From 56aa562e2079a33904840dce37605e2f25048f99 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Wed, 27 Aug 2008 00:04:01 -0400
Subject: [PATCH] draft of prospective d-a.org (and hence planet.debian.org)
 announcement.

---
 doc/announcement.html | 53 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 doc/announcement.html

diff --git a/doc/announcement.html b/doc/announcement.html
new file mode 100644
index 0000000..489dae5
--- /dev/null
+++ b/doc/announcement.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-15">
+<title>Announcing the Monkeysphere</title>
+</head>
+
+<!-- This is a draft of a wider announcement for the Monkeysphere.
+     dkg will probably post the final version in his blog at
+     https://www.debian-administration.org/users/dkg/weblog
+
+     Edits are welcome! -->
+
+<body>
+<h1>Monkeysphere: an OpenPGP-based PKI for SSH</h1>
+
+<p>Ever thought that there should be an automated way to handle ssh
+keys?  Do you know the administrators of your servers, and wish that
+SSH could verify new host keys from them automatically, based on your
+personal connections to the web-of-trust?  Do you wish you could
+revoke and rotate your old SSH authentication keys without having to
+log into every single machine?</p>
+
+<p>Do you administer servers, and wish you could re-key them without
+sowing massive pain and confusion among your users (or worse,
+encouraging bad security habits among them)?  Do you wish you could
+identify the users to grant access by name, instead of by opaque
+string?  Do you wish you could rapidly grant or revoke access to a
+user across a group of machines by enabling or disabling
+authentication for that user?</p>
+
+<p>A group of us have been working on a public key infrastructure for
+SSH. <a href="http://monkeysphere.info">Monkeysphere</a> makes use of
+the existing OpenPGP web-of-trust to fetch and cryptographically
+validate (and revoke!) keys.  This works in either directions: both
+<code>authorized_keys</code> <em>and</em> <code>known_hosts</code> are
+handled.  Monkeysphere gives users and admins tools to deal with SSH
+keys by thinking about the people and machines to whom the keys
+belong, instead of requiring humans to do tedious (and error-prone)
+manual key verification.</p>
+
+<p>We have <a href="http://monkeysphere.info/download">debian packages
+available</a> which should install against lenny, <a
+href="https://lists.riseup.net/www/info/monkeysphere">a mailing
+list</a>, and open ears for good questions, suggestions and
+criticism.</p>
+
+<p>If you have a chance to give it a try (<a href="???">as a user</a>
+or <a href="???">as an admin</a>), it would be great to <a
+href="https://lists.riseup.net/www/info/monkeysphere">get
+feedback</a>.</p>
+
+</body> </html>
-- 
2.25.1