< draft-hallambaker-mesh-schema-01.txt   draft-hallambaker-mesh-schema-02.txt >
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft July 3, 2019 Internet-Draft July 8, 2019
Intended status: Informational Intended status: Informational
Expires: January 4, 2020 Expires: January 9, 2020
Mathematical Mesh 3.0 Part IV: Schema Reference Mathematical Mesh 3.0 Part IV: Schema Reference
draft-hallambaker-mesh-schema-01 draft-hallambaker-mesh-schema-02
Abstract Abstract
The Mathematical Mesh 'The Mesh' is an end-to-end secure The Mathematical Mesh 'The Mesh' is an end-to-end secure
infrastructure that facilitates the exchange of configuration and infrastructure that facilitates the exchange of configuration and
credential data between multiple user devices. The core protocols of credential data between multiple user devices. The core protocols of
the Mesh are described with examples of common use cases and the Mesh are described with examples of common use cases and
reference data. reference data.
This document is also available online at This document is also available online at
skipping to change at page 1, line 38 skipping to change at page 1, line 38
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 4, 2020. This Internet-Draft will expire on January 9, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 5
2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 5
2.3. Related Specifications . . . . . . . . . . . . . . . . . 5 2.3. Related Specifications . . . . . . . . . . . . . . . . . 5
2.4. Implementation Status . . . . . . . . . . . . . . . . . . 5 2.4. Implementation Status . . . . . . . . . . . . . . . . . . 5
3. Mesh Assertions . . . . . . . . . . . . . . . . . . . . . . . 5 3. Mesh Assertions . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Encoding . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2. Mesh Profiles . . . . . . . . . . . . . . . . . . . . . . 6 3.2. Mesh Profiles . . . . . . . . . . . . . . . . . . . . . . 6
3.3. Mesh Connections . . . . . . . . . . . . . . . . . . . . 7 3.3. Mesh Connections . . . . . . . . . . . . . . . . . . . . 7
3.4. Mesh Private Declarations . . . . . . . . . . . . . . . . 7 3.4. Mesh Private Declarations . . . . . . . . . . . . . . . . 7
4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 7 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 7
4.1. Device Management . . . . . . . . . . . . . . . . . . . . 8 4.1. Device Management . . . . . . . . . . . . . . . . . . . . 8
4.1.1. Master Profile . . . . . . . . . . . . . . . . . . . 8 4.1.1. Master Profile . . . . . . . . . . . . . . . . . . . 9
4.1.2. Mesh Devices . . . . . . . . . . . . . . . . . . . . 10 4.1.2. Mesh Devices . . . . . . . . . . . . . . . . . . . . 11
4.2. Mesh Accounts . . . . . . . . . . . . . . . . . . . . . . 14 4.2. Mesh Accounts . . . . . . . . . . . . . . . . . . . . . . 15
4.2.1. Creating a ProfileAccount . . . . . . . . . . . . . . 15 4.2.1. Creating a ProfileAccount . . . . . . . . . . . . . . 16
4.2.2. Connecting a Device to an Account . . . . . . . . . . 15 4.2.2. Connecting a Device to an Account . . . . . . . . . . 16
4.2.3. Binding and Account to a Service . . . . . . . . . . 16 4.2.3. Binding and Account to a Service . . . . . . . . . . 16
4.3. Mesh Services . . . . . . . . . . . . . . . . . . . . . . 16 4.3. Mesh Services . . . . . . . . . . . . . . . . . . . . . . 16
4.3.1. Creating a ProfileService . . . . . . . . . . . . . . 16 4.3.1. Creating a ProfileService . . . . . . . . . . . . . . 17
4.3.2. Creating a ProfileHost . . . . . . . . . . . . . . . 17 4.3.2. Creating a ProfileHost . . . . . . . . . . . . . . . 17
4.3.3. Creating a ConnectionHost . . . . . . . . . . . . . . 17 4.3.3. Creating a ConnectionHost . . . . . . . . . . . . . . 18
4.4. Mesh Messaging . . . . . . . . . . . . . . . . . . . . . 17 4.4. Mesh Messaging . . . . . . . . . . . . . . . . . . . . . 18
4.4.1. Traffic Analysis . . . . . . . . . . . . . . . . . . 18 4.4.1. Traffic Analysis . . . . . . . . . . . . . . . . . . 19
5. Mesh Catalogs . . . . . . . . . . . . . . . . . . . . . . . . 19 5. Mesh Catalogs . . . . . . . . . . . . . . . . . . . . . . . . 19
5.1. Application . . . . . . . . . . . . . . . . . . . . . . . 20 5.1. Application . . . . . . . . . . . . . . . . . . . . . . . 21
5.1.1. Mesh Account . . . . . . . . . . . . . . . . . . . . 20 5.1.1. Mesh Account . . . . . . . . . . . . . . . . . . . . 21
5.1.2. SSH . . . . . . . . . . . . . . . . . . . . . . . . . 20 5.1.2. SSH . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.1.3. Mail . . . . . . . . . . . . . . . . . . . . . . . . 21 5.1.3. Mail . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2. Device . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.2. Device . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.3. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.3. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 22
5.4. Credential . . . . . . . . . . . . . . . . . . . . . . . 22 5.4. Credential . . . . . . . . . . . . . . . . . . . . . . . 22
5.5. Bookmark . . . . . . . . . . . . . . . . . . . . . . . . 22 5.5. Bookmark . . . . . . . . . . . . . . . . . . . . . . . . 23
