-[[meta title="Why should you be interested in the MonkeySphere?"]]
+[[meta title="Why should you be interested in the Monkeysphere?"]]
-# Why should you be interested in the MonkeySphere? #
+# Why should you be interested in the Monkeysphere? #
+
+[[!toc levels=2]]
## As an `ssh` user ##
Do you actually tediously check the fingerprint against a
cryptographically-signed message from the admin, or do you just cross
-your fingers and type "yes"? Do you wish there was a better way to do
-it? Shouldn't our tools be able to figure this out automatically?
+your fingers and type "yes"? Do you wish there was a better way to
+verify that the host you are connecting to actually is the host you
+mean to connect to? Shouldn't our tools be able to figure this out
+automatically?
Do you use `ssh`'s public key authentication for convenience and/or
added security? Have you ever worried about what might happen if you
-lose control of your key? (Or did you have a key that was compromised
+lost control of your key? (Or did you have a key that was compromised
by [the OpenSSL debacle](http://bugs.debian.org/363516)?) How many
accounts/machines would you need to clean up to ensure that your old,
-bad key is no longer in use?
+bad key is no longer in use?
Have you ever wished you could phase out an old key and start using a
new one without having to comb through every single account you have
ever connected to?
-## As an `sshd` administrator ##
+[Get started with the monkeysphere as a user!](/getting-started-user)
+
+## As a system administrator ##
-If you are a system administrator, have you ever tried to re-key an
-SSH server? How did you ease the change along to your users? How did
-you keep them from getting the big scary warning messages?
+As a system administrator, have you ever tried to re-key an SSH
+server? How did you communicate the key change to your users? How
+did you keep them from getting the big scary warning message that the
+host key had changed?
-Have you ever wanted to allow a colleague key-based access to a
+Have you ever wanted to allow a remote colleague key-based access to a
machine, *without* needing to have a copy of their public key on hand?
-Have you ever wanted to be able to revoke the ability of a key to
-authenticate across the entire infrastructure you manage, without
-touching each host by hand?
+Have you ever wanted to be able to add or revoke the ability of a
+user's key to authenticate across an entire infrastructure you manage,
+without touching each host by hand?
+
+[Get started with the monkeysphere as an administrator!](/getting-started-admin)
## What's the connection? ##
-These questions all stem from rough edges we run up against in regular
-use of SSH that could be improved by a decent [Public Key
+All of these issues are related to a lack of a [Public Key
Infrastructure (or
-PKI)](http://dictionary.die.net/public%20key%20infrastructure). A PKI
-at its core is a mechanism to provide answers to a few basic
-questions:
+PKI)](http://dictionary.die.net/public%20key%20infrastructure) for
+SSH. A PKI at its core is a mechanism to provide answers to a few
+basic questions:
-* Do we know who a key actually belongs to? How do we know?
+* Do we know who (or what host) a key actually belongs to? How do we know?
* Is the key still valid for use?
Given a clearly stated set of initial assumptions, functional
people meet in person for the first time).
The good news is that this is all possible, and available with free
-tools!
+tools: welcome to the Monkeysphere!
## Examples ##
Alice can set up the new `bob` account on `foo.example.org` without
needing to give Bob a new passphrase to remember, and without needing
to even know Bob's current SSH key. She simply tells `foo` that `Bob
-<bob@example.net>` should have access to the `bob` account.
+<bob@example.net>` should have access to the `bob` account. The
+Monkeysphere on `foo` then verifies Bob's identity through the OpenPGP
+Web of Trust and automatically add's Bob's SSH key to the
+authorized_keys file for the `bob` account.
Bob's first connection to his new `bob` account on `foo.example.org`
-is seamless, because all the steps are already in place! Using the
-MonkeySphere, Bob never has to "accept" an unintelligible host key or
+is seamless, because the Monkeysphere on Bob's computer automatically
+verifies the host key for `foo.example.org` for Bob. Using the
+Monkeysphere, Bob never has to "accept" an unintelligible host key or
type a password.
When Bob decides to change the key he uses for SSH authentication, he
choice of the user:
* individual per-host certifications by each client (much like the
- stock OpenSSH behavior),
+ stock OpenSSH behavior), or
* strict centralized Certificate Authorities (much like proposed X.509
- models), and
+ models), or
* a more human-centric model that recognizes individual differences in
ranges of trust and acceptance.
than the current infrastructure allows, and is more meaningful to
actual humans using these tools than some message like "Certified by
GloboTrust".
+
+You may also be interested in [some thoughts about alternate PKIs for
+SSH](/similar).
+
+## Philosophy ##
+
+Humans (and
+[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
+have the innate capacity to keep track of the identities of only a
+finite number of people. After our social sphere exceeds several dozen
+or several hundred (depending on the individual), our ability to
+remember and distinguish people begins to break down. In other words,
+at a certain point, we can't know for sure that the person we ran into
+in the produce aisle really is the same person who we met at the party
+last week.
+
+For most of us, this limitation has not posed much of a problem in our
+daily, off-line lives. With the Internet, however, we have an ability
+to interact with vastly larger numbers of people than we had
+before. In addition, on the Internet we lose many of our tricks for
+remembering and identifying people (physical characteristics, sound of
+the voice, etc.).
+
+Fortunately, with online communications we have easy access to tools
+that can help us navigate these problems.
+[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
+protocol commonly used for sending signed and encrypted email
+messages) is one such tool. In its simplest form, it allows us to
+sign our communication in such a way that the recipient can verify the
+sender.
+
+OpenPGP goes beyond this simple use to implement a feature known as
+the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
+of trust allows people who have never met in person to communicate
+with a reasonable degree of certainty that they are who they say they
+are. It works like this: Person A trusts Person B. Person B verifies
+Person C's identity. Then, Person A can verify Person C's identity
+because of their trust of Person B.
+
+The Monkeyshpere's broader goals are to extend the use of OpenPGP from
+email communications to other activities, such as:
+
+ * conclusively identifying the remote server in a remote login session
+ * granting access to servers to people we've never directly met
projects / monkeysphere.git / blobdiff