Network Working Group                                    P. Hallam-Baker
Internet-Draft                                         Comodo Group Inc.
Intended status: Standards Track                        January 14, 2016
Expires: July 17, 2016


               Mathematical Mesh: Client-Service Profiles
                  draft-hallambaker-mesh-reference-00

Abstract

   The Mathematical Mesh ?The Mesh? is an end-to-end secure
   infrastructure that facilitates the exchange of configuration and
   credential data between multiple user devices.  The core protocols of
   the Mesh are described with examples of common use cases and
   reference data.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 17, 2016.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Hallam-Baker              Expires July 17, 2016                 [Page 1]


Internet-Draft            Mathematical Mesh CSP             January 2016


1.  Introduction

   NB: The reference material in this document is generated from the
   schema used to derive the source code.  The tool used to create this
   material has not been optimized to produce output for the IETF
   documentation format at this time.  Consequently the formatting is
   currently sub-optimal.

2.  Definitions

2.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

3.  Use Scenarios

3.1.  Create Profile

3.2.  Connect Device

3.3.  Add Application

3.4.  Update Application

3.5.  Delete Device

3.6.  Key Recovery

4.  Architecture

4.1.  Data Model

4.1.1.  First Class Object

4.1.2.  Profile

   A profile is a first class object.  It has a globally unique
   identifier that provides an unambiguous reference to the profile in
   any situation.

4.1.3.  Record

   A record describes the state of an object at the completion of a
   specific Transaction.





Hallam-Baker              Expires July 17, 2016                 [Page 2]


Internet-Draft            Mathematical Mesh CSP             January 2016


4.1.4.  Transaction

   A transaction is an event in which the state of an object changes.
   Every transaction has a globally unique transaction identifier.
   Transaction identifiers are issued in a monotonic sequence such that
   a transaction that completes at time t1 will always have a lower
   transaction identifier than one that begins at time t2 where t2 > t1.

4.2.  Profile Types



      Master Profile

      Personal Profile

      Application Profile

      Device Profile

4.3.  03627755Figure SEQ Figure \* ARABIC 1: Relationship of Profile
      TypesFigure SEQ Figure \* ARABIC 1: Relationship of Profile
      TypesMaster Profile

   The master profile contains the axioms of trust for a Mesh user.



      Identifier: ?Master? + UDF Fingerprint of the Master Signing Key

      Signature: Master Signing Key  The key used to sign the profile
         MUST be MasterSigningKey

      Property: Master Signing Key  The Master Signing key is the
         ultimate trust axiom for the Master Profile.

      Property: Master Escrow Keys

      Property: Online Signature Keys

4.4.  Personal Profile



      Identifier: UDF Fingerprint of the Master Signing Key

      Signature: Online Signature Key  The key used to sign the profile
         MUST be a member of MasterProfile/OnlineSignatureKeys



Hallam-Baker              Expires July 17, 2016                 [Page 3]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Property: Master Profile  The Master Profile that this personal
         profile is an instance of.

      Property: Devices

      Property: Applications  A list of application profile entries
         specifying which application profiles are attached to the
         personal profile

4.5.  Device Profile



      Identifier: UDF Fingerprint of the Device Signing Key

      Signature: Device Signing Key  The key used to sign the profile
         MUST be MasterSigningKey

      Property: Device Signing Key  The Master Signing key is the
         ultimate trust axiom for the Master Profile.

      Property: Device Encryption Key

      Property: Device Authentication Key

4.6.  Application Profile



      Identifier: Randomly chosen

      Property: Encrypted Data

5.  MeshItem

5.1.  MeshItem Transactions

5.2.  MeshItem Messages

5.3.  MeshItem Structures

5.3.1.  Structure: Entry



      Identifier :   String [0..1]





Hallam-Baker              Expires July 17, 2016                 [Page 4]


Internet-Draft            Mathematical Mesh CSP             January 2016


   Globally unique identifier that remains constant for the lifetime of
   the entry.

