+++ /dev/null
-[[!meta title="The Monkeysphere Project"]]
-[[!meta license="Unless otherwise noted, all content on this web site is licensed under the GPL version 3 or later"]]
-[[!meta copyright="All content on this web site is copyright by the author of that content. [Look in the revision control system](community) for details about who authored a particular piece of content."]]
-
-# The Monkeysphere Project #
-
-The Monkeysphere project's goal is to extend OpenPGP's web of trust to
-new areas of the Internet to help us securely identify each other
-while we work online.
-
-Specifically, monkeysphere currently offers a framework to leverage
-the OpenPGP web of trust for OpenSSH authentication.
-
-In other words, it allows you to use secure shell as you normally do,
-but to identify yourself and the servers you administer or connect to
-with your OpenPGP keys. OpenPGP keys are tracked via GnuPG, and
-monkeysphere manages the `known_hosts` and `authorized_keys` files
-used by OpenSSH for authentication, checking them for cryptographic
-validity.
-
-## Overview ##
-
-Everyone who has used secure shell is familiar with the prompt given
-the first time you log in to a new server, asking if you want to trust
-the server's key by verifying the key fingerprint. Unfortunately,
-unless you have access to the server's key fingerprint through a
-secure out-of-band channel, there is no way to verify that the
-fingerprint you are presented with is in fact that of the server
-you're really trying to connect to.
-
-Many users also take advantage of OpenSSH's ability to use RSA or DSA
-keys for authenticating to a server (known as
-"`PubkeyAuthentication`"), rather than relying on a password exchange.
-But again, the public part of the key needs to be transmitted to the
-server through a secure out-of-band channel (usually via a separate
-password-based SSH connection or a (hopefully signed) e-mail to the
-system administrator) in order for this type of authentication to
-work.
-
-[OpenSSH](http://openssh.com/) currently provides a functional way to
-manage the RSA and DSA keys required for these interactions through
-the `known_hosts` and `authorized_keys` files. However, it lacks any
-type of [Public Key Infrastructure
-(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that
-can verify that the keys being used really are the one required or
-expected.
-
-The basic idea of the Monkeysphere is to create a framework that uses
-[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and
-public keyserver communication to manage the keys that OpenSSH uses
-for connection authentication.
-
-The Monkeysphere therefore provides an effective PKI for OpenSSH,
-including the possibility for key transitions, transitive
-identifications, revocations, and expirations. It also actively
-invites broader participation in the
-[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of
-trust](http://en.wikipedia.org/wiki/Web_of_trust).
-
-Under the Monkeysphere, both parties to an OpenSSH connection (client
-and server) explicitly designate who they trust to certify the
-identity of the other party. These trust designations are explicitly
-indicated with traditional GPG keyring trust models. Monkeysphere
-then manages the keys in the `known_hosts` and `authorized_keys` files
-directly, in such a way that is completely transparent to `ssh`. No
-modification is made to the SSH protocol on the wire (it continues to
-use raw RSA public keys), and no modification is needed to the OpenSSH
-software.
-
-To emphasize: ***no modifications to SSH are required to use the
-Monkeysphere***. OpenSSH can be used as is; completely unpatched and
-"out of the box".
-
-## License ##
-
-All Monkeysphere software is copyright, 2007, by [the
-authors](community), and released under [GPL, version 3 or
-later](http://www.gnu.org/licenses/gpl-3.0.html).
-
-----
-
-This wiki is powered by [ikiwiki](http://ikiwiki.info).
projects / monkeysphere.git / blobdiff