X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Findex.mdwn;h=853c75b88635417c07fb33a3dc7d3a25f3f291bc;hb=4d54f1d8b9a3d9ee4e6bd0b0d9fdccb99e6a6245;hp=194173374a5b1a594d05bb996001c4467222beae;hpb=150823244a77ba0376b4defc53d0cc7faa15ce78;p=monkeysphere.git diff --git a/website/index.mdwn b/website/index.mdwn index 1941733..853c75b 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -1,73 +1,118 @@ -The Monkeysphere project's goal is to extend the web of trust model and other -features of OpenPGP to other areas of the Internet to help us securely identify -each other while we work online. +The Monkeysphere project's goal is to extend the web of trust model +and other features of OpenPGP to other areas of the Internet to help +us securely identify each other while we work online. -[[bugs]] | [[download]] | [[news]] +Specifically, monkeysphere is a framework to leverage the OpenPGP +web of trust for OpenSSH authentication. In other words, it allows +you to use your OpenPGP keys when using secure shell to both identify +yourself and the servers you administer or connect to. OpenPGP keys +are tracked via GnuPG, and managed in the `known_hosts` and +`authorized_keys` files used by OpenSSH for connection authentication. + +[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] ## Conceptual overview ## +Everyone who has used secure shell is familiar with the prompt given +the first time you log in to a new server, asking if you want to trust +the server's key by verifying the key fingerprint. Unfortunately, +unless you have access to the server's key fingerprint through a +secure out-of-band channel, there is no way to verify that the +fingerprint you are presented with is in fact that of the server your +really trying to connect to. + +Many users also take advantage of OpenSSH's ability to use RSA or DSA +keys for authenticating to a server (known as +"`PubkeyAuthentication`"), rather than relying on a password exchange. +But again, the public part of the key needs to be transmitted to the +server through a secure out-of-band channel (usually via a separate +password-based SSH connection) in order for this type of +authentication to work + +[OpenSSH](http://openssh.com/) currently provides a functional way to +managing the RSA and DSA keys required for these interactions through +the `known_hosts` and `authorized_keys` files. However, it lacks +any type of [Public Key Infrastructure +(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that +can verify that the keys being used really are the one required or +expected. + +The basic idea of the Monkeysphere is to create a framework that uses +[GnuPG](http://www.gnupg.org/)'s keyring manipulation capabilities and +public keyserver communication to manage the keys that OpenSSH uses +for connection authentication. + +The Monkeysphere therefore provides an effective PKI for OpenSSH, +including the possibility for key transitions, transitive +identifications, revocations, and expirations. It also actively +invites broader participation in the +[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of +trust](http://en.wikipedia.org/wiki/Web_of_trust). + +## Technical details ## + +Under the Monkeysphere, both parties to an OpenSSH connection (client +and server) explicitly designate who they trust to certify the +identity of the other party. These trust designations are explicitly +indicated with traditional GPG keyring trust models. Monkeysphere +then manages the keys in the `known_hosts` and `authorized_keys` +files directly, in such a way that is completely transparent to SSH. +No modification is made to the SSH protocol on the wire (it continues +to use raw RSA public keys), and no modification is needed to the +OpenSSH software. + +To emphasize: *no modifications to SSH are required to use the +Monkeysphere*. OpenSSH can be used as is; completely unpatched and +"out of the box". + +## Philosophy ## + Humans (and [monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) -have innate capacity to keep track of the identity of a finite number -of people. After our social sphere exceeds several dozen or several -hundred (depending on the individual), our ability to remember and -distinguish people begins to break down. In other words, at a certain -point, we can't know for sure that the person we ran into in the -produce aisle really is the same person who we met at the party last -week. - -For most of us, this limitation has not posed much of a problem in our daily, -off-line lives. With the Internet, however, we have an ability to interact -with vastly larger numbers of people than we had before. In addition, on the -Internet we lose many of our tricks for remembering and identifying people -(physical characteristics, sound of the voice, etc.). +have the innate capacity to keep track of the identities of only a +finite number of people. After our social sphere exceeds several dozen +or several hundred (depending on the individual), our ability to +remember and distinguish people begins to break down. In other words, +at a certain point, we can't know for sure that the person we ran into +in the produce aisle really is the same person who we met at the party +last week. + +For most of us, this limitation has not posed much of a problem in our +daily, off-line lives. With the Internet, however, we have an ability +to interact with vastly larger numbers of people than we had +before. In addition, on the Internet we lose many of our tricks for +remembering and identifying people (physical characteristics, sound of +the voice, etc.). Fortunately, with online communications we have easy access to tools that can help us navigate these problems. [OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic protocol commonly used for sending signed and encrypted email -messagess) is one such tool. In its simplest form, it allows us to +messages) is one such tool. In its simplest form, it allows us to sign our communication in such a way that the recipient can verify the sender. -OpenPGP goes beyond this simple use to implement a feature known as the [web of -trust](http://en.wikipedia.org/wiki/Web_of_trust). The web of trust -allows people who have never met in person to communicate with a reasonable -degree of certainty that they are who they say they are. It works like this: -Person A trusts Person B. Person B verifies Person C's identity. Then, Person -A can verify Person C's identity. +OpenPGP goes beyond this simple use to implement a feature known as +the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web +of trust allows people who have never met in person to communicate +with a reasonable degree of certainty that they are who they say they +are. It works like this: Person A trusts Person B. Person B verifies +Person C's identity. Then, Person A can verify Person C's identity +because of their trust of Person B. -The Monkeyshpere's goal is to extend the use of OpenPGP from email -communications to other activities, such as: +The Monkeyshpere's broader goals are to extend the use of OpenPGP from +email communications to other activities, such as: * conclusively identifying the remote server in a remote login session * granting access to servers to people we've never directly met -## Technical Details ## +## Links ## -The project's first goal is to integrate with -[http://openssh.com/](OpenSSH). - -OpenSSH provides a functional way for management of explicit RSA and -DSA keys (without any type of [Public Key Infrastructure -(PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure)). The -basic idea of this project is to create a framework that uses GPG's -keyring manipulation capabilities and public keyservers to generate -files that OpenSSH will accept and handle as intended. This offers -users of OpenSSH an effective PKI, including the possibility for key -transitions, transitive identifications, revocations, and expirations. -It also actively invites broader participation in the OpenPGP Web of -Trust. - -Under the Monkeysphere, both parties to an OpenSSH connection (client -and server) have a responsibility to explicitly designate who they -trust to certify the identity of the other party. This trust -designation is explicitly indicated with traditional GPG keyring trust -model. No modification is made to the SSH protocol on the wire (it -continues to use raw RSA public keys), and it should work with -unpatched OpenSSH software. +* [OpenSSH](http://openssh.com/) +* [GnuPG](http://www.gnupg.org/) +* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252) +* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880) ---- This wiki is powered by [ikiwiki](http://ikiwiki.info). -