2013/09/20

monkeysphere project to add PKI to all the services

looks pretty cool. This project claims to want to apply the PKI web-of-trust to different services like web browsing and SSH. By querying the public keys stored on key servers, you wouldn’t need to guess that the remote site was providing their actual key the first time you connect, like you normally would when connecting to a new server or from a new client via SSH. You know what I’m talking about:

The authenticity of host 'foo.bar.baz' can't be established. 
RSA key fingerprint is f3:cf:58:ae:73:0a:c9:07:2f:34:a3:b2:e4:1e:0c:8b. 
Are you sure you want to continue connecting (yes/no)?

The authenticity of host 'foo.bar.baz' can't be established.

RSA key fingerprint is f3:cf:58:ae:73:0a:c9:07:2f:34:a3:b2:e4:1e:0c:8b.

Are you sure you want to continue connecting (yes/no)?

Yeah, that’s what I’m talking about. There’s no guarantee that the host you’re connecting to is the one you think it is unless you already know what the fingerprint is or you’re already using some other method for key exchange. The nice thing about this project is that they claim that there are absolutely no modifications needed to SSH to get this to work.

Link: monkeysphere

monkeysphere project to add PKI to all the services is original content from devolve.

Tags:security

About The Author

Charlie Herron

Denizen of Portland, Maine; tech jack; lover / hater / whatever; philosophical dabbler. http://twitter.com/realgeek