+++ /dev/null
-THE MONKEYSPHERE
-================
-
-Monkeysphere is authentication layer that allows the sysadmin to
-perform authorization on OpenPGP user identities instead of on keys.
-It also allows end users to authenticate/identify the ssh server they
-are connecting to by checking the sysadmin's certification.
-
-* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH
-* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without
- modifying the openpgp spec, gpg or openssh
-* DESIGN GOALS - authentication, use the existing generic OpenSSH
- client, the admin can make it default, although end-user should be
- decide to use monkeysphere or not
-* DESIGN GOAL - use of monkeysphere should not radically change
- connecting-to-server experience
-
-Host identity piece of monkeysphere could be used without buying into
-the user authentication component.
-
-
-USE CASE
-========
-
-Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob
-Backstory: http://www.conceptlabs.co.uk/alicebob.html
-
-Bob wants to sign on to the computer "mangabey.example.org" via
-monkeysphere framework. He doesn't yet have access to the machine,
-but he knows Alice, who is the admin of mangabey. Alice and Bob,
-being the conscientious netizens that they are, have already published
-their personal gpg keys to the web of trust, and being good friends,
-have both signed each other's keys and marked each others keys with
-"full" ownertrust.
-
-When Alice set up mangabey initially, she published an OpenPGP key for
-the machine with the special userid of "ssh://mangabey.example.org".
-She also signed mangabey's OpenPGP key and published this
-certification to commonly-used keyservers. Alice also configured
-mangabey to treat her own key with full ownertrust, so that it knows
-how to identify connecting users.
-
-Now, Alice creates a user account "bob" on mangabey, and puts Bob's
-userid ("Bob <bob@example.org>") in the authorized_user_ids file for
-user bob on mangabey. The monkeysphere automatically (via cron or
-inotify hook) takes each userid in bob's authorized_user_ids file, and
-looks on a keyserver to find all public keys associated with that user
-ID, with the goal of populating the authorized_keys file for
-bob@mangabey.
-
-In particular: for each key found, the server evaluates the calculated
-validity of the specified user ID based on the ownertrust rules it has
-configured ("trust alice's certifications fully", in this example).
-For each key for which the user ID in question is fully-valid, it
-extracts all DSA- or RSA-based primary or secondary keys marked with
-the authentication usage flag, and converts these OpenPGP public keys
-into ssh public keys. These keys are automatically placed into the
-authorized_keys file for bob.
-
-Bob now attempts to connect, by firing up a terminal and invoking:
-"ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client
-notices that mangabey.example.org isn't already available in bob's
-known_hosts file, and fetches the host key for mangabey from the
-public keyservers, with the goal of populating Bob's local known_hosts
-file.
-
-In particular: the monkeysphere queries its configured keyservers to
-find all public keys with User ID ssh://mangabey.example.org. For
-each public key found, it checks the relevant User ID's validity,
-converts any authentication-capable OpenPGP public keys into ssh
-public keys if the User ID validity is acceptable, and finally insert
-those keys into Bob's known_hosts file.
-
-On Bob's side, since mangabey's key had "full" validity (it was signed
-by Alice, whom he fully trusts), Bob's ssh client deems mangabey
-"known" and no further host key checking is required.
-
-On mangabey's side, since Bob's key has "full" validity (it had been
-signed by Alice, mangabey's trusted administrator), Bob is
-authenticated and therefore authorized to log into his account.
-
projects / monkeysphere.git / blobdiff