--- /dev/null
+Monkeysphere provides a robust, decentralized, out-of-band Public Key
+Infrastructure (PKI) based on OpenPGP's Web of Trust. It is intended
+to support any protocol which needs public-key authentication or
+binding between public keys and real-world entities. Current
+implementations include mutual authentication (both server and client)
+for SSH and authentication of servers for HTTPS. The technique is
+resistant to X.509's inherent single-issuer policy bias, allows use of
+a single key for a host offering multiple services, and handles
+initial contact, re-keying, and revocation better than OpenSSH's
+traditional key continuity management (KCM) scheme. It also requires
+no changes to on-the-wire protocols, and is transparently
+interoperable with existing tools, so the migration path to the new
+PKI is smooth (and encouraged). Discussion will include the merits
+and drawbacks of the Monkeysphere, as well as its relationship to
+in-band measures (such as the Server Name Indication (SNI) TLS
+extension and the subjectAltName (sAN) extended attribute for X.509v3
+certificates) which provide some pieces of similar functionality.
projects / monkeysphere.git / blobdiff