Network Working Group P. Hallam-Baker
Internet-Draft Comodo Group Inc.
Intended status: Standards Track March 7, 2016
Expires: September 8, 2016
Mathematical Mesh: Architecture
draft-hallambaker-mesh-architecture-01
Abstract
The Mathematical Mesh 'The Mesh' is an end-to-end secure
infrastructure that facilitates the exchange of configuration and
credential data between multiple user devices. The architecture of
the Mesh and examples of typical applications are described.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 8, 2016.
Copyright Notice
Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Hallam-Baker Expires September 8, 2016 [Page 1]
Internet-Draft Mathematical Mesh Architecture March 2016
1. Introduction
The Mathematical Mesh is a user centered Public Key Infrastructure
that uses cryptography to make computers easier to use.
The Mesh uses cryptography and an untrusted cloud service to make
management of computer configuration data transparent to the end
user. Each Mesh user has a personal profile that is unique to them
and contains a set of public keys for maintaining the user's Mesh
profile.
2. Definitions
2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
3. Background
Public Key Cryptography permits Internet applications to be secure
but requires an infrastructure for key distribution.
WebPKI has been very successful for E-commerce. Client side PKI has
been remarkably less successful.
S/MIME and OpenPGP both have significant user bases but both have
been limited to a small community. Government for S/MIME, system
admins and security researchers for OpenPGP. Use of PKI for
authentication of Web users has seen negligible use.
One of the chief obstacles any network application has to overcome is
the critical mass problem. While S/MIME and OpenPGP both have
several million users, this is a small fraction of the number of
email users.
It is likely that the more significant obstacle to deployment is the
difficulty of using client side PKI applications. While S/MIME and
OpenPGP both claim to reduce the effort of sending secure email 'to a
single click', no security feature that requires the user to make a
conscious decision to use it every time it is used can ever hope to
achieve ubiquitous deployment.
Attempting to automate the process of sending encrypted mail
introduces a new problem. The fact that a user has configured a
client to receive encrypted mail the past does not mean that they are
capable of receiving and decrypting such mail today. And even if
Hallam-Baker Expires September 8, 2016 [Page 2]
Internet-Draft Mathematical Mesh Architecture March 2016
they are still capable of receiving the encrypted mail today, this
capability may be limited to a single machine that they do not
currently have access to.
While such objections have been repeatedly dismissed as trivial and
'easily solved' by protocol designers, to ordinary email users, they
are anything but trivial. If a change is to be made to an
infrastructure they rely on daily, it must be completely transparent.
An email security infrastructure that interrupts or disrupts their
flow of work is totally unacceptable.
Equally overlooked by application designers is the difficulty of
configuring applications that support end-to-end security through
cryptography. While working on this project, the author attempted to
configure a very popular email client to make use of the built in S/
MIME capabilities. Even with 25 years of experience, this took over
half an hour and required the user to follow a procedure with 17
different steps!
It is important to note that this complexity is not simply a
consequence of one poorly designed application, it is the result of
the functions of the PKI being divided across three poorly integrated
applications on the user's machine compounded by a set of network
protocols that are not designed to provide a seamless user
experience.
A similar problem is illustrated by the problem of configuring SSH.
There is a simple way to configure SSH and there is a secure way and
these are not the same. The simple way to configure SSH is for each
user to create a single keypair and copy it to each of the machines
they might need terminal access to. While this is straightforward it
means that there is no way to mitigate the possibility of the key
being compromised if a machine is lost or stolen. Sharing a private
key between machines is as bad as sharing a password between
accounts. But attempting to achieve cryptographic hygiene across a
diverse collection of devices requires user effort proportional to
the square of the number of devices.
3.1. What it means to be user-centered
A key principle that guides the design of the Mesh is that any set of
instructions that can be written down and given to a user can be
written down as code and executed by the computer. Public key
cryptography is used to automate the process of managing public keys.
Traditional PKI attempted to solve the problems that were of
paramount concern to the designers. The designers of S/MIME were
concerned with the problem of exchanging secure email within a
Hallam-Baker Expires September 8, 2016 [Page 3]
Internet-Draft Mathematical Mesh Architecture March 2016
hierarchical organization and built a (mostly) hierarchical design.
The designers of OpenPGP were concerned with the risk of government
subversion of the trust infrastructure for nefarious ends.
But what does the user care about? What is the user's principal
concern?
The biggest concern I hear from users is not the risk that someone
else might get to see their confidential data, rather it is the risk
that they might lose their precious data by some unintended user-
error.
Being user centered means considering and addressing the requirements
that are set by users regardless of whether they are compatible with
the designer's view of optimal security. In particular a user-
centered PKI must address requirements such as:
Guaranteeing that data loss does not happen even in the most extreme
cases of total loss or destruction of all hardware they used to store
their keys.
Mitigating the consequences of user error or carelessness.
Mitigating the consequences of devices being lost or stolen.
Providing mechanisms that permit a user to permit access to their
digital assets after their death.
3.2. Eliminate unnecessary options
Traditionally cryptographic applications give the user a bewildering
choice of algorithms and options. They can choose to have one RSA
keypair used for encryption and signature or they can have separate
keys for both, they can encrypt their messages using 3DES or AES at
128, 192 or 256 bit security. And so on.
The Mesh eliminates such choices as unnecessary. Except where
required by an application, the Mesh always uses separate keys for
encryption and signature operations and only uses the highest
strength on offer. Currently, Mesh profiles are always encrypted
using RSA with a 2048 bit key, AES with a 256 bit key and SHA-2-512.
(The CFRG ECC curves will be added in the near future when
implementations become available.)
For similar reasons, every Mesh master profile has an escrow key.
The use of key escrow by applications is optional, but every profile
has the capability of using it should circumstances require.
Hallam-Baker Expires September 8, 2016 [Page 4]
Internet-Draft Mathematical Mesh Architecture March 2016
3.3. Why change is possible
All four of the open standards based PKIs that have been developed in
the IETF are based on designs that emerged in the mid-1990s.
Performing the computations necessary for public key cryptography
without noticeable impact on the speed of user interaction was a
constraint for even the fastest machines of the day. Consequently,
PKI designs attempted to limit the number of cryptographic operations
required to the bare minimum necessary. There were long debates over
the question of whether certificate chains of more than 3
certificates were acceptable.
Today a 32 bit computer with two processing cores running at 1.2GHz
can be bought for $5 and public key algorithms are available that
provide a higher level of security for less computation time. In
1995, the idea that a single user might need a hundred public key
pairs and a personal PKI to manage them as an extreme scenario.
Today when the typical user has a phone, a tablet and a laptop and
their home is about to fill up dozens if not hundreds of network
connected devices, the need to manage large numbers of keys for
individual users is clear.
Almost any information security requirement has a straightforward
solution if you are prepared to commit the necessary resources. In
general, each degree of cryptographic separation that is required
will introduce an additional layer of hierarchy.
Traditionally PKI has focused on the problem of delegating trust from
one party to another. Such capabilities have been implicit in the
model but only expressed in applications to a limited degree.
In the WebPKI, Certificate Authorities maintain the private keys
corresponding to their widely distributed root keys in offline
facilities that are never connected to the Internet. These keys are
in turn used to sign 'intermediate root certificates' corresponding
to the keys used to sign end entity certificates. The CA has this
capability but the end entity does not. In the PKIX model it is
assumed that if the end entity needs to change their cryptographic
configuration, they will go back to their CA and get a new
certificate.
In the OpenPGP Web of trust, Alice signs the key of Bob who signs the
key of Carol. Since everyone is a trust provider in the OpenPGP
model, Alice can sign a key for Alice. This mechanism is used to
support key rollover but the task of distributing her new keys to the
devices where Alice needs them is a problem left to Alice.
Hallam-Baker Expires September 8, 2016 [Page 5]
Internet-Draft Mathematical Mesh Architecture March 2016
While it is quite possible for a very capable and experienced PKI
expert to configure PKIX and OpenPGP applications in a fashion that
supports management of personal keys, such use is far beyond what can
reasonably be expected of typical users.
The Mesh applies PKI technology to the problem of making PKI use
effortless. Once an initial configuration is established, the user
is not required to think about PKI at all. Every PKI operation (e.g.
key and certificate rollover) is performed automatically.
4. Basic Concepts
4.1. Parties
The Mesh is a network infrastructure. As with any such
infrastructure it is formed not as a set of things but rather as the
relationship between those things.
