< draft-hallambaker-mesh-developer-07.txt   draft-hallambaker-mesh-developer-08.txt >
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft Comodo Group Inc. Internet-Draft April 4, 2019
Intended status: Informational April 11, 2018 Intended status: Informational
Expires: October 13, 2018 Expires: October 6, 2019
Mathematical Mesh: Reference Implementation Mathematical Mesh: Reference Implementation
draft-hallambaker-mesh-developer-07 draft-hallambaker-mesh-developer-08
Abstract Abstract
The Mathematical Mesh ?The Mesh? is an end-to-end secure The Mathematical Mesh 'The Mesh' is an end-to-end secure
infrastructure that facilitates the exchange of configuration and infrastructure that facilitates the exchange of configuration and
credential data between multiple user devices. credential data between multiple user devices.
This document describes the Mesh reference code and how to install, This document describes the Mesh reference code and how to install,
run and make use of it in applications. It does not form a part of run and make use of it in applications. It does not form a part of
the Mesh specifications and is not normative. the Mesh specifications and is not normative.
This document is also available online at This document is also available online at
http://mathmesh.com/Documents/draft-hallambaker-mesh-developer.html http://mathmesh.com/Documents/draft-hallambaker-mesh-developer.html
[1] . [1] .
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 13, 2018. This Internet-Draft will expire on October 6, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 36 skipping to change at page 2, line 36
4.1. Starting the Server . . . . . . . . . . . . . . . . . . . 7 4.1. Starting the Server . . . . . . . . . . . . . . . . . . . 7
4.2. The Profile Manager Wizard . . . . . . . . . . . . . . . 7 4.2. The Profile Manager Wizard . . . . . . . . . . . . . . . 7
4.3. The Profile Connection Wizard . . . . . . . . . . . . . . 8 4.3. The Profile Connection Wizard . . . . . . . . . . . . . . 8
5. Platform specific configuration data . . . . . . . . . . . . 8 5. Platform specific configuration data . . . . . . . . . . . . 8
5.1. Windows . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.1. Windows . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.1.1. Private Key Data . . . . . . . . . . . . . . . . . . 8 5.1.1. Private Key Data . . . . . . . . . . . . . . . . . . 8
5.1.2. Registry settings . . . . . . . . . . . . . . . . . . 8 5.1.2. Registry settings . . . . . . . . . . . . . . . . . . 8
5.1.3. Profile data files . . . . . . . . . . . . . . . . . 9 5.1.3. Profile data files . . . . . . . . . . . . . . . . . 9
5.2. OSX and Linux . . . . . . . . . . . . . . . . . . . . . . 9 5.2. OSX and Linux . . . . . . . . . . . . . . . . . . . . . . 9
6. Using the Mesh C#/.Net Libraries in an Application . . . . . 9 6. Using the Mesh C#/.Net Libraries in an Application . . . . . 9
6.1. Portals, Sessions and Clients . . . . . . . . . . . . . . 10 6.1. Portals, Sessions and Clients . . . . . . . . . . . . . . 9
6.1.1. MeshSession vs PersonalSession . . . . . . . . . . . 10 6.1.1. MeshSession vs PersonalSession . . . . . . . . . . . 10
6.2. Creating a Mesh Session . . . . . . . . . . . . . . . . . 11 6.2. Creating a Mesh Session . . . . . . . . . . . . . . . . . 10
6.3. Creating a Mesh Session for Testing . . . . . . . . . . . 12 6.3. Creating a Mesh Session for Testing . . . . . . . . . . . 11
6.4. Checking that a Portal Account name is acceptable . . . . 13 6.4. Checking that a Portal Account name is acceptable . . . . 12
6.5. Creating a Personal Profile . . . . . . . . . . . . . . . 13 6.5. Creating a Personal Profile . . . . . . . . . . . . . . . 13
6.6. Creating an Offline Escrow Entry . . . . . . . . . . . . 14 6.6. Creating an Offline Escrow Entry . . . . . . . . . . . . 13
6.7. Deleting Profile Data . . . . . . . . . . . . . . . . . . 14 6.7. Deleting Profile Data . . . . . . . . . . . . . . . . . . 13