5.6. Task . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.6. Task . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.7. Network . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.7. Network . . . . . . . . . . . . . . . . . . . . . . . . . 23
6. Mesh Messages . . . . . . . . . . . . . . . . . . . . . . . . 23 6. Mesh Messages . . . . . . . . . . . . . . . . . . . . . . . . 24
6.1. Completion . . . . . . . . . . . . . . . . . . . . . . . 23 6.1. Completion . . . . . . . . . . . . . . . . . . . . . . . 24
6.2. Connection . . . . . . . . . . . . . . . . . . . . . . . 23 6.2. Connection . . . . . . . . . . . . . . . . . . . . . . . 24
6.3. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 24 6.3. Contact . . . . . . . . . . . . . . . . . . . . . . . . . 25
6.4. Confirmation . . . . . . . . . . . . . . . . . . . . . . 24 6.4. Confirmation . . . . . . . . . . . . . . . . . . . . . . 25
7. Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 7. Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
7.1. Shared Classes . . . . . . . . . . . . . . . . . . . . . 25 7.1. Shared Classes . . . . . . . . . . . . . . . . . . . . . 26
7.1.1. Structure: PublicKey . . . . . . . . . . . . . . . . 25 7.1.1. Classes describing keys . . . . . . . . . . . . . . . 26
7.2. Mesh Assertion Objects . . . . . . . . . . . . . . . . . 25 7.1.2. Structure: PublicKey . . . . . . . . . . . . . . . . 26
7.2.1. Structure: Assertion . . . . . . . . . . . . . . . . 25 7.1.3. Structure: KeyComposite . . . . . . . . . . . . . . . 26
7.2.2. Structure: Condition . . . . . . . . . . . . . . . . 26 7.1.4. Structure: KeyOverlay . . . . . . . . . . . . . . . . 26
7.2.3. Structure: Profile . . . . . . . . . . . . . . . . . 26 7.1.5. Structure: EscrowedKeySet . . . . . . . . . . . . . . 26
7.2.4. Keyset Classes . . . . . . . . . . . . . . . . . . . 26 7.1.6. Structure: DeviceRecryptionKey . . . . . . . . . . . 27
7.2.5. Structure: EscrowedKeySet . . . . . . . . . . . . . . 26 7.2. Assertion classes . . . . . . . . . . . . . . . . . . . . 27
7.2.6. Profile Classes . . . . . . . . . . . . . . . . . . . 26 7.2.1. Structure: Assertion . . . . . . . . . . . . . . . . 27
7.2.7. Structure: ProfileMaster . . . . . . . . . . . . . . 26 7.2.2. Structure: Condition . . . . . . . . . . . . . . . . 27
7.2.8. Structure: ProfileDevice . . . . . . . . . . . . . . 27 7.2.3. Profile Classes . . . . . . . . . . . . . . . . . . . 27
7.2.9. Structure: ProfileApplication . . . . . . . . . . . . 27 7.2.4. Structure: Profile . . . . . . . . . . . . . . . . . 27
7.2.10. Structure: ProfileMesh . . . . . . . . . . . . . . . 27 7.2.5. Structure: ProfileMaster . . . . . . . . . . . . . . 28
7.2.11. Structure: ProfileMeshDevicePublic . . . . . . . . . 27 7.2.6. Structure: ProfileDevice . . . . . . . . . . . . . . 28
7.2.12. Structure: ProfileMeshDevicePrivate . . . . . . . . . 28 7.2.7. Structure: ProfileService . . . . . . . . . . . . . . 28
7.2.13. Structure: DeviceRecryptionKey . . . . . . . . . . . 28 7.2.8. Structure: ProfileAccount . . . . . . . . . . . . . . 29
7.3. Common Structures . . . . . . . . . . . . . . . . . . . . 28 7.2.9. Structure: ProfileGroup . . . . . . . . . . . . . . . 29
7.3.1. Structure: Permission . . . . . . . . . . . . . . . . 28 7.2.10. Structure: ProfileHost . . . . . . . . . . . . . . . 29
7.3.2. Structure: Contact . . . . . . . . . . . . . . . . . 29 7.2.11. Connection Classes . . . . . . . . . . . . . . . . . 29
7.3.3. Structure: Role . . . . . . . . . . . . . . . . . . . 30 7.2.12. Structure: Connection . . . . . . . . . . . . . . . . 29
7.3.4. Structure: Address . . . . . . . . . . . . . . . . . 30 7.2.13. Structure: Permission . . . . . . . . . . . . . . . . 30
7.3.5. Structure: Location . . . . . . . . . . . . . . . . . 30 7.2.14. Structure: ConnectionDevice . . . . . . . . . . . . . 30
7.3.6. Structure: Reference . . . . . . . . . . . . . . . . 31 7.2.15. Structure: ConnectionAccount . . . . . . . . . . . . 30
7.4. Catalog Entries . . . . . . . . . . . . . . . . . . . . . 31 7.2.16. Structure: ConnectionService . . . . . . . . . . . . 31
7.4.1. Structure: CatalogEntry . . . . . . . . . . . . . . . 31 7.2.17. Structure: ConnectionHost . . . . . . . . . . . . . . 31
7.4.2. Structure: CatalogEntryDevice . . . . . . . . . . . . 31 7.2.18. Structure: ConnectionApplication . . . . . . . . . . 31
7.4.3. Structure: CatalogEntryCredential . . . . . . . . . . 31 7.2.19. Activation Classes . . . . . . . . . . . . . . . . . 31
7.4.4. Structure: CatalogEntryNetwork . . . . . . . . . . . 32 7.2.20. Structure: Activation . . . . . . . . . . . . . . . . 31
7.4.5. Structure: CatalogEntryContact . . . . . . . . . . . 32 7.2.21. Structure: ActivationDevice . . . . . . . . . . . . . 31
7.4.6. Structure: CatalogEntryContactRecryption . . . . . . 32 7.2.22. Structure: ActivationAccount . . . . . . . . . . . . 32
7.4.7. Structure: CatalogEntryBookmark . . . . . . . . . . . 33 7.3. Cataloged items . . . . . . . . . . . . . . . . . . . . . 32
7.4.8. Structure: CatalogEntryTask . . . . . . . . . . . . . 33 7.3.1. Data Structures . . . . . . . . . . . . . . . . . . . 32
7.4.9. Structure: Task . . . . . . . . . . . . . . . . . . . 33 7.3.2. Structure: Contact . . . . . . . . . . . . . . . . . 32
7.4.10. Structure: CatalogEntryApplication . . . . . . . . . 34 7.3.3. Structure: Role . . . . . . . . . . . . . . . . . . . 33
7.4.11. Structure: CatalogEntryApplicationEntry . . . . . . . 34 7.3.4. Structure: Address . . . . . . . . . . . . . . . . . 34
7.4.12. Structure: CatalogEntryApplicationRecryption . . . . 34 7.3.5. Structure: Location . . . . . . . . . . . . . . . . . 34
7.4.13. Structure: CatalogEntryApplicationSSH . . . . . . . . 35 7.3.6. Structure: Reference . . . . . . . . . . . . . . . . 34
7.4.14. Structure: CatalogEntryApplicationMail . . . . . . . 35 7.3.7. Structure: Task . . . . . . . . . . . . . . . . . . . 35
7.4.15. Structure: CatalogEntryApplicationNetwork . . . . . . 35 7.4. Catalog Entries . . . . . . . . . . . . . . . . . . . . . 36
7.5. Messages . . . . . . . . . . . . . . . . . . . . . . . . 35 7.4.1. Structure: CatalogedEntry . . . . . . . . . . . . . . 36
7.5.1. Structure: MeshMessage . . . . . . . . . . . . . . . 35 7.4.2. Structure: CatalogedDevice . . . . . . . . . . . . . 36
7.5.2. Structure: MeshMessageComplete . . . . . . . . . . . 35 7.4.3. Structure: CatalogedCredential . . . . . . . . . . . 36
7.5.3. Structure: MessageConnectionRequest . . . . . . . . . 35 7.4.4. Structure: CatalogedNetwork . . . . . . . . . . . . . 37
7.5.4. Structure: MessageConnectionPIN . . . . . . . . . . . 36 7.4.5. Structure: CatalogedContact . . . . . . . . . . . . . 37
7.5.5. Structure: MessageContactRequest . . . . . . . . . . 36 7.4.6. Structure: CatalogedContactRecryption . . . . . . . . 37
7.5.6. Structure: MessageConfirmationRequest . . . . . . . . 36 7.4.7. Structure: CatalogedBookmark . . . . . . . . . . . . 38
7.5.7. Structure: MessageConfirmationResponse . . . . . . . 37 7.4.8. Structure: CatalogedTask . . . . . . . . . . . . . . 38
7.5.8. Structure: MessageTaskRequest . . . . . . . . . . . . 37 7.4.9. Structure: CatalogedApplication . . . . . . . . . . . 38
8. Security Considerations . . . . . . . . . . . . . . . . . . . 37 7.4.10. Structure: CatalogedApplicationAccount . . . . . . . 38
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 7.4.11. Structure: CatalogedMember . . . . . . . . . . . . . 39
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 37 7.4.12. Structure: CatalogedGroup . . . . . . . . . . . . . . 39
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 37 7.4.13. Structure: CatalogedApplicationSSH . . . . . . . . . 39
11.1. Normative References . . . . . . . . . . . . . . . . . . 37 7.4.14. Structure: CatalogedApplicationMail . . . . . . . . . 39
11.2. Informative References . . . . . . . . . . . . . . . . . 38 7.4.15. Structure: CatalogedApplicationNetwork . . . . . . . 39
11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 38 7.5. Messages . . . . . . . . . . . . . . . . . . . . . . . . 39
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 39 7.5.1. Structure: Message . . . . . . . . . . . . . . . . . 39
7.5.2. Structure: MessageComplete . . . . . . . . . . . . . 40
7.5.3. Structure: MessagePIN . . . . . . . . . . . . . . . . 40
7.5.4. Structure: RequestConnection . . . . . . . . . . . . 40
7.5.5. Structure: AcknowledgeConnection . . . . . . . . . . 41
7.5.6. Structure: RequestContact . . . . . . . . . . . . . . 41
7.5.7. Structure: RequestConfirmation . . . . . . . . . . . 41
7.5.8. Structure: ResponseConfirmation . . . . . . . . . . . 41
7.5.9. Structure: RequestTask . . . . . . . . . . . . . . . 42
8. Security Considerations . . . . . . . . . . . . . . . . . . . 42
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 42
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 42
11.1. Normative References . . . . . . . . . . . . . . . . . . 42
11.2. Informative References . . . . . . . . . . . . . . . . . 43
11.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 44
1. Introduction 1. Introduction
This document describes the data structures of the Mathematical Mesh This document describes the data structures of the Mathematical Mesh
with illustrative examples. For an overview of the Mesh objectives with illustrative examples. For an overview of the Mesh objectives
and architecture, consult the accompanying Architecture Guide and architecture, consult the accompanying Architecture Guide
[draft-hallambaker-mesh-architecture] . For information on the [draft-hallambaker-mesh-architecture] . For information on the
implementation of the Mesh Service protocol, consult the accompanying implementation of the Mesh Service protocol, consult the accompanying
Protocol Reference [draft-hallambaker-mesh-protocol] Protocol Reference [draft-hallambaker-mesh-protocol]
skipping to change at page 9, line 26 skipping to change at page 10, line 8
their Master Signature Key by either keeping it on hardware token or their Master Signature Key by either keeping it on hardware token or
device dedicated to that purpose or by using the escrow mechanism and device dedicated to that purpose or by using the escrow mechanism and
paper recovery keys as described in this document. paper recovery keys as described in this document.
