X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=website%2Fwhy.mdwn;h=c90df9a1b5266c97bf0b03c76c7ed790a35e6047;hb=9bd226416a364283309a62e0bedf318a143b5cb3;hp=989c4eb1c4889609b89389b563044db8447c334e;hpb=c329ccb6fd64234ec64fed0f0a4262a5522e8f58;p=monkeysphere.git diff --git a/website/why.mdwn b/website/why.mdwn index 989c4eb..c90df9a 100644 --- a/website/why.mdwn +++ b/website/why.mdwn @@ -1,8 +1,6 @@ -[[!template id="nav"]] - [[meta title="Why should you be interested in the MonkeySphere?"]] -# Why should you be interested in the MonkeySphere? # +[[toc ]] ## As an `ssh` user ## @@ -31,7 +29,9 @@ Have you ever wished you could phase out an old key and start using a new one without having to comb through every single account you have ever connected to? -## As an system administrator ## +[Get started with the monkeysphere as a user!](/getting-started-user) + +## As a system administrator ## As a system administrator, have you ever tried to re-key an SSH server? How did you communicate the key change to your users? How @@ -45,6 +45,8 @@ Have you ever wanted to be able to add or revoke the ability of a user's key to authenticate across an entire infrastructure you manage, without touching each host by hand? +[Get started with the monkeysphere as an administrator!](/getting-started-admin) + ## What's the connection? ## All of these issues are related to a lack of a [Public Key @@ -116,10 +118,10 @@ allows a very flexible trust model, ranging all over the map, at the choice of the user: * individual per-host certifications by each client (much like the - stock OpenSSH behavior), + stock OpenSSH behavior), or * strict centralized Certificate Authorities (much like proposed X.509 - models), and + models), or * a more human-centric model that recognizes individual differences in ranges of trust and acceptance. @@ -133,3 +135,43 @@ than the current infrastructure allows, and is more meaningful to actual humans using these tools than some message like "Certified by GloboTrust". +## Philosophy ## + +Humans (and +[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html)) +have the innate capacity to keep track of the identities of only a +finite number of people. After our social sphere exceeds several dozen +or several hundred (depending on the individual), our ability to +remember and distinguish people begins to break down. In other words, +at a certain point, we can't know for sure that the person we ran into +in the produce aisle really is the same person who we met at the party +last week. + +For most of us, this limitation has not posed much of a problem in our +daily, off-line lives. With the Internet, however, we have an ability +to interact with vastly larger numbers of people than we had +before. In addition, on the Internet we lose many of our tricks for +remembering and identifying people (physical characteristics, sound of +the voice, etc.). + +Fortunately, with online communications we have easy access to tools +that can help us navigate these problems. +[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic +protocol commonly used for sending signed and encrypted email +messages) is one such tool. In its simplest form, it allows us to +sign our communication in such a way that the recipient can verify the +sender. + +OpenPGP goes beyond this simple use to implement a feature known as +the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web +of trust allows people who have never met in person to communicate +with a reasonable degree of certainty that they are who they say they +are. It works like this: Person A trusts Person B. Person B verifies +Person C's identity. Then, Person A can verify Person C's identity +because of their trust of Person B. + +The Monkeyshpere's broader goals are to extend the use of OpenPGP from +email communications to other activities, such as: + + * conclusively identifying the remote server in a remote login session + * granting access to servers to people we've never directly met