lunar (1) msva-perl.1.gz

Provided by: msva-perl_0.9.2-1.1_all bug

NAME

       msva-perl - Perl implementation of a Monkeysphere Validation Agent

SYNOPSIS

         msva-perl [ COMMAND [ ARGS ... ] ]

ABSTRACT

       msva-perl provides a Perl implementation of the Monkeysphere Validation Agent, a
       certificate validation service.

INTRODUCTION

       The Monkeysphere Validation Agent offers a local service for tools to validate
       certificates (both X.509 and OpenPGP) and other public keys.

       Clients of the validation agent query it with a public key carrier (a raw public key, or
       some flavor of certificate), the supposed name of the remote peer offering the pubkey, and
       the context in which the validation check is relevant (e.g. ssh, https, etc).

       The validation agent then tells the client whether it was able to successfully validate
       the peer's use of the public key in the given context.

USAGE

       Launched with no arguments, msva-perl simply runs and listens forever.

       Launched with arguments, it sets up a listener, spawns a subprocess using the supplied
       command and arguments, but with the MONKEYSPHERE_VALIDATION_AGENT_SOCKET environment
       variable set to refer to its listener.  When the subprocess terminates, msva-perl tears
       down the listener and exits as well, returning the same value as the subprocess.

       This is a similar invocation pattern to that of ssh-agent(1).

ENVIRONMENT VARIABLES

       msva-perl is configured by means of environment variables.

       MSVA_LOG_LEVEL
           msva-perl logs messages about its operation to stderr.  MSVA_LOG_LEVEL controls its
           verbosity, and should be one of (in increasing verbosity): silent, quiet, fatal,
           error, info, verbose, debug, debug1, debug2, debug3.  Default is 'error'.

       MSVA_ALLOWED_USERS
           If your system is capable of it, msva-perl tries to figure out the owner of the
           connecting client.  If MSVA_ALLOWED_USERS is unset, msva-perl will only permit
           connections from the user msva is running as.  If you set MSVA_ALLOWED_USERS, msva-
           perl will treat it as a list of local users (by name or user ID) who are allowed to
           connect.

       MSVA_PORT
           msva-perl listens on a local TCP socket to facilitate access.  You can choose what
           port to bind to by setting MSVA_PORT.  Default is to bind on an arbitrary open port.

       MSVA_KEYSERVER
           msva-perl will request information from OpenPGP keyservers.  Set MSVA_KEYSERVER to
           declare the keyserver you want it to check with.  If this variable is blank or unset,
           and your gpg.conf contains a keyserver declaration, it will use the GnuPG
           configuration.  Failing that, the default is 'hkp://pool.sks-keyservers.net'.

       MSVA_KEYSERVER_POLICY
           msva-perl must decide when to check with keyservers (for new keys, revocation
           certificates, new certifications, etc).  There are three possible options: 'always'
           means to check with the keyserver on every query it receives.  'never' means to never
           check with a keyserver. 'unlessvalid' will only check with the keyserver on a specific
           query if no keys are already locally known to be valid for the requested peer.
           Default is 'unlessvalid'.

       MSVA_MONITOR_CHANGES
           Under graphical environments such as X11, msva-perl is capable of monitoring for
           changes in its underlying code and can prompt the user to restart the daemon when some
           of the underlying code changes.  Setting this environmnt variable to 'true' enables
           this monitoring and prompting behavior.  Default is 'false'.

COMMUNICATION PROTOCOL DETAILS

       Communications with the Monkeysphere Validation Agent are in the form of JSON requests
       over plain HTTP.  Responses from the agent are also JSON objects.  For details on the
       structure of the requests and responses, please see
       http://web.monkeysphere.info/validation-agent/protocol

SECURITY CONSIDERATIONS

       msva-perl deliberately binds to the IPv4 loopback (on 127.0.0.1) so that remote users do
       not get access to the daemon.  On systems (like Linux) which report ownership of TCP
       sockets in /proc/net/tcp, msva-perl will refuse access from random users (see
       MSVA_ALLOWED_USERS above).

SEE ALSO

       monkeysphere(1), monkeysphere(7), ssh-agent(1)

BUGS AND FEEDBACK

       Bugs or feature requests for msva-perl should be filed with the Monkeysphere project's bug
       tracker at https://labs.riseup.net/code/projects/monkeysphere/issues/

AUTHORS AND CONTRIBUTORS

       Daniel Kahn Gillmor <dkg@fifthhorseman.net<gt>

       The Monkeysphere Team http://web.monkeysphere.info/

       Copyright X Daniel Kahn Gillmor and others from the Monkeysphere team.  msva-perl is free
       software, distributed under the GNU Public License, version 3 or later.