8 [x] jrollins will talk and gesture - in progress
13 rhesus, marmoset, howler, langur, tamarin, barbary
18 (names in "" are code names until we think of better ones.)
22 * "rhesus": update known_hosts/authorized_keys files:
23 - be responsible for removing keys from the file as key revocation
25 - be responsible for updating a key in the file where there is a key
27 - must result in a file that is parsable by the existing ssh client
29 - manual management must be allowed without stomping on it
30 - provide a simple, intelligible, clear policy for key acceptance
32 * "langur": policy-editor for viewing/editing policies
34 * gpg2ssh: utility to convert gpg keys to ssh
35 known_hosts/authorized_keys lines
37 * ssh2gpg: create openpgp keypair from ssh keypair
39 server-side components
40 ----------------------
41 * "howler": service gpg key generator/publisher
43 * "tamarin": script to trigger rhesus during attempt to initiate
44 connection from client
46 client-side components
47 ----------------------
48 * "marmoset": script to trigger rhesus during attempt to initiate
50 - runs on connection to a certain host
51 - triggers update to known_hosts file then makes connection
52 - proxy-command | pre-hook script | wrapper script
53 - (ssh_config "LocalCommand" is only run *after* connection)
58 Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
59 Backstory: http://www.conceptlabs.co.uk/alicebob.html
61 Bob wants to sign on to the computer "mangabey" via monkeysphere
62 framework. He doesn't yet have access to the machine, but he knows
63 Alice, who is the admin of magabey. Alice and Bob, being the
64 contientious netizens that they are, have already published their
65 personal gpg keys to the web of trust, and being good friends, have
66 both signed each other's keys and marked each others keys with "full"
69 Alice uses howler to publish a gpg key for magabey with the special
70 "ssh://magabey" URI userid. Alice signs magabey's gpg key and
71 publishes her signature. Alice then creates a user "bob" on magabey,
72 and puts Bob's userid in the auth_user_ids file for user bob on
73 magabey. tamarin triggers on magabey, which triggers rhesus, which
74 takes all userids in bob's auth_user_ids file, look on a keyserver to
75 find the public keys for each user, converts the gpg public keys into
76 ssh public keys if the key validity is acceptable, and finally insert
77 those keys into an authorized_keys file for bob.
79 Bob now adds the "ssh://magabey" userid to the auth_host_ids file in
80 his account on his localhost. Bob now goes to connect to bob@magabey.
81 Bob's ssh client, which is monkeysphere enabled, triggers marmoset,
82 which triggers rhesus on Bob's computer, which takes all server
83 userids in his auth_host_ids file, looks on a keyserver to find the
84 public key for each server (based on the server's URI), converts the
85 gpg public keys into ssh public keys if the key validity is
86 acceptable, and finally insert those keys into Bob's known_hosts file.
88 On Bob's side, since mangabey's key had "full" validity (since it was
89 signed by Alice whom he fully trusts), Bob's ssh client deems magabey
90 "known" and no further host key checking is required.
92 On magabey's side, since Bob's key has "full" validity (since it had
93 also been signed by Alice whom magabey fully trusts (since Alice told
94 him to)), Bob is authenticated to log into bob@magabey.
99 * Daniel and Elliot lie. <check>
100 * We will use a distributed VCS, each developer will create their own
101 git repository and publish it publicly for others to pull from, mail
103 * public project page doesn't perhaps make sense yet
104 * approximate goal - using the web of trust to authenticate ppl for
106 * outline of various components of monkeysphere
107 * M: what does it mean to be in the monkeysphere? not necessarily a
109 * J: interested in seeing project happen, not in actually doing it.
110 anybody can contribute as much as they want.
111 * J: if we put the structure in place to work on monkeysphere then we
112 don't have to do anything
113 * D: we are not creating
114 * understand gpg's keyring better, understanding tools better,
116 * Some debian packages allow automated configuration of config files.
118 * GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
119 * SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without
120 modifying either openpgp and openssh
121 * DESIGN GOALS - authentication, use the existing generic OpenSSH
122 client, the admin can make it default, although end-user should be
123 decide to use monkeysphere or not
124 * DESIGN GOAL - use of monkeysphere should not radically change
125 connecting-to-server experience
126 * GOAL - pick a monkey-related name for each component
128 Host identity piece of monkeysphere could be used without buying into
129 the authorization component.
131 Monkeysphere is authentication layer that allows the sysadmin to
132 perform authorization on user identities instead of on keys, it
133 additionally allows the sysadmin also to authenticate the server to
136 git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere