X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fwhy.mdwn;h=5c060a5d9b04fe2f20f545353ff2d4cb40f0e746;hb=6923ef580f068ff535af273714e59235260ab7b6;hp=336643988abae643b51c514f079194884fb67cc8;hpb=d6c52a691b1245978ca0fea53af50ed8dd0200de;p=monkeysphere.git diff --git a/website/why.mdwn b/website/why.mdwn index 3366439..5c060a5 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -1,6 +1,8 @@ -[[meta title="Why should you be interested in the MonkeySphere?"]] +[[meta title="Why should you be interested in the Monkeysphere?"]] -[[toc ]] +# Why should you be interested in the Monkeysphere? # + +[[!toc levels=2]] ## As an `ssh` user ## @@ -14,8 +16,8 @@ seeing messages like this? Do you actually tediously check the fingerprint against a cryptographically-signed message from the admin, or do you just cross your fingers and type "yes"? Do you wish there was a better way to -verify that the host your connecting to actually is the host you mean -to connect to? Shouldn't our tools be able to figure this out +verify that the host you are connecting to actually is the host you +mean to connect to? Shouldn't our tools be able to figure this out automatically? Do you use `ssh`'s public key authentication for convenience and/or @@ -66,7 +68,7 @@ fingerprints) except in relatively rare situations (e.g. when two people meet in person for the first time). The good news is that this is all possible, and available with free -tools: welcome to the MonkeySphere! +tools: welcome to the Monkeysphere! ## Examples ## @@ -83,14 +85,14 @@ Alice can set up the new `bob` account on `foo.example.org` without needing to give Bob a new passphrase to remember, and without needing to even know Bob's current SSH key. She simply tells `foo` that `Bob ` should have access to the `bob` account. The -MonkeySphere on `foo` then verifies Bob's identity through the OpenPGP +Monkeysphere on `foo` then verifies Bob's identity through the OpenPGP Web of Trust and automatically add's Bob's SSH key to the authorized_keys file for the `bob` account. Bob's first connection to his new `bob` account on `foo.example.org` -is seamless, because the MonkeySphere on Bob's computer automatically +is seamless, because the Monkeysphere on Bob's computer automatically verifies the host key for `foo.example.org` for Bob. Using the -MonkeySphere, Bob never has to "accept" an unintelligible host key or +Monkeysphere, Bob never has to "accept" an unintelligible host key or type a password. When Bob decides to change the key he uses for SSH authentication, he @@ -118,10 +120,10 @@ allows a very flexible trust model, ranging all over the map, at the choice of the user: * individual per-host certifications by each client (much like the - stock OpenSSH behavior), + stock OpenSSH behavior), or * strict centralized Certificate Authorities (much like proposed X.509 - models), and + models), or * a more human-centric model that recognizes individual differences in ranges of trust and acceptance. @@ -135,6 +137,9 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +You may also be interested in [some thoughts about alternate PKIs for +SSH](/similar). + ## Philosophy ## Humans (and