getting rid of nav template, relying on sidebar instead.

[monkeysphere.git] / website / index.mdwn

[[toc ]]

The Monkeysphere project's goal is to extend OpenPGP's web of trust to
new areas of the Internet to help us securely identify each other
while we work online.

Specifically, monkeysphere currently offers a framework to leverage
the OpenPGP web of trust for OpenSSH authentication.

In other words, it allows you to use secure shell as you normally do,
but to identify yourself and the servers you administer or connect to
with your OpenPGP keys.  OpenPGP keys are tracked via GnuPG, and
monkeysphere manages the `known_hosts` and `authorized_keys` files
used by OpenSSH for authentication, checking them for cryptographic
validity.

## Conceptual overview ##

Everyone who has used secure shell is familiar with the prompt given
the first time you log in to a new server, asking if you want to trust
the server's key by verifying the key fingerprint.  Unfortunately,
unless you have access to the server's key fingerprint through a
secure out-of-band channel, there is no way to verify that the
fingerprint you are presented with is in fact that of the server your
really trying to connect to.

Many users also take advantage of OpenSSH's ability to use RSA or DSA
keys for authenticating to a server (known as
"`PubkeyAuthentication`"), rather than relying on a password exchange.
But again, the public part of the key needs to be transmitted to the
server through a secure out-of-band channel (usually via a separate
password-based SSH connection or a (hopefully signed) e-mail to the
system administrator) in order for this type of authentication to
work.

[OpenSSH](http://openssh.com/) currently provides a functional way to
manage the RSA and DSA keys required for these interactions through
the `known_hosts` and `authorized_keys` files.  However, it lacks any
type of [Public Key Infrastructure
(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that
can verify that the keys being used really are the one required or
expected.

The basic idea of the Monkeysphere is to create a framework that uses
[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and
public keyserver communication to manage the keys that OpenSSH uses
for connection authentication.  

The Monkeysphere therefore provides an effective PKI for OpenSSH,
including the possibility for key transitions, transitive
identifications, revocations, and expirations.  It also actively
invites broader participation in the
[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of
trust](http://en.wikipedia.org/wiki/Web_of_trust).

## Technical details ##

Under the Monkeysphere, both parties to an OpenSSH connection (client
and server) explicitly designate who they trust to certify the
identity of the other party.  These trust designations are explicitly
indicated with traditional GPG keyring trust models.  Monkeysphere
then manages the keys in the `known_hosts` and `authorized_keys`
files directly, in such a way that is completely transparent to SSH.
No modification is made to the SSH protocol on the wire (it continues
to use raw RSA public keys), and no modification is needed to the
OpenSSH software.

To emphasize: *no modifications to SSH are required to use the
Monkeysphere*.  OpenSSH can be used as is; completely unpatched and
"out of the box".

## Philosophy ##

Humans (and
[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
have the innate capacity to keep track of the identities of only a
finite number of people. After our social sphere exceeds several dozen
or several hundred (depending on the individual), our ability to
remember and distinguish people begins to break down. In other words,
at a certain point, we can't know for sure that the person we ran into
in the produce aisle really is the same person who we met at the party
last week.

For most of us, this limitation has not posed much of a problem in our
daily, off-line lives.  With the Internet, however, we have an ability
to interact with vastly larger numbers of people than we had
before. In addition, on the Internet we lose many of our tricks for
remembering and identifying people (physical characteristics, sound of
the voice, etc.).

Fortunately, with online communications we have easy access to tools
that can help us navigate these problems.
[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
protocol commonly used for sending signed and encrypted email
messages) is one such tool. In its simplest form, it allows us to
sign our communication in such a way that the recipient can verify the
sender.

OpenPGP goes beyond this simple use to implement a feature known as
the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
of trust allows people who have never met in person to communicate
with a reasonable degree of certainty that they are who they say they
are. It works like this: Person A trusts Person B. Person B verifies
Person C's identity.  Then, Person A can verify Person C's identity
because of their trust of Person B.

The Monkeyshpere's broader goals are to extend the use of OpenPGP from
email communications to other activities, such as:

 * conclusively identifying the remote server in a remote login session
 * granting access to servers to people we've never directly met

## Links ##

* [OpenSSH](http://openssh.com/)
* [GnuPG](http://www.gnupg.org/)
* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252)
* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)

----

This wiki is powered by [ikiwiki](http://ikiwiki.info).