KunterBuntesSeminar-WS11/Lightning Talks 2/Monkeysphere: Unterschied zwischen den Versionen
(contact info changed) |
Keine Bearbeitungszusammenfassung |
||
Zeile 53: | Zeile 53: | ||
That is what a key looks like: | That is what a key looks like: | ||
momo : / etc / ssh# monkeysphere−host show−key | |||
pub | pub | ||
2048 R / EF569B13 2012−01−22 | 2048 R / EF569B13 2012−01−22 | ||
uid | uid | ||
ssh : // | ssh : // m o m o . e x a m p l e . o r g | ||
OpenPGP fingerprint : 2 B 4 1 5 2 5 D 5 2 E 6 1 8 8 B A 8 3 6 B 2 B 7 7 D C 7 E F 2 1 E F 5 6 9 B 1 3 | OpenPGP fingerprint : 2 B 4 1 5 2 5 D 5 2 E 6 1 8 8 B A 8 3 6 B 2 B 7 7 D C 7 E F 2 1 E F 5 6 9 B 1 3 | ||
ssh fingerprint : 2048 6 7 : cf : a1 : 7 3 : 8 9 : d2 : 5 2 : a8 : 7 7 : 9 0 : 9 8 : 1 f : f6 : 6 b : f0 : dc ( RSA ) | ssh fingerprint : 2048 6 7 : cf : a1 : 7 3 : 8 9 : d2 : 5 2 : a8 : 7 7 : 9 0 : 9 8 : 1 f : f6 : 6 b : f0 : dc ( RSA ) |
Version vom 7. Februar 2020, 15:40 Uhr
Dies ist der 13. Termin vom KunterBuntenSeminar im WS 2011/12.
Ort: Raum C-221 am Informatikum
Datum: 26. Januar 2012
Zeit: 19:45 bis 19:52
Dieser Lightning Talk wurde in der zweiten Lightning Talk Session des KunterBuntenSeminars im Wintersemester 2011 gehalten.
Monkeysphere
In diesem Vortrag wurde Monkeysphere vorgestellt.
Folien als Text
What is a monkeysphere?
- Sorry it is not about animals like you might think
- It is about us, living in a monkeysphere
- It is about identifying someone as person
- It is about your peers living in a monkeysphere
- It is about authentication, as we need it for authorization andconfidentiality
Trust relationships
Whom should we trust?
- Should we trust some certificate authorities?
- We do not know how they certificate some service
- We even do not know them, do we?
- Why not trust the people we already know and have relationship to?
adding services to the web of trust
What we have is the Web of trust, that reflects trust relationships transitively.
- People we know sign services like ssh, https
- We use a service:
- monkeysphere gets the keys
- monkeysphere checks trust relations
- monkeysphere grants us access to a service, if we do trust if we do not trust monkeysphere provides us with the old way
Extending the web of trust
How does this work then?
- create pgp-key with service-protocol and fqdn as uid
- sign the pgp-key
- export the pgp-key to the web of trust
- let others sign the key
What do we get out of this?
- trusting people we know to authenticate a service to us
- getting around calling server administrators asking for fingerprints
This is how we create a key:
monkeysphere−host import−key / etc / ssh / ssh_host_r sa_key ssh : // b j o e r n . e x a m p l e . o r g
That is what a key looks like:
momo : / etc / ssh# monkeysphere−host show−key pub 2048 R / EF569B13 2012−01−22 uid ssh : // m o m o . e x a m p l e . o r g OpenPGP fingerprint : 2 B 4 1 5 2 5 D 5 2 E 6 1 8 8 B A 8 3 6 B 2 B 7 7 D C 7 E F 2 1 E F 5 6 9 B 1 3 ssh fingerprint : 2048 6 7 : cf : a1 : 7 3 : 8 9 : d2 : 5 2 : a8 : 7 7 : 9 0 : 9 8 : 1 f : f6 : 6 b : f0 : dc ( RSA )
Quellen und Dokumentation
Es ist hilfreich die Dokumentation gewissenhaft durchzulesen. Die Dokumentation findet ihr unter den Weblinks.
Referent
momo: Ich bin per jabber (post@bjoernb.org) oder mail (4bewersd@inf) zu erreichen, oder ab und an im c.t..