Difference between revisions of "Service/keys"
< Service
Jump to navigation
Jump to search
(Created page with "{{stub}} * http://keys.sugarlabs.org:11371/pks/lookup?op=stats") |
Sascha silbe (talk | contribs) (fill in) |
||
| Line 1: | Line 1: | ||
| − | + | We use [http://www.monkeysphere.info Monkeysphere] to allow users to [http://web.monkeysphere.info/doc/service-authentication-ssh/ authenticate our SSH host keys] using their PGP web of trust. Future plans include [http://web.monkeysphere.info/doc/ssh-user-authentication managing user keys] (authorized_keys) as well. Monkeysphere regularly searches for and fetches (potential) [http://tools.ietf.org/html/rfc4880 OpenPGP] keys for all users to check for new and/or revoked keys, which causes some load on keyservers. In order not to annoy operators of (other) public keyservers, we run our own. As a nice side effect we contribute back to the OpenPGP community by being [http://sks-keyservers.net/status/info/keys.sugarlabs.org part of] the [http://sks-keyservers.net/overview-of-pools.php SKS keyserver pool], similar to what we do for [[Service/time|NTP]]. | |
| − | * http://keys.sugarlabs.org:11371/pks/lookup?op=stats | + | * [http://keys.sugarlabs.org:11371/pks/lookup?op=stats Status] as provided by the server itself |
| + | * [http://sks-keyservers.net/status/info/keys.sugarlabs.org Status] as monitored by the pool | ||
Revision as of 09:22, 30 January 2011
We use Monkeysphere to allow users to authenticate our SSH host keys using their PGP web of trust. Future plans include managing user keys (authorized_keys) as well. Monkeysphere regularly searches for and fetches (potential) OpenPGP keys for all users to check for new and/or revoked keys, which causes some load on keyservers. In order not to annoy operators of (other) public keyservers, we run our own. As a nice side effect we contribute back to the OpenPGP community by being part of the SKS keyserver pool, similar to what we do for NTP.