4.1.1. User
A Mesh user is a person or organization that has established a Mesh
personal profile. A Mesh personal profile describes the
configuration of the set of devices and applications that the user
uses. Each Mesh profile is identified by a globally unique
fingerprint value.
A Mesh user MAY have multiple profiles for the purpose of
compartmentalizing their online identity and preventing activity in
one network context being linked to activity in another network
context. The extent to which such separation provides increased
privacy is not currently understood. From the point of view of the
Mesh protocols, such profiles are held by separate users.
At present the Mesh specifications are designed to support
requirements arising from personal use such as the user transferring
application settings from one device they own to another device they
own. To deploy the Mesh in an enterprise environment, features such
as the ability to import settings provided by the IT department are
highly desirable.
4.1.2. Devices
The Mesh may be used on any computer that has the ability to connect
to a network and perform public key cryptography.
Every device that uses the Mesh has a unique device profile that
specifies public key pairs that are unique to that device.
Hallam-Baker Expires September 8, 2016 [Page 6]
Internet-Draft Mathematical Mesh Architecture March 2016
When a device is connected to a user's personal profile, it may be an
Administration Device or a Connected Device depending on whether it
has been assigned an Administration key.
Administration device A device that has access to an
administration key for the user's Mesh Personal Profile and is
thus authorized to authorize actions such as connecting a new
device to the profile, removing devices and creating or
removing application profiles.
Connected Device A device that is connected to the Mesh Personal
Profile that is not an administration device.
Note that a device MAY be connected to more than one Personal
Profile at the same time. For example, an embedded device such
as a thermostat might have a single device profile installed
during manufacture. If Alice and Bob share the same
accommodations where the thermostat is installed, both users
might have connected the device to their personal profile.
4.1.3. Portal Provider
Users do not interact with a Mesh Directly. All interaction with the
Mesh is mediated by a Portal Provider. The portal provider is
responsible for protecting the Mesh from abuse such as Denial of
Service attacks, resource exhaustion, spam, etc.
Users interact with a portal provider through an account which has an
account identifier in the traditional [RFC5822] format:
<user>@<domain>
Where is an account identifier that is unique to that portal service
and is the DNS name of the portal service.
4.1.4. Mesh Provider
4.1.5. InterMesh
4.2. Technology
4.2.1. UDF Fingerprints
The Uniform Data Fingerprint format (UDF) [draft-hallambaker-udf] is
used to construct names for Mesh data items. UDF employs Base32
Hallam-Baker Expires September 8, 2016 [Page 7]
Internet-Draft Mathematical Mesh Architecture March 2016
[RFC3977] encoding and the SHA-2-512 and SHA-3-512 digest functions
to construct fingerprints of varying lengths.
The choice of fingerprint length is a balance between security and
compactness of the representation. Longer fingerprints offer higher
security but are less convenient. The minimum fingerprint size
recommended for use in the Mesh is 25 characters, this presents a
work factor of 2^117 to an attacker attempting to generate a
signature key matching a particular fingerprint, approximately the
same work factor as RSA with 2048 bit keys.
4.2.2. Resolving
In contrast to the URLs resolved by the HTTP protocol which identify
a resource by means of a location and a means of retrieval, a UDF
fingerprint only identifies a fixed data object and the data type.
A UDF resolution service resolves UDF fingerprints in the same manner
that a HTTP server resolves URLs but can only provide a response for
the set of fingerprints known to that specific server. Unlike the
HTTP service which the client must trust to return the correct
resource, every response returned by a UDF resolution service may be
validated against the fingerprint presented in the original request.
Thus a user of a UDF resolution service is not required to trust it
for the integrity of the result received.
4.2.3. Signed Resources
UDF fingerprints provide a probabilistically unique identifier for a
static data object but do not provide a direct means of identifying
resources that change over time. To identify such resources, digital
signatures are used. A public key signature pair is created and the
UDF fingerprint of the public key parameters serves as the
identifier. The private key is then used to sign either the data
object itself or a data object containing a further public key.
The application/pkix-keyinfo content type described in [draft-
hallambaker-udf] is used to create identifiers for public keys.
4.2.4. Profile
A Mesh profile is a set of configuration settings that is bound to a
persistent identifier (a UDF fingerprint).
The Mesh protocols do not put any limit on the size or complexity of
Mesh profiles but a Mesh Portal SHOULD impose such limits as are
appropriate to avoid abuse such as denial of service attacks.
Hallam-Baker Expires September 8, 2016 [Page 8]
Internet-Draft Mathematical Mesh Architecture March 2016
4.2.5. JSON Encoding
Javascript Object Notation (JSON) [RFC7159] encoding is used to
encode all Mesh data objects except for low level cryptographic
formats where other encodings are already established.
4.2.6. HTTP Web Service
The Mesh defines two new protocols:
Mesh Portal Protocol (mmm) A client-server protocol that mediates
access to a Mesh.
Intermesh Protocol The Intermesh protocol is used to exchange
Mesh profile data between portals. It is a flood fill protocol
that applies the same principles demonstrated in NNTP
[RFC4644].
The DNS SRV mechanism is used for
4.2.7. Transparency
The principle of transparency was introduced by the Certificate
Transparency specification [RFC6962]. Transparency is the ability to
audit a system using only information that is available to the users
of the system. If the system is a public service, all the data used
to audit the service must be public.
The Mesh uses strong encryption and
5. Mesh Profiles
5.1. Device Profile
Is unique to each device. If a device has multiple accounts, each
account would typically require a separate device profile.
Has separate keys for encryption, authentication and signature.
Typically generated on the device.
Once generated, is typically constant until the device is reset.
Used to provision application keys out to a device.
Hallam-Baker Expires September 8, 2016 [Page 9]
Internet-Draft Mathematical Mesh Architecture March 2016
5.2. Master Profile
Is signed by the Master Signing Key which is in turn validated by the
fingerprint.
Contains a Master Signing Key, Set of Administration Keys and Set of
Escrow Keys.
Changes infrequently, usually only when the set of administration
devices changes or a new escrow key is added.
5.3. Personal Profile
Is signed by an administration key.
For convenience, the master profile is included as an attachment.
Changes when there is a significant change to the configuration, the
addition of a new device or application.
5.4. Application Profile
Is signed by an administration key or an application administration
key (if specified for the application).
Contains the application configuration data. Is encrypted to the
device keys.
Changes when the application configuration is changed or when devices
are added or removed.
5.5. Future Directions
It may be desirable to partition the Application profiles so that it
is not necessary for every device to download the whole thing. For
example, sign a manifest so that the portal can strip out just the
parts of the profile that are relevant to a device.
6. Mesh Portal Protocol
Not necessarily instantaneous, may be latency between an update being
published and it being available.
7. Intermesh Protocol
This is not a priority at the moment.
Hallam-Baker Expires September 8, 2016 [Page 10]
Internet-Draft Mathematical Mesh Architecture March 2016
May be used to support local replication or replication between
providers.
It is anticipated that the Intermesh Protocol will operate at a
substantially greater latency than the Mesh Portal Protocol.
Probably resynchronizing on an hourly or even daily basis.
Portals are not required to forward every update to the Intermesh.
Only updates that have not been superseded within the time quanta
need be published.
Each Portal runs a local append only log of every transaction. This
is periodically closed and a new log started. Some time after the
log is closed, a hash structure is calculated across the log entries
and broadcast to the other participants in the InterMesh. After a
quorum of hash values has been received, each participant in the
exchange calculates a new master hash entry which will be added to
the log before the next checkpoint occurs.
The participants exchange log records, but this may be on a limited
basis. If the InterMesh has a hundred members, it is not necessary
for every single node to have every single entry in real time. It is
sufficient for each node to have knowledge of a partner that can
provide it on demand.
8. Protocol Overview
[Account request does not specify the portal in the request body,
only the HTTP package includes this information. This is probably a
bug.]
8.1. Creating a new portal account
A user interacts with a Mesh service through a Mesh portal provider
with which she establishes a portal account.
For user convenience, a portal account identifier has the familiar
<username>@<domain> format established in [RFC822].
For example Alice selects example.com as her portal provider and
chooses the account name alice. Her portal account identifier is
alice.
A user MAY establish accounts with multiple portal providers and/or
change their portal provider at any time they choose.
Hallam-Baker Expires September 8, 2016 [Page 11]
Internet-Draft Mathematical Mesh Architecture March 2016
8.1.1. Checking Account Identifier for uniqueness
The first step in creating a new account is to check to see if the
chosen account identifier is available. This allows a client to
validate user input and if necessary warn the user that they need to
choose a new account identifier when the data is first entered.
The ValidateRequest message contains the requested account identifier
and an optional language parameter to allow the service to provide
informative error messages in a language the user understands. The
Language field contains a list of ISO language identifier codes in
order of preference, most preferred first.
POST /.well-known/mmm/HTTP/1.1
Host: example.com
Content-Length: 88
{
"ValidateRequest": {
"Account": "alice@example.com",
"Language": ["en-uk"]}}
The ValidateResponse message returns the result of the validation
request in the Valid field. Note that even if the value true is
returned, a subsequent account creation request MAY still fail.
HTTP/1.1 200 OK
Date: Mon 07 Mar 2016 09:28:07
Content-Length: 190
{
"ValidateResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully",
"Valid": true,
"Minimum": 1,
"InvalidCharacters": ".,:;{}()[]<>?|\\@#"}}
[Note that for the sake of concise presentation, the HTTP binding
information is omitted from future examples.]
8.2. Creating a new user profile
The first step in creating a new personal profile is to create a
Master Profile object. This contains the long term Master Signing
Key that will remain constant for the life of the profile, at least
one Online Signature Key to be used for administering the personal
profile and (optionally), one or more master escrow keys.
Hallam-Baker Expires September 8, 2016 [Page 12]
Internet-Draft Mathematical Mesh Architecture March 2016
For convenience, the descriptions of the Master Signing Key, Online
Signing Keys and Escrow Keys typically include PKIX certificates
signed by the Master Signing Key. This allows PKIX based applications
to make use of PKIX certificate chains to express the same trust
relationships described in the Mesh.
{
"MasterProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"MasterSignatureKey": {
"UDF": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"X509Certificate": "
MIIDJjCCAg6gAwIBAgIQRZ59PlINY9TLiyORByDifTANBgkqhkiG9w0BAQ0FADAu
MSwwKgYDVQQDFiNNREpWQS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRDAe
...
-zDRA53b1TnPYd5DNZBdF-zcF4oL-yxNqBw7BBMbyIg-72APECSAy1O9",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"n": "
x4WRJAFuUSZKqw0hx1CCKmjh_JfAgnTBUt8GCKjOLBMIteDQOG85o5CkfHEj5g3h
830JV_QRgGH4DK6YojP7sJflRPRpEgCII6kQ8S5LHtoWNLci83pHDX8IwMab4lqp
Yh6gNUdvhqfL9gyuKHqJLD0W6o9dKpxm-RgbmJlgxBelxfR8EoftBKC57VFwJ2UC
wKWOoo7vQAgTqXGrp_QSGpLra9BiZ1BvXR6S-uewCLNDNcaWrjPprrFp9vm_QCnw
AjkDUQyircs14jIZjVY5Qv5-L4OS8UemVp93keVj9wJ8ZxUDXiN6jbutCBkYXO1p
i37KwvBwn_vzlS3Cu2i3Pw",
"e": "
AQAB"}}},
"MasterEscrowKeys": [{
"UDF": "MDATK-6PWXI-DAQ7X-FOSO2-7CXCU-N46TJ",
"X509Certificate": "
MIIDJjCCAg6gAwIBAgIQYpsuNn5CHEmCr9Vmwg1JKTANBgkqhkiG9w0BAQ0FADAu
MSwwKgYDVQQDFiNNREpWQS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRDAe
...
Bs3BIgqOng7cW-vSZHD-dLt2E5emY_EQ_yAiiWi8EFXL1221CA1iUIOR",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MDATK-6PWXI-DAQ7X-FOSO2-7CXCU-N46TJ",
"n": "
uyle9pmeONA5V9kPS2LPPIzinUD7S_Ev7SrV8gFLwcxECai7LE7K6NJIT-u8A2FI
3NOvgYpvaz7W9I-z5WSokEt72GwcNStI-kUwshem3KP-Qbg3QRkfLzv9B7E7v_KB
bm1wP_UEQ_Ap1D_gFbq_PIHJQR_chtxcH91rF5W-rUi_r-C2T3-JAnGtjPISbKXG
OgjQ7x1V0j-YX9s2tKDpfzlvGfSZpzbXiM4oKvPM_3lH6ZN0eIUF2CmUzr_cdems
pW_bPjZdtR12UyA8eI18J7mi89eP_dIx_P0q3YY_GpMICBa7Lz5rAZkZVq00iAeP
7r_1VPQ3msY9lZ5GE61seQ",
"e": "
AQAB"}}}],
"OnlineSignatureKeys": [{
Hallam-Baker Expires September 8, 2016 [Page 13]
Internet-Draft Mathematical Mesh Architecture March 2016
"UDF": "MDPI5-HRBPS-FWTDI-76I6Q-VDYZE-UTR2X",
"X509Certificate": "
MIIDJzCCAg-gAwIBAgIRAI630vDDvaT5nhLoNdGb1SEwDQYJKoZIhvcNAQENBQAw
LjEsMCoGA1UEAxYjTURKVkEtR1dCRVMtMllYUEEtN0ZIV1UtR05USEUtRDJFTEQw
...
zEY0GG_uZCsIS9rULqu3rRtWFe3stzsKw6levDgFCdL8al-3lghyFasvug",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MDPI5-HRBPS-FWTDI-76I6Q-VDYZE-UTR2X",
"n": "
pdFrro2dJEv1kS-KAyQ4jq6dbX8uCIibNHecDA-og1slmVZy5PUFfZBzgr0Cy-tK
euV9ZrNVKQP-OCwp9W_ghkTjA3lmCkI_XAbZSD3luQhq4CZJo1dPKGVVZT6YNtvG
Z-uIy7au7jAiamB2wm64QsbrIAd16bgGngYPYHf58bYdE1Xrb5PMQxCqFLs3VfTO
qH9SAbgBHuwYSuSSboBPZD_pRiPbujWMXh5TnA_yttfZ0ISkyi18QZ1GEhG-Qwp_
pjOPtjewh0nJNunC82E1LgBsHUlFgbot3JULsW9q9CfkpgHXN_8FXsUHdEHe_9rm
xb76--ouQhBchDA82rp1Zw",
"e": "
AQAB"}}}]}}
The Master Profile is always signed using the Master Signing Key:
{
"SignedMasterProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTURKVkEtR1dCRVMtMllYUEEt
N0ZIV1UtR05USEUtRDJFTEQifQ",
"payload": "
ewogICJNYXN0ZXJQcm9maWxlIjogewogICAgIklkZW50aWZpZXIiOiAiTURKVkEt
R1dCRVMtMllYUEEtN0ZIV1UtR05USEUtRDJFTEQiLAogICAgIk1hc3RlclNpZ25h
...
QVFBQiJ9fX1dfX0",
"signature": "
BrTIIVhIuK4g0bzSjAmbIcoaYLtBoJhveJfS9R-QrsSwcBEpITxyfDbdKK8GjRey
hmZQSOogxnSaj4VJul6G-EnHFCMfq7DFlxI6BSim-dThjFIKq3XHPSVS1kwVX5IF
YoQBzWKjeGIPYfEFTliDjjpFg_Kx7vXRDaArk108PNb7_IVmo1aWEIMh86Izs776
-hX_1TktNCMTGORG5Z5O48YcwsJX-cMwB_6R_PcVlUja-saD42-vQc_ztU-_iMxx
p6maDB0vWCxSYvGDF3uxICRi2atcsc8P8arEv4dbyoRa9PArssUu2uYif8czXVEH
V9Ip6IEd6FWFFyNqab0cxA"}}}
Since the device used to create the personal profile is typically
connected to the profile, a Device profile entry is created for it.
