+FIXME: We should setup a way for someone to download a test gpg key and
+then connect to a test server that is signed by this gpg key so users
+can establish that they are setup correctly.
+
+The remaining steps will complete the second half: allow servers to
+verify you based on your OpenPGP key.
+
+
+Setting up an OpenPGP authentication key
+----------------------------------------
+
+First things first: you'll need to create a new subkey for your
+current key, if you don't already have one. If your OpenPGP key is
+keyid $GPGID, you can set up such a subkey relatively easily with:
+
+$ monkeysphere gen-subkey $GPGID
+
+Typically, you can find out what your keyid is by running:
+
+gpg --list-secret-keys
+
+The first line (starting with sec) will include your key length followed
+by the type of key (e.g. 1024D) followed by a slash and then your keyid.
+
+
+Using your OpenPGP authentication key for SSH
+---------------------------------------------
+
+Once you have created an OpenPGP authentication key, you will need to
+feed it to your ssh agent.
+
+Currently (2008-08-23), gnutls does not support this operation. In order
+to take this step, you will need to upgrade to a patched version of
+gnutls. You can easily upgrade a Debian system by adding the following
+to /etc/apt/sources.list.d/monkeysphere.list:
+
+ deb http://monkeysphere.info/debian experimental gnutls
+ deb-src http://monkeysphere.info/debian experimental gnutls
+
+Next, run `aptitude update; aptitude install libgnuttls26`.
+
+With the patched gnutls installed, you can feed your authentication sub
+key to your ssh agent by running:
+
+ monkeysphere subkey-to-ssh-agent
+
+FIXME: using the key with a single session?
+
+
+Miscellaneous
+-------------
+
+Users can also maintain their own authorized_keys files, for users
+that would be logging into their accounts. This is primarily useful
+for accounts on hosts that are not already systematically using the
+monkeysphere for user authentication. If you're not sure whether this
+is the case for your host, ask your system administrator.
+
+If you want to do this as a regular user, use the
+update-authorized_keys command:
+
+$ monkeysphere update-authorized_keys
+
+This command will take all the user IDs listed in the
+~/.config/monkeysphere/authorized_user_ids file and check to see if
+there are acceptable keys for those user IDs available. If so, they
+will be added to the ~/.ssh/authorized_keys file.
+
+You must have indicated reasonable ownertrust in some key for this
+account, or no keys will be found with trusted certification paths.
+
+If you find this useful, you might want to place a job like this in
+your crontab so that revocations and rekeyings can take place
+automatically.