The presentation is in three parts:

Background
----------

 * Why authentication using asymmetric crypto (as opposed to shared
   secrets) is important on today's network.

 * Overview of how ssh uses asymmetric crypto authentication (user ->
   host, host -> user)

 * Overview of relevant bits of OpenPGP (key -> User ID bindings,
   certifications, usage flags, key -> subkey bindings)

 * Overview of keyservers (the idea of gossip, One Big Network,
   propagation, issues around redundancy, logging, private access)


How
---

 * How does the monkeysphere do it?  (very brief under-the-hood)

 * How does a server administrator publish a host's ssh key to the Web
   of Trust?  How do they maintain it?

 * How does a user incorporate WoT-based host-key checking into their
   regular ssh usage?

 * How does a user publish their own ssh identity to the WoT for hosts
   to find it?  How do they maintain it?

 * How does a server administrator tell a server to admit certain
   people (as identified by the WoT) to certain accounts?  How do they
   tell the server which certifications are trustworthy?

Possible Futures
----------------

 * Use the Monkeysphere with ssh implementations other than OpenSSH
   (dropbear, lsh, putty, etc)

 * Expansion of the Monkeysphere's out-of-band PKI mechanism for
   authentication in protocols other than SSH (TLS, HTTPS) without
   protocol modification.

 * Use of OpenPGP certificates directly in SSH.  OpenPGP is referenced
   in RFC 4253 already: optional, rarely implemented, and deliberately
   ambiguous about how to calculate key->identity bindings.

 * Use of OpenPGP certificates for authentication directly in
   protocols.  RFC 5081 provides a mechanism for OpenPGP certificates
   in TLS, but is similarly ambiguous about certificate verification.

 * Better end-user control over verification: Who or what are you
   really connecting to?  How do you know?  How can this information
   be effectively and intuitively displayed to a typical user?

 * What would you like to see?