+++ /dev/null
-The Monkeysphere uses the OpenPGP web of trust to provide a
-distributed Public Key Infrastructure (PKI) for users and
-administrators of ssh. This talk is about why the Monkeysphere is
-useful, how it works, and how you can use it to ease your workload and
-automatically fully authenticate people and servers.
-
-The Secure Shell protocol has offered public-key-based mutual
-authentication since its inception, but popular implementations offer
-no formalized public key infrastructure. This means there is no
-straightforward, computable method to signal re-keying events, key
-revocations, or even basic key-to-identity binding (e.g. "host
-foo.example.org has key X"). As a result, dealing with host keys is
-usually a manual process with the possibility of tedium, room for
-error, difficulty of maintenance, or users and administrators simply
-ignoring or skipping baseline cryptographic precautions.
-
-The OpenPGP specification offers a robust public key infrastructure
-that has traditionally only been used for e-mail and for encrypted
-storage. By its nature, the OpenPGP Web of Trust (WoT) is a
-distributed system, with no intrinsic chokepoints or global
-authorities. And the global key distribution network provides
-commonly-held, public infrastructure for rapid distribution of key
-changes, revocations, and identity binding.
-
-The Monkeysphere mixes the two to provide new functionality for ssh
-(key revocation, key expiry, re-keying, fewer unintelligible prompts,
-semantic authorization, etc) while taking advantage of existing but
-often-unused functionality in OpenPGP. Additionally, the Monkeysphere
-implementation does not require any patches to OpenSSH on the client
-or server, but takes advantage of existing hooks, which makes it easy
-to adopt.
-
-Specifically, the Monkeysphere allows users to automatically validate
-ssh host keys through the Web of Trust, and it allows servers to
-identify authorized users through the Web of Trust. Users decide
-which certifications in the Web of Trust they put stock in (so they
-are not spoofed by spurious certifications of host keys). Server
-administrators decide whose certifications the server should put stock
-in (so that the server is not spoofed by spurious certifications of
-user keys).
-
-This presentation will go over how the Monkeysphere works; how you can
-use it to increase the security of servers you maintain; how you can
-use it to increase the security of accounts you connect to with ssh;
-and we'll discuss future possibilities lurking in the ideas of the
-Monkeysphere.
-
-Monkeysphere is currently available in the main Debian repository and
-as a port in FreeBSD. A Slackbuild is available for Slackware, and
-Monkeysphere itself should work on any POSIX-ish system with the
-appropriate dependencies available.
-
-The Monkeysphere project began to coalesce in early 2008, and remains
-an ongoing collaboration of many people, including:
-
- * Micah Anderson
- * Mike Castleman
- * Daniel Kahn Gillmor
- * Ross Glover
- * Matthew James Goins
- * Greg Lyle
- * Jamie McClelland
- * Jameson Graef Rollins
-
-The project's main web site is http://web.monkeysphere.info/
projects / monkeysphere.git / blobdiff