6.8. Recovering Profile Data . . . . . . . . . . . . . . . . . 14 6.8. Recovering Profile Data . . . . . . . . . . . . . . . . . 13
6.9. Connecting a New Device . . . . . . . . . . . . . . . . . 15 6.9. Connecting a New Device . . . . . . . . . . . . . . . . . 14
6.10. Managing Applications . . . . . . . . . . . . . . . . . . 16 6.10. Managing Applications . . . . . . . . . . . . . . . . . . 15
7. Using other languages . . . . . . . . . . . . . . . . . . . . 16 7. Using other languages . . . . . . . . . . . . . . . . . . . . 15
7.1. Lightweight API . . . . . . . . . . . . . . . . . . . . . 16 7.1. Lightweight API . . . . . . . . . . . . . . . . . . . . . 15
8. Implementation Status . . . . . . . . . . . . . . . . . . . . 17 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 16
8.1. Reference Implementation . . . . . . . . . . . . . . . . 17 8.1. Reference Implementation . . . . . . . . . . . . . . . . 16
8.1.1. Coverage: . . . . . . . . . . . . . . . . . . . . . . 17 8.1.1. Coverage: . . . . . . . . . . . . . . . . . . . . . . 17
8.1.2. Licensing . . . . . . . . . . . . . . . . . . . . . . 18 8.1.2. Licensing . . . . . . . . . . . . . . . . . . . . . . 17
8.1.3. Implementation Experience . . . . . . . . . . . . . . 18 8.1.3. Implementation Experience . . . . . . . . . . . . . . 17
8.1.4. Contact Info . . . . . . . . . . . . . . . . . . . . 18 8.1.4. Contact Info . . . . . . . . . . . . . . . . . . . . 17
9. Security Considerations . . . . . . . . . . . . . . . . . . . 18 9. Security Considerations . . . . . . . . . . . . . . . . . . . 18
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 18
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
12.1. Normative References . . . . . . . . . . . . . . . . . . 19 12.1. Normative References . . . . . . . . . . . . . . . . . . 18
12.2. Informative References . . . . . . . . . . . . . . . . . 19 12.2. Informative References . . . . . . . . . . . . . . . . . 18
12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 19 12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19
1. Definitions 1. Definitions
This section presents the related specifications and standard, the This section presents the related specifications and standard, the
terms that are used as terms of art within the documents and the terms that are used as terms of art within the documents and the
terms used as requirements language. terms used as requirements language.
1.1. Requirements Language 1.1. Requirements Language
skipping to change at page 3, line 47 skipping to change at page 3, line 47
document. document.
1.4. Implementation Status 1.4. Implementation Status
The implementation status of the reference code base is described in The implementation status of the reference code base is described in
the companion document [draft-hallambaker-mesh-developer] . the companion document [draft-hallambaker-mesh-developer] .
2. Getting the Reference Code and Build Tools 2. Getting the Reference Code and Build Tools
The Mesh Reference library was developed using Visual Studio 2017 The Mesh Reference library was developed using Visual Studio 2017
Community Edition [VS2017] using PHB?s Build Tools [PHB2017] Community Edition [VS2017] using PHB's Build Tools [PHB2017]
extensions. The reference code itself is currently limited to C# extensions. The reference code itself is currently limited to C#
libraries. libraries.
The code should in theory run under other operating systems but this The code should in theory run under other operating systems but this
has not been tested recently. has not been tested recently.
Development under different development environments is also possible Development under different development environments is also possible
but would require re-engineering to make use of the line mode but would require re-engineering to make use of the line mode
versions of the build tools. versions of the build tools.
