Living in a monkeysphere

Living in a monkeysphere

Living in a monkeysphere bjoernb KBS 26. Januar 2012 This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 http://creativecommon...

NAN Sizes 0 Downloads 3 Views

Living in a monkeysphere bjoernb KBS

26. Januar 2012

This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 http://creativecommons.org/licenses/by-sa/3.0/ Logo of the monkeysphere project is a derived work from public domain granted by the project leaders to use it for what it’s worth for this talk bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

1/7

Apes and monkeys

What is a monkeysphere?

Sorry it is not about animals like you might think It is about us, living in a monkeysphere It is about identifying someone as person It is about your peers living in a monkeysphere It is about authentication, as we need it for authorization and confidentiality

bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

2/7

Trust certificate authorities?

Trust relationships

Whom should we trust? Should we trust some certificate authorities? We do not know how they certificate some service We even do not know them, do we? Why not trust the people we already know and have relationship to?

bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

3/7

Extending Web Of Trust

adding services to the web of trust

What we have is the Web of trust, that reflects trust relationships transitively. People we know sign services like ssh, https We use a service: monkeysphere gets the keys monkeysphere checks trust relations monkeysphere grants us access to a service, if we do trust if we do not trust monkeysphere provides us with the old way

bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

4/7

Extending Web Of Trust

How does this work then? create pgp-key with service-protocol and fqdn as uid sign the pgp-key export the pgp-key to the web of trust let others sign the key What do we get out of this? trusting people we know to authenticate a service to us getting around calling server administrators asking for fingerprints

bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

5/7

Extending Web Of Trust

This is how we create a key: 1

monkeysphere−host import−key / etc / ssh / ssh_host_r sa_key ssh : // b j o e r n . e x a m p l e . o r g

That is what a key looks like: 1 2 3 4 5

bjoern : / etc / ssh# monkeysphere−host show−key pub 2048 R / EF569B13 2012−01−22 uid ssh : // b j o e r n . e x a m p l e . o r g OpenPGP fingerprint : 2 B 4 1 5 2 5 D 5 2 E 6 1 8 8 B A 8 3 6 B 2 B 7 7 D C 7 E F 2 1 E F 5 6 9 B 1 3 ssh fingerprint : 2048 6 7 : cf : a1 : 7 3 : 8 9 : d2 : 5 2 : a8 : 7 7 : 9 0 : 9 8 : 1 f : f6 : 6 b : f0 : dc ( RSA )

bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

6/7

Quellen und Dokumentation

Sources and documentation

Definition of the name http://www.cracked.com/article_14990_what-monkeysphere.html monkeysphere project http://web.monkeysphere.info/ talk at debconf10 http://meetings-archive.debian.net/pub/debian-meetings/2010/ debconf10/high/1382_1382_Monkeysphere.ogv talk at debconf11 http://meetings-archive.debian.net/pub/debian-meetings/2011/ debconf11/high/775_Debian_as_though_cryptographic_ authentication_mattered.ogv

bjoernb (KBS)

Living in a monkeysphere

26. Januar 2012

7/7