Alice creates a ProfileMaster with one administration key and one Alice creates a ProfileMaster with one administration key and one
master escrow key: master escrow key:
{ {
"ProfileMaster":{ "ProfileMaster":{
"KeySignature":{ "KeySignature":{
"UDF":"MBYS-BF7J-OCV2-42M6-BWTH-2QUK-FZG3", "UDF":"MD2T-3WE6-TJAM-QU3C-CXGM-4EW4-4QDM",
"PublicParameters":{ "PublicParameters":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed448", "crv":"Ed448",
"Public":"eBYEyA6nN0BQKFJcY7kg8f4_kVGP2GmC1F_tzhLwe0oH1so "Public":"6tf8ETiZMzYUV5jKr7ulaQ1CGbjSYdX96cnO2U1x5Th7Ti0
qG8OEtKrm5rkyvs87aBTXC4Fjt3wA"}}}, uLxBxye-MndfsE-vpRsLRN_YRK5wA"}}},
"OnlineSignatureKeys":[{ "OnlineSignatureKeys":[{
"UDF":"MDJS-HG6T-W3TE-UZKO-LDBY-5TGM-TAGT", "UDF":"MBYZ-ZDEG-JJO5-TT3I-EQW7-UHR3-BJIC",
"PublicParameters":{ "PublicParameters":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed448", "crv":"Ed448",
"Public":"4zqbLuaOBu6Y7ywkuLzGiEW3NVRo65vX6KXUaogizo9ob "Public":"V21s-AnlqkjJRhqMPvkP5nQVuh3DvplM5E-Me5YIs2dua
DLWFdLjqLm1vozc6BYCkfbPCOq1VniA"}}} tKxZ_lo3QhEGUwcY6WGUe_hoFmSeI8A"}}}
], ],
"KeyEncryption":{ "KeyEncryption":{
"UDF":"MDAK-ZLB4-ESKG-IDKP-OSKE-OHOS-IOFP", "UDF":"MCPD-GBBJ-BD6T-W6KJ-VUDI-ME2X-SUYQ",
"PublicParameters":{ "PublicParameters":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed448", "crv":"Ed448",
"Public":"rOwpwjCoC20VCiaeYIJdMG5HehxtZ4LRIjexuLE04j4DVZG "Public":"QliMGBmB6ovzmR3TH0l4Li_PKgmD4rcpODhl_tk7ICi5ZZf
y-zBmsRlQt6ra4ml1-66qVfzFt9QA"}}}}} pxH7zVCjDdS_DqmyaK5CPwcTwGHOA"}}}}}
4.1.1.1. Creating a ProfileMaster 4.1.1.1. Creating a ProfileMaster
Creating a ProfileMaster comprises the steps of: Creating a ProfileMaster comprises the steps of:
1. Creating a Master Signature key. 1. Creating a Master Signature key.
2. Creating an Online Signing Key 2. Creating an Online Signing Key
3. Signing the ProfileMaster using the Master Signature Key 3. Signing the ProfileMaster using the Master Signature Key
skipping to change at page 11, line 48 skipping to change at page 12, line 26
trustworthy and the administration device creates key contributions trustworthy and the administration device creates key contributions
to be added to the device keys to establish the key set to be used in to be added to the device keys to establish the key set to be used in
the context of the user's personal Mesh: the context of the user's personal Mesh:
$$$$ Empty $$$$ $$$$ Empty $$$$
The resulting key set is specified in the device connection: The resulting key set is specified in the device connection:
$$$$ Empty $$$$ $$$$ Empty $$$$
All the above are combined to form the CatalogEntryDevice entry: All the above are combined to form the CatalogedDevice entry:
{ {
"CatalogEntryDevice":{ "CatalogedDevice":{
"UDF":"MBRF-BFUO-R765-3KQP-DXNK-TOGV-65YA", "UDF":"MCJW-G2VQ-OM3B-REPM-RRGA-MSIR-BWPH",
"DeviceUDF":"MDBS-UDDJ-FKMR-FY3G-NT75-KREE-7GOM", "DeviceUDF":"MDUU-IVIN-GB7X-AXYV-PZT4-WICV-UPDU",
"EnvelopedProfileDevice":[{ "EnvelopedProfileDevice":[{
"dig":"S512", "dig":"S512",
"cty":"application/mmm"}, "cty":"application/mmm"},
"ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIktleVNpZ25hdHVyZSI6IHsK "ewogICJQcm9maWxlRGV2aWNlIjogewogICAgIktleVNpZ25hdHVyZSI6IHsK
ICAgICAgIlVERiI6ICJNREJTLVVEREotRktNUi1GWTNHLU5UNzUtS1JFRS03R09NI ICAgICAgIlVERiI6ICJNRFVVLUlWSU4tR0I3WC1BWFlWLVBaVDQtV0lDVi1VUERVI
iwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleU iwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleU
VDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJ VDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJ
saWMiOiAiZnFOQWFLMEJ1WU9PeDhkV0dzc1gyWkZCeGF1bjlZZlMtNS1QTWR0b3c0 saWMiOiAiU21BNGlFZElrQWpmaFpack1zcmRqb2U4cEMtZWNXTTJzVVZ0UlVqdmhC
emJTLS0weGJmdQogIGxkbGxBTlVFQkl1ajJoWjY3RUl4WlZNQSJ9fX0sCiAgICAiS Skp0SVQxeGhZZwogIHNSMGp2dHpjREc0U0FVXzIzOGFrSktHQSJ9fX0sCiAgICAiS
2V5RW5jcnlwdGlvbiI6IHsKICAgICAgIlVERiI6ICJNRFJNLVdCUk4tNDJQUS1WRD 2V5RW5jcnlwdGlvbiI6IHsKICAgICAgIlVERiI6ICJNQjJVLVFTTU8tUjNDWC0yMz
RGLVlWSDItRklaNy1HRkVHIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiA Q1LUNSR04tUlVWQy1QNlJPIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiA
gICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4 gICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4
