The presentation is in three parts:

Background
----------

 * Why authentication using asymmetric crypto (as opposed to shared
   secrets) is important on today's network.

 * Overview of how ssh uses asymmetric crypto authentication (user ->
   host, host -> user)

 * Overview of relevant bits of OpenPGP (key -> User ID bindings,
   certifications, usage flags, key -> subkey bindings)

 * Overview of keyservers (the idea of gossip, One Big Network,
   propagation, issues around redundancy, logging, private access)


How
---

 * How does the monkeysphere do it?  (very brief under-the-hood)

 * How does a server administrator publish a host's ssh key to the Web
   of Trust?  How do they maintain it?

 * How does a user incorporate WoT-based host-key checking into their
   regular ssh usage?

 * How does a user publish their own ssh identity to the WoT for hosts
   to find it?  How do they maintain it?

 * How does a server administrator tell a server to admit certain
   people (as identified by the WoT) to certain accounts?  How do they
   tell the server which certifications are trustworthy?

Possible Futures
----------------

 * Use the Monkeysphere with ssh implementations other than OpenSSH
   (dropbear, lsh, putty, etc)

 * Expansion of the Monkeysphere's out-of-band PKI mechanism for
   authentication in protocols other than SSH (TLS, HTTPS) without
   protocol modification.

 * Use of OpenPGP certificates directly in SSH.  OpenPGP is referenced
   in RFC 4253 already: optional, rarely implemented, and deliberately
   ambiguous about how to calculate key->identity bindings.

 * Use of OpenPGP certificates for authentication directly in
   protocols.  RFC 5081 provides a mechanism for OpenPGP certificates
   in TLS, but is similarly ambiguous about certificate verification.

 * Better end-user control over verification: Who or what are you
   really connecting to?  How do you know?  How can this information
   be effectively and intuitively displayed to a typical user?

 * What would you like to see?

<input type='hidden' name='h' value='master'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/notmuch/commit/?h=master'>root</a>/<a href='/notmuch/commit/tags?h=master'>tags</a>/<a href='/notmuch/commit/tags/eb?h=master'>eb</a>/<a href='/notmuch/commit/tags/eb/22?h=master'>22</a>/<a href='/notmuch/commit/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?h=master'>CAP4q7BOmq-UEtkd2K-BEhHngXqe=Zqyyh7wR=ih-ud3B3BporQ@mail.gmail.com</a></div><div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='h' value='master'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td>Jonas Smedegaard &lt;dr@jones.dk&gt;</td><td class='right'>2023-06-27 09:35:08 +0200</td></tr>
<tr><th>committer</th><td>Jonas Smedegaard &lt;dr@jones.dk&gt;</td><td class='right'>2023-06-27 09:35:08 +0200</td></tr>
<tr><th>commit</th><td colspan='2' class='oid'><a href='/notmuch/commit/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?h=master&amp;id=fd54908da2b05c526dd3bee9b6dcd093214a220d'>fd54908da2b05c526dd3bee9b6dcd093214a220d</a> (<a href='/notmuch/patch/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?id=fd54908da2b05c526dd3bee9b6dcd093214a220d'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='oid'><a href='/notmuch/tree/?h=master'>c69c845069c99d1d01044f6fafda7c08433329c6</a> /<a href='/notmuch/tree/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?h=master'>tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe=Zqyyh7wR=ih-ud3B3BporQ@mail.gmail.com</a></td></tr>
<tr><th>parent</th><td colspan='2' class='oid'><a href='/notmuch/commit/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?h=master&amp;id=ba46132213560cf3335d53560d519c0ec0190da2'>ba46132213560cf3335d53560d519c0ec0190da2</a> (<a href='/notmuch/diff/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?h=master&amp;id2=ba46132213560cf3335d53560d519c0ec0190da2'>diff</a>)</td></tr></table>
<div class='commit-subject'><span class='decoration'><a class='branch-deco' href='/notmuch/log/tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe%3dZqyyh7wR%3dih-ud3B3BporQ@mail.gmail.com?h=master'>master</a></span></div><div class='commit-msg'></div><div class='diffstat-header'><a href='/notmuch/diff/?h=master'>Diffstat</a> (limited to 'tags/eb/22/CAP4q7BOmq-UEtkd2K-BEhHngXqe=Zqyyh7wR=ih-ud3B3BporQ@mail.gmail.com')</div><table summary='diffstat' class='diffstat'>