fix bug in ssh-proxycommand.

[monkeysphere.git] / website / index.mdwn

diff --git a/website/index.mdwn b/website/index.mdwn
index ecb418385f89d85f934110ccb5b6f88f3e7fcc78..3bc1fe1ea5352b27790817ad3a73d79c411f5309 100644 (file)
--- a/website/index.mdwn
+++ b/website/index.mdwn
@@ -1,11 +1,55 @@
-The Monkeysphere project's goal is to extend the web of trust model and other
-features of OpenPGP to other areas of the Internet to help us securely identify
-each other while we work online.
+The Monkeysphere project's goal is to extend the web of trust model
+and other features of OpenPGP to other areas of the Internet to help
+us securely identify each other while we work online.
+
+Specifically, the Monkeysphere is a framework to leverage the OpenPGP
+web of trust for OpenSSH authentication.  In other words, it allows
+you to use your OpenPGP keys when using secure shell to both identify
+yourself and the servers you administer or connect to.  OpenPGP keys
+are tracked via GnuPG, and managed in the known\_hosts and
+authorized\_keys files used by OpenSSH for connection authentication.

 
 [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
 
 ## Conceptual overview ##
 
 
 [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
 
 ## Conceptual overview ##
 

+Everyone who has used secure shell is familiar with the prompt given
+the first time you login, asking if you want to trust the server's
+fingerprint.  In addition, many of us take advantage of OpenSSH's
+ability to use RSA or DSA keys for authenticating to a server, rather
+than relying on a password exchange.
+
+[OpenSSH](http://openssh.com/) already provides a functional way for
+managing the RSA and DSA keys required for these
+interactions. However, it lacks any type of [Public Key Infrastructure
+(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure).
+
+The basic idea of the Monkeysphere is to create a framework that uses
+[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and
+public keyserver communication to manage the keys that OpenSSH uses
+for connection authentication.  
+
+Under the Monkeysphere, both parties to an OpenSSH connection (client
+and server) explicitly designate who they trust to certify the
+identity of the other party.  These trust designations are explicitly
+indicated with traditional GPG keyring trust models.  Monkeysphere
+then manages the keys in the known\_hosts and authorized\_keys files
+directly, in such a way that is completely transparent to SSH.  No
+modification is made to the SSH protocol on the wire (it continues to
+use raw RSA public keys), and no modification is needed to the OpenSSH
+software.
+
+To emphasize: *no SSH modification is required to use the
+Monkeysphere*.
+
+This offers users of OpenSSH an effective PKI, including the
+possibility for key transitions, transitive identifications,
+revocations, and expirations.  It also actively invites broader
+participation in the [OpenPGP](http://en.wikipedia.org/wiki/Openpgp)
+[web of trust](http://en.wikipedia.org/wiki/Web_of_trust).
+
+## Philosophy ##
+

 Humans (and
 [monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
 have innate capacity to keep track of the identity of a finite number
 Humans (and
 [monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
 have innate capacity to keep track of the identity of a finite number


@@ -16,58 +60,42 @@ point, we can't know for sure that the person we ran into in the
 produce aisle really is the same person who we met at the party last
 week.
 
 produce aisle really is the same person who we met at the party last
 week.
 

-For most of us, this limitation has not posed much of a problem in our daily,
-off-line lives.  With the Internet, however, we have an ability to interact
-with vastly larger numbers of people than we had before. In addition, on the
-Internet we lose many of our tricks for remembering and identifying people
-(physical characteristics, sound of the voice, etc.).
+For most of us, this limitation has not posed much of a problem in our
+daily, off-line lives.  With the Internet, however, we have an ability
+to interact with vastly larger numbers of people than we had
+before. In addition, on the Internet we lose many of our tricks for
+remembering and identifying people (physical characteristics, sound of
+the voice, etc.).

 
 Fortunately, with online communications we have easy access to tools
 that can help us navigate these problems.
 [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
 protocol commonly used for sending signed and encrypted email
 
 Fortunately, with online communications we have easy access to tools
 that can help us navigate these problems.
 [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
 protocol commonly used for sending signed and encrypted email

-messagess) is one such tool. In its simplest form, it allows us to
+messages) is one such tool. In its simplest form, it allows us to

 sign our communication in such a way that the recipient can verify the
 sender.
 
 sign our communication in such a way that the recipient can verify the
 sender.
 

-OpenPGP goes beyond this simple use to implement a feature known as the [web of
-trust](http://en.wikipedia.org/wiki/Web_of_trust). The web of trust
-allows people  who have never met in person to communicate with a reasonable
-degree of certainty that they are who they say they are. It works like this:
-Person A trusts Person B. Person B verifies Person C's identity.  Then, Person
-A can verify Person C's identity. 
+OpenPGP goes beyond this simple use to implement a feature known as
+the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
+of trust allows people who have never met in person to communicate
+with a reasonable degree of certainty that they are who they say they
+are. It works like this: Person A trusts Person B. Person B verifies
+Person C's identity.  Then, Person A can verify Person C's identity.

 
 

-The Monkeyshpere's goal is to extend the use of OpenPGP from email
-communications to other activities, such as:
+The Monkeyshpere's broader goals are to extend the use of OpenPGP from
+email communications to other activities, such as:

 
  * conclusively identifying the remote server in a remote login session
  * granting access to servers to people we've never directly met
 
 
  * conclusively identifying the remote server in a remote login session
  * granting access to servers to people we've never directly met
 

-## Technical Details ##
+## Links ##

 
 

-The project's first goal is to integrate with
-[OpenSSH](http://openssh.com/).
+* [OpenSSH](http://openssh.com/)
+* [GnuPG](http://www.gnupg.org/)
+* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)
+* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)

 
 

-OpenSSH provides a functional way for management of explicit RSA and
-DSA keys (without any type of [Public Key Infrastructure
-(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure)). The
-basic idea of this project is to create a framework that uses GPG's
-keyring manipulation capabilities and public keyservers to generate
-files that OpenSSH will accept and handle as intended.  This offers
-users of OpenSSH an effective PKI, including the possibility for key
-transitions, transitive identifications, revocations, and expirations.
-It also actively invites broader participation in the OpenPGP Web of
-Trust.
-
-Under the Monkeysphere, both parties to an OpenSSH connection (client
-and server) have a responsibility to explicitly designate who they
-trust to certify the identity of the other party.  This trust
-designation is explicitly indicated with traditional GPG keyring trust
-model.  No modification is made to the SSH protocol on the wire (it
-continues to use raw RSA public keys), and it should work with
-unpatched OpenSSH software.

 
 ----
 
 This wiki is powered by [ikiwiki](http://ikiwiki.info).
 
 ----
 
 This wiki is powered by [ikiwiki](http://ikiwiki.info).

-