2.1. Obtaining the Development Environment 2.1. Obtaining the Development Environment
Visual Studio 2017 Community Edition is currently available at no Visual Studio 2017 Community Edition is currently available at no
cost for a wide range of non-commercial development including cost for a wide range of non-commercial development including
personal use and development of Open Source software. For full personal use and development of Open Source software. For full
details, please consult the license published by Microsoft. details, please consult the license published by Microsoft.
https://www.visualstudio.com/ https://www.visualstudio.com/
Figure 1
2.2. Obtaining the Build Tools 2.2. Obtaining the Build Tools
Over half the code in the reference code library is generated using Over half the code in the reference code library is generated using
code generators. These are used to ensure that the specification, code generators. These are used to ensure that the specification,
examples and reference code are always kept in synchronization. examples and reference code are always kept in synchronization.
The build tools are published under an MIT License and are available The build tools are published under an MIT License and are available
in two forms: in two forms:
As stand-alone tools to be run from the command line. As stand-alone tools to be run from the command line.
skipping to change at page 4, line 47 skipping to change at page 4, line 45
into the Visual Studio environment. If development on other into the Visual Studio environment. If development on other
platforms is desired, the simplest approach is likely to be to write platforms is desired, the simplest approach is likely to be to write
a tool that reads the Visual Studio configuration files and generates a tool that reads the Visual Studio configuration files and generates
the corresponding files for use with make. the corresponding files for use with make.
The VSIX package is available from the Visual Studio extensions The VSIX package is available from the Visual Studio extensions
gallery: gallery:
PHB Code Generation Tools PHB Code Generation Tools
Figure 2
The source code for the build tools is available from: The source code for the build tools is available from:
https://sourceforge.net/projects/phb-build-tools/ https://sourceforge.net/projects/phb-build-tools/
Figure 3
2.3. Obtaining the Mesh Source Libraries 2.3. Obtaining the Mesh Source Libraries
The Mesh reference library source code is published under an MIT The Mesh reference library source code is published under an MIT
license and is available from: license and is available from:
https://sourceforge.net/projects/mathematicalmesh/ https://sourceforge.net/projects/mathematicalmesh/
Figure 4
3. Compiling the Reference Code 3. Compiling the Reference Code
To compile the code it is necessary to To compile the code it is necessary to
Create a signing key Create a signing key
Create batch files for pre and post build tasks Create batch files for pre and post build tasks
3.1. Creating a software signing key 3.1. Creating a software signing key
skipping to change at page 6, line 32 skipping to change at page 6, line 32
Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0 Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.0
Copyright (c) Microsoft Corporation. All rights reserved. Copyright (c) Microsoft Corporation. All rights reserved.
Key pair installed into 'SigningKeyDeveloper' Key pair installed into 'SigningKeyDeveloper'
c:\Users\hallam>del fred.snk c:\Users\hallam>del fred.snk
c:\Users\hallam> c:\Users\hallam>
Figure 5
3.2. Create (dummy) build action files 3.2. Create (dummy) build action files
Visual Studio allows projects to specify batch files to be run before Visual Studio allows projects to specify batch files to be run before
and after a project build. Since the actions to be taken are likely and after a project build. Since the actions to be taken are likely
to change from developer to developer, these are specified in to change from developer to developer, these are specified in
separate batch files. All that is necessary to build the code separate batch files. All that is necessary to build the code
without warnings is to specify a set of dummy batch files with the without warnings is to specify a set of dummy batch files with the
following names and place them somewhere in the command line $PATH following names and place them somewhere in the command line $PATH
environment variable. environment variable.
The files required are: The files required are:
VSPreBuild.bat VSPreBuild.bat
VSPostBuild.bat VSPostBuild.bat
VSPostBuildWindows.bat VSPostBuildWindows.bat
VSPostBuildOSX.bat VSPostBuildOSX.bat
VSPostBuildLinux.bat
VSPostBuildLinux.bat
The following code will prevent error messages being thrown: The following code will prevent error messages being thrown:
@echo off @echo off
SETLOCAL SETLOCAL
exit /b 0 exit /b 0
Figure 6
4. Running the Reference Code Examples 4. Running the Reference Code Examples
The reference code examples are designed to illustrate how the Mesh The reference code examples are designed to illustrate how the Mesh
might be used in an application rather than be standalone tools in might be used in an application rather than be standalone tools in
their own right. The Mesh is designed to make it each for developers their own right. The Mesh is designed to make it each for developers
to add security to their own applications rather than providing the to add security to their own applications rather than providing the
applications themselves. applications themselves.
4.1. Starting the Server 4.1. Starting the Server
On the Windows platform, the server runs in the context of the On the Windows platform, the server runs in the context of the
platform Web server and must be granted permission to bind to the platform Web server and must be granted permission to bind to the
range of server addresses used using the netsh command. range of server addresses used using the netsh command.
From a command prompt with administrator privileges, run the From a command prompt with administrator privileges, run the
following command: following command:
netsh http add urlacl http://<domain>/.well-known/mmm/ netsh http add urlacl http://<domain>/.well-known/mmm/
\user=<machine>\<user> \user=<machine>\<user>
Figure 7
Where is the DNS domain name under which the service is run, is the Where is the DNS domain name under which the service is run, is the
Windows domain name of the machine and the account name. Windows domain name of the machine and the account name.
To start the service from the command line type: To start the service from the command line type:
servermesh <domain> servermesh <domain>
Figure 8
The server does not require administration privileges. The server does not require administration privileges.
4.2. The Profile Manager Wizard 4.2. The Profile Manager Wizard
The profile manager wizard demonstrates functions that are performed The profile manager wizard demonstrates functions that are performed
on an administration device. These include creating a completely new on an administration device. These include creating a completely new
profile and initial configuration of applications, connecting a profile and initial configuration of applications, connecting a
device to the profile and recovery of the profile from escrow data. device to the profile and recovery of the profile from escrow data.
To run the client from the command line, place the executable image To run the client from the command line, place the executable image
in a location that it will be found in the PATH variable and type: in a location that it will be found in the PATH variable and type:
meshclient meshclient
Figure 9
4.3. The Profile Connection Wizard 4.3. The Profile Connection Wizard
The Profile connection wizard demonstrates the much more restricted The Profile connection wizard demonstrates the much more restricted
functionality that would be required in a Mesh connected application functionality that would be required in a Mesh connected application
and/or a profile manager for a non-administration device. and/or a profile manager for a non-administration device.
To run the client from the command line, place the executable image To run the client from the command line, place the executable image
in a location that it will be found in the PATH variable and type: in a location that it will be found in the PATH variable and type:
meshconnect meshconnect
Figure 10
5. Platform specific configuration data 5. Platform specific configuration data
5.1. Windows 5.1. Windows
5.1.1. Private Key Data 5.1.1. Private Key Data
All private key data is stored using the Windows public key store. All private key data is stored using the Windows public key store.
At minimum, this ensures that private keys are obfuscated and At minimum, this ensures that private keys are obfuscated and
encrypted under the account password to protect the data against encrypted under the account password to protect the data against
casual extraction attacks. On a machine with cryptographic hardware casual extraction attacks. On a machine with cryptographic hardware
skipping to change at page 11, line 35 skipping to change at page 11, line 17
The code to initialize a production instance of the code is shown in The code to initialize a production instance of the code is shown in
: :
static MeshSession MeshSession = null; static MeshSession MeshSession = null;
static void ApplicationInit () { static void ApplicationInit () {
MeshWindows.Initialize(); MeshWindows.Initialize();
MeshSession = new MeshSession(); MeshSession = new MeshSession();
} }
Figure 11
If the user has already created a PersonalProfile and connected it to If the user has already created a PersonalProfile and connected it to
the machine, it will automatically be read from local storage. The the machine, it will automatically be read from local storage. The
instance will automatically create MeshClient instances as required instance will automatically create MeshClient instances as required
to establish a web service using the default transport (HTTP) to the to establish a web service using the default transport (HTTP) to the
service as necessary (see ). service as necessary (see ).
Connecting to a remote service from a Windows platform. Connecting to a remote service from a Windows platform.
The server implementation is managed in the same fashion. The server implementation is managed in the same fashion.
Internally, the MeshService and MeshClient classes are both descended Internally, the MeshService and MeshClient classes are both descended
from the same parent. from the same parent.
6.3. Creating a Mesh Session for Testing 6.3. Creating a Mesh Session for Testing
Since the purpose of the ExampleGenerator is to create examples for Since the purpose of the ExampleGenerator is to create examples for
the documentation, it is not necessary for the JSON Remote Procedure the documentation, it is not necessary for the JSON Remote Procedure
Calls to actually be ?Remote?. Instead the ?Local? Procedure Call Calls to actually be 'Remote'. Instead the 'Local' Procedure Call
mode is used in which the client and server both run in the same mode is used in which the client and server both run in the same
process with the client API invoking the server dispatch methods process with the client API invoking the server dispatch methods
through an interface that performs JSON serialization and through an interface that performs JSON serialization and
deserialization but does not invoke the network transport. deserialization but does not invoke the network transport.
Connecting to a direct service for testing. Connecting to a direct service for testing.
A direct connection to the service provider may be established by A direct connection to the service provider may be established by
either specifying the portal to use in the initialization of either specifying the portal to use in the initialization of
MeshSession or by setting the default portal property of the MeshSession or by setting the default portal property of the
skipping to change at page 12, line 32 skipping to change at page 12, line 15
static void DebugApplicationInit () { static void DebugApplicationInit () {
MeshPortal.Default = new MeshPortalDirect("example.com", MeshPortal.Default = new MeshPortalDirect("example.com",
"MeshLog.jlog", "PortalLog.jlog"); "MeshLog.jlog", "PortalLog.jlog");
MeshWindows.Initialize(true); MeshWindows.Initialize(true);
MeshSession = new MeshSession(); MeshSession = new MeshSession();
MeshSession.EraseTest(); MeshSession.EraseTest();
} }
Figure 12
This time, we initialize a specific version of the platform dependent This time, we initialize a specific version of the platform dependent
code and specify that it is to be initialized as test code rather code and specify that it is to be initialized as test code rather
than production. This will cause all persistent data stored on the than production. This will cause all persistent data stored on the
machine (keys, profiles) to be stored in locations marked as test machine (keys, profiles) to be stored in locations marked as test
locations. The EraseTest() method causes all data stored in test locations. The EraseTest() method causes all data stored in test
locations to be erased from the machine, thus ensuring that the test locations to be erased from the machine, thus ensuring that the test
begins from a known state with no results from previous runs. begins from a known state with no results from previous runs.
When writing test code, it is frequently useful to create multiple When writing test code, it is frequently useful to create multiple
independent MeshSessions to simulate multiple machines. To prevent independent MeshSessions to simulate multiple machines. To prevent
data written to one machine interfering with another, a new simulated data written to one machine interfering with another, a new simulated
machine is created for each session using the MeshMachineCached class machine is created for each session using the MeshMachineCached class
MeshSession = new MeshSession(new MeshMachineCached()); MeshSession = new MeshSession(new MeshMachineCached());
Figure 13
6.4. Checking that a Portal Account name is acceptable 6.4. Checking that a Portal Account name is acceptable
The user experience is improved if the application indicates whether The user experience is improved if the application indicates whether
their choice of portal account name is acceptable or not while they their choice of portal account name is acceptable or not while they
are entering it. The Validate method allows the user's choice of are entering it. The Validate method allows the user's choice of
account name to be validated . account name to be validated .
PersonalProfile PersonalProfile; PersonalProfile PersonalProfile;
PersonalSession PersonalSession; PersonalSession PersonalSession;
OfflineEscrowEntry OfflineEscrowEntry; OfflineEscrowEntry OfflineEscrowEntry;
void DebugCreateProfile () { void DebugCreateProfile () {
var Response = MeshSession.Validate("alice@example.com"); var Response = MeshSession.Validate("alice@example.com");
if (!Response.Valid) { if (!Response.Valid) {
throw new Exception(); throw new Exception();
} }
... ...
Figure 14
The portal address is given in the usual username@domain format, for The portal address is given in the usual username@domain format, for
example alice@example.com. example alice@example.com.
