X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fwhy.mdwn;h=93ea56018af6dcd661ca413a5bd7f8a109affc57;hb=b945c94c47be82bfc4bbbbe0a8ba74d5bf5b02fb;hp=5dc0e05a08e33e6b7cfb7f991c6a82d732c2e6eb;hpb=c4b1ec9c747de38b7492577a3f52fbf14ad054af;p=monkeysphere.git diff --git a/website/why.mdwn b/website/why.mdwn index 5dc0e05..93ea560 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -1,5 +1,3 @@ -[[!template id="nav"]] - [[meta title="Why should you be interested in the MonkeySphere?"]] [[toc ]] @@ -16,8 +14,8 @@ seeing messages like this? Do you actually tediously check the fingerprint against a cryptographically-signed message from the admin, or do you just cross your fingers and type "yes"? Do you wish there was a better way to -verify that the host your connecting to actually is the host you mean -to connect to? Shouldn't our tools be able to figure this out +verify that the host you are connecting to actually is the host you +mean to connect to? Shouldn't our tools be able to figure this out automatically? Do you use `ssh`'s public key authentication for convenience and/or @@ -33,7 +31,7 @@ ever connected to? [Get started with the monkeysphere as a user!](/getting-started-user) -## As an system administrator ## +## As a system administrator ## As a system administrator, have you ever tried to re-key an SSH server? How did you communicate the key change to your users? How @@ -120,10 +118,10 @@ allows a very flexible trust model, ranging all over the map, at the choice of the user: * individual per-host certifications by each client (much like the - stock OpenSSH behavior), + stock OpenSSH behavior), or * strict centralized Certificate Authorities (much like proposed X.509 - models), and + models), or * a more human-centric model that recognizes individual differences in ranges of trust and acceptance. @@ -137,3 +135,43 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +## Philosophy ## + +Humans (and +[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) +have the innate capacity to keep track of the identities of only a +finite number of people. After our social sphere exceeds several dozen +or several hundred (depending on the individual), our ability to +remember and distinguish people begins to break down. In other words, +at a certain point, we can't know for sure that the person we ran into +in the produce aisle really is the same person who we met at the party +last week. + +For most of us, this limitation has not posed much of a problem in our +daily, off-line lives. With the Internet, however, we have an ability +to interact with vastly larger numbers of people than we had +before. In addition, on the Internet we lose many of our tricks for +remembering and identifying people (physical characteristics, sound of +the voice, etc.). + +Fortunately, with online communications we have easy access to tools +that can help us navigate these problems. +[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic +protocol commonly used for sending signed and encrypted email +messages) is one such tool. In its simplest form, it allows us to +sign our communication in such a way that the recipient can verify the +sender. + +OpenPGP goes beyond this simple use to implement a feature known as +the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web +of trust allows people who have never met in person to communicate +with a reasonable degree of certainty that they are who they say they +are. It works like this: Person A trusts Person B. Person B verifies +Person C's identity. Then, Person A can verify Person C's identity +because of their trust of Person B. + +The Monkeyshpere's broader goals are to extend the use of OpenPGP from +email communications to other activities, such as: + + * conclusively identifying the remote server in a remote login session + * granting access to servers to people we've never directly met