This contains a Device Signing Key, a Device Encryption Key and a
Device Authentication Key:
Hallam-Baker Expires September 8, 2016 [Page 14]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"DeviceProfile": {
"Identifier": "MBKMG-6QV5K-5PSXF-6TLUP-XXLRB-FEMVT",
"Names": ["Alice Desktop"],
"Description": "A desktop computer built by Acme Computer Co.",
"DeviceSignatureKey": {
"UDF": "MBKMG-6QV5K-5PSXF-6TLUP-XXLRB-FEMVT",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MBKMG-6QV5K-5PSXF-6TLUP-XXLRB-FEMVT",
"n": "
1yqsmXfIHYqzWe5DcqLnrfa_Xfbh5vK-zagPosWcrce0122Yufm5hZb4Ujc-1ozQ
z3ssEYIK30I8A8H-0qe-y6oOcRRsANc0LnGwlpadk00fOjcV8WySxkO2aaFmiKNQ
236zOwC2wtHJS7DxVQhbRUhAfQthopq3ycu88N4Re2pxnS4SBWRIH48AAwydp8Rt
WGNhCbZT-N-NN8dYrPMCNHhftPKHt0xbgXMtf_49tv4-tKwmAs6uDNXPL3YPWnIK
aaNA4PqLZPWVtN_kowAFjmpT19ROKLYFHSzmyx6dX6W9-Whor5BOr8U4qbWAcDQJ
GNZAOa4pzXWLFk9dIaIi5Q",
"e": "
AQAB"}}},
"DeviceAuthenticationKey": {
"UDF": "MDWGK-N4VTY-EF5N4-EBLTA-ITQZC-JZLOI",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MDWGK-N4VTY-EF5N4-EBLTA-ITQZC-JZLOI",
"n": "
pJCOo5Q_fQfZy8decCRCBrjy5QGDX6pRy1E_5SNaHZIjZHOUolN3Z_plXryPiFcu
9hEULTe4Tl--d1_GrY_5HJ06g2zw__-0q7d26Z0z7tJ7OTcyysfoXZ7HAhz8ODeY
GQ3_ocoW8ibiOj8nla3t3wCU8vnU4e8d2wHiZiyGxYLRH2-TQmCwDh8-mKMfUr0o
_p06xjwsUvPfDspRBlltkiNbM5wtHZRDiJR15tHw8QAV4EIJFrwZQmI28sJLLqrl
WZlUxbCZzdXYy4dczlkC9DvxO4qxru22hFtHSOOyArweqJXGWuUW7xkCkWl7oauT
5rIFzEM712RgNKxodBSotQ",
"e": "
AQAB"}}},
"DeviceEncryptiontionKey": {
"UDF": "MBLYV-KC666-JGASF-7RCNB-DAHQ2-JMTA2",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MBLYV-KC666-JGASF-7RCNB-DAHQ2-JMTA2",
"n": "
wj9WxkNn_BBJHbi2QTOZFn28IFXjQT2dhoytLxt8zdEPyaz031YXIrINCFuK2Bsi
MsB1e8o-7kNWwOTtzXD-lB8U2mc7BH7PEMdcwlLypuKJcVX-MtXMVG4E8fqMYdUQ
6T3aKtvi1LzPZR8LFjxEx44YoN0juwcRcQkhp_pbsxaxdt4mHSd0_1CF2W5MufXb
q-sCnAGRAFiCKzT4jfn-MEoQvERqORpVJaiZDyT6z5RS7oIrTu8OPCHyfN8tPzH_
QjMO5xQtBohms6uYWftiOtgmkV_VaQ4BZt-zZ0DFoDIZmAvMa-p4YZOpRofG-cii
rVaW4eYY5ELY-c2AGjOpeQ",
"e": "
AQAB"}}}}}
Hallam-Baker Expires September 8, 2016 [Page 15]
Internet-Draft Mathematical Mesh Architecture March 2016
The Device Profile is signed using the Device Signing Key:
{
"SignedDeviceProfile": {
"Identifier": "MBKMG-6QV5K-5PSXF-6TLUP-XXLRB-FEMVT",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJEZXZpY2VQcm9maWxlIjogewogICAgIklkZW50aWZpZXIiOiAiTUJLTUct
NlFWNUstNVBTWEYtNlRMVVAtWFhMUkItRkVNVlQiLAogICAgIk5hbWVzIjogWyJB
...
ICAgICAiZSI6ICIKQVFBQiJ9fX19fQ",
"signature": "
vOMCqvNhnMIYnQWldv_2fiGEsYwTHdDJSrmGSnaeG5QrdcmaPqgXHQX-w8rcBy15
_7i8_9x9jhqytLfsU7dCzNePvyX87D3dPEmdL0-A7RsGp0goKrP3w8O6WMyGTk92
GrpqSgeNWcpejqxzoB2Mln21J_vRsmkWkHZznRvh5mDSVc5OAZ5-XI8Vg2v4IpV-
NJKkuAeChUGiOWUBwXsoCIXbU5tjtFYVLYii2F_a3vrVBXGY_hNfDl8DsLJp3rOz
LFXbMB8B_e9sFwI4GuTykXObVrGpGBJ-Hy93EuacXI2Mh00vbRTJkbT8ClgZhsBq
ERawxBaucm_Lemig4GUgjA"}}}
A personal profile would typically contain at least one application
when first created. For the sake of demonstration, we will do this
later.
The personal profile thus consists of the master profile and the
device profile:
Hallam-Baker Expires September 8, 2016 [Page 16]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"PersonalProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedMasterProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTURKVkEtR1dCRVMtMllYUEEt
N0ZIV1UtR05USEUtRDJFTEQifQ",
"payload": "
ewogICJNYXN0ZXJQcm9maWxlIjogewogICAgIklkZW50aWZpZXIiOiAiTURKVkEt
R1dCRVMtMllYUEEtN0ZIV1UtR05USEUtRDJFTEQiLAogICAgIk1hc3RlclNpZ25h
...
QVFBQiJ9fX1dfX0",
"signature": "
BrTIIVhIuK4g0bzSjAmbIcoaYLtBoJhveJfS9R-QrsSwcBEpITxyfDbdKK8GjRey
hmZQSOogxnSaj4VJul6G-EnHFCMfq7DFlxI6BSim-dThjFIKq3XHPSVS1kwVX5IF
YoQBzWKjeGIPYfEFTliDjjpFg_Kx7vXRDaArk108PNb7_IVmo1aWEIMh86Izs776
-hX_1TktNCMTGORG5Z5O48YcwsJX-cMwB_6R_PcVlUja-saD42-vQc_ztU-_iMxx
p6maDB0vWCxSYvGDF3uxICRi2atcsc8P8arEv4dbyoRa9PArssUu2uYif8czXVEH
V9Ip6IEd6FWFFyNqab0cxA"}},
"Devices": [{
"Identifier": "MBKMG-6QV5K-5PSXF-6TLUP-XXLRB-FEMVT",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJEZXZpY2VQcm9maWxlIjogewogICAgIklkZW50aWZpZXIiOiAiTUJLTUct
NlFWNUstNVBTWEYtNlRMVVAtWFhMUkItRkVNVlQiLAogICAgIk5hbWVzIjogWyJB
...
ICAgICAiZSI6ICIKQVFBQiJ9fX19fQ",
"signature": "
vOMCqvNhnMIYnQWldv_2fiGEsYwTHdDJSrmGSnaeG5QrdcmaPqgXHQX-w8rcBy15
_7i8_9x9jhqytLfsU7dCzNePvyX87D3dPEmdL0-A7RsGp0goKrP3w8O6WMyGTk92
GrpqSgeNWcpejqxzoB2Mln21J_vRsmkWkHZznRvh5mDSVc5OAZ5-XI8Vg2v4IpV-
NJKkuAeChUGiOWUBwXsoCIXbU5tjtFYVLYii2F_a3vrVBXGY_hNfDl8DsLJp3rOz
LFXbMB8B_e9sFwI4GuTykXObVrGpGBJ-Hy93EuacXI2Mh00vbRTJkbT8ClgZhsBq
ERawxBaucm_Lemig4GUgjA"}}],
"Applications": []}}
The personal profile is then signed using the Online Signing Key:
Hallam-Baker Expires September 8, 2016 [Page 17]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"SignedPersonalProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJQZXJzb25hbFByb2ZpbGUiOiB7CiAgICAiSWRlbnRpZmllciI6ICJNREpW
QS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRCIsCiAgICAiU2lnbmVkTWFz
...
