Add a mailing list link, and a page with the mailing list information about

[monkeysphere.git] / website / index.mdwn

diff --git a/website/index.mdwn b/website/index.mdwn
index 3f83a9881ce5a4288518872620aab8a78deb37e9..606456955f29f32ba443d4169bdca79a75e63bb7 100644 (file)
--- a/website/index.mdwn
+++ b/website/index.mdwn
@@ -2,15 +2,14 @@ The Monkeysphere project's goal is to extend the web of trust model
 and other features of OpenPGP to other areas of the Internet to help
 us securely identify each other while we work online.
 
-Specifically, the Monkeysphere is a framework to leverage the OpenPGP
+Specifically, monkeysphere is a framework to leverage the OpenPGP
 web of trust for OpenSSH authentication.  In other words, it allows
 you to use your OpenPGP keys when using secure shell to both identify
 yourself and the servers you administer or connect to.  OpenPGP keys
-are tracked via GnuPG, and managed in the `known\_hosts` and
-`authorized\_keys` files used by OpenSSH for connection authentication.
+are tracked via GnuPG, and managed in the `known_hosts` and
+`authorized_keys` files used by OpenSSH for connection authentication.
 
-[[bugs]] | [[download]] | [[news]] | [[documentation|doc]] |
-[[development|dev]]
+[why?](/why) | [[news]] | [[download]] | [[documentation|doc]] | [[community]] | [[bugs]]
 
 ## Conceptual overview ##
 
@@ -27,13 +26,14 @@ keys for authenticating to a server (known as
 "`PubkeyAuthentication`"), rather than relying on a password exchange.
 But again, the public part of the key needs to be transmitted to the
 server through a secure out-of-band channel (usually via a separate
-password-based SSH connection) in order for this type of
-authentication to work
+password-based SSH connection or a (hopefully signed) e-mail to the
+system administrator) in order for this type of authentication to
+work.
 
 [OpenSSH](http://openssh.com/) currently provides a functional way to
-managing the RSA and DSA keys required for these interactions through
-the `known\_hosts` and `authorized\_keys` files.  However, it lacks
-any type of [Public Key Infrastructure
+manage the RSA and DSA keys required for these interactions through
+the `known_hosts` and `authorized_keys` files.  However, it lacks any
+type of [Public Key Infrastructure
 (PKI)](http://en.wikipedia.org/wiki/Public_Key_Infrastructure) that
 can verify that the keys being used really are the one required or
 expected.
@@ -56,7 +56,7 @@ Under the Monkeysphere, both parties to an OpenSSH connection (client
 and server) explicitly designate who they trust to certify the
 identity of the other party.  These trust designations are explicitly
 indicated with traditional GPG keyring trust models.  Monkeysphere
-then manages the keys in the `known\_hosts` and `authorized\_keys`
+then manages the keys in the `known_hosts` and `authorized_keys`
 files directly, in such a way that is completely transparent to SSH.
 No modification is made to the SSH protocol on the wire (it continues
 to use raw RSA public keys), and no modification is needed to the