--- /dev/null
+THE MONKEYSPHERE
+================
+
+AGENDA
+======
+[x] clowning
+[ ] work
+[x] jrollins will talk and gesture - in progress
+
+COMPONENTS
+==========
+* client-side componants
+** "Marmoset": update known_hosts file with public key of server(s):
+*** be responsible for removing keys from the file as key revocation happens
+*** be responsible for updating a key in the file where there is a key replacement
+*** must result in a file that is parsable by the existing ssh client without errors
+*** manual management must be allowed without stomping on it
+*** provide a simple, intelligible, clear policy for key acceptance
+*** questions: should this query keyserver & update known host files? (we already
+ have awesome tool that queries keyservers and updates a web of trust (gpg)
+** "Howler": simple script that could be placed as a trigger function (in your .ssh/config)
+*** runs on connection to a certain host
+*** triggers update to known_hosts file then makes connection
+*** proxy-command | pre-hook script | wrapper script
+** "Langur": policy-editor for viewing/editing policies
+
+* server-side componants
+** "Rhesus" updates a per-user authorized_keys file, instead of updating a
+ known_hosts file from a public key by matching a specified user-id (for given
+ user: update authkeys file with public keys derived from authorized_uids
+ file)
+*** Needs to operate with the same principles that Marmoset client-side does
+** "Tamarin" triggers Rhesus during an attempt to initiate a connection or a scheduler (or both)
+** "Barbary" - policy editor / viewer
+
+* common componants
+** Create a ssh keypair from a openpgp keypair
+
+from ssh_config(5):
+ LocalCommand
+ Specifies a command to execute on the local machine after suc‐
+ cessfully connecting to the server. The command string extends
+ to the end of the line, and is executed with /bin/sh. This
+ directive is ignored unless PermitLocalCommand has been enabled.
+
+
+NOTES
+=====
+* Daniel and Elliot lie. <check>
+* We will use a distributed VCS, each developer will create their own git repository and publish it publically for others to pull from, mail out
+* public project page doesn't perhaps make sense yet
+* approximate goal - using the web of trust to authenticate ppl for SSH
+* outline of various components of monkeysphere
+* M: what does it mean to be in the monkeysphere? not necessarily a great coder.
+* J: interested in seeing project happen, not in actually doing it. anybody can contribute as much as they want.
+* J: if we put the structure in place to work on monkeysphere then we don't have to do anything
+* D: we are not creating
+* understand gpg's keyring better, understanding tools better, building scripts
+* Some debian packages allow automated configuration of config files.
+
+
+* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
+* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without modifying either openpgp and openssh
+* DESIGN GOALS - authentication, use the existing generic OpenSSH client, the admin can make it default, although end-user should be decide to use monkeysphere or not
+* DESIGN GOAL - use of monkeysphere should not radically change connecting-to-server experience
+* GOAL - pick a monkey-related name for each component
+
+Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
+Backstory: http://www.conceptlabs.co.uk/alicebob.html
+
+* Use Case: Bob wants to sign on to the computer "mangabey" via monkeysphere
+ framework. He doesn't have access to the machine, but he knows Alice, who is
+ the admin of magabey. Alice creates a user bob and puts bob's userid in the
+ auth_user_ids file for bob. Tamarin triggers which causes Rhesus to take all
+ the things in the auth_userids file, takes those users, look son a keyserver
+ finds the public keys for the users, converts the gpg public keys into ssh
+ public keys and inserts those into a user_authorized_keys file. Bob goes to
+ connect, bob's ssh client which is monkeysphere enbaled, howler is triggered
+ which triggers marmoset which looks out into the web of trust and find an
+ OpenPGP key that has a userid that matches the URI of magabey. Marmoset checks
+ to see if this key for mangabey has been signed by any keys that you trust
+ (based on your policy). Has this key been signed by somebody that you trust?
+ If yes, connect, if no: abort or fail-through or whatever. Alice has signed
+ this uid, so Marmoset says "OK, this server has been verified" it then
+ converts the gpg public key into a ssh public key and then adds this gpg key
+ to the known_host file. ssh says, "you" are about to connect to magabey and
+ you know this is magabey because alice says so and you trust alice". The gpg
+ private key of bob has to be converted (somehow, via agent or something) into
+ a ssh private_key. SSH connection happens.
+
+Host identity piece of monkeysphere could be used without buying into the
+authorization component.
+
+Monkeysphere is authentication layer that allows the sysadmin to perform
+authorization on user identities instead of on keys, it additionally allows the
+sysadmin also to authenticate the server to the end-user.
+
+git clone http://git.mlcastle.net/monkeysphere.git/ monkeysphere
+
+Fix gpgkey2ssh so that the entire key fingerprint will work, accept full fingerprint, or accept a pipe and do the conversion
+Write manpage for gpgkey2ssh
+gpg private key (start with passwordless) to PEM encoded private key: perl libraries, libopencdk / gnutls, gpgme
+setup remote git repo
+think through / plan merging of known_hosts (& auth_keys?)
+think about policies and their representation
\ No newline at end of file
projects / monkeysphere.git / blobdiff