X0xlbWlnNEdVZ2pBIn19XSwKICAgICJBcHBsaWNhdGlvbnMiOiBbXX19",
"signature": "
Tpqh8sl8K9apRYJWuZ46ApGZMNTM-lgUSr_ASLlLQkXzUILltzxKQi9RNpPdiHwz
-RjcKTmBIrWXTqu94rz7Zn6VjHOMc2WkmKZumiwD0toDznLreFzN5RY7Lf9NXeiD
czoE_DGIcVK-hxlJ7QPSZ4Tv0rmX2c-uwBdNqSr2_TfgE9sgWvIftTfS6rEzcJp8
pxnYMyjRknqg-Y4V5Bwz9iklcPy-K5MbnFFm_cCJikTbmUAG0-oA3HsreyqnfBQH
ckfX-nwYRO0ChV4K86ud4RB0KYORDIEcxVjQS59J_iGG00NrL3KVaQ05zXPt1_UG
KNrppHhqpoon0xnTRIUgAQ"}}}
8.2.1. Publishing a new user profile
Once the signed personal profile is created, the client can finaly
make the request for the service to create the account. The request
object contains the requested account identifier and profile:
{
"CreateRequest": {
"Account": "alice",
"Profile": {
"SignedPersonalProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJQZXJzb25hbFByb2ZpbGUiOiB7CiAgICAiSWRlbnRpZmllciI6ICJNREpW
QS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRCIsCiAgICAiU2lnbmVkTWFz
...
X0xlbWlnNEdVZ2pBIn19XSwKICAgICJBcHBsaWNhdGlvbnMiOiBbXX19",
"signature": "
Tpqh8sl8K9apRYJWuZ46ApGZMNTM-lgUSr_ASLlLQkXzUILltzxKQi9RNpPdiHwz
-RjcKTmBIrWXTqu94rz7Zn6VjHOMc2WkmKZumiwD0toDznLreFzN5RY7Lf9NXeiD
czoE_DGIcVK-hxlJ7QPSZ4Tv0rmX2c-uwBdNqSr2_TfgE9sgWvIftTfS6rEzcJp8
pxnYMyjRknqg-Y4V5Bwz9iklcPy-K5MbnFFm_cCJikTbmUAG0-oA3HsreyqnfBQH
ckfX-nwYRO0ChV4K86ud4RB0KYORDIEcxVjQS59J_iGG00NrL3KVaQ05zXPt1_UG
KNrppHhqpoon0xnTRIUgAQ"}}}}}
Hallam-Baker Expires September 8, 2016 [Page 18]
Internet-Draft Mathematical Mesh Architecture March 2016
The service reports the success (or failure) of the account creation
request:
{
"CreateResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully"}}
8.3. Connecting a device profile to a user profile
Connecting a device to a profile requires the client on the new
device to interact with a client on a device that has administration
capabilities, i.e. it has access to an Online Signing Key. Since
clients cannot interact directly with other clients, a service is
required to mediate the connection. This service is provided by a
Mesh portal provider.
All service transactions are initiated by the clients. First the
connecting device posts ConnectStart, after which it may poll for the
outcome of the connection request using ConnectStatus.
Periodically, the Administration Device polls for a list of pending
connection requests using ConnectPending. After posting a request,
the administration device posts the result using ConnectComplete:
Connecting Mesh Administration
Device Service Device
| | |
| ConnectStart | |
| ----------------------> | |
| | ConnectPending |
| | <---------------------- |
| | |
| | ConnectComplete |
| | <---------------------- |
| ConnectStatus | |
| ----------------------> | |
The first step in the process is for the client to generate a device
profile. Ideally the device profile is bound to the device in a
read-only fashion such that applications running on the device can
make use of the deencryption and authentication keys but these
private keys cannot be extracted from the device:
Hallam-Baker Expires September 8, 2016 [Page 19]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"DeviceProfile": {
"Identifier": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"Names": ["Alice Ring"],
"Description": "A wearable ring computer bought.",
"DeviceSignatureKey": {
"UDF": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"n": "
oQ11i4hTaUpOmH6RSx6yvRgCO9ZC_eDbUYDZGzJn4nnS-5o8532smX7xGhnH8VNM
rd9xp3VhOMI8emuHTbFDvEM3IvAPi4KsfTMZ__Nsl_6tLYhw9ehgN-i5oRcOc7tT
Fbcrs89raMKDhwruRPYScO8SlvVRg31QHtBuC_Z5M5l4g25n311shbeWm1TeDQW3
ISZNYdxZMuzpDG2fojqQXyF5M1oJmvB5HWk5toUUFrv4399NIStYGiRlmjADEjRY
MarkYq-AcMXq3j0vCRTww4b4ZDIOKERMCtpHTeNB2gNk6zV_SxoL6rSsDRTfEFE9
eTxX0Dw7wnklM1ub7ebl6w",
"e": "
AQAB"}}},
"DeviceAuthenticationKey": {
"UDF": "MDNSC-VYX44-3L2DW-CIR3M-TUPLW-I6VP6",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MDNSC-VYX44-3L2DW-CIR3M-TUPLW-I6VP6",
"n": "
2mFfT9Dg0_ROdaFlFyWlpkwajZWF0lOTgQvFJ6Evx9GwhajzqJS6FUUFwkxNQ4TL
rWd4gHF5AcPtJbCnFqIupgy341LsLOPXBzf4tFbn9JD8Ls2DmpxOvXMed4j51yw8
HN-J0slG5MPxQSB4YDUoCQuoSLDirpblQXgqTs_sY-oh_eavBYoyqt-08D8zHfQy
n01tOwZ2EsBz3aWF6D910Tq11lvB_VNF58g9ipPXI1J0ljBQ8Tlv6HT8hfn31g-B
SGT4EfMRUtSo149TthZynve1DfrbNq_tQgTMJBF0I38fr41QYgAi6mJjo8So_BvX
xCoLUMKkG1zTfRuUQ3GS3w",
"e": "
AQAB"}}},
"DeviceEncryptiontionKey": {
"UDF": "MCAOX-46YPX-GAW5J-75V6G-B6OUP-2RG3X",
"PublicParameters": {
"PublicKeyRSA": {
"kid": "MCAOX-46YPX-GAW5J-75V6G-B6OUP-2RG3X",
"n": "
yNvvw3ddU5xc5yGZtN3XYm40aGDmntKHbqgP8csM6p6INfZK5jn9kKggE6vZBXRC
xi0Ko8HrRtK2yfqFRQXItIbbAwEW0DrwsWjBsks3OU2Vxksku81TEQelYJ5uXpI2
_0W0apqqeqG_8njvPvtu1S8Fhpt7uc_bu_h4EabiTK-EaXOKmd7owPtOt5PuL8VR
3JATRj1ytyPy9zJTbHv9iahE7moRHqRtggDbJ4yI0lInT_yawrKxld2qNl9c9JtH
AmtSzhU_XLztuXoA_o-Dlr6mv0p0bKi33SYOjcg08i2VYDabzY_5HJK1UfMqagIp
rxOIkT7k6b5bqgLuEFqt3w",
"e": "
AQAB"}}}}}
Hallam-Baker Expires September 8, 2016 [Page 20]
Internet-Draft Mathematical Mesh Architecture March 2016
The device profile is then signed:
{
"SignedDeviceProfile": {
"Identifier": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUNCRVktMlJWQ1otVk5FT1ot
STQ3SjYtT0FFREwtQVVVV00ifQ",
"payload": "
ewogICJEZXZpY2VQcm9maWxlIjogewogICAgIklkZW50aWZpZXIiOiAiTUNCRVkt
MlJWQ1otVk5FT1otSTQ3SjYtT0FFREwtQVVVV00iLAogICAgIk5hbWVzIjogWyJB
...
In19fX19",
"signature": "
OKsswShxjiC010nuOa14J4oBhsZ2CIuEingj2NzXh1ZUvKspPhedict88bye3BN_
x_bzJifoUAytSICUmuMsCs4iPmnrc4UhiITRg4ZskBQfHa4YTKpywj7h6QVHuIz6
FNVWrpYjlg5hskQHm3uMXswMxrr-8xvOiz8XYOfs7DT-qIIsy9wfrADZZXP1ai9X
Eg16pxvbxvC12lxNqwnZy7G06SnqQJU-VcUCAdcz6zXHFmAc6jFD4ij1FnccwoMJ
VJv7v-9ID0f6YGoyM8iyW6_NKfAo6cYCc021MqGdDJdrfrT7Cm-8vSl3VMlQGkqn
PcyR-G2ySzDX3x4Qd-xqNQ"}}}
8.3.1. Profile Authentication
One of the main architecutral principles of the Mesh is bilateral
authentication. Every device that is connected to a Mesh profile
MUST authenticate the profile it is connecting to and every Mesh
profile administrator MUST authenticate devices that are connected.