5.3.2.  Structure: SignedProfile

   Contains a signed profile entry



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      SignedData :   JoseWebSignature [0..1]

   The signed profile

5.3.3.  Structure: SignedDeviceProfile

   Contains a signed device profile



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      SignedData :   JoseWebSignature [0..1]

   The signed profile

5.3.4.  Structure: SignedMasterProfile

   Contains a signed Personal master profile



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.




Hallam-Baker              Expires July 17, 2016                 [Page 5]


Internet-Draft            Mathematical Mesh CSP             January 2016


      SignedData :   JoseWebSignature [0..1]

   The signed profile

5.3.5.  Structure: SignedPersonalProfile

   Contains a signed Personal current profile



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      SignedData :   JoseWebSignature [0..1]

   The signed profile

5.3.6.  Structure: SignedApplicationProfile

   Contains a signed device profile



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      SignedData :   JoseWebSignature [0..1]

   The signed profile

5.3.7.  Structure: EncryptedProfile

   Contains an encrypted profile entry



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



Hallam-Baker              Expires July 17, 2016                 [Page 6]


Internet-Draft            Mathematical Mesh CSP             January 2016


      EncryptedData :   JoseWebEncryption [0..1]

   The signed and encrypted profile

5.3.8.  Structure: Profile

   Parent class from which all profile types are derrived



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.

5.3.9.  Structure: MasterProfile

   Describes the long term parameters associated with a personal
   profile.



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.




Hallam-Baker              Expires July 17, 2016                 [Page 7]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.



      MasterSignatureKey :   PublicKey [0..1]

   The root of trust for the Personal PKI, the public key of the PMSK is
   presented as a self-signed X.509v3 certificate with Certificate
   Signing use enabled.  The PMSK is used to sign certificates for the
   PMEK, POSK and PKEK keys.



      MasterEscrowKeys :   PublicKey [0..Many]

   A Personal Profile MAY contain one or more PMEK keys to enable escrow
   of private keys used for stored data.



      OnlineSignatureKeys :   PublicKey [0..Many]

   A Personal profile contains at least one POSK which is used to sign
   device administration application profiles.

5.3.10.  Structure: PersonalProfile

   Describes the current applications and devices connected to a
   personal master profile.





Hallam-Baker              Expires July 17, 2016                 [Page 8]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.



      SignedMasterProfile :   SignedMasterProfile [0..1]

   The corresponding master profile.  The profile MUST be signed by the
   PMSK.



      Devices :   SignedDeviceProfile [0..Many]

   The set of device profiles connected to the profile.  The profile
   MUST be signed by the DSK in the profile.



      Applications :   ApplicationProfileEntry [0..Many]

   Application profiles connected to this profile.






Hallam-Baker              Expires July 17, 2016                 [Page 9]


Internet-Draft            Mathematical Mesh CSP             January 2016


5.3.11.  Structure: ApplicationProfileEntry



      Identifier :   String [0..1]

   The unique identifier of the application



      Type :   String [0..1]

   The application type



      Friendly :   String [0..1]

   Optional friendly name identifying the application.



      SignID :   String [0..Many]

   List of devices authorized to sign application profiles



      DecryptID :   String [0..Many]

   List of devices authorized to read private parts of application
   profiles

5.3.12.  Structure: DeviceProfile

   Describes a mesh device.



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]




Hallam-Baker              Expires July 17, 2016                [Page 10]


Internet-Draft            Mathematical Mesh CSP             January 2016


   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.



      Description :   String [0..1]

   Description of the device



      DeviceSignatureKey :   PublicKey [0..1]

   Key used to sign certificates for the DAK and DEK.  The fingerprint
   of the DSK is the UniqueID of the Device Profile



      DeviceAuthenticationKey :   PublicKey [0..1]

   Key used to authenticate requests made by the device.



      DeviceEncryptiontionKey :   PublicKey [0..1]

   Key used to pass encrypted data to the device such as a
   DeviceUseEntry

5.3.13.  Structure: DevicePrivateProfile

   Private portion of device encryption profile.





Hallam-Baker              Expires July 17, 2016                [Page 11]


Internet-Draft            Mathematical Mesh CSP             January 2016


      DeviceSignatureKey :   Key [0..1]

   Private portion of the DeviceSignatureKey



      DeviceAuthenticationKey :   Key [0..1]

   Private portion of the DeviceAuthenticationKey



      DeviceEncryptiontionKey :   Key [0..1]

   Private portion of the DeviceEncryptiontionKey

5.3.14.  Structure: ApplicationProfile

   Parent class from which all application profiles inherit.



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.




Hallam-Baker              Expires July 17, 2016                [Page 12]


Internet-Draft            Mathematical Mesh CSP             January 2016


      EncryptedData :   JoseWebEncryption [0..1]

   Encrypted application data

5.3.15.  Structure: PasswordProfile

   Stores usernames and passwords



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.



      EncryptedData :   JoseWebEncryption [0..1]

   Encrypted application data

5.3.16.  Structure: PasswordProfilePrivate



      Entries :   PasswordEntry [0..Many]




Hallam-Baker              Expires July 17, 2016                [Page 13]


Internet-Draft            Mathematical Mesh CSP             January 2016


   [TBS]

5.3.17.  Structure: PasswordEntry

   Username password entry for a single site



      Sites :   String [0..Many]

   DNS name of site *.example.com matches www.example.com etc.



      Username :   String [0..1]

   Case sensitive username



      Password :   String [0..1]

   Case sensitive password.

5.3.18.  Structure: MailProfile

   Public profile describes mail receipt policy.  Private describes
   Sending policy



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]




Hallam-Baker              Expires July 17, 2016                [Page 14]


Internet-Draft            Mathematical Mesh CSP             January 2016


   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.



      EncryptedData :   JoseWebEncryption [0..1]

   Encrypted application data



      EncryptionPGP :   PublicKey [0..1]

   The current OpenPGP encryption key



      EncryptionSMIME :   PublicKey [0..1]

   The current S/MIME encryption key

5.3.19.  Structure: MailProfilePrivate

   Describes a mail account configuration

   Private profile contains connection settings for the inbound and
   outbound mail server(s) and cryptographic private keys.  Public
   profile may contain security policy information for the sender.



      EmailAddress :   String [0..1]

   The RFC822 Email address. [e.g. "alice@example.com"]



      ReplyToAddress :   String [0..1]

   The RFC822 Reply toEmail address. [e.g. "alice@example.com"]





Hallam-Baker              Expires July 17, 2016                [Page 15]


Internet-Draft            Mathematical Mesh CSP             January 2016


   When set, allows a sender to tell the receiver that replies to this
   account should be directed to this address.



      DisplayName :   String [0..1]

   The Display Name. [e.g.  "Alice Example"]



      AccountName :   String [0..1]

   The Account Name for display to the app user [e.g.  "Work Account"]



      Inbound :   Connection [0..Many]

   The Inbound Mail Connection(s).  This is typically IMAP4 or POP3

   If multiple connections are specified, the order in the sequence
   indicates the preference order.



      Outbound :   Connection [0..Many]

   The Outbound Mail Connection(s).  This is typically SMTP/SUBMIT

   If multiple connections are specified, the order in the sequence
   indicates the preference order.



      Sign :   PublicKey [0..Many]

   The public keypair(s) for signing and decrypting email.

   If multiple public keys are specified, the order indicates
   preference.



      Encrypt :   PublicKey [0..Many]

   The public keypairs for encrypting and decrypting email.




Hallam-Baker              Expires July 17, 2016                [Page 16]


Internet-Draft            Mathematical Mesh CSP             January 2016


   If multiple public keys are specified, the order indicates
   preference.

5.3.20.  Structure: NetworkProfile

   Describes the network profile to follow



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      Names :   String [0..Many]

   Fingerprints of index terms for profile retrieval.  The use of the
   fingerprint of the name rather than the name itself is a precaution
   against enumeration attacks and other forms of abuse.



      Updated :   DateTime [0..1]

   The time instant the profile was last modified.



      NotaryToken :   String [0..1]

   A Uniform Notary Token providing evidence that a signature was
   performed after the notary token was created.



      EncryptedData :   JoseWebEncryption [0..1]

   Encrypted application data

5.3.21.  Structure: NetworkProfilePrivate

   Describes the network profile to follow



      Sites :   String [0..Many]



Hallam-Baker              Expires July 17, 2016                [Page 17]


Internet-Draft            Mathematical Mesh CSP             January 2016


   DNS name of sites to which profile applies *.example.com matches
   www.example.com etc.



      DNS :   Connection [0..Many]

   DNS Resolution Services



      Prefix :   String [0..Many]

   DNS prefixes to search



      CTL :   Binary [0..1]

   Certificate Trust List giving WebPKI roots to trust



      WebPKI :   String [0..Many]

   List of UDF fingerprints of keys making up the trust roots to be
   accepted for Web PKI purposes.

5.3.22.  Structure: EscrowEntry

   Contains escrowed data



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      EncryptedData :   JoseWebEncryption [0..1]

   [TBS]







Hallam-Baker              Expires July 17, 2016                [Page 18]


Internet-Draft            Mathematical Mesh CSP             January 2016


5.3.23.  Structure: OfflineEscrowEntry

   Contains data escrowed using the offline escrow mechanism.



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      EncryptedData :   JoseWebEncryption [0..1]

   [TBS]

5.3.24.  Structure: OnlineEscrowEntry

   Contains data escrowed using the online escrow mechanism.



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      EncryptedData :   JoseWebEncryption [0..1]

   [TBS]

5.3.25.  Structure: EscrowedKeySet

   A set of escrowed keys.



      PrivateKeys :   Key [0..Many]

   The escrowed keys.








Hallam-Baker              Expires July 17, 2016                [Page 19]


Internet-Draft            Mathematical Mesh CSP             January 2016


5.3.26.  Structure: Connection

   Describes network connection parameters for an application



      ServiceName :   String [0..1]

   DNS address of the server



      Port :   Integer [0..1]

   TCP/UDP Port number



      Prefix :   String [0..1]

   DNS service prefix as described in [RFC6335]



      Security :   String [0..Many]

   Describes the security mode to use.  Valid choices are
   Direct/Upgrade/None



      UserName :   String [0..1]

   Username to present to the service for authentication



      Password :   String [0..1]

   Password to present to the service for authentication



      URI :   String [0..1]

   Service connection parameters in URI format





Hallam-Baker              Expires July 17, 2016                [Page 20]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Authentication :   String [0..1]

   List of the supported/acceptable authentication mechanisms, preferred
   mechanism first.



      TimeOut :   Integer [0..1]

   Service timeout in seconds.



      Polling :   Boolean [0..1]

   If set, the client should poll the specified service intermittently
   for updates.

5.3.27.  Structure: EncryptedData

   Container for JOSE encrypted data and related attributes.



      Data :   Binary [0..1]

   [TBS]

5.3.28.  Structure: SignedData

   Container for JOSE signed data and related attributes.



      Data :   Binary [0..1]

   [TBS]

5.3.29.  Structure: PublicKey

   Container for public key pair data



      UDF :   String [0..1]

   UDF fingerprint of the key




Hallam-Baker              Expires July 17, 2016                [Page 21]


Internet-Draft            Mathematical Mesh CSP             January 2016


      X509Certificate :   Binary [0..1]

   List of X.509 Certificates



      X509Chain :   Binary [0..Many]

   X.509 Certificate chain.



      X509CSR :   Binary [0..1]

   X.509 Certificate Signing Request.

5.3.30.  Structure: ConnectionRequest



      ParentUDF :   String [0..1]

   [TBS]



      Device :   SignedDeviceProfile [0..1]

   [TBS]



      BlockToken :   String [0..1]

   [TBS]

5.3.31.  Structure: ConnectionResult



      ParentUDF :   String [0..1]

   [TBS]



      Device :   SignedDeviceProfile [0..1]




Hallam-Baker              Expires July 17, 2016                [Page 22]


Internet-Draft            Mathematical Mesh CSP             January 2016


   [TBS]



      BlockToken :   String [0..1]

   [TBS]



      Result :   String [0..1]

   [TBS]

5.3.32.  Structure: SignedConnectionRequest

   Contains a signed connection request



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      SignedData :   JoseWebSignature [0..1]

   The signed profile

5.3.33.  Structure: SignedConnectionResult

   Contains a signed connection request



      Identifier :   String [0..1]

   Globally unique identifier that remains constant for the lifetime of
   the entry.



      SignedData :   JoseWebSignature [0..1]

   The signed profile




Hallam-Baker              Expires July 17, 2016                [Page 23]


Internet-Draft            Mathematical Mesh CSP             January 2016


6.  MeshProtocol

6.1.  MeshProtocol Transactions

6.1.1.  Transaction: Hello

   o

      *  Request: HelloRequest

      *  Response: HelloResponse

   Report service and version information.

   The Hello transaction provides a means of determining which protocol
   versions, message encodings and transport protocols are supported by
   the service.

6.1.2.  Transaction: ValidateAccount

   o

      *  Request: ValidateRequest

      *  Response: ValidateResponse

   Request validation of a proposed name for a new account.

   For validation of a user's account name during profile creation.

6.1.3.  Transaction: CreateAccount

   o

      *  Request: CreateRequest

      *  Response: CreateResponse

   Request creation of a new mesh account.

   Unlike a profile, a mesh account is specific to a particular Mesh
   portal.  A mesh account must be created and accepted before a profile
   can be published.








Hallam-Baker              Expires July 17, 2016                [Page 24]


Internet-Draft            Mathematical Mesh CSP             January 2016


6.1.4.  Transaction: Publish

   o

      *  Request: PublishRequest

      *  Response: PublishResponse

   Publish a profile or key escrow entry to the mesh.

6.1.5.  Transaction: Get

   o

      *  Request: GetRequest

      *  Response: GetResponse

   Search for data in the mesh that matches a set of keys.

6.1.6.  Transaction: GetRecords

   o

      *  Request: GetRequest

      *  Response: GetRecordsResponse

6.1.7.  Transaction: Transfer

   o

      *  Request: TransferRequest

      *  Response: TransferResponse

   Request a bulk transfer of the log between the specified transaction
   identifiers.  Requires appropriate authorization

   [Not currently implemented]

6.1.8.  Transaction: Status

   o

      *  Request: StatusRequest

      *  Response: StatusResponse



Hallam-Baker              Expires July 17, 2016                [Page 25]


Internet-Draft            Mathematical Mesh CSP             January 2016


   Request the current status of the mesh as seen by the portal to which
   it is directed.

   The response to the status request contains the last signed
   checkpoint and proof chains for each of the peer portals that have
   been checkpointed.

   [Not currently implemented]

6.1.9.  Transaction: ConnectStart

   o

      *  Request: ConnectStartRequest

      *  Response: ConnectStartResponse

   Request connection of a new device to a mesh profile

6.1.10.  Transaction: ConnectStatus

   o

      *  Request: ConnectStatusRequest

      *  Response: ConnectStatusResponse

   Request status of pending connection request of a new device to a
   mesh profile

6.1.11.  Transaction: ConnectPending

   o

      *  Request: ConnectPendingRequest

      *  Response: ConnectPendingResponse

   Request status of pending connection request of a new device to a
   mesh profile

6.1.12.  Transaction: ConnectComplete

   o

      *  Request: ConnectCompleteRequest

      *  Response: ConnectCompleteResponse



Hallam-Baker              Expires July 17, 2016                [Page 26]


Internet-Draft            Mathematical Mesh CSP             January 2016


   Request status of pending connection request of a new device to a
   mesh profile

6.2.  MeshProtocol Messages

6.2.1.  Message: MeshRequest

   [None]

6.2.2.  Message: MeshResponse

   [None]

6.2.3.  Message: HelloRequest

   [None]

6.2.4.  Message: HelloResponse



      Version :   Version [0..1]

   Enumerates the protocol versions supported



      Alternates :   Version [0..Many]

   Enumerates alternate protocol version(s) supported

6.2.5.  Message: ValidateRequest



      Account :   String [0..1]

   Account name requested



      Reserve :   Boolean [0..1]

   If true, request a reservation for the specified account name.  Note
   that the service is not obliged to honor reservation requests.






Hallam-Baker              Expires July 17, 2016                [Page 27]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Language :   String [0..Many]

   List of ISO language codes in order of preference.  For creating
   explanatory text.

6.2.6.  Message: ValidateResponse



      Valid :   Boolean [0..1]

   [TBS]



      Minimum :   Integer [0..1]

   [TBS]



      InvalidCharacters :   String [0..1]

   A list of characters from the requested account that the service does
   not accept in account names.



      Reason :   String [0..1]

   Text explaining the reason an account name was rejected.

6.2.7.  Message: CreateRequest



      Account :   String [0..1]

   Account name requested

6.2.8.  Message: CreateResponse

   [None]








Hallam-Baker              Expires July 17, 2016                [Page 28]


Internet-Draft            Mathematical Mesh CSP             January 2016


6.2.9.  Message: PublishRequest

   [None]

6.2.10.  Message: PublishResponse

   [None]

6.2.11.  Message: GetRequest



      Identifier :   String [0..1]

   Lookup by profile ID



      Account :   String [0..1]

   Lookup by Account ID



      KeyValues :   KeyValue [0..Many]

   List of KeyValue pairs specifying the conditions to be met



      NotBefore :   DateTime [0..1]

   [TBS]



      NotOnOrAfter :   DateTime [0..1]

   [TBS]



      Multiple :   Boolean [0..1]

   If true return multiple responses if available






Hallam-Baker              Expires July 17, 2016                [Page 29]


Internet-Draft            Mathematical Mesh CSP             January 2016


6.2.12.  Message: GetResponse

   [None]

6.2.13.  Message: GetRecordsResponse



      DataItems :   DataItem [0..Many]

   List of mesh data records matching the request.

6.2.14.  Message: TransferRequest



      NotBefore :   DateTime [0..1]

      Until :   DateTime [0..1]

      After :   String [0..1]

      MaxEntries :   Integer [0..1]

      MaxBytes :   Integer [0..1]

6.2.15.  Message: TransferResponse

   [None]

6.2.16.  Message: StatusRequest

   [None]

6.2.17.  Message: StatusResponse



      LastWriteTime :   DateTime [0..1]

   Time that the last write update was made to the Mesh



      LastCheckpointTime :   DateTime [0..1]

   Time that the last Mesh checkpoint was calculated.




Hallam-Baker              Expires July 17, 2016                [Page 30]


Internet-Draft            Mathematical Mesh CSP             January 2016


      NextCheckpointTime :   DateTime [0..1]

   Time at which the next Mesh checkpoint should be calculated.



      CheckpointValue :   String [0..1]

   Last checkpoint value.

6.2.18.  Message: ConnectStartRequest



      SignedRequest :   SignedConnectionRequest [0..1]

      AccountID :   String [0..1]

6.2.19.  Message: ConnectStartResponse



      SignedConnectionResult :   String [0..1]

6.2.20.  Message: ConnectStatusRequest



      AccountID :   String [0..1]

      DeviceID :   String [0..1]

6.2.21.  Message: ConnectStatusResponse



      Result :   SignedConnectionResult [0..1]

6.2.22.  Message: ConnectPendingRequest



      AccountID :   String [0..1]








Hallam-Baker              Expires July 17, 2016                [Page 31]


Internet-Draft            Mathematical Mesh CSP             January 2016


6.2.23.  Message: ConnectPendingResponse



      Pending :   SignedConnectionRequest [0..Many]

6.2.24.  Message: ConnectCompleteRequest



      Result :   SignedConnectionResult [0..1]

      AccountID :   String [0..1]

6.2.25.  Message: ConnectCompleteResponse

   [None]

6.3.  MeshProtocol Structures

6.3.1.  Structure: Version



      Major :   Integer [0..1]

   Major version number of the service protocol.  A higher



      Minor :   Integer [0..1]

   Minor version number of the service protocol.