IiwKICAgICAgICAgICJQdWJsaWMiOiAiRldJckRPNUdnRVVwTnE3YWpjTEx0VVk5V IiwKICAgICAgICAgICJQdWJsaWMiOiAibDIzaEZDYld6czZXektLdUFqUENqRU1Uc
XloMC1qaTF5a0RYcHZxZjhXenA2dHo3UzQxZgogIHl4Nzc3X0pyanpzTURKUGZfWE Xh2a0s4NnJvZTVIYnNodkxiR0RwRWRiU0RoMwogIDJaM0tBT0Ntck9lc1plNG4xTD
Z6TlphQSJ9fX0sCiAgICAiS2V5QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVREY RvR1d5QSJ9fX0sCiAgICAiS2V5QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVREY
iOiAiTUQ3NC1RUVBBLUlOQVUtWVRKTi1FTFlVLVZQN0QtTlpRRCIsCiAgICAgICJQ iOiAiTUE1Ni01UEtLLVhNUUUtQk5QQi1EUVdYLVlYQVUtVEhXTSIsCiAgICAgICJQ
dWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogI dWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogI
CAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogImd0X3 CAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogImxxRW
gzbERmR0ppaTFCRVVmU09KRlQwSFNob1U4T1hzZFd6Sm9XT3UyRTRiUTFiWWxpZks 9CY0JsT2MyZkEwbTZCWHFOQWFiRTRYdGlpNl95Uk81cmhyTHNWYjhMRFFoRnp6czY
KICBsR1VWdTNsX2hzV0p6UTdsRUNZNG9ZcUEifX19fX0", KICA0ZnBDOGN3THhEa25SMmhPOW5JZmFGV0EifX19fX0",
{ {
"signatures":[{ "signatures":[{
"signature":"U6l-ZRptqcZuU3f5YnQ3ziYIki3R6M1SSTxE8Ybpni "signature":"-NgfL9E2XWL_UmXflEualUnQVZ7JQN0ghz9j5qNh0L
gTkTV7wUz8OZtEtsuAKTch9U8yh74ymXGAN40GofhMoOVocwcB-mcrcmsgQt5IEvH NzdtA7vW78-i9o2P-K4qJDG0fZPCGQinSAKyDcMAwfzJjk7dz_ThVqtFt1YsQjqag
7TS7G4bLCbQA8_9irpYW7XMXh8c94RaayLwH6yRn43ysA"} J2tgJcggDdqdsXjBxiNeeG3Xt5tiyuR82gs8GuRTU6iEA"}
], ],
"PayloadDigest":"otiC41Z57sm74AZt4z81_09sgWbigOXzXBJsJbom0a "PayloadDigest":"W8XhV5Zk0LvNs3D1ol8vzgKbiOh4aU1jKvfjkiFEdO
Dx9TK02RTfkQ_6s0paCD3-yt1cI2uYt499mSJwh9CZ-g"} aixzXeVszW-N6fb7K59KwGjowl-MbSblmZwek0ISwkPw"}
], ],
"EnvelopedDeviceConnection":[{ "EnvelopedDeviceConnection":[{
"dig":"S512"}, "dig":"S512"},
"ewogICJBc3NlcnRpb25EZXZpY2VDb25uZWN0aW9uIjogewogICAgIktleVNp "ewogICJDb25uZWN0aW9uRGV2aWNlIjogewogICAgIktleVNpZ25hdHVyZSI6
Z25hdHVyZSI6IHsKICAgICAgIlVERiI6ICJNQlJGLUJGVU8tUjc2NS0zS1FQLURYT IHsKICAgICAgIlVERiI6ICJNQ0pXLUcyVlEtT00zQi1SRVBNLVJSR0EtTVNJUi1CV
kstVE9HVi02NVlBIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgIC 1BIIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0
AgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICA tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJ
gICAgICAgICJQdWJsaWMiOiAiNEhQRHJGSTBmNjJlOElpSzJzSVhDQkdzaWljMHow QdWJsaWMiOiAic2VUQzFkcHFzSmJvVGNRZldyMk9WZlRXME1tSEtzSW1YZ0RGUWg2
Y2IyVER2MThwZFRKOG4xX1JEeHhKaQogIG5HUDR0YkxCRkc4ejVfQXp3dHJzcG9hQ dzYzaHA5b0R5aUlaSAogIFpCMUxVUkdQYmJTWlNPeU9wZFdjalRNQSJ9fX0sCiAgI
SJ9fX0sCiAgICAiS2V5RW5jcnlwdGlvbiI6IHsKICAgICAgIlVERiI6ICJNRFkyLV CAiS2V5RW5jcnlwdGlvbiI6IHsKICAgICAgIlVERiI6ICJNQUZTLTdKNVYtVEZHVy
NWNkEtRFgzNi03WjJELVJNTEEtMkdZRC1RU0UyIiwKICAgICAgIlB1YmxpY1BhcmF 0yVU5VLUhPRkgtVVVDWC1TUURTIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB
tZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAi 7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVk
Y3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiZGRvN1FGdGRWTndiX NDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiTGZQYmN6QzlHWE5TZ0FDcUNiajhjR
2d0T1Q4cjQ0YUhvbUp4UFowY2k2aHZrTlU0WjVnNmRJMHBaNGkxQQogIGJwZ2FHT0 Gpad2NTbFJnQXlFcHZ6VkpqczZDSFIzVTRtSTZrQgogIHhPdHFhSnRqYXdPWUU3VF
txRWJkWE5Gcy1zNlNGUkNDQSJ9fX0sCiAgICAiS2V5QXV0aGVudGljYXRpb24iOiB 8teWF3elBJQSJ9fX0sCiAgICAiS2V5QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJ
7CiAgICAgICJVREYiOiAiTUNJRy1YT1E2LUFUNkctU1FYQS1QQlZFLUgyM0ctNFNF VREYiOiAiTUJLUi1KWUFBLVBSQUctQzRXRi1OQVZOLVBGQ1gtWjROQyIsCiAgICAg
WSIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZ ICJQdWJsaWNQYXJhbWV0ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjoge
XlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUH wogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUHVibGljIjogIl
VibGljIjogIndyUkxuaDdCOThiZDdCWm9wSU1CODNsSE5iR2tCVUJLelhaanIwMmh lLQkJrcDRQM1hXeWJSOXdJOWZRVnRhVkszVFd6VDFlWmJPRkFPV3B6aEgxQk9jZUF
CV05jVFg3UTYtLWsKICBSNGNsSV9iVU1HbUVaazllbkpMN2d2S0EifX19fX0", IWkYKICBEVms4LVBia2ZHXy1CdlJ2aHlBQkF4T0EifX19fX0",
{ {
"signatures":[{ "signatures":[{
"signature":"_iPhuGpv8Xh039rEoXIuyVxy_A8ZwYZpd6CerkRZKD "signature":"d8gUnGPwRtZKdyBnThHpUh1ESYliLPQZvC-qeficln
vMb7MB4rofIuDlBvqyPkxmhmDHhYojNJMAUTUAPGtWLkDh8RVIXCatF9bGFsai1pc VHRiq-1RvRnWAgadJOlRYW04QYK5pizZMAT9pylsUK62GBGA_tu8Apwg0pTK6xj0G
0CeppVc6rMRirGu4SkaGrntQ7pAflO1xCxb-71ezguAcA"} dSfkJ78NEpDOR3O38n4F9D-IE-81a-WG-L5_Qbld61hEA"}
], ],
"PayloadDigest":"BNkv4-z9EagIVTM0ogNIIPbB7_9PPObDt7CQEwv0yp "PayloadDigest":"Scv0WGuY6U3GYyMy2qMiBc5v7EsOVB810rPu3AySsS
zf_I2aUHffg12gH4owdH7xcVh7AHvKI-FVCwvxElHVag"} RIQdWtcHhhB1PTOpzgM5ZQ5X3Qu3tXBRAUxt1njjqigw"}
], ],
"EnvelopedDevicePrivate":[{ "EnvelopedDevicePrivate":[{
"enc":"none", "enc":"none",
"Salt":"jUuy9EkwLkMF-l0KDVG-QA", "Salt":"gEuaSalW-btwSy3NHNmQpQ",
"cty":"application/mmm", "cty":"application/mmm",
"recipients":[{ "recipients":[{
"kid":"MDRM-WBRN-42PQ-VD4F-YVH2-FIZ7-GFEG", "kid":"MB2U-QSMO-R3CX-2345-CRGN-RUVC-P6RO",
"epk":{ "epk":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed448", "crv":"Ed448",
"Public":"Uf3BoP6qJayi3nNelfefiQ5R_YP1boOdq-Gj86Skk "Public":"Kru-0xMtVd_TgTLeJPZtN9v07AgVSmggEwihL9M2i
hmTpyCiDkI8lLNIWDrFrxdahMhuYyYEComA"}}, 14UOjdjo4e3gmKeGzuuOGjfh0VsNI10GekA"}},
"wmk":"pqampqampqY"}, "wmk":"pqampqampqY"},
{ {
"kid":"MDAK-ZLB4-ESKG-IDKP-OSKE-OHOS-IOFP", "kid":"MCPD-GBBJ-BD6T-W6KJ-VUDI-ME2X-SUYQ",
"epk":{ "epk":{
"PublicKeyECDH":{ "PublicKeyECDH":{
"crv":"Ed448", "crv":"Ed448",
"Public":"jKmoG_Z8Tlr2IkhA_65dgAAhPCk1MtS9mfRk97Ux8 "Public":"6MunD0GIT65WFZQ0Eqwd_yzAPQJWN13q4FVxzphaZ
5AbfwKn4Gi6eJxphdPGRbzsGc74J5VB6SSA"}}, IJZv1lLPANhKRClPx_T-Q0Tnmt2ruRqp0-A"}},
"wmk":"pqampqampqY"} "wmk":"pqampqampqY"}
]}, ]},
"ewogICJBc3NlcnRpb25EZXZpY2VQcml2YXRlIjogewogICAgIktleVNpZ25h "ewogICJBY3RpdmF0aW9uRGV2aWNlIjogewogICAgIktleVNpZ25hdHVyZSI6
dHVyZSI6IHsKICAgICAgIlVERiI6ICJNQlJGLUJGVU8tUjc2NS0zS1FQLURYTkstV IHsKICAgICAgIlVERiI6ICJNQ0pXLUcyVlEtT00zQi1SRVBNLVJSR0EtTVNJUi1CV
E9HVi02NVlBIiwKICAgICAgIkJhc2VVREYiOiAiTURCUy1VRERKLUZLTVItRlkzRy 1BIIiwKICAgICAgIkJhc2VVREYiOiAiTURVVS1JVklOLUdCN1gtQVhZVi1QWlQ0LV
1OVDc1LUtSRUUtN0dPTSIsCiAgICAgICJPdmVybGF5IjogewogICAgICAgICJQcml dJQ1YtVVBEVSIsCiAgICAgICJPdmVybGF5IjogewogICAgICAgICJQcml2YXRlS2V
2YXRlS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAg 5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlBy
ICAgIlByaXZhdGUiOiAiOE1nZUducXBrVjdMd3NNcW5LbHQtY24zTktFd2ZBeHpBM aXZhdGUiOiAiU08xMzVaaDhGT3B4SWctTmtibDBVTTVZSjQxUl9oZEtGWGVfR1UzS
TVGR2cxWmVsSjJfdnhTRVNmCiAgQmRfa2g0OHFPeEpUMFNxQnNMd01tU0tZIn19fS XJscU12LU5DaTVyCiAgX3FuQXhfMFVGQVV6OVBZTmFfb2lGanIwIn19fSwKICAgIC
wKICAgICJLZXlFbmNyeXB0aW9uIjogewogICAgICAiVURGIjogIk1EWTItU1Y2QS1 JLZXlFbmNyeXB0aW9uIjogewogICAgICAiVURGIjogIk1BRlMtN0o1Vi1URkdXLTJ
EWDM2LTdaMkQtUk1MQS0yR1lELVFTRTIiLAogICAgICAiQmFzZVVERiI6ICJNRFJN VTlUtSE9GSC1VVUNYLVNRRFMiLAogICAgICAiQmFzZVVERiI6ICJNQjJVLVFTTU8t
LVdCUk4tNDJQUS1WRDRGLVlWSDItRklaNy1HRkVHIiwKICAgICAgIk92ZXJsYXkiO UjNDWC0yMzQ1LUNSR04tUlVWQy1QNlJPIiwKICAgICAgIk92ZXJsYXkiOiB7CiAgI
iB7CiAgICAgICAgIlByaXZhdGVLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6IC CAgICAgIlByaXZhdGVLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZDQ0OC
JFZDQ0OCIsCiAgICAgICAgICAiUHJpdmF0ZSI6ICJrOTR1UUQxSXUwcnd6UkNrU3h IsCiAgICAgICAgICAiUHJpdmF0ZSI6ICJQTGpZLUJrbVVwUTZBb1JaVWJDbnNlekZ
3cWJHNDU3R1Rka1pmSF9HQXJqZS1UUmZLZTdkd0oyWTIKICBBYU9lb1g5X2VpWE5D IVkY2b29yQlU0TFI4OTNjTlFLbmZIZVk1VnkKICBMdVNYMXlReHpyNXFxbnhYand6
UEZIQ2xvS1ZFUE0ifX19LAogICAgIktleUF1dGhlbnRpY2F0aW9uIjogewogICAgI VDJZMmMifX19LAogICAgIktleUF1dGhlbnRpY2F0aW9uIjogewogICAgICAiVURGI
CAiVURGIjogIk1DSUctWE9RNi1BVDZHLVNRWEEtUEJWRS1IMjNHLTRTRVkiLAogIC jogIk1CS1ItSllBQS1QUkFHLUM0V0YtTkFWTi1QRkNYLVo0TkMiLAogICAgICAiQm
AgICAiQmFzZVVERiI6ICJNRDc0LVFRUEEtSU5BVS1ZVEpOLUVMWVUtVlA3RC1OWlF FzZVVERiI6ICJNQTU2LTVQS0stWE1RRS1CTlBCLURRV1gtWVhBVS1USFdNIiwKICA
EIiwKICAgICAgIk92ZXJsYXkiOiB7CiAgICAgICAgIlByaXZhdGVLZXlFQ0RIIjog gICAgIk92ZXJsYXkiOiB7CiAgICAgICAgIlByaXZhdGVLZXlFQ0RIIjogewogICAg
ewogICAgICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUHJpdmF0ZSI6I ICAgICAgImNydiI6ICJFZDQ0OCIsCiAgICAgICAgICAiUHJpdmF0ZSI6ICJLZzFlM
CJkUmhudWJOa1o3ekFMdWlBR2FWWExlWE1JNVRFNDMwejZWWk1sTjRnSTBDZFVLSk Dc5MDBNOHdpemxJR0ItUVR2WVpDNXBDaVlVSFlqeUN6a0h1M1cxeGtmYnFMNGcKIC
0yLUMKICBHU3VMTGVQQUltOUw5TktneldaTUNEVU0ifX19fX0" BKcTFPckNIX1pNaDF3SFl3M21HdVB0MlUifX19fX0"
]}} ]}}
The derivation of the Connection encryption and signature keys from The derivation of the Connection encryption and signature keys from
the Profile and Private contributions in this example is shown in the Profile and Private contributions in this example is shown in
[draft-hallambaker-mesh-cryptography] . [draft-hallambaker-mesh-cryptography] .
4.1.2.1. Creating a ProfileDevice 4.1.2.1. Creating a ProfileDevice