Having created the necessary profile, the device MUST verify that it
is connecting to the correct Mesh profile. The best mechanism for
achieving this purpose depends on the capabilities of the device
being connected. The administration device obviously requires some
means of communicating with the user to serve its function. But the
device being connected may have a limited display capability or no
user interaction capability at all.
8.3.1.1. Interactive Devices
If the device has user input and display capabilities, it can verify
that it is connecting to the correct display by first requesting the
user enter the portal account of the profile they wish to connect to,
retreiving the profile associated with the device and displaying the
profile fingerprint.
The client requests the profile for the requested account name:
Hallam-Baker Expires September 8, 2016 [Page 21]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"GetRequest": {
"Account": "alice",
"Multiple": false}}
The response contains the requested profile information.
{
"GetResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully",
"Entries": [{
"SignedPersonalProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJQZXJzb25hbFByb2ZpbGUiOiB7CiAgICAiSWRlbnRpZmllciI6ICJNREpW
QS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRCIsCiAgICAiU2lnbmVkTWFz
...
X0xlbWlnNEdVZ2pBIn19XSwKICAgICJBcHBsaWNhdGlvbnMiOiBbXX19",
"signature": "
Tpqh8sl8K9apRYJWuZ46ApGZMNTM-lgUSr_ASLlLQkXzUILltzxKQi9RNpPdiHwz
-RjcKTmBIrWXTqu94rz7Zn6VjHOMc2WkmKZumiwD0toDznLreFzN5RY7Lf9NXeiD
czoE_DGIcVK-hxlJ7QPSZ4Tv0rmX2c-uwBdNqSr2_TfgE9sgWvIftTfS6rEzcJp8
pxnYMyjRknqg-Y4V5Bwz9iklcPy-K5MbnFFm_cCJikTbmUAG0-oA3HsreyqnfBQH
ckfX-nwYRO0ChV4K86ud4RB0KYORDIEcxVjQS59J_iGG00NrL3KVaQ05zXPt1_UG
KNrppHhqpoon0xnTRIUgAQ"}}}]}}
Having received the profile data, the user can then verify that the
device is attempting to connect to the correct profile by verifying
that the fingerprint shown by the device attempting to connect is
correct.
8.3.1.2. Constrained Interaction Devices
Connection of an Internet of Things 'IoT' device that does not have
the ability to accept user input requires a mechanism by which the
user can identify the device they wish to connect to their profile
and a mechanism to authenticate the profile to the device.
If the connecting device has a wired communication capability such as
a USB port, this MAY be used to effect the device connection using a
standardized interaction profile. But an increasing number of
constrained IoT devices are only capable of wireless communication.
Hallam-Baker Expires September 8, 2016 [Page 22]
Internet-Draft Mathematical Mesh Architecture March 2016
Configuration of such devices for the purpose of the Mesh requires
that we also consider configuration of the wireless networking
capabilities at the same time. The precise mechanism by which this
is achieved is therefore outside the scope of this particular
document. However prototypes have been built and are being
considered that make use of some or all of the following
communication techniques:
o
* Wired serial connection (RS232, RS485).
* DHCP signalling.
* Machine readable device identifiers (barcodes, QRCodes).
* Default device profile installed during manufacture.
* Optical communication path using camera on administrative
device and status light on connecting device to communicate the
device identifier, challenge nonce and confirm profile
fingerprint.
* Speech output on audio capable connecting device.
8.3.2. Connection request
After the user verifies the device fingerprint as correct, the client
posts a device connection request to the portal:
Hallam-Baker Expires September 8, 2016 [Page 23]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"ConnectStartRequest": {
"SignedRequest": {
"Identifier": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUNCRVktMlJWQ1otVk5FT1ot
STQ3SjYtT0FFREwtQVVVV00ifQ",
"payload": "
ewogICJDb25uZWN0aW9uUmVxdWVzdCI6IHsKICAgICJQYXJlbnRVREYiOiAiYWxp
Y2UiLAogICAgIkRldmljZSI6IHsKICAgICAgIklkZW50aWZpZXIiOiAiTUNCRVkt
...
TlEifX19fQ",
"signature": "
CixG1xk8bFADyNCAJP0lqrjuFlMtoIz5hTCiGhKb_4mjgUqW4Fpsj3HydumNRktU
c_7B9AlBO0TD7Z6IS-LbmfhmhQtFElvs9WhB42hqoe-cK_N_fL1T9H1B0QgyesWO
nvZaE5dS3MmIsOCA_VTG_LUDmdqi908wWLHCsDpMkHwC_QD8SW1L0-NlmrJgRXSC
xv2VAJAMAf1LysYyEJ_32Z2XsH7AjI9gWsVnCzbZTaNqJSdjx0mgsCRvj4GBqYGl
txRC9Qr_2R_ye6PxOhBxE7Sl3pSKZqjQKVlTeKizKI6O8L-U2nwgdmwyN8eLMYMD
GNWrP6SrEpPHSMUoCa6Avw"}},
"AccountID": "alice"}}
The portal verifies that the request is accepable and returns the
transaction result:
{
"ConnectStartResponse": {}}
8.3.3. Administrator Polls Pending Connections
The client can poll the portal for the status of pending requests at
any time (modulo any service throttling restrictions at the service
side). But the request status will only change when an update is
posted by an administration device.
Since the user is typically connecting a device to their profile, the
next step in connecting the device is to start the administration
client. When started, the client polls for pending connection
requests using ConnectPendingRequest.
{
"ConnectPendingRequest": {
"AccountID": "alice"}}
The service responds with a list of pending requests:
Hallam-Baker Expires September 8, 2016 [Page 24]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"ConnectPendingResponse": {
"Pending": [{
"Identifier": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUNCRVktMlJWQ1otVk5FT1ot
STQ3SjYtT0FFREwtQVVVV00ifQ",
"payload": "
ewogICJDb25uZWN0aW9uUmVxdWVzdCI6IHsKICAgICJQYXJlbnRVREYiOiAiYWxp
Y2UiLAogICAgIkRldmljZSI6IHsKICAgICAgIklkZW50aWZpZXIiOiAiTUNCRVkt
...
TlEifX19fQ",
"signature": "
CixG1xk8bFADyNCAJP0lqrjuFlMtoIz5hTCiGhKb_4mjgUqW4Fpsj3HydumNRktU
c_7B9AlBO0TD7Z6IS-LbmfhmhQtFElvs9WhB42hqoe-cK_N_fL1T9H1B0QgyesWO
nvZaE5dS3MmIsOCA_VTG_LUDmdqi908wWLHCsDpMkHwC_QD8SW1L0-NlmrJgRXSC
xv2VAJAMAf1LysYyEJ_32Z2XsH7AjI9gWsVnCzbZTaNqJSdjx0mgsCRvj4GBqYGl
txRC9Qr_2R_ye6PxOhBxE7Sl3pSKZqjQKVlTeKizKI6O8L-U2nwgdmwyN8eLMYMD
GNWrP6SrEpPHSMUoCa6Avw"}}]}}
8.3.4. Administrator updates and publishes the personal profile.
The device profile is added to the Personal profile which is then
signed by the online signing key. The administration client
publishes the updated profile to the Mesh through the portal:
{
"PublishRequest": {
"Entry": {
"SignedPersonalProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJQZXJzb25hbFByb2ZpbGUiOiB7CiAgICAiSWRlbnRpZmllciI6ICJNREpW
QS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRCIsCiAgICAiU2lnbmVkTWFz
...
