8 [x] jrollins will talk and gesture - in progress
13 rhesus, marmoset, howler, langur, tamarin, barbary
18 (names in "" are code names until we think of better ones.)
22 * "rhesus": update known_hosts/authorized_keys files:
23 - be responsible for removing keys from the file as key revocation
25 - be responsible for updating a key in the file where there is a key
27 - must result in a file that is parsable by the existing ssh client
29 - manual management must be allowed without stomping on it
30 - provide a simple, intelligible, clear policy for key acceptance
32 * "langur": policy-editor for viewing/editing policies
34 * gpg2ssh: utility to convert gpg keys to ssh
35 known_hosts/authorized_keys lines
37 * ssh2gpg: create openpgp keypair from ssh keypair
39 server-side components
40 ----------------------
41 * "howler": server gpg maintainer
42 - generates gpg keys for the server
43 - publishes server gpg keys
44 - used to specify userids to trust for user authentication
46 * "tamarin": script to trigger rhesus during attempt to initiate
47 connection from client
49 client-side components
50 ----------------------
51 * "marmoset": script to trigger rhesus during attempt to initiate
53 - runs on connection to a certain host
54 - triggers update to known_hosts file then makes connection
55 - proxy-command | pre-hook script | wrapper script
56 - (ssh_config "LocalCommand" is only run *after* connection)
61 Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
62 Backstory: http://www.conceptlabs.co.uk/alicebob.html
64 Bob wants to sign on to the computer "mangabey" via monkeysphere
65 framework. He doesn't yet have access to the machine, but he knows
66 Alice, who is the admin of magabey. Alice and Bob, being the
67 contientious netizens that they are, have already published their
68 personal gpg keys to the web of trust, and being good friends, have
69 both signed each other's keys and marked each others keys with "full"
72 Alice uses howler to publish a gpg key for magabey with the special
73 "ssh://magabey" URI userid. Alice signs magabey's gpg key and
74 publishes her signature. Alice then creates a user "bob" on magabey,
75 and puts Bob's userid in the auth_user_ids file for user bob on
76 magabey. tamarin triggers on magabey, which triggers rhesus, which
77 takes all userids in bob's auth_user_ids file, look on a keyserver to
78 find the public keys for each user, converts the gpg public keys into
79 ssh public keys if the key validity is acceptable, and finally insert
80 those keys into an authorized_keys file for bob.
82 Bob now adds the "ssh://magabey" userid to the auth_host_ids file in
83 his account on his localhost. Bob now goes to connect to bob@magabey.
84 Bob's ssh client, which is monkeysphere enabled, triggers marmoset,
85 which triggers rhesus on Bob's computer, which takes all server
86 userids in his auth_host_ids file, looks on a keyserver to find the
87 public key for each server (based on the server's URI), converts the
88 gpg public keys into ssh public keys if the key validity is
89 acceptable, and finally insert those keys into Bob's known_hosts file.
91 On Bob's side, since mangabey's key had "full" validity (since it was
92 signed by Alice whom he fully trusts), Bob's ssh client deems magabey
93 "known" and no further host key checking is required.
95 On magabey's side, since Bob's key has "full" validity (since it had
96 also been signed by Alice whom magabey fully trusts (since Alice told
97 him to)), Bob is authenticated to log into bob@magabey.
102 * Daniel and Elliot lie. <check>
103 * We will use a distributed VCS, each developer will create their own
104 git repository and publish it publicly for others to pull from, mail
106 * public project page doesn't perhaps make sense yet
107 * approximate goal - using the web of trust to authenticate ppl for
109 * outline of various components of monkeysphere
110 * M: what does it mean to be in the monkeysphere? not necessarily a
112 * J: interested in seeing project happen, not in actually doing it.
113 anybody can contribute as much as they want.
114 * J: if we put the structure in place to work on monkeysphere then we
115 don't have to do anything
116 * D: we are not creating
117 * understand gpg's keyring better, understanding tools better,
119 * Some debian packages allow automated configuration of config files.
121 * GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
122 * SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without
123 modifying either openpgp and openssh
124 * DESIGN GOALS - authentication, use the existing generic OpenSSH
125 client, the admin can make it default, although end-user should be
126 decide to use monkeysphere or not
127 * DESIGN GOAL - use of monkeysphere should not radically change
128 connecting-to-server experience
129 * GOAL - pick a monkey-related name for each component
131 Host identity piece of monkeysphere could be used without buying into
132 the authorization component.
134 Monkeysphere is authentication layer that allows the sysadmin to
135 perform authorization on user identities instead of on keys, it
136 additionally allows the sysadmin also to authenticate the server to
139 git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere