility of tedium, room for -error, difficulty of maintenance, or users and administrators simply -ignoring or skipping baseline cryptographic precautions. - -The OpenPGP specification offers a robust public key infrastructure -that has traditionally only been used for e-mail and for encrypted -storage. By its nature, the OpenPGP Web of Trust (WoT) is a -distributed system, with no intrinsic chokepoints or global -authorities. And the global key distribution network provides -commonly-held, public infrastructure for rapid distribution of key -changes, revocations, and identity binding. - -The Monkeysphere mixes the two to provide new functionality for ssh -(key revocation, key expiry, re-keying, fewer unintelligible prompts, -semantic authorization, etc) while taking advantage of existing but -often-unused functionality in OpenPGP. Additionally, the Monkeysphere -implementation does not require any patches to OpenSSH on the client -or server, but takes advantage of existing hooks, which makes it easy -to adopt. - -Specifically, the Monkeysphere allows users to automatically validate -ssh host keys through the Web of Trust, and it allows servers to -identify authorized users through the Web of Trust. Users decide -which certifications in the Web of Trust they put stock in (so they -are not spoofed by spurious certifications of host keys). Server -administrators decide whose certifications the server should put stock -in (so that the server is not spoofed by spurious certifications of -user keys). - -This presentation will go over how the Monkeysphere works; how you can -use it to increase the security of servers you maintain; how you can -use it to increase the security of accounts you connect to with ssh; -and we'll discuss future possibilities lurking in the ideas of the -Monkeysphere. - -Monkeysphere is currently available in the main Debian repository and -as a port in FreeBSD. A Slackbuild is available for Slackware, and -Monkeysphere itself should work on any POSIX-ish system with the -appropriate dependencies available. - -The Monkeysphere project began to coalesce in early 2008, and remains -an ongoing collaboration of many people, including: - - * Micah Anderson - * Mike Castleman - * Daniel Kahn Gillmor - * Ross Glover - * Matthew James Goins - * Greg Lyle - * Jamie McClelland - * Jameson Graef Rollins - -The project's main web site is http://web.monkeysphere.info/ diff --git a/doc/conferences/lca2010/bio b/doc/conferences/lca2010/bio deleted file mode 100644 index f358e02..0000000 --- a/doc/conferences/lca2010/bio +++ /dev/null @@ -1,23 +0,0 @@ -Daniel Kahn Gillmor (dkg) is a freelance Technology Advisor with a -particular interest in cryptography, user interface design, and -distributed systems as means to pursue the goals of user autonomy and -resistance to centralized control. He contributes discussion and -patches on several crypto-related lists, and is an active participant -in what remains of the IETF OpenPGP Working Group. He co-administers -one of the OpenPGP keyservers, and was dubiously involved in -publicizing the ongoing transition to a post-SHA1 Web of Trust. - -dkg works with schools, NGOs, activist groups, and some corporations -to help them understand their tech needs and risks, possible -solutions, and how to use and understand the tools they choose. He -works with several technology-focused organizations, including May -First/People Link (http://mayfirst.org/) and Riseup -(http://riseup.net). - -He is also a contributor to The Organic Internet -(http://mayfirst.org/organicinternet), which includes his essay about -structural flaws in the X.509 certificate model. - -dkg began working with free software in 2002, began work with the -other Monkeysphere developers in 2008, and became a Debian Developer -in 2009. People seem to laugh when they see his business card. diff --git a/doc/conferences/lca2010/experience b/doc/conferences/lca2010/experience deleted file mode 100644 index 8ca2a8e..0000000 --- a/doc/conferences/lca2010/experience +++ /dev/null @@ -1,26 +0,0 @@ -I've given several workshops and skillshares about the ideas behind -OpenPGP and how to use gpg and its various frontends to -small-to-medium groups (5 to 25 people). - -I led an effective skillshare on the nature of X.509-based -certifications and how they are used in SSL and TLS back in 2003 or -2004. - -I co-led a surprisingly large (~>50 people? packed room!) discussion -about free software and why it should matter to users as well as -developers a the Grassroots Media Conference a few years ago with -Alfredo Lopez and Laura Quilter. This was a very active discussion, -and topics ranged from motivation and policy to moderately technical -concerns. - -I presented a poster with a colleague on a novel acoustic correlation -method at ICASSP (the IEEE's International Conference on Acoustics, -Speech, and Signal Processing) 2001 (though i've recently let my IEEE -membership lapse). - -I've introduced numerous people to the monkeysphere via IRC -discussions, and have a strong handle on both: - - * the necessary details to keep a technical audience engaged - - * the bigger-picture goals to keep a non-technical audience engaged diff --git a/doc/conferences/lca2010/outline b/doc/conferences/lca2010/outline deleted file mode 100644 index 15c4868..0000000 --- a/doc/conferences/lca2010/outline +++ /dev/null @@ -1,62 +0,0 @@ - - - -The presentation is in three parts: - -Background ----------- - - * Why authentication using asymmetric crypto (as opposed to shared - secrets) is important on today's network. - - * Overview of how ssh uses asymmetric crypto authentication (user -> - host, host -> user) - - * Overview of relevant bits of OpenPGP (key -> User ID bindings, - certifications, usage flags, key -> subkey bindings) - - * Overview of keyservers (the idea of gossip, One Big Network, - propagation, issues around redundancy, logging, private access) - - -How ---- - - * How does the monkeysphere do it? (very brief under-the-hood) - - * How does a server administrator publish a host's ssh key to the Web - of Trust? How do they maintain it? - - * How does a user incorporate WoT-based host-key checking into their - regular ssh usage? - - * How does a user publish their own ssh identity to the WoT for hosts - to find it? How do they maintain it? - - * How does a server administrator tell a server to admit certain - people (as identified by the WoT) to certain accounts? How do they - tell the server which certifications are trustworthy? - -Possible Futures ----------------- - - * Use the Monkeysphere with ssh implementations other than OpenSSH - (dropbear, lsh, putty, etc) - - * Expansion of the Monkeysphere's out-of-band PKI mechanism for - authentication in protocols other than SSH (TLS, HTTPS) without - protocol modification. - - * Use of OpenPGP certificates directly in SSH. OpenPGP is referenced - in RFC 4253 already: optional, rarely implemented, and deliberately - ambiguous about how to calculate key->identity bindings. - - * Use of OpenPGP certificates for authentication directly in - protocols. RFC 5081 provides a mechanism for OpenPGP certificates - in TLS, but is similarly ambiguous about certificate verification. - - * Better end-user control over verification: Who or what are you - really connecting to? How do you know? How can this information - be effectively and intuitively displayed to a typical user? - - * What would you like to see? diff --git a/doc/conferences/lca2010/techrequirements b/doc/conferences/lca2010/techrequirements deleted file mode 100644 index cc0d1b9..0000000 --- a/doc/conferences/lca2010/techrequirements +++ /dev/null @@ -1 +0,0 @@ -no non-standard technical requirements should be necessary. diff --git a/doc/conferences/lca2010/title b/doc/conferences/lca2010/title deleted file mode 100644 index 36ef904..0000000 --- a/doc/conferences/lca2010/title +++ /dev/null @@ -1 +0,0 @@ -Using the Monkeysphere: effective, distributed key management for SSH using the Web of Trust diff --git a/doc/conferences/lca2010/videoabstract b/doc/conferences/lca2010/videoabstract deleted file mode 100644 index 7e1536c..0000000 --- a/doc/conferences/lca2010/videoabstract +++ /dev/null @@ -1 +0,0 @@ -do we have something like this? -- cgit v1.2.3