Creating a ProfileDevice comprises the steps of: Creating a ProfileDevice comprises the steps of:
skipping to change at page 22, line 15 skipping to change at page 23, line 5
5.4. Credential 5.4. Credential
The credential catalog contains CatalogEntryCredential entries which The credential catalog contains CatalogEntryCredential entries which
describe credentials used to access network resources. describe credentials used to access network resources.
Only username/password credentials are stored in the credential Only username/password credentials are stored in the credential
catalog. If public key credentials are to be used, these SHOULD catalog. If public key credentials are to be used, these SHOULD
be managed as an application profile allowing separate credentials be managed as an application profile allowing separate credentials
to be created for each device. to be created for each device.
$$$$ Empty $$$$ {
"CatalogedCredential":{
"Service":"ftp.example.com",
"Username":"alice1",
"Password":"newpassword"}}
5.5. Bookmark 5.5. Bookmark
The bookmark catalog contains CatalogEntryBookmark entries which The bookmark catalog contains CatalogEntryBookmark entries which
describe Web bookmarks and other citations allowing them to be shared describe Web bookmarks and other citations allowing them to be shared
between devices connected to the profile. between devices connected to the profile.
The fields currently supported by the Bookmarks catalog are currently The fields currently supported by the Bookmarks catalog are currently
limited to the fields required for tracking Web bookmarks. limited to the fields required for tracking Web bookmarks.
Specification of additional fields to track full academic citations Specification of additional fields to track full academic citations
is a work in progress. is a work in progress.
$$$$ Empty $$$$ {
"CatalogedBookmark":{
"Uri":"http://example.net/Bananas",
"Title":"\"Banana",
"Path":"Folder1/2"}}
5.6. Task 5.6. Task
The Task catalog contains CatalogEntryTask entries which describe The Task catalog contains CatalogEntryTask entries which describe
tasks assigned to the user including calendar entries and to do tasks assigned to the user including calendar entries and to do
lists. lists.
The fields of the task catalog currently reflect those offered by the The fields of the task catalog currently reflect those offered by the
iCalendar specification [RFC5545] . Specification of additional iCalendar specification [RFC5545] . Specification of additional
fields to allow task triggering on geographic location and/or fields to allow task triggering on geographic location and/or
completion of other tasks is a work in progress. completion of other tasks is a work in progress.
$$$$ Empty $$$$ {
"CatalogedTask":{
"Key":"CalID1"}}
5.7. Network 5.7. Network
The network catalog contains CatalogEntryNetwork entries which The network catalog contains CatalogEntryNetwork entries which
describe network settings, IPSEC and TLS VPN configurations, etc. describe network settings, IPSEC and TLS VPN configurations, etc.
$$$$ Empty $$$$ {
"CatalogedTask":{
"Key":"NetID2"}}
6. Mesh Messages 6. Mesh Messages
All communications between Mesh accounts takes the form of a Mesh All communications between Mesh accounts takes the form of a Mesh
Message carried in a Dare Envelope. Mesh Messages are stored in two Message carried in a Dare Envelope. Mesh Messages are stored in two
spools associated with the account, the SpoolOutbound and the spools associated with the account, the SpoolOutbound and the
SpoolInbound containing the messages sent and received respectively. SpoolInbound containing the messages sent and received respectively.
This document only describes the representation of the messages This document only describes the representation of the messages
within the message spool. The Mesh Service protocol by which the within the message spool. The Mesh Service protocol by which the
skipping to change at page 25, line 17 skipping to change at page 26, line 17
authorized to respond to confirmation requests by a Device Connection authorized to respond to confirmation requests by a Device Connection
Assertion with the Confirmation privilege. Assertion with the Confirmation privilege.
