8 | | Coming Soon ... directions for verifying MFPL server fingerprints. |
| 8 | There are several approaches to confirming a fingerprint. |
| 9 | |
| 10 | == TOFU == |
| 11 | |
| 12 | TOFO stands for Trust on First Use. It is the most commonly used method for checking fingerprints. It means that you blindly accept the fingerprint offered the first time you connect. Then, you rely on your ssh/sftp program to warn you if the fingerprint ever changes (all ssh/sftp programs will provide you this warning). |
| 13 | |
| 14 | This method assumes that your communications are not being tampered with the first time you connect, but may be tampered with later. It is reasonably secure, but does run a risk if your initial connection to a server is compromised. |
| 15 | |
| 16 | == Request Confirmation == |
| 17 | |
| 18 | If you want to be more sure that you are connecting to the right server, you can take the following steps: |
| 19 | |
| 20 | * Do not enter your web site's domain name as the server name. Only connect to the mayfirst domain name of the server, e.g. `marx.mayfirst.org` or `june.mayfirst.org`. Sometimes we move sites from one server to another. By using the real server name, you can more easily keep track of key changes. |
| 21 | * Before connecting for the first time, [/new open a ticket] requesting the fingerprint of the server in question. |
| 22 | |
| 23 | == Use the Monkeysphere == |
| 24 | |
| 25 | If you are a Linux user, you can [https://monkeysphere.info install the monkeysphere] to use OpenPGP to verify the key fingerprints. All May First/People Link servers have been signed by an MF/PL administrator. |