The Monkeysphere project looks interesting. It basically integrates ssh authentication with the OpenPGP web-of-trust. So a server admin can create an account for a new user with only his OpenPGP identity – basically just an e-mail address. There’s no need to have a separate ssh public-key – the PGP public-key is used instead.
Why is this interesting? Well, it sounds like it might become a single-sign-on arrangement that’s actually useful. Microsoft’s Active Directory is widely used in business, and offers administrators an easy life that’s hard to reproduce in the Unix world. That’s partly for technical reasons (open source LDAP servers are hard to set-up) but also partly due to a different focus: AD requires a central authentication server, an idea that doesn’t fit well with the distributed nature of many open-source projects. While AD is top-down hierarchical, Monkeysphere seems to be much more freewheeling and democratic.
Secondly, it’ll encourage people to actually start using the OpenPGP web-of-trust infrastructure. It’s been possible to send and receive encrypted e-mails for well over a decade, yet encryption remains a backwater. I’d love to be able to discard all unsigned mail – that would eliminate my Spam problem overnight.
I can dream, can’t I…