+Everyone who has used secure shell is familiar with the prompt given
+the first time you login, asking if you want to trust the server's
+fingerprint. In addition, many of us take advantage of OpenSSH's
+ability to use RSA or DSA keys for authenticating to a server, rather
+than relying on a password exchange.
+
+[OpenSSH](http://openssh.com/) already provides a functional way for
+managing the RSA and DSA keys required for these
+interactions. However, it lacks any type of [Public Key Infrastructure
+(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure).
+
+The basic idea of the Monkeysphere is to create a framework that uses
+[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and
+public keyserver communication to manage the keys that OpenSSH uses
+for connection authentication.
+
+Under the Monkeysphere, both parties to an OpenSSH connection (client
+and server) explicitly designate who they trust to certify the
+identity of the other party. These trust designations are explicitly
+indicated with traditional GPG keyring trust models. Monkeysphere
+then manages the keys in the known\_hosts and authorized\_keys files
+directly, in such a way that is completely transparent to SSH. No
+modification is made to the SSH protocol on the wire (it continues to
+use raw RSA public keys), and no modification is needed to the OpenSSH
+software.
+
+To emphasize: *no SSH modification is required to use the
+Monkeysphere*.
+
+This offers users of OpenSSH an effective PKI, including the
+possibility for key transitions, transitive identifications,
+revocations, and expirations. It also actively invites broader
+participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp)
+[web of trust](http://en.wikipedia.org/wiki/Web_of_trust).
+
+## Philosophy ##
+