Monkeysphere seems to be a tool that can be used to leverage the PGP web of trust to ensure that
a) a server that I connect to has the fingerprints that the admin (who I trust) tells me it should have, and
b) allows admins to grant access to a server based on email address, and the PGP web of trust is used to decide what ssh public keys get access. So an ssh user can retire an old ssh keypair, create a new one, and still have access to the admin's server (while the old one will now be blocked)
I don't quite get how it works, but might be a really good practice to implement and create a best-practice for, as then we can retire ssh keys on a regular basis and it's much less of a pain.
http://web.monkeysphere.info/why/#index2h2
Monkeysphere seems to be a tool that can be used to leverage the PGP web of trust to ensure that
a) a server that I connect to has the fingerprints that the admin (who I trust) tells me it should have, and b) allows admins to grant access to a server based on email address, and the PGP web of trust is used to decide what ssh public keys get access. So an ssh user can retire an old ssh keypair, create a new one, and still have access to the admin's server (while the old one will now be blocked)
I don't quite get how it works, but might be a really good practice to implement and create a best-practice for, as then we can retire ssh keys on a regular basis and it's much less of a pain.
@timfernihough @yrassoulli