monkeysphere [was: Re: authentication subkey]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Oct 21 16:18:58 CEST 2010


On 10/21/2010 05:24 AM, Werner Koch wrote:
> Regarding ssh, there is no actual need for gpg.  You can use it but it
> is not required because usually you import an existing ssh key into
> gpg-agent.

To be clear, Monkeysphere uses GnuPG to have the SSH RSA key bound to
the user's OpenPGP identity.  Monkeysphere uses this to allow service
administrators to enable access to services by User ID (and to permit
re-keying, revocation, expiration, etc), using the WoT as the
certificate verification mechanism (and the keyservers as a certificate
distribution system).

Monkeysphere also works to let users identify servers (any ssh and https
server at the moment) through the OpenPGP web of trust.  Here's how to
publish your services' keys if you're interested:

 http://www.debian-administration.org/article/660/Publishing_host_services_to_OpenPGP_with_Monkeysphere

Regards,

	--dkg, one of the monkeysphere upstream developers

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101021/b0bc61ca/attachment.pgp>


More information about the Gnupg-devel mailing list