summaryrefslogtreecommitdiff
path: root/doc/announcement.html
blob: 1787142c1f686e268694201f2390242c50292d77 (plain) 
    

  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    2. 

  2. <html>
    3. 

  3. <head>
    4. 

  4. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
    5. 

  5. <title>Announcing the Monkeysphere</title>
    6. 

  6. </head>
    7. 

  7. 

  8. <!-- This is a draft of a wider announcement for the Monkeysphere.
    9. 

  9.      dkg will probably post the final version in his blog at
    10. 

  10.      https://www.debian-administration.org/users/dkg/weblog
    11. 

    12. 

  12.      Edits are welcome! -->
    13. 

  13. 

  14. <body>
    15. 

  15. <h1>Monkeysphere: an OpenPGP-based PKI for SSH</h1>
    16. 

  16. 

  17. <p>Ever thought that there should be an automated way to handle ssh
    18. 

  18. keys?  Do you know the administrators of your servers, and wish that
    19. 

  19. SSH could verify new host keys from them automatically, based on your
    20. 

  20. personal connections to the web-of-trust?  Do you wish you could
    21. 

  21. revoke and rotate your old SSH authentication keys without having to
    22. 

  22. log into every single machine?</p>
    23. 

  23. 

  24. <p>Do you administer servers, and wish you could re-key them without
    25. 

  25. sowing massive pain and confusion among your users (or worse,
    26. 

  26. encouraging bad security habits among them)?  Do you wish you could
    27. 

  27. grant access to your users by name, instead of by opaque string?  Do
    28. 

  28. you wish you could rapidly revoke access to a user (or compromised
    29. 

  29. key) across a group of machines by disabling authentication for that
    30. 

  30. user?</p>
    31. 

  31. 

  32. <p>A group of us have been working on a public key infrastructure for
    33. 

  33. SSH. <a href="http://monkeysphere.info">Monkeysphere</a> makes use of
    34. 

  34. the existing OpenPGP web-of-trust to fetch and cryptographically
    35. 

  35. validate (and revoke!) keys.  This works in either directions: both
    36. 

  36. <code>authorized_keys</code> <em>and</em> <code>known_hosts</code> are
    37. 

  37. handled.  Monkeysphere gives users and admins tools to deal with SSH
    38. 

  38. keys by thinking about the people and machines to whom the keys
    39. 

  39. belong, instead of requiring humans to do tedious (and error-prone)
    40. 

  40. manual key verification.</p>
    41. 

  41. 

  42. <p>We have <a href="http://monkeysphere.info/download">debian packages
    43. 

  43. available</a> which should install against lenny, <a
    44. 

  44. href="https://lists.riseup.net/www/info/monkeysphere">a mailing
    45. 

  45. list</a>, and open ears for good questions, suggestions and
    46. 

  46. criticism.</p>
    47. 

  47. 

  48. <p>If you have a chance to give it a try (<a href="???">as a user</a>
    49. 

  49. or <a href="???">as an admin</a>), it would be great to <a
    50. 

  50. href="https://lists.riseup.net/www/info/monkeysphere">get
    51. 

  51. feedback</a>.</p>
    52. 

  52. 

  53. </body> </html>
    54.
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-05 07:12:14 +0000