MnlTekRYM3g0UWQteHFOUSJ9fV0sCiAgICAiQXBwbGljYXRpb25zIjogW119fQ",
"signature": "
QK3qK17qqKjrzJpheNMSP8l-Mfids1U8LteXgXtNslyKsN1fsf3Wc3orZRvxkmq3
SiwwkRSY3k1bWGkMQ2-IVGuAVBvDq-ndgrc9zlqx4OGOZHIsUEpMmEMxYCGPWCek
DRmeCg08o-viOXuBGNukjdmoV47AdWjEwp3bim-1RsA4NP5QfdAifesjI37iScUH
HwvraQsPCDmYpoWfzqLiFu-d5OIzf2A6-V73DLw63sxy6POq9XN3uvBVbpeRXD3Z
5zvFp58fprVjpqUqpdiDAecwd47xisxjtN7QNoE1mTuUsjcrz6uWRhe9zkCiAEd1
i02PON8adi7XJD39Fr7TZQ"}}}}}
Hallam-Baker Expires September 8, 2016 [Page 25]
Internet-Draft Mathematical Mesh Architecture March 2016
As usual, the service returns the response code:
{
"PublishResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully"}}
8.3.5. Administrator posts completion request.
Having accepted the device and connected it to the profile, the
administration client creates and signs a connection completion
result which is posted to the portal using ConnectCompleteRequest:
{
"ConnectCompleteRequest": {
"Result": {
"Identifier": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJDb25uZWN0aW9uUmVzdWx0IjogewogICAgIkRldmljZSI6IHsKICAgICAg
IklkZW50aWZpZXIiOiAiTUNCRVktMlJWQ1otVk5FT1otSTQ3SjYtT0FFREwtQVVV
...
dGVkIn19",
"signature": "
KP_5t5TeJEXXkw19wCpGcim8tIkElcpsIAUId7f8WabrQUNDGNEYox-1QrBaCCuC
X8hud2kRZimhG-f8rWnOcXe4tDU8y1eoNeiGC_TijV_Bb189XDKpZobDtVSXLvhB
YZp10T3RlzUEhMAPVUXJqf5yMIgJHnTTKzlT_cwNvnRSGMAnY2NLEg-lQ3FHkiiX
copSUGQ9SzXuMSKu5b29Rdgqz-9C_-v5N7x9gNuU-YliEZACFfMMylUlfIWN4aYw
TU8m-XckHkuKN75TNdH_gRAe6RqgbdYa_gQS5IhwZ5bbv2TGQe6T6ap7_92SFvNT
Ew6pGGbAdBJ6RAwrZFbo2A"}},
"AccountID": "alice"}}
Again, the service returns the response code:
{
"ConnectCompleteResponse": {}}
8.3.6. Connecting device polls for status update.
As stated previously, the connecting device polls the portal
periodically to determine the status of the pending request using
ConnectStatusRequest:
Hallam-Baker Expires September 8, 2016 [Page 26]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"ConnectStatusRequest": {
"AccountID": "alice",
"DeviceID": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM"}}
If the response is that the connection status has not changed, the
service MAY return a response that specifies a minimum retry
interval. In this case however there is a connection result:
{
"ConnectStatusResponse": {
"Result": {
"Identifier": "MCBEY-2RVCZ-VNEOZ-I47J6-OAEDL-AUUWM",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJDb25uZWN0aW9uUmVzdWx0IjogewogICAgIkRldmljZSI6IHsKICAgICAg
IklkZW50aWZpZXIiOiAiTUNCRVktMlJWQ1otVk5FT1otSTQ3SjYtT0FFREwtQVVV
...
dGVkIn19",
"signature": "
KP_5t5TeJEXXkw19wCpGcim8tIkElcpsIAUId7f8WabrQUNDGNEYox-1QrBaCCuC
X8hud2kRZimhG-f8rWnOcXe4tDU8y1eoNeiGC_TijV_Bb189XDKpZobDtVSXLvhB
YZp10T3RlzUEhMAPVUXJqf5yMIgJHnTTKzlT_cwNvnRSGMAnY2NLEg-lQ3FHkiiX
copSUGQ9SzXuMSKu5b29Rdgqz-9C_-v5N7x9gNuU-YliEZACFfMMylUlfIWN4aYw
TU8m-XckHkuKN75TNdH_gRAe6RqgbdYa_gQS5IhwZ5bbv2TGQe6T6ap7_92SFvNT
Ew6pGGbAdBJ6RAwrZFbo2A"}}}}
[Should probably unpack further.]
8.4. Adding an application profile to a user profile
Application profiles are published separately from the personal
profile to which they are linked. This allows a device to be given
administration capability for a particular application without
granting administration capability for the profile itself and the
ability to connect additional profiles and devices.
Another advantage of this separation is that an application profile
might be managed by a separate party. In an enterprise, the
application profile for a user's corporate email account could be
managed by the corporate IT department.
A user MAY have multiple application profiles for the same
application. If a user has three email accounts, they would have
three email application profiles, one for each account.
Hallam-Baker Expires September 8, 2016 [Page 27]
Internet-Draft Mathematical Mesh Architecture March 2016
In this example, the user has requested a PaswordProfile to be
created. When populated, this records the usernames and passwords
for the various Web sites that the user has created accounts at and
has requested the Web browser store in the Mesh.
Unlike a traditional password management service, the data stored the
Password Profile is encrypted end to end and can only be decrypted by
the devices that hold a decryption key.
{
"PasswordProfile": {
"Identifier": "MCSJQ-ENQ6L-IJZH5-MCLCC-SE2NG-3T5F2-A",
"EncryptedData": {
"protected": "
ewogICJhbGciOiAiQUUxMjgifQ",
"iv": "
G3CweSUBT8omE_VT9SCuZw",
"ciphertext": "
_JR9uX63-CkvvvJS0axnJxCChcBqe0mYv4M2xjHDaZqE6oUkQS7ZnHOTTmKO748r",
"recipients": [{
"Header": {
"kid": "MBLYV-KC666-JGASF-7RCNB-DAHQ2-JMTA2"},
"encrypted_key": "
ZATx6Rivrr_qGmHbbKGV7tcnm_9UgRspFXu4oti6O9kRjglHS7wnvu5IpmDk5szv
Eq_Zh7X7m3vxsxfvsKrAPKVnpVMx10847apFrAmvwbHNmX1a_rxtxxdzHAgDtJT0
xJ4sch-CAEyudB_k2UNw1cpRtVm02x6sWyVtfTStFSADYw86bFvf4jHQBcv9FxHO
r_EVvE5D-XuQC4ROB8ozbZnadQgQxrZYBfxyNfZfnMigeotzlD_q_lsHua3ffXGA
7ZYi02TPPqwKwcoTBy2DdjE1IR0EFcycInNwb87nyxmOVqezOIZNt_2sOJm0I4Ui
kYQCDogUcrwqqcuycXQsdw"},
{
"Header": {
"kid": "MCAOX-46YPX-GAW5J-75V6G-B6OUP-2RG3X"},
"encrypted_key": "
KRZ9IfGlNADsgNdIs0L_H-Drs_1FhtRARGP3NdZxF9JfiuN6YDF5tPaJFQ0wfrFV
JKOc5PTe5UWiDPSXy_FFQb6-Cg00uJ5TcQceZoePZqmGYbxYoqQPL2MBCP5g1yvW
xLoGTdqk7pJC8GkGUejMbsv5c2nNR4GT1mpj-E7FXyXD914pwmxwroubdbvTAUYy
QLXAiZ20vXxFzWmdf13QZ31nRNBBorCS1EBcapxfih9H_QCiutukN4Yxoj-Cjy5O
1ogSP0GKJlchiKkypNJ6TgvuR743x7YybDvcPMUk1hMR1GteknI2dGSAADRQupF_
7huHRXxYODuSgfq0jRf14Q"}]}}}
The application profile is published to the Mesh in the same way as
any other profile update, via a a Publish transaction:
Hallam-Baker Expires September 8, 2016 [Page 28]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"PublishRequest": {
"Entry": {
"SignedApplicationProfile": {
"Identifier": "MCSJQ-ENQ6L-IJZH5-MCLCC-SE2NG-3T5F2-A",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJQYXNzd29yZFByb2ZpbGUiOiB7CiAgICAiSWRlbnRpZmllciI6ICJNQ1NK
US1FTlE2TC1JSlpINS1NQ0xDQy1TRTJORy0zVDVGMi1BIiwKICAgICJFbmNyeXB0
...
MmRHU0FBRFJRdXBGXwo3aHVIUlh4WU9EdVNnZnEwalJmMTRRIn1dfX19",
"signature": "
i4s0nRQj3nA5sWrAzmTrBBqgRJxP7npPYUAjK4ChVBy8GKq64aldCSbeO7fzDO20
4zcgyGnOUKi8AQmSTj8qHdLnGLq9zAXtFoYnHa7N5PevYLATxDNTnauHgewOufyM
XxF4ImepbFZRHcoHhHOWxp-qG7RkptMwqP-3g9-4pAxRUqJWzfWjoxzhy0z0_Tal
21b6I37E-UwwJd271UNkY1b24lHILuMvvgfB1hvzu-O6bDdExIt4iN88jkw7rvQi
7veQA9D-aiAyQmwtasD9uIyKo8GdhLUOrThjQkap8xf3Dfmhd-mt-AmCQjQ_gpvS
iOW-sGdz8x4VjUXDLlwSqQ"}}}}}
The service returns a status response.
