1 Monkeysphere provides a robust, decentralized, out-of-band Public Key
2 Infrastructure (PKI) based on OpenPGP's Web of Trust. It is intended
3 to support any protocol which needs public-key authentication or
4 binding between public keys and real-world entities. Current
5 implementations include mutual authentication (both server and client)
6 for SSH and authentication of servers for HTTPS. The technique is
7 resistant to X.509's inherent single-issuer policy bias, allows use of
8 a single key for a host offering multiple services, and handles
9 initial contact, re-keying, and revocation better than OpenSSH's
10 traditional key continuity management (KCM) scheme. It also requires
11 no changes to on-the-wire protocols, and is transparently
12 interoperable with existing tools, so the migration path to the new
13 PKI is smooth (and encouraged). Discussion will include the merits
14 and drawbacks of the Monkeysphere, as well as its relationship to
15 in-band measures (such as the Server Name Indication (SNI) TLS
16 extension and the subjectAltName (sAN) extended attribute for X.509v3
17 certificates) which provide some pieces of similar functionality.
projects / monkeysphere.git / blob