Difference between revisions of "Service/keys"

From Sugar Labs
Jump to navigation Jump to search
(Created page with "{{stub}} * http://keys.sugarlabs.org:11371/pks/lookup?op=stats")
 
(fill in)
Line 1: Line 1:
{{stub}}
+
We use [http://www.monkeysphere.info Monkeysphere] to allow users to [http://web.monkeysphere.info/doc/service-authentication-ssh/ authenticate our SSH host keys] using their PGP web of trust. Future plans include [http://web.monkeysphere.info/doc/ssh-user-authentication managing user keys] (authorized_keys) as well. Monkeysphere regularly searches for and fetches (potential) [http://tools.ietf.org/html/rfc4880 OpenPGP] keys for all users to check for new and/or revoked keys, which causes some load on keyservers. In order not to annoy operators of (other) public keyservers, we run our own. As a nice side effect we contribute back to the OpenPGP community by being [http://sks-keyservers.net/status/info/keys.sugarlabs.org part of] the [http://sks-keyservers.net/overview-of-pools.php SKS keyserver pool], similar to what we do for [[Service/time|NTP]].
  
* http://keys.sugarlabs.org:11371/pks/lookup?op=stats
+
* [http://keys.sugarlabs.org:11371/pks/lookup?op=stats Status] as provided by the server itself
 +
* [http://sks-keyservers.net/status/info/keys.sugarlabs.org Status] as monitored by the pool

Revision as of 08:22, 30 January 2011

We use Monkeysphere to allow users to authenticate our SSH host keys using their PGP web of trust. Future plans include managing user keys (authorized_keys) as well. Monkeysphere regularly searches for and fetches (potential) OpenPGP keys for all users to check for new and/or revoked keys, which causes some load on keyservers. In order not to annoy operators of (other) public keyservers, we run our own. As a nice side effect we contribute back to the OpenPGP community by being part of the SKS keyserver pool, similar to what we do for NTP.

  • Status as provided by the server itself
  • Status as monitored by the pool