+Everyone who has used secure shell is familiar with the prompt given
+the first time you log in to a new server, asking if you want to trust
+the server's key by verifying the key fingerprint. Unfortunately,
+unless you have access to the server's key fingerprint through a
+secure out-of-band channel, there is no way to verify that the
+fingerprint you are presented with is in fact that of the server your
+really trying to connect to.
+
+Many users also take advantage of OpenSSH's ability to use RSA or DSA
+keys for authenticating to a server (known as
+"`PubkeyAuthentication`"), rather than relying on a password exchange.
+But again, the public part of the key needs to be transmitted to the
+server through a secure out-of-band channel (usually via a separate
+password-based SSH connection) in order for this type of
+authentication to work
+
+[OpenSSH](http://openssh.com/) currently provides a functional way to
+managing the RSA and DSA keys required for these interactions through
+the `known_hosts` and `authorized_keys` files. However, it lacks
+any type of [Public Key Infrastructure
+(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that
+can verify that the keys being used really are the one required or
+expected.
+
+The basic idea of the Monkeysphere is to create a framework that uses
+[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and
+public keyserver communication to manage the keys that OpenSSH uses
+for connection authentication.
+
+The Monkeysphere therefore provides an effective PKI for OpenSSH,
+including the possibility for key transitions, transitive
+identifications, revocations, and expirations. It also actively
+invites broader participation in the
+[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of
+trust](http://en.wikipedia.org/wiki/Web_of_trust).
+
+## Technical details ##
+
+Under the Monkeysphere, both parties to an OpenSSH connection (client
+and server) explicitly designate who they trust to certify the
+identity of the other party. These trust designations are explicitly
+indicated with traditional GPG keyring trust models. Monkeysphere
+then manages the keys in the `known_hosts` and `authorized_keys`
+files directly, in such a way that is completely transparent to SSH.
+No modification is made to the SSH protocol on the wire (it continues
+to use raw RSA public keys), and no modification is needed to the
+OpenSSH software.
+
+To emphasize: *no modifications to SSH are required to use the
+Monkeysphere*. OpenSSH can be used as is; completely unpatched and
+"out of the box".
+
+## Philosophy ##
+