6.5. Creating a Personal Profile 6.5. Creating a Personal Profile
Creating a PersonalProfile has two steps: Creating a PersonalProfile has two steps:
1. Create a DeviceProfile (if necessary) 1. Create a DeviceProfile (if necessary)
2. Create the PersonalProfile 2. Create the PersonalProfile
skipping to change at page 13, line 46 skipping to change at page 13, line 23
3. Create an account bound to the profile at the portal. 3. Create an account bound to the profile at the portal.
These steps are shown in . These steps are shown in .
var Device = MeshSession.CreateDevice(); var Device = MeshSession.CreateDevice();
PersonalProfile = new PersonalProfile( PersonalProfile = new PersonalProfile(
Device.DeviceProfile); Device.DeviceProfile);
PersonalSession = MeshSession.CreateAccount( PersonalSession = MeshSession.CreateAccount(
"alice@example.com", PersonalProfile); "alice@example.com", PersonalProfile);
Figure 15
The application could have overridden the default values of DeviceID The application could have overridden the default values of DeviceID
and DeviceDescription when creating the device. and DeviceDescription when creating the device.
6.6. Creating an Offline Escrow Entry 6.6. Creating an Offline Escrow Entry
Having created a potentially valuable profile, we probably want to Having created a potentially valuable profile, we probably want to
back it up. To do this, we create an instance of the back it up. To do this, we create an instance of the
OfflineEscrowEntry class with the desired quorum and number of shares OfflineEscrowEntry class with the desired quorum and number of shares
(2 out of 4) . (2 out of 4) .
OfflineEscrowEntry = new OfflineEscrowEntry( OfflineEscrowEntry = new OfflineEscrowEntry(
PersonalProfile, 2, 4); PersonalProfile, 2, 4);
PersonalSession.Escrow(OfflineEscrowEntry); PersonalSession.Escrow(OfflineEscrowEntry);
Figure 16
6.7. Deleting Profile Data 6.7. Deleting Profile Data
We can test our escrow parameters by deleting the profile from the We can test our escrow parameters by deleting the profile from the
current machine using the Delete method . current machine using the Delete method .
PersonalSession.Delete(); PersonalSession.Delete();
Figure 17
6.8. Recovering Profile Data 6.8. Recovering Profile Data
Profile recovery has two steps: Profile recovery has two steps:
1. Reconstruct the shared secret from the recovery shares. 1. Reconstruct the shared secret from the recovery shares.
2. Recover the profile. 2. Recover the profile.
In this case our recovery shares are the first and the third key In this case our recovery shares are the first and the third key
shares we just generated. The Recover method recovers the profile shares we just generated. The Recover method recovers the profile
skipping to change at page 14, line 48 skipping to change at page 14, line 18
var RecoveryShares = new KeyShare[] { var RecoveryShares = new KeyShare[] {
OfflineEscrowEntry.KeyShares[0], OfflineEscrowEntry.KeyShares[0],
OfflineEscrowEntry.KeyShares[2] }; OfflineEscrowEntry.KeyShares[2] };
var Secret = new Secret(RecoveryShares); var Secret = new Secret(RecoveryShares);
PersonalSession = MeshSession.Recover( PersonalSession = MeshSession.Recover(
Secret, "alice@example.com"); Secret, "alice@example.com");
} }
Figure 18
6.9. Connecting a New Device 6.9. Connecting a New Device
Device connection involves two devices, the device to be connected Device connection involves two devices, the device to be connected
and the device used to approve the request. and the device used to approve the request.
The new device: The new device:
1. Create a device profile for the new device. 1. Create a device profile for the new device.
2. Request connection to the new device 2. Request connection to the new device
skipping to change at page 15, line 27 skipping to change at page 14, line 40
These calls are shown . These calls are shown .
void RequestConnect (string Address) { void RequestConnect (string Address) {
var DeviceRegistration = MeshSession.CreateDevice(); var DeviceRegistration = MeshSession.CreateDevice();
var Connect = MeshSession.Connect(DeviceRegistration, var Connect = MeshSession.Connect(DeviceRegistration,
Address, out var Authenticator); Address, out var Authenticator);
PersonalSession = Connect.Await(); PersonalSession = Connect.Await();
} }
Figure 19
In a real example, we would want to show the connection In a real example, we would want to show the connection
authentication code to the user so that they can verify that they are authentication code to the user so that they can verify that they are
responding to the right request on the approval device. responding to the right request on the approval device.
