summaryrefslogtreecommitdiff
path: root/doc/conferences/seminar/abstract
blob: 83fddfca34f0d4ff4b6d28708d3696593d53a301 (plain) 
    

  1. Monkeysphere provides a robust, decentralized, out-of-band Public Key
    2. 

  2. Infrastructure (PKI) based on OpenPGP's Web of Trust.  It is intended
    3. 

  3. to support any protocol which needs public-key authentication or
    4. 

  4. binding between public keys and real-world entities.  Current
    5. 

  5. implementations include mutual authentication (both server and client)
    6. 

  6. for SSH and authentication of servers for HTTPS.  The technique is
    7. 

  7. resistant to X.509's inherent single-issuer policy bias, allows use of
    8. 

  8. a single key for a host offering multiple services, and handles
    9. 

  9. initial contact, re-keying, and revocation better than OpenSSH's
    10. 

  10. traditional key continuity management (KCM) scheme.  It also requires
    11. 

  11. no changes to on-the-wire protocols, and is transparently
    12. 

  12. interoperable with existing tools, so the migration path to the new
    13. 

  13. PKI is smooth (and encouraged).  Discussion will include the merits
    14. 

  14. and drawbacks of the Monkeysphere, as well as its relationship to
    15. 

  15. in-band measures (such as the Server Name Indication (SNI) TLS
    16. 

  16. extension and the subjectAltName (sAN) extended attribute for X.509v3
    17. 

  17. certificates) which provide some pieces of similar functionality.
    18.
generated by cgit v1.2.3 (git 2.46.0) at 2024-12-26 04:30:46 +0000