-### Perspectives OpenSSH client ###
-
-[The Perspectives project](http://www.cs.cmu.edu/~perspectives/) at
-CMU has released an [openssh client that uses network
-notaries](http://www.cs.cmu.edu/~perspectives/openssh.html) to bolster
-your confidence in new keys. This offers a defense against a narrow
-MITM attack (e.g. by someone who controls your local gateway) by
-simply verifying that other machines from around the network see the
-same keys for the remote host that you're seeing.
-
-This is quite useful, but doesn't take the system as far as it could
-go, and doesn't tie into the existing web of trust.
-
-Some concerns with the Perspectives OpenSSH client:
-
- * This client won't help if you are connecting to machines behind
- firewalls, on NAT'ed LANs, with source IP filtering, or otherwise
- in a restricted network state.
-
- * There is still a question of why you should trust these particular
- notaries during your verification. Who are the notaries? How
- could they be compromised?
-
- * It only provides infrastructure in one direction: the user
- authenticating the host by name. There is no mechanism for dealing
- with identifying users by name, or allowing users to globally
- revoke or change keys.
-
- * It requires patching OpenSSH
-
-### OpenSSH with X.509v3 certificates ###
-
-Roumen Petrov [maintains a patch to OpenSSH that works with the X.509
-PKI model](http://www.roumenpetrov.info/openssh/). This is the
-certificate hierarchy commonly used by TLS (and SSL before that).
-
-Some concerns about OpenSSH with X.509v3:
-
- * the X.509 certificate specification itself [encourages corporate
- consolidation and centralized global "trust" because of its
- single-issuer architectural
- limitation](http://lair.fifthhorseman.net/~dkg/tls-centralization/).
- This results in an expensive and cumbersome system for smaller
- players, and it also doesn't correspond to the true distributed
- nature of human-to-human trust. Furthermore, centralized global
- "trusted authorities" create a tempting target for attack, and a
- single-point-of-failure if an attack is successful.
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://www.gnupg.org/)
+ * [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
+ * [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
+ * [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)