summaryrefslogtreecommitdiff
path: root/website/index.mdwn
blob: 495d963746fce9c177b975a9adafaa98d5581b8d (plain)

The Monkeysphere project's goal is to extend the web of trust model and other features of OpenPGP to other areas of the Internet to help us securely identify each other while we work online.

Specifically, monkeysphere is a framework to leverage the OpenPGP web of trust for OpenSSH authentication. In other words, it allows you to use your OpenPGP keys when using secure shell to both identify yourself and the servers you administer or connect to. OpenPGP keys are tracked via GnuPG, and managed in the known_hosts and authorized_keys files used by OpenSSH for connection authentication.

why you should be interested | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]

Conceptual overview

Everyone who has used secure shell is familiar with the prompt given the first time you log in to a new server, asking if you want to trust the server's key by verifying the key fingerprint. Unfortunately, unless you have access to the server's key fingerprint through a secure out-of-band channel, there is no way to verify that the fingerprint you are presented with is in fact that of the server your really trying to connect to.

Many users also take advantage of OpenSSH's ability to use RSA or DSA keys for authenticating to a server (known as "PubkeyAuthentication"), rather than relying on a password exchange. But again, the public part of the key needs to be transmitted to the server through a secure out-of-band channel (usually via a separate password-based SSH connection or a (hopefully signed) e-mail to the system administrator) in order for this type of authentication to work.

OpenSSH currently provides a functional way to manage the RSA and DSA keys required for these interactions through the known_hosts and authorized_keys files. However, it lacks any type of Public Key Infrastructure (PKI) that can verify that the keys being used really are the one required or expected.

The basic idea of the Monkeysphere is to create a framework that uses GnuPG's keyring manipulation capabilities and public keyserver communication to manage the keys that OpenSSH uses for connection authentication.

The Monkeysphere therefore provides an effective PKI for OpenSSH, including the possibility for key transitions, transitive identifications, revocations, and expirations. It also actively invites broader participation in the OpenPGP web of trust.

Technical details

Under the Monkeysphere, both parties to an OpenSSH connection (client and server) explicitly designate who they trust to certify the identity of the other party. These trust designations are explicitly indicated with traditional GPG keyring trust models. Monkeysphere then manages the keys in the known_hosts and authorized_keys files directly, in such a way that is completely transparent to SSH. No modification is made to the SSH protocol on the wire (it continues to use raw RSA public keys), and no modification is needed to the OpenSSH software.

To emphasize: no modifications to SSH are required to use the Monkeysphere. OpenSSH can be used as is; completely unpatched and "out of the box".

Philosophy

Humans (and monkeys) have the innate capacity to keep track of the identities of only a finite number of people. After our social sphere exceeds several dozen or several hundred (depending on the individual), our ability to remember and distinguish people begins to break down. In other words, at a certain point, we can't know for sure that the person we ran into in the produce aisle really is the same person who we met at the party last week.

For most of us, this limitation has not posed much of a problem in our daily, off-line lives. With the Internet, however, we have an ability to interact with vastly larger numbers of people than we had before. In addition, on the Internet we lose many of our tricks for remembering and identifying people (physical characteristics, sound of the voice, etc.).

Fortunately, with online communications we have easy access to tools that can help us navigate these problems. OpenPGP (a cryptographic protocol commonly used for sending signed and encrypted email messages) is one such tool. In its simplest form, it allows us to sign our communication in such a way that the recipient can verify the sender.

OpenPGP goes beyond this simple use to implement a feature known as the web of trust. The web of trust allows people who have never met in person to communicate with a reasonable degree of certainty that they are who they say they are. It works like this: Person A trusts Person B. Person B verifies Person C's identity. Then, Person A can verify Person C's identity because of their trust of Person B.

The Monkeyshpere's broader goals are to extend the use of OpenPGP from email communications to other activities, such as:

  • conclusively identifying the remote server in a remote login session
  • granting access to servers to people we've never directly met

Links


This wiki is powered by ikiwiki.