+++ /dev/null
-Monkeysphere provides a robust, decentralized, out-of-band Public Key
-Infrastructure (PKI) based on OpenPGP's Web of Trust. It is intended
-to support any protocol which needs public-key authentication or
-binding between public keys and real-world entities. Current
-implementations include mutual authentication (both server and client)
-for SSH and authentication of servers for HTTPS. The technique is
-resistant to X.509's inherent single-issuer policy bias, allows use of
-a single key for a host offering multiple services, and handles
-initial contact, re-keying, and revocation better than OpenSSH's
-traditional key continuity management (KCM) scheme. It also requires
-no changes to on-the-wire protocols, and is transparently
-interoperable with existing tools, so the migration path to the new
-PKI is smooth (and encouraged). Discussion will include the merits
-and drawbacks of the Monkeysphere, as well as its relationship to
-in-band measures (such as the Server Name Indication (SNI) TLS
-extension and the subjectAltName (sAN) extended attribute for X.509v3
-certificates) which provide some pieces of similar functionality.
projects / monkeysphere.git / blobdiff