Monkeysphere provides a robust, decentralized, out-of-band Public Key
Infrastructure (PKI) based on OpenPGP's Web of Trust.  It is intended
to support any protocol which needs public-key authentication or
binding between public keys and real-world entities.  Current
implementations include mutual authentication (both server and client)
for SSH and authentication of servers for HTTPS.  The technique is
resistant to X.509's inherent single-issuer policy bias, allows use of
a single key for a host offering multiple services, and handles
initial contact, re-keying, and revocation better than OpenSSH's
traditional key continuity management (KCM) scheme.  It also requires
no changes to on-the-wire protocols, and is transparently
interoperable with existing tools, so the migration path to the new
PKI is smooth (and encouraged).  Discussion will include the merits
and drawbacks of the Monkeysphere, as well as its relationship to
in-band measures (such as the Server Name Indication (SNI) TLS
extension and the subjectAltName (sAN) extended attribute for X.509v3
certificates) which provide some pieces of similar functionality.