{
"PublishResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully"}}
Note that the degree of verification to be performed by the service
when an application profile is published is an open question.
Having created the application profile, the administration client
adds it to the personal profile and publishes it:
Hallam-Baker Expires September 8, 2016 [Page 29]
Internet-Draft Mathematical Mesh Architecture March 2016
{
"PublishRequest": {
"Entry": {
"SignedPersonalProfile": {
"Identifier": "MDJVA-GWBES-2YXPA-7FHWU-GNTHE-D2ELD",
"SignedData": {
"header": "
ewogICJhbGciOiAiUlM1MTIiLAogICJraWQiOiAiTUJLTUctNlFWNUstNVBTWEYt
NlRMVVAtWFhMUkItRkVNVlQifQ",
"payload": "
ewogICJQZXJzb25hbFByb2ZpbGUiOiB7CiAgICAiSWRlbnRpZmllciI6ICJNREpW
QS1HV0JFUy0yWVhQQS03RkhXVS1HTlRIRS1EMkVMRCIsCiAgICAiU2lnbmVkTWFz
...
MnlTekRYM3g0UWQteHFOUSJ9fV0sCiAgICAiQXBwbGljYXRpb25zIjogW119fQ",
"signature": "
QK3qK17qqKjrzJpheNMSP8l-Mfids1U8LteXgXtNslyKsN1fsf3Wc3orZRvxkmq3
SiwwkRSY3k1bWGkMQ2-IVGuAVBvDq-ndgrc9zlqx4OGOZHIsUEpMmEMxYCGPWCek
DRmeCg08o-viOXuBGNukjdmoV47AdWjEwp3bim-1RsA4NP5QfdAifesjI37iScUH
HwvraQsPCDmYpoWfzqLiFu-d5OIzf2A6-V73DLw63sxy6POq9XN3uvBVbpeRXD3Z
5zvFp58fprVjpqUqpdiDAecwd47xisxjtN7QNoE1mTuUsjcrz6uWRhe9zkCiAEd1
i02PON8adi7XJD39Fr7TZQ"}}}}}
Note that if the publication was to happen in the reverse order, with
the personal profile being published before the application profile,
the personal profile might be rejected by the portal for
inconsistency as it links to a non existent application profile.
Though the value of such a check is debatable. It might well be
preferable to not make such checks as it permits an application
profile to have a degree of anonymity.
{
"PublishResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully"}}
8.5. Creating a recovery profile
The Mesh invites users to put all their data eggs in one
cryptographic basket. If the private keys in their master profile
are lost, they could lose all their digital assets.
The debate over the desirability of key escrow is a complex one. Not
least because voluntary key escrow by the user to protect the user's
digital assets is frequently conflated with mechanisms to support
'Lawful Access' through government managed backdoors.
Accidents happen and so do disasters. For most users and most
applications, data loss is a much more important concern than data
Hallam-Baker Expires September 8, 2016 [Page 30]
Internet-Draft Mathematical Mesh Architecture March 2016
disclosure. The option of using a robust key recovery mechanism is
therefore essential for use of strong cryptography is to become
ubiquitous.
There are of course circumstances in which some users may prefer to
risk losing some of their data rather than risk disclosure. Since
any key recovery infrastructure necessarily introduces the risk of
coercion, the choice of whether to use key recovery or not is left to
the user to decide.
The Mesh permits users to escrow their private keys in the Mesh
itself in an OfflineEscrowEntry. Such entries are encrypted using
the strongest degree of encryption available under a symmetric key.
The symmetric key is then in turn split using Shamir secret sharing
using an n of m threshold scheme.
The OfflineEscrowEntry identifier is a UDF fingerprint of the
symmetric key used to encrypt the data. This guarantees that a party
that has the decryption key has the ability to locate the
corresponding Escrow entry.
The OfflineEscrowEntry is published using the usual Publish
transaction:
{
"PublishRequest": {
"Entry": {
"OfflineEscrowEntry": {
"Identifier": "MA2J2-OQI55-PSIGB-LZRY2-KMBCI-HNNNR",
"EncryptedData": {
"protected": "
ewogICJhbGciOiAiQUUxMjgifQ",
"iv": "
gkV_n1ibVtSfrfXAAgha7A",
"ciphertext": "
X7tqES5Qw4mUvpjHayZf-sVKf9WPCyOTWkAG2ZXue2vbMWauYtEBVokXGJv1oQVD
1YqNzMOhcPA619L3k9qiVecNk2Q5lLw2fsYPulml3CMfUw1VOg29NH4uIZbjlCnq
...
bj3d_6tV34PbzN5s8xinXqrz3_8a1Rr8dEE2tcxZdPoBZdakVphjGmH-Py8kXjgS"}}}}}
The response indicates success or failure:
{
"PublishResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully"}}
Hallam-Baker Expires September 8, 2016 [Page 31]
Internet-Draft Mathematical Mesh Architecture March 2016
8.6. Recovering a profile
To recover a profile, the user MUST supply the necessary number of
secret shares. These are then used to calculate the UDF fingerprint
to use as the locator in a Get transaction:
{
"GetRequest": {
"Identifier": "MA2J2-OQI55-PSIGB-LZRY2-KMBCI-HNNNR",
"Multiple": false}}
If the transaction succeeds, GetResponse is returned with the
requested data.
{
"GetResponse": {
"Status": 201,
"StatusDescription": "Operation completed successfully",
"Entries": [{
"OfflineEscrowEntry": {
"Identifier": "MA2J2-OQI55-PSIGB-LZRY2-KMBCI-HNNNR",
"EncryptedData": {
"protected": "
ewogICJhbGciOiAiQUUxMjgifQ",
"iv": "
gkV_n1ibVtSfrfXAAgha7A",
"ciphertext": "
X7tqES5Qw4mUvpjHayZf-sVKf9WPCyOTWkAG2ZXue2vbMWauYtEBVokXGJv1oQVD
1YqNzMOhcPA619L3k9qiVecNk2Q5lLw2fsYPulml3CMfUw1VOg29NH4uIZbjlCnq
...
bj3d_6tV34PbzN5s8xinXqrz3_8a1Rr8dEE2tcxZdPoBZdakVphjGmH-Py8kXjgS"}}}]}}
The client can now decrypt the OfflineEscrowEntry to recover the
private key(s).
9. Transparent Audit
Can be performed by any party that is a participant in the InterMesh
protocol or subsequently in an offline transaction.
10. Security Considerations
Security Considerations are addressed in the companion document
[draft-hallambaker-mesh-reference]
Hallam-Baker Expires September 8, 2016 [Page 32]
Internet-Draft Mathematical Mesh Architecture March 2016
11. IANA Considerations
IANA Considerations are addressed in the companion document [draft-
hallambaker-mesh-reference]
12. Acknowledgements
Comodo Group: Egemen Tas, Melhi Abdulhayo?lu, Rob Stradling, Robin
Alden.
13. References
13.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997.
[RFC3977] Feather, C., "Network News Transfer Protocol (NNTP)",
RFC 3977, DOI 10.17487/RFC3977, October 2006.
[RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
2014.
[RFC6962] Laurie, B., Langley, A., and E. Kasper, "Certificate
Transparency", RFC 6962, DOI 10.17487/RFC6962, June 2013.
[RFC5822] "[Reference Not Found!]".
[draft-hallambaker-udf]
"[Reference Not Found!]".
[draft-hallambaker-mesh-reference]
"[Reference Not Found!]".
13.2. Informative References
[RFC4644] Vinocur, J. and K. Murchison, "Network News Transfer
Protocol (NNTP) Extension for Streaming Feeds", RFC 4644,
DOI 10.17487/RFC4644, October 2006.
[RFC822] "[Reference Not Found!]".
Hallam-Baker Expires September 8, 2016 [Page 33]
Internet-Draft Mathematical Mesh Architecture March 2016
Author's Address
Phillip Hallam-Baker
Comodo Group Inc.
Email: philliph@comodo.com
Hallam-Baker Expires September 8, 2016 [Page 34]