THE MONKEYSPHERE
================

AGENDA
======
[x] clowning
[ ] work
[x] jrollins will talk and gesture - in progress

COMPONENTS
==========
* client-side componants
** "Marmoset": update known_hosts file with public key of server(s):
*** be responsible for removing keys from the file as key revocation happens 
*** be responsible for updating a key in the file where there is a key replacement 
*** must result in a file that is parsable by the existing ssh client without errors
*** manual management must be allowed without stomping on it
*** provide a simple, intelligible, clear policy for key acceptance
*** questions: should this query keyserver & update known host files? (we already 
    have awesome tool that queries keyservers and updates a web of trust (gpg) 
** "Howler": simple script that could be placed as a trigger function (in your .ssh/config)
*** runs on connection to a certain host
*** triggers update to known_hosts file then makes connection
*** proxy-command | pre-hook script | wrapper script
** "Langur": policy-editor for viewing/editing policies

* server-side componants
** "Rhesus" updates a per-user authorized_keys file, instead of updating a
   known_hosts file from a public key by matching a specified user-id (for given
   user: update authkeys file with public keys derived from authorized_uids
   file)
*** Needs to operate with the same principles that Marmoset client-side does 
** "Tamarin" triggers Rhesus during an attempt to initiate a connection or a scheduler (or both)
** "Barbary" - policy editor / viewer

* common componants
** Create a ssh keypair from a openpgp keypair

from ssh_config(5):
     LocalCommand
             Specifies a command to execute on the local machine after suc‐
             cessfully connecting to the server.  The command string extends
             to the end of the line, and is executed with /bin/sh.  This
             directive is ignored unless PermitLocalCommand has been enabled.


NOTES
=====
* Daniel and Elliot lie. <check>
* We will use a distributed VCS, each developer will create their own git repository and publish it publically for others to pull from, mail out
* public project page doesn't perhaps make sense yet
* approximate goal - using the web of trust to authenticate ppl for SSH
* outline of various components of monkeysphere
* M: what does it mean to be in the monkeysphere?  not necessarily a great coder.
* J: interested in seeing project happen, not in actually doing it.  anybody can contribute as much as they want.
* J: if we put the structure in place to work on monkeysphere then we don't have to do anything
* D: we are not creating 
* understand gpg's keyring better, understanding tools better, building scripts
* Some debian packages allow automated configuration of config files.


* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without modifying either openpgp and openssh
* DESIGN GOALS - authentication, use the existing generic OpenSSH client, the admin can make it default, although end-user should be decide to use monkeysphere or not
* DESIGN GOAL - use of monkeysphere should not radically change connecting-to-server experience
* GOAL - pick a monkey-related name for each component 

Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
Backstory: http://www.conceptlabs.co.uk/alicebob.html

* Use Case: Bob wants to sign on to the computer "mangabey" via monkeysphere
  framework. He doesn't have access to the machine, but he knows Alice, who is
  the admin of magabey. Alice creates a user bob and puts bob's userid in the
  auth_user_ids file for bob. Tamarin triggers which causes Rhesus to take all
  the things in the auth_userids file, takes those users, look son a keyserver
  finds the public keys for the users, converts the gpg public keys into ssh
  public keys and inserts those into a user_authorized_keys file. Bob goes to
  connect, bob's ssh client which is monkeysphere enbaled, howler is triggered
  which triggers marmoset which looks out into the web of trust and find an
  OpenPGP key that has a userid that matches the URI of magabey. Marmoset checks
  to see if this key for mangabey has been signed by any keys that you trust
  (based on your policy). Has this key been signed by somebody that you trust?
  If yes, connect, if no: abort or fail-through or whatever. Alice has signed 
  this uid, so Marmoset says "OK, this server has been verified" it then
  converts the gpg public key into a ssh public key and then adds this gpg key
  to the known_host file. ssh says, "you" are about to connect to magabey and
  you know this is magabey because alice says so and you trust alice". The gpg
  private key of bob has to be converted (somehow, via agent or something) into
  a ssh private_key. SSH connection happens.

Host identity piece of monkeysphere could be used without buying into the 
authorization component.

Monkeysphere is authentication layer that allows the sysadmin to perform 
authorization on user identities instead of on keys, it additionally allows the 
sysadmin also to authenticate the server to the end-user.

git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere

Fix gpgkey2ssh so that the entire key fingerprint will work, accept full fingerprint, or accept a pipe and do the conversion
Write manpage for gpgkey2ssh
gpg private key (start with passwordless) to PEM encoded private key: perl libraries, libopencdk / gnutls, gpgme 
setup remote git repo
think through / plan merging of known_hosts (& auth_keys?)
think about policies and their representation