[NYI] [NYI]
7. Schema 7. Schema
7.1. Shared Classes 7.1. Shared Classes
The following classes are used as common elements in Mesh profile The following classes are used as common elements in Mesh profile
specifications.a specifications.
7.1.1. Structure: PublicKey 7.1.1. Classes describing keys
7.1.2. Structure: PublicKey
The PublicKey class is used to describe public key pairs and trust The PublicKey class is used to describe public key pairs and trust
assertions associated with a public key. assertions associated with a public key.
UDF: String (Optional) UDF fingerprint of the public key parameters/ UDF: String (Optional) UDF fingerprint of the public key parameters/
X509Certificate: Binary (Optional) List of X.509 Certificates X509Certificate: Binary (Optional) List of X.509 Certificates
X509Chain: Binary [0..Many] X.509 Certificate chain. X509Chain: Binary [0..Many] X.509 Certificate chain.
X509CSR: Binary (Optional) X.509 Certificate Signing Request. X509CSR: Binary (Optional) X.509 Certificate Signing Request.
7.2. Mesh Assertion Objects 7.1.3. Structure: KeyComposite
Base class for all Mesh Assertion objects. Service: String (Optional) Service holding the additional
contribution
7.1.4. Structure: KeyOverlay
UDF: String (Optional) Fingerprint of the resulting composite key
(to allow verification)
BaseUDF: String (Optional) Fingerprint specifying the base key
7.1.5. Structure: EscrowedKeySet
A set of escrowed keys.
[No fields]
7.1.6. Structure: DeviceRecryptionKey
UDF: String (Optional) The fingerprint of the encryption key
RecryptionKey: PublicKey (Optional) The recryption key
EnvelopedRecryptionKeyDevice: DareEnvelope (Optional) The decryption
key encrypted under the user's device key.
7.2. Assertion classes
Classes that are derived from an assertion.
7.2.1. Structure: Assertion 7.2.1. Structure: Assertion
Parent class from which all assertion classes are derived Parent class from which all assertion classes are derived
Names: String [0..Many] Fingerprints of index terms for profile Names: String [0..Many] Fingerprints of index terms for profile
retrieval. The use of the fingerprint of the name rather than the retrieval. The use of the fingerprint of the name rather than the
name itself is a precaution against enumeration attacks and other name itself is a precaution against enumeration attacks and other
forms of abuse. forms of abuse.
skipping to change at page 26, line 11 skipping to change at page 27, line 40
NotaryToken: String (Optional) A Uniform Notary Token providing NotaryToken: String (Optional) A Uniform Notary Token providing
evidence that a signature was performed after the notary token was evidence that a signature was performed after the notary token was
created. created.
7.2.2. Structure: Condition 7.2.2. Structure: Condition
Parent class from which all condition classes are derived. Parent class from which all condition classes are derived.
[No fields] [No fields]
7.2.3. Structure: Profile 7.2.3. Profile Classes
Inherits: Assertion
Parent class from which all profile classes are derived
SignatureKey: PublicKey (Optional) The signature key associated with Profiles are self signed assertions.
the profile.
7.2.4. Keyset Classes 7.2.4. Structure: Profile
7.2.5. Structure: EscrowedKeySet Inherits: Assertion
A set of escrowed keys. Parent class from which all profile classes are derived
[No fields] KeySignature: PublicKey (Optional) The permanent signature key used
to sign the profile itself. The UDF of the key is used as the
permanent object identifier of the profile. Thus, by definition,
the KeySignature value of a Profile does not change under any
circumstance. The only case in which a
7.2.6. Profile Classes OnlineSignatureKeys: PublicKey [0..Many] A Personal profile contains
at least one OSK which is used to sign device administration
application profiles.
7.2.7. Structure: ProfileMaster 7.2.5. Structure: ProfileMaster
Inherits: Profile Inherits: Profile
Describes the long term parameters associated with a personal Describes the long term parameters associated with a personal
profile. profile.
This profile MUST be signed by
MasterSignatureKey: PublicKey (Optional) The root of trust for the
Personal PKI, the public key of the PMSK is presented as a self-
signed X.509v3 certificate with Certificate Signing use enabled.
The PMSK is used to sign certificates for the PMEK, POSK and PKEK
keys.
MasterEscrowKeys: PublicKey [0..Many] A Personal Profile MAY contain MasterEscrowKeys: PublicKey [0..Many] A Personal Profile MAY contain
one or more PMEK keys to enable escrow of private keys used for one or more PMEK keys to enable escrow of private keys used for
stored data. stored data.
OnlineSignatureKeys: PublicKey [0..Many] A Personal profile contains KeyEncryption: PublicKey (Optional) Key used to pass encrypted data
at least one OSK which is used to sign device administration to the device such as a DeviceUseEntry
application profiles.
7.2.8. Structure: ProfileDevice 7.2.6. Structure: ProfileDevice
Inherits: Profile Inherits: Profile
Describes a mesh device. Describes a mesh device.
This profile MUST be signed by the DeviceSignatureKey
Description: String (Optional) Description of the device Description: String (Optional) Description of the device
DeviceSignatureKey: PublicKey (Optional) Key used to sign KeyEncryption: PublicKey (Optional) Key used to pass encrypted data
certificates for the DAK and DEK. The fingerprint of the DSK is to the device such as a DeviceUseEntry
the UniqueID of the Device Profile
DeviceAuthenticationKey: PublicKey (Optional) Key used to
authenticate requests made by the device.
DeviceEncryptionKey: PublicKey (Optional) Key used to pass encrypted KeyAuthentication: PublicKey (Optional) Key used to authenticate
data to the device such as a DeviceUseEntry requests made by the device.
7.2.9. Structure: ProfileApplication 7.2.7. Structure: ProfileService
Inherits: Profile Inherits: Profile
Contains the public description of a Mesh application. Profile of a Mesh Service
[No fields] AuthenticationKey: PublicKey (Optional) Key used to authenticate
service connections.
7.2.10. Structure: ProfileMesh 7.2.8. Structure: ProfileAccount
Inherits: ProfileApplication Inherits: Profile
Contains the binding of a device to a MasterProfile. Each device has Account assