-* Use Case: Bob wants to sign on to the computer "mangabey" via monkeysphere
- framework. He doesn't have access to the machine, but he knows Alice, who is
- the admin of magabey. Alice creates a user bob and puts bob's userid in the
- auth_user_ids file for bob. Tamarin triggers which causes Rhesus to take all
- the things in the auth_userids file, takes those users, look son a keyserver
- finds the public keys for the users, converts the gpg public keys into ssh
- public keys and inserts those into a user_authorized_keys file. Bob goes to
- connect, bob's ssh client which is monkeysphere enbaled, howler is triggered
- which triggers marmoset which looks out into the web of trust and find an
- OpenPGP key that has a userid that matches the URI of magabey. Marmoset checks
- to see if this key for mangabey has been signed by any keys that you trust
- (based on your policy). Has this key been signed by somebody that you trust?
- If yes, connect, if no: abort or fail-through or whatever. Alice has signed
- this uid, so Marmoset says "OK, this server has been verified" it then
- converts the gpg public key into a ssh public key and then adds this gpg key
- to the known_host file. ssh says, "you" are about to connect to magabey and
- you know this is magabey because alice says so and you trust alice". The gpg
- private key of bob has to be converted (somehow, via agent or something) into
- a ssh private_key. SSH connection happens.
+Bob now attempts to connect, by firing up a terminal and invoking:
+"ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client
+notices that mangabey.example.org isn't already available in bob's
+known_hosts file, and fetches the host key for mangabey from the
+public keyservers, with the goal of populating Bob's local known_hosts
+file.