On the approval device, the application On the approval device, the application
1. Requests a list of pending requests using ConnectPending. 1. Requests a list of pending requests using ConnectPending.
2. Accepts or Rejects devices using ConnectClose. 2. Accepts or Rejects devices using ConnectClose.
void AcceptPending () { void AcceptPending () {
var Pending = PersonalSession.ConnectPending(); var Pending = PersonalSession.ConnectPending();
foreach (var Request in Pending.Pending) { foreach (var Request in Pending.Pending) {
var Result = PersonalSession.ConnectClose(Request, var Result = PersonalSession.ConnectClose(Request,
ConnectionStatus.Accepted); ConnectionStatus.Accepted);
} }
} }
Figure 20
6.10. Managing Applications 6.10. Managing Applications
Application profiles are created in the same manner as personal Application profiles are created in the same manner as personal
profiles . profiles .
var PasswordProfile = new PasswordProfile(true); var PasswordProfile = new PasswordProfile(true);
var RegistrationApplication = var RegistrationApplication =
RegistrationPersonal.Add(PasswordProfile, false); RegistrationPersonal.Add(PasswordProfile, false);
Figure 21
Changes to the Application Profile are written to the Changes to the Application Profile are written to the
RegistrationApplication instance and then committed using the RegistrationApplication instance and then committed using the
Update() method. Update() method.
7. Using other languages 7. Using other languages
If you are building Mesh applications in another language, the least If you are building Mesh applications in another language, the least
effort approach may be to rewrite the PROTOGEN build tool to target effort approach may be to rewrite the PROTOGEN build tool to target
your language. your language.
skipping to change at page 19, line 21 skipping to change at page 18, line 30
12.1. Normative References 12.1. Normative References
[RFC4716] Galbraith, J. and R. Thayer, "The Secure Shell (SSH) [RFC4716] Galbraith, J. and R. Thayer, "The Secure Shell (SSH)
Public Key File Format", RFC 4716, DOI 10.17487/RFC4716, Public Key File Format", RFC 4716, DOI 10.17487/RFC4716,
November 2006. November 2006.
12.2. Informative References 12.2. Informative References
[draft-hallambaker-mesh-architecture] [draft-hallambaker-mesh-architecture]
Hallam-Baker, P., "Mathematical Mesh: Architecture", Hallam-Baker, P., "Mathematical Mesh Part I: Architecture
draft-hallambaker-mesh-architecture-04 (work in progress), Guide", draft-hallambaker-mesh-architecture-06 (work in
September 2017. progress), August 2018.
[draft-hallambaker-mesh-developer] [draft-hallambaker-mesh-developer]
Hallam-Baker, P., "Mathematical Mesh: Reference Hallam-Baker, P., "Mathematical Mesh: Reference
Implementation", draft-hallambaker-mesh-developer-06 (work Implementation", draft-hallambaker-mesh-developer-07 (work
in progress), April 2018. in progress), April 2018.
[PHB2017] "[Reference Not Found!]". [PHB2017] "[Reference Not Found!]".
[RFC6892] Wilde, E., "The 'describes' Link Relation Type", RFC 6892, [RFC6892] Wilde, E., "The 'describes' Link Relation Type", RFC 6892,
DOI 10.17487/RFC6892, March 2013. DOI 10.17487/RFC6892, March 2013.
[VS2017] "[Reference Not Found!]". [VS2017] "[Reference Not Found!]".
12.3. URIs 12.3. URIs
[1] http://mathmesh.com/Documents/draft-hallambaker-mesh- [1] http://mathmesh.com/Documents/draft-hallambaker-mesh-
developer.html developer.html
Author's Address Author's Address
Phillip Hallam-Baker Phillip Hallam-Baker
Comodo Group Inc.
Email: philliph@comodo.com Email: phill@hallambaker.com
 End of changes. 39 change blocks. 
78 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/