X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Findex.mdwn;h=5b757fa95376c327a998b31aa1aff639e16f8530;hb=655253c594a8b184fcf1bd250651c76ebadf105c;hp=8038dd3096b3f608003162e6bf49c58d89ab481a;hpb=c7a177b4b3a5b7e1add731bc5b6ed04b6163ccc2;p=monkeysphere.git diff --git a/website/index.mdwn b/website/index.mdwn index 8038dd3..5b757fa 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,17 +1,16 @@ +[[!template id="nav"]] + The Monkeysphere project's goal is to extend the web of trust model and other features of OpenPGP to other areas of the Internet to help us securely identify each other while we work online. -Specifically, monkeysphere is a framework to leverage the OpenPGP -web of trust for OpenSSH authentication. In other words, it allows -you to use your OpenPGP keys when using secure shell to both identify +Specifically, monkeysphere is a framework to leverage the OpenPGP web +of trust for OpenSSH authentication. In other words, it allows you to +use your OpenPGP keys when using secure shell to both identify yourself and the servers you administer or connect to. OpenPGP keys are tracked via GnuPG, and managed in the `known_hosts` and `authorized_keys` files used by OpenSSH for connection authentication. -[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] | -[[development|dev]] - ## Conceptual overview ## Everyone who has used secure shell is familiar with the prompt given @@ -27,13 +26,14 @@ keys for authenticating to a server (known as "`PubkeyAuthentication`"), rather than relying on a password exchange. But again, the public part of the key needs to be transmitted to the server through a secure out-of-band channel (usually via a separate -password-based SSH connection) in order for this type of -authentication to work +password-based SSH connection or a (hopefully signed) e-mail to the +system administrator) in order for this type of authentication to +work. [OpenSSH](http://openssh.com/) currently provides a functional way to -managing the RSA and DSA keys required for these interactions through -the `known_hosts` and `authorized_keys` files. However, it lacks -any type of [Public Key Infrastructure +manage the RSA and DSA keys required for these interactions through +the `known_hosts` and `authorized_keys` files. However, it lacks any +type of [Public Key Infrastructure (PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that can verify that the keys being used really are the one required or expected.