      Encodings :   Encoding [0..Many]

   Enumerates alternative encodings (e.g.  ASN.1, XML, JSON-B) if
   supported by the server



      URI :   String [0..Many]

   The preferred URI for this service.  This MAY be used to effect a
   redirect in the case that a service moves.




Hallam-Baker              Expires July 17, 2016                [Page 32]


Internet-Draft            Mathematical Mesh CSP             January 2016


6.3.2.  Structure: Encoding



      ID :   String [0..Many]

   The IANA encoding name



      Dictionary :   String [0..Many]

   For encodings that employ a named dictionary for tag or data
   compression, the name of the dictionary as defined by that encoding
   scheme.

6.3.3.  Structure: KeyValue



      Key :   String [0..1]

   [TBS]



      Value :   String [0..1]

   [TBS]

7.  Portal

7.1.  Portal Transactions

7.2.  Portal Messages

7.3.  Portal Structures

7.3.1.  Structure: PortalEntry



      Created :   DateTime [0..1]

   Time the pending item was created.






Hallam-Baker              Expires July 17, 2016                [Page 33]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Modified :   DateTime [0..1]

   Time the pending item was last modified.

7.3.2.  Structure: Account

   Entry containing the UniqueID is Account[Name]-[Portal] Indexed by
   [Name], [UserProfileUDF] [Most recent open]



      Created :   DateTime [0..1]

   Time the pending item was created.



      Modified :   DateTime [0..1]

   Time the pending item was last modified.



      AccountID :   String [0..1]

   Assigned account identifier, e.g. 'alice@example.com'.  Account names
   are not case sensitive.



      UserProfileUDF :   String [0..1]

   Fingerprint of associated user profile



      Status :   String [0..1]

   Status of the account, valid values are 'Open', 'Closed', 'Suspended'

7.3.3.  Structure: AccountProfile



      Created :   DateTime [0..1]

   Time the pending item was created.




Hallam-Baker              Expires July 17, 2016                [Page 34]


Internet-Draft            Mathematical Mesh CSP             January 2016


      Modified :   DateTime [0..1]

   Time the pending item was last modified.



      AccountID :   String [0..1]

   Assigned account identifier, e.g. 'alice@example.com'.  Account names
   are not case sensitive.



      UserProfileUDF :   String [0..1]

   Fingerprint of associated user profile



      Status :   String [0..1]

   Status of the account, valid values are 'Open', 'Closed', 'Suspended'



      Profile :   SignedPersonalProfile [0..1]

   [TBS]

7.3.4.  Structure: ConnectionsPending

   Object containing the list of currently pending device connection
   requests for the specified account.  Unique-ID is
   ConnectionsPending-[UserProfileUDF]



      Created :   DateTime [0..1]

   Time the pending item was created.



      Modified :   DateTime [0..1]

   Time the pending item was last modified.





Hallam-Baker              Expires July 17, 2016                [Page 35]


Internet-Draft            Mathematical Mesh CSP             January 2016


      AccountID :   String [0..1]

   Assigned account identifier, e.g. 'alice@example.com'.  Account names
   are not case sensitive.



      UserProfileUDF :   String [0..1]

   Fingerprint of associated user profile



      Status :   String [0..1]

   Status of the account, valid values are 'Open', 'Closed', 'Suspended'



      Requests :   SignedConnectionRequest [0..Many]

   List of pending requests

8.  Security Considerations

   TBS

8.1.  Confidentiality

8.2.  Integrity

8.3.  Service

9.  IANA Considerations

   All the IANA considerations for the Mesh documents are specified in
   this document

10.  Acknowledgements

11.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997.






Hallam-Baker              Expires July 17, 2016                [Page 36]


Internet-Draft            Mathematical Mesh CSP             January 2016


   [RFC6335]  Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
              Cheshire, "Internet Assigned Numbers Authority (IANA)
              Procedures for the Management of the Service Name and
              Transport Protocol Port Number Registry", BCP 165,
              RFC 6335, DOI 10.17487/RFC6335, August 2011.

Author's Address

   Phillip Hallam-Baker
   Comodo Group Inc.

   Email: philliph@comodo.com







































Hallam-Baker              Expires July 17, 2016                [Page 37]