-[[toc ]]
-
The Monkeysphere project's goal is to extend OpenPGP's web of trust to
new areas of the Internet to help us securely identify each other
while we work online.
used by OpenSSH for authentication, checking them for cryptographic
validity.
-## Conceptual overview ##
+## Overview ##
Everyone who has used secure shell is familiar with the prompt given
the first time you log in to a new server, asking if you want to trust
[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) [web of
trust](http://en.wikipedia.org/wiki/Web_of_trust).
-## Technical details ##
-
Under the Monkeysphere, both parties to an OpenSSH connection (client
and server) explicitly designate who they trust to certify the
identity of the other party. These trust designations are explicitly
to use raw RSA public keys), and no modification is needed to the
OpenSSH software.
-To emphasize: *no modifications to SSH are required to use the
-Monkeysphere*. OpenSSH can be used as is; completely unpatched and
+To emphasize: ***no modifications to SSH are required to use the
+Monkeysphere***. OpenSSH can be used as is; completely unpatched and
"out of the box".
-## Philosophy ##
-
-Humans (and
-[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
-have the innate capacity to keep track of the identities of only a
-finite number of people. After our social sphere exceeds several dozen
-or several hundred (depending on the individual), our ability to
-remember and distinguish people begins to break down. In other words,
-at a certain point, we can't know for sure that the person we ran into
-in the produce aisle really is the same person who we met at the party
-last week.
-
-For most of us, this limitation has not posed much of a problem in our
-daily, off-line lives. With the Internet, however, we have an ability
-to interact with vastly larger numbers of people than we had
-before. In addition, on the Internet we lose many of our tricks for
-remembering and identifying people (physical characteristics, sound of
-the voice, etc.).
-
-Fortunately, with online communications we have easy access to tools
-that can help us navigate these problems.
-[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
-protocol commonly used for sending signed and encrypted email
-messages) is one such tool. In its simplest form, it allows us to
-sign our communication in such a way that the recipient can verify the
-sender.
-
-OpenPGP goes beyond this simple use to implement a feature known as
-the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
-of trust allows people who have never met in person to communicate
-with a reasonable degree of certainty that they are who they say they
-are. It works like this: Person A trusts Person B. Person B verifies
-Person C's identity. Then, Person A can verify Person C's identity
-because of their trust of Person B.
-
-The Monkeyshpere's broader goals are to extend the use of OpenPGP from
-email communications to other activities, such as:
-
- * conclusively identifying the remote server in a remote login session
- * granting access to servers to people we've never directly met
-
## Links ##
* [OpenSSH](http://openssh.com/)
h2 {
--moz-border-radius-topleft:4px;
--moz-border-radius-topright:4px;
-background-color:#B67B4E;
-color:black;
-display:block;
-font-weight:bold;
-padding:0 0 0 10px;
+ -moz-border-radius: 4px;
+ background-color: #B67B4E;
+ color: black;
+ display: block;
+ font-weight: bold;
+ padding: 0 0 0 10px;
}
body {
-color:#3F403F;
-font-family:"Liberation Sans",sans-serif;
-font-size:0.95em;
+ color: #3F403F;
+ font-family: "Liberation Sans",sans-serif;
+ font-size: 0.95em;
}
*|*:visited
-color:#f6a464;
+ color: #f6a464;
}
*|*:-moz-any-link {
-text-decoration:none;
+ text-decoration: none;
}
:-moz-any-link {
-cursor:pointer;
+ cursor: pointer;
}
a:link {
}
pre {
- background: #ddd;
- border: 1px solid #aaa;
- padding: 3px 3px 3px 3px;
- margin-left: 2em;
+ background: #ddd;
+ border: 1px solid #aaa;
+ padding: 3px 3px 3px 3px;
+ margin-left: 2em;
}
table.sitenav {
- border-bottom: 2px solid black;
- padding: 0px;
- width: 100%;
- font-size: larger;
+ border-bottom: 2px solid black;
+ padding: 0px;
+ width: 100%;
+ font-size: larger;
}
table.sitenav img.logo {
- margin: 0px;
- padding: 0px;
- vertical-align: bottom;
+ margin: 0px;
+ padding: 0px;
+ vertical-align: bottom;
}
table.sitenav a {
}
div.header {
- text-align: right;
- display: none;
+ text-align: right;
+ display: none;
}
div.actions {
- text-align: right;
- display: none;
+ text-align: right;
+ display: none;
}
#sidebar {
- line-height: normal;
- width: 100%;
- float: none;
- margin: 0;
- padding: 0;
+ line-height: normal;
+ width: 100%;
+ float: none;
+ margin: 0;
+ padding: 0;
}
+
[Get started with the monkeysphere as a user!](/getting-started-user)
-## As an system administrator ##
+## As a system administrator ##
As a system administrator, have you ever tried to re-key an SSH
server? How did you communicate the key change to your users? How
actual humans using these tools than some message like "Certified by
GloboTrust".
+## Philosophy ##
+
+Humans (and
+[monkeys](http://www.scottmccloud.com/comics/mi/mi-17/mi-17.html))
+have the innate capacity to keep track of the identities of only a
+finite number of people. After our social sphere exceeds several dozen
+or several hundred (depending on the individual), our ability to
+remember and distinguish people begins to break down. In other words,
+at a certain point, we can't know for sure that the person we ran into
+in the produce aisle really is the same person who we met at the party
+last week.
+
+For most of us, this limitation has not posed much of a problem in our
+daily, off-line lives. With the Internet, however, we have an ability
+to interact with vastly larger numbers of people than we had
+before. In addition, on the Internet we lose many of our tricks for
+remembering and identifying people (physical characteristics, sound of
+the voice, etc.).
+
+Fortunately, with online communications we have easy access to tools
+that can help us navigate these problems.
+[OpenPGP](http://en.wikipedia.org/wiki/Openpgp) (a cryptographic
+protocol commonly used for sending signed and encrypted email
+messages) is one such tool. In its simplest form, it allows us to
+sign our communication in such a way that the recipient can verify the
+sender.
+
+OpenPGP goes beyond this simple use to implement a feature known as
+the [web of trust](http://en.wikipedia.org/wiki/Web_of_trust). The web
+of trust allows people who have never met in person to communicate
+with a reasonable degree of certainty that they are who they say they
+are. It works like this: Person A trusts Person B. Person B verifies
+Person C's identity. Then, Person A can verify Person C's identity
+because of their trust of Person B.
+
+The Monkeyshpere's broader goals are to extend the use of OpenPGP from
+email communications to other activities, such as:
+
+ * conclusively identifying the remote server in a remote login session
+ * granting access to servers to people we've never directly met
projects / monkeysphere.git / commitdiff