-.TH MONKEYSPHERE "7" "March 2009" "monkeysphere" "System Frameworks"
+.TH MONKEYSPHERE "7" "March 2010" "monkeysphere" "System Frameworks"
.SH NAME
-monkeysphere - ssh authentication framework using OpenPGP Web of
-Trust
+monkeysphere - ssh and TLS authentication framework using OpenPGP Web of Trust
.SH DESCRIPTION
-\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
-for ssh authentication. OpenPGP keys are tracked via GnuPG, and added
-to the authorized_keys and known_hosts files used by ssh for
-connection authentication.
+\fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust
+for OpenSSH and TLS key-based authentication. OpenPGP keys are
+tracked via GnuPG, and added to the authorized_keys and known_hosts
+files used by OpenSSH for connection authentication. Monkeysphere can
+also be used by a validation agent to validate TLS connections
+(e.g. https).
.SH IDENTITY CERTIFIERS
.SH KEY ACCEPTABILITY
-During known_host and authorized_keys updates, the monkeysphere
-commands work from a set of user IDs to determine acceptable keys for
-ssh authentication. OpenPGP keys are considered acceptable if the
-following criteria are met:
+The monkeysphere commands work from a set of user IDs to determine
+acceptable keys for ssh and TLS authentication. OpenPGP keys are
+considered acceptable if the following criteria are met:
.TP
.B capability
The key must have the `authentication' (`a') usage flag set.
.SH HOST IDENTIFICATION
-The OpenPGP keys for hosts have associated user IDs that use the ssh
-URI specification for the host, i.e. `ssh://host.full.domain[:port]'.
+The OpenPGP keys for hosts have associated `service names` (OpenPGP
+user IDs) that are based on URI specifications for the service. Some
+examples:
+.TP
+.B ssh:
+ssh://host.example.com[:port]
+.TP
+.B https:
+https://host.example.com[:port]
.SH AUTHOR
Written by:
-Jameson Rollins <jrollins@fifthhorseman.net>,
+Jameson Rollins <jrollins@finestructure.net>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
.SH SEE ALSO