X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=blobdiff_plain;f=doc%2FMonkeySpec;fp=doc%2FMonkeySpec;h=0000000000000000000000000000000000000000;hp=66f44b05b8b08361392663b3e1e17cd5dbca6d27;hb=dbeab30f940705e3813746ccf7480619d8261d37;hpb=0f6ef9923f4d70e2a79edd898f6ac46b617480c9 diff --git a/doc/MonkeySpec b/doc/MonkeySpec deleted file mode 100644 index 66f44b0..0000000 --- a/doc/MonkeySpec +++ /dev/null @@ -1,81 +0,0 @@ -THE MONKEYSPHERE -================ - -Monkeysphere is authentication layer that allows the sysadmin to -perform authorization on OpenPGP user identities instead of on keys. -It also allows end users to authenticate/identify the ssh server they -are connecting to by checking the sysadmin's certification. - -* GENERAL GOAL - use openpgp web-of-trust to authenticate ppl for SSH -* SPECIFIC GOAL - allow openssh to tie into pgp web-of-trust without - modifying the openpgp spec, gpg or openssh -* DESIGN GOALS - authentication, use the existing generic OpenSSH - client, the admin can make it default, although end-user should be - decide to use monkeysphere or not -* DESIGN GOAL - use of monkeysphere should not radically change - connecting-to-server experience - -Host identity piece of monkeysphere could be used without buying into -the user authentication component. - - -USE CASE -======== - -Dramatis Personae: http://en.wikipedia.org/wiki/Alice_and_Bob -Backstory: http://www.conceptlabs.co.uk/alicebob.html - -Bob wants to sign on to the computer "mangabey.example.org" via -monkeysphere framework. He doesn't yet have access to the machine, -but he knows Alice, who is the admin of mangabey. Alice and Bob, -being the conscientious netizens that they are, have already published -their personal gpg keys to the web of trust, and being good friends, -have both signed each other's keys and marked each others keys with -"full" ownertrust. - -When Alice set up mangabey initially, she published an OpenPGP key for -the machine with the special userid of "ssh://mangabey.example.org". -She also signed mangabey's OpenPGP key and published this -certification to commonly-used keyservers. Alice also configured -mangabey to treat her own key with full ownertrust, so that it knows -how to identify connecting users. - -Now, Alice creates a user account "bob" on mangabey, and puts Bob's -userid ("Bob ") in the authorized_user_ids file for -user bob on mangabey. The monkeysphere automatically (via cron or -inotify hook) takes each userid in bob's authorized_user_ids file, and -looks on a keyserver to find all public keys associated with that user -ID, with the goal of populating the authorized_keys file for -bob@mangabey. - -In particular: for each key found, the server evaluates the calculated -validity of the specified user ID based on the ownertrust rules it has -configured ("trust alice's certifications fully", in this example). -For each key for which the user ID in question is fully-valid, it -extracts all DSA- or RSA-based primary or secondary keys marked with -the authentication usage flag, and converts these OpenPGP public keys -into ssh public keys. These keys are automatically placed into the -authorized_keys file for bob. - -Bob now attempts to connect, by firing up a terminal and invoking: -"ssh bob@mangabey.example.org". Bob's monkeysphere-enabled ssh client -notices that mangabey.example.org isn't already available in bob's -known_hosts file, and fetches the host key for mangabey from the -public keyservers, with the goal of populating Bob's local known_hosts -file. - -In particular: the monkeysphere queries its configured keyservers to -find all public keys with User ID ssh://mangabey.example.org. For -each public key found, it checks the relevant User ID's validity, -converts any authentication-capable OpenPGP public keys into ssh -public keys if the User ID validity is acceptable, and finally insert -those keys into Bob's known_hosts file. - -On Bob's side, since mangabey's key had "full" validity (it was signed -by Alice, whom he fully trusts), Bob's ssh client deems mangabey -"known" and no further host key checking is required. - -On mangabey's side, since Bob's key has "full" validity (it had been -signed by Alice, mangabey's trusted administrator), Bob is -authenticated and therefore authorized to log into his account. -