Mathematical Mesh: Platform Configuration
draft-hallambaker-mesh-platform-01

Versions: 00 01                                                         
Network Working Group                                    P. Hallam-Baker
Internet-Draft                                         Comodo Group Inc.
Intended status: Informational                        September 18, 2017
Expires: March 22, 2018


               Mathematical Mesh: Platform Configuration
                   draft-hallambaker-mesh-platform-01

Abstract

   The Mathematical Mesh ?The Mesh? is an end-to-end secure
   infrastructure that facilitates the exchange of configuration and
   credential data between multiple user devices.  This document
   describes how Mesh profiles are stored for application access on
   Windows, Linux and OSX platforms.

   This document is also available online at
   http://prismproof.org/Documents/draft-hallambaker-mesh-platform.html
   [1] .

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 22, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect



Hallam-Baker             Expires March 22, 2018                 [Page 1]


Internet-Draft  Mathematical Mesh Platform Configuration  September 2017


   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
     2.2.  Defined Terms . . . . . . . . . . . . . . . . . . . . . .   3
     2.3.  Related Specifications  . . . . . . . . . . . . . . . . .   3
     2.4.  Implementation Status . . . . . . . . . . . . . . . . . .   3
   3.  Windows Platform Configuration  . . . . . . . . . . . . . . .   3
     3.1.  Registry Key Entries  . . . . . . . . . . . . . . . . . .   4
     3.2.  Data File Locations . . . . . . . . . . . . . . . . . . .   5
     3.3.  Key Store Entries . . . . . . . . . . . . . . . . . . . .   5
     3.4.  Profiles  . . . . . . . . . . . . . . . . . . . . . . . .   5
       3.4.1.  Locating a personal profile . . . . . . . . . . . . .   5
       3.4.2.  Locating a device profile . . . . . . . . . . . . . .   5
       3.4.3.  Locating an application profile . . . . . . . . . . .   5
   4.  OSX Platform Configuration  . . . . . . . . . . . . . . . . .   5
     4.1.  Key Storage . . . . . . . . . . . . . . . . . . . . . . .   6
   5.  Linux Platform Configuration  . . . . . . . . . . . . . . . .   6
     5.1.  Key Storage . . . . . . . . . . . . . . . . . . . . . . .   6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   7.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   7
     8.2.  Informative References  . . . . . . . . . . . . . . . . .   7
     8.3.  URIs  . . . . . . . . . . . . . . . . . . . . . . . . . .   7
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   This document describes recommended platform specific configuration
   for Mathematical Mesh applications.  The use of common conventions
   for storage of profiles and private keys allows mesh enabled
   applications to interoperate on the same machine.

   Protecting private key material from disclosure to other processes
   presents complex and difficult technical challenges.  Ensuring that a
   key is properly erased from storage before memory is released relies
   on a complex series of assumptions about memory management at the
   compiler, operating system and the platform level.

   For maximum security, the use of private key storage facilities
   provided by the platform is preferred.



Hallam-Baker             Expires March 22, 2018                 [Page 2]


Internet-Draft  Mathematical Mesh Platform Configuration  September 2017


2.  Definitions

   This section presents the related specifications and standard, the
   terms that are used as terms of art within the documents and the
   terms used as requirements language.

2.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119] .

2.2.  Defined Terms

   The terms of art used in this document are described in the Mesh
   Architecture Guide [draft-hallambaker-mesh-architecture] .

2.3.  Related Specifications

   The architecture of the Mathematical Mesh is described in the Mesh
   Architecture Guide [draft-hallambaker-mesh-architecture] . The Mesh
   documentation set and related specifications are described in this
   document.

2.4.  Implementation Status

   The implementation status of the reference code base is described in
   the companion document [draft-hallambaker-mesh-developer] .

3.  Windows Platform Configuration

   The Windows Configuration is stored in a combination of Windows Key
   Store entries, registry entries and data files.

   The profiles that are available to a user are specified as Windows
   registry keys.

   Cached and archival copies of profiles are stored on the local
   machine as data files with file names and locations specified in the
   Windows registry.

   Cryptographic keys are stored in a Windows key store.

   To locate a device, application or personal profile, an application:

   Searches for a Windows registry entry that matches the relevant
   criteria.




Hallam-Baker             Expires March 22, 2018                 [Page 3]


Internet-Draft  Mathematical Mesh Platform Configuration  September 2017


   Retrieves the profile data from either a local cached copy or the
   corresponding portal.

   Accesses the corresponding private keys through the Windows key
   store.

   The Windows Key store is the natural storage location for
   cryptographic keys on the Windows platform as keys are at minimum
   protected by the operating system access control mechanism.  The
   Windows key store also permits the use of cryptographic hardware
   devices.

3.1.  Registry Key Entries

   All keys used by the Mathematical Mesh are stored in the following
   Windows registry location:

   HKEY_CURRENT_USER\SOFTWARE\CryptoMesh

   This location has the following sub keys:

   PersonalProfiles  (Default) -> UDF fingerprint of the default
      personal profile

   PersonalProfiles\<UDF>  (Default) -> File location for the
      profile.

      Archive -> File location for the profile archive.

      Portals -> Multistring containing portal accounts to which the
      profile is registered.  The default portal is first.

   ApplicationProfiles  Web -> UDF fingerprint of default Web
      Application profile

      SSH -> UDF fingerprint of default SSH Application profile

      Network -> UDF fingerprint of default network Application profile

      Mail -> UDF fingerprint of default Mail Application profile

      <UDF Fingerprint of profile> -> File location of profile

   DeviceProfiles  (Default) -> UDF fingerprint of default device
      profile

      <UDF Fingerprint of Device profile> -> File location of device
      profile



Hallam-Baker             Expires March 22, 2018                 [Page 4]


Internet-Draft  Mathematical Mesh Platform Configuration  September 2017


3.2.  Data File Locations

   ApplicationData \CryptoMesh\

3.3.  Key Store Entries

3.4.  Profiles

3.4.1.  Locating a personal profile

   To locate the default personal profile, an application:

   Retrieves the key PersonalProfiles\(Default) to get <UDF>

   Locates the profile with identifier <UDF>

   To locate the personal profile with identifier UDF, an application:

   Retrieves the key PersonalProfiles\<UDF>

   Retrieves the latest version of the profile from the location
   specified in PersonalProfiles\<UDF>\(Default)

   If necessary, the profile is refreshed from one of the accounts
   specified in PersonalProfiles\<UDF>\Portal

   In case of an inconsistency being detected, the application MAY use
   the archived copies of the profile to resynchronize.

   Note that having been connected to a profile at some time in the past
   does not guarantee that a device currently has access, even if the
   device in question was an administration device for the profile.

3.4.2.  Locating a device profile

   To locate a device profile an application

3.4.3.  Locating an application profile

   To locate a device profile an application

4.  OSX Platform Configuration

   The OSX configuration is stored in a combination of a master
   configuration file, profile data files and the OSX KeyChain

   The profiles that are available to a user are stored in a JSON
   configuration file



Hallam-Baker             Expires March 22, 2018                 [Page 5]


Internet-Draft  Mathematical Mesh Platform Configuration  September 2017


   Cached and archival copies of profiles are stored on the local
   machine as data files with file names and locations specified in the
   JSON configuration file

   Cryptographic keys are stored in the OSX Key Chain.

   File locations

   The JSON Configuration file is stored in ~/.cryptomesh/profiles.json

   Profile data files are stored in a directory ~/.cryptomesh/<UDF>

   The latest copy of the profile is stored in <UDF>.mmm

   An archive containing all the stored profiles is stored in
   <UDF>.all.mmm

4.1.  Key Storage

   Private keys are stored in the OSX Key Manager in some fashion to be
   decided later.

5.  Linux Platform Configuration

   The Linux configuration is stored in a combination of a master
   configuration file, profile data files and private key files.

   The file layout of the Linux configuration and data files is
   identical to that of OSX.

5.1.  Key Storage

   Private Keys are stored in the locations that the Linux applications
   that are to use them expect to find them.

6.  IANA Considerations

   None

7.  Acknowledgements

   TBS

8.  References







Hallam-Baker             Expires March 22, 2018                 [Page 6]


Internet-Draft  Mathematical Mesh Platform Configuration  September 2017


8.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997.

8.2.  Informative References

   [draft-hallambaker-mesh-architecture]
              Hallam-Baker, P., "Mathematical Mesh: Architecture",
              draft-hallambaker-mesh-architecture-03 (work in progress),
              May 2017.

   [draft-hallambaker-mesh-developer]
              Hallam-Baker, P., "Mathematical Mesh: Reference
              Implementation", draft-hallambaker-mesh-developer-04 (work
              in progress), September 2017.

8.3.  URIs

   [1] http://prismproof.org/Documents/draft-hallambaker-mesh-
       platform.html

Author's Address

   Phillip Hallam-Baker
   Comodo Group Inc.

   Email: philliph@comodo.com






















Hallam-Baker             Expires March 22, 2018                 [Page 7]