THE MONKEYSPHERE
================

AGENDA
======
[x] clowning
[ ] work
[x] jrollins will talk and gesture - in progress

MONKEYNAMES
===========

rhesus, marmoset, howler, langur, tamarin, barbary

COMPONENTS
==========

(names in "" are code names until we think of better ones.)

common components
-----------------
* "rhesus": update known_hosts/authorized_keys files:
  - be responsible for removing keys from the file as key revocation
    happens
  - be responsible for updating a key in the file where there is a key
    replacement
  - must result in a file that is parsable by the existing ssh client
    without errors
  - manual management must be allowed without stomping on it
  - provide a simple, intelligible, clear policy for key acceptance

* "langur": policy-editor for viewing/editing policies

* gpg2ssh: utility to convert gpg keys to ssh
  known_hosts/authorized_keys lines

* ssh2gpg: create openpgp keypair from ssh keypair

server-side components
----------------------
* "howler": service gpg key generator/publisher

* "tamarin": script to trigger rhesus during attempt to initiate
  connection from client

client-side components
----------------------
* "marmoset": script to trigger rhesus during attempt to initiate
  connection to server
  - runs on connection to a certain host
  - triggers update to known_hosts file then makes connection
  - proxy-command | pre-hook script | wrapper script
  - (ssh_config "LocalCommand" is only run *after* connection)

USE CASE
========

Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
Backstory: http://www.conceptlabs.co.uk/alicebob.html

Bob wants to sign on to the computer "mangabey" via monkeysphere
framework.  He doesn't yet have access to the machine, but he knows
Alice, who is the admin of magabey.  Alice and Bob, being the
contientious netizens that they are, have already published their
personal gpg keys to the web of trust, and being good friends, have
both signed each other's keys and marked each others keys with "full"
trust.

Alice uses howler to publish a gpg key for magabey with the special
"ssh://magabey" URI userid.  Alice signs magabey's gpg key and
publishes her signature.  Alice then creates a user "bob" on magabey,
and puts Bob's userid in the auth_user_ids file for user bob on
magabey.  tamarin triggers on magabey, which triggers rhesus, which
takes all userids in bob's auth_user_ids file, look on a keyserver to
find the public keys for each user, converts the gpg public keys into
ssh public keys if the key validity is acceptable, and finally insert
those keys into an authorized_keys file for bob.

Bob now adds the "ssh://magabey" userid to the auth_host_ids file in
his account on his localhost.  Bob now goes to connect to bob@magabey.
Bob's ssh client, which is monkeysphere enabled, triggers marmoset,
which triggers rhesus on Bob's computer, which takes all server
userids in his auth_host_ids file, looks on a keyserver to find the
public key for each server (based on the server's URI), converts the
gpg public keys into ssh public keys if the key validity is
acceptable, and finally insert those keys into Bob's known_hosts file.

On Bob's side, since mangabey's key had "full" validity (since it was
signed by Alice whom he fully trusts), Bob's ssh client deems magabey
"known" and no further host key checking is required.

On magabey's side, since Bob's key has "full" validity (since it had
also been signed by Alice whom magabey fully trusts (since Alice told
him to)), Bob is authenticated to log into bob@magabey.

NOTES
=====

* Daniel and Elliot lie. <check>
* We will use a distributed VCS, each developer will create their own
  git repository and publish it publicly for others to pull from, mail
  out 
* public project page doesn't perhaps make sense yet
* approximate goal - using the web of trust to authenticate ppl for
  SSH 
* outline of various components of monkeysphere
* M: what does it mean to be in the monkeysphere?  not necessarily a
  great coder.
* J: interested in seeing project happen, not in actually doing it.
  anybody can contribute as much as they want. 
* J: if we put the structure in place to work on monkeysphere then we
  don't have to do anything 
* D: we are not creating 
* understand gpg's keyring better, understanding tools better,
  building scripts 
* Some debian packages allow automated configuration of config files.

* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without
  modifying either openpgp and openssh 
* DESIGN GOALS - authentication, use the existing generic OpenSSH
  client, the admin can make it default, although end-user should be
  decide to use monkeysphere or not 
* DESIGN GOAL - use of monkeysphere should not radically change
  connecting-to-server experience 
* GOAL - pick a monkey-related name for each component 

Host identity piece of monkeysphere could be used without buying into
the authorization component.

Monkeysphere is authentication layer that allows the sysadmin to
perform authorization on user identities instead of on keys, it
additionally allows the sysadmin also to authenticate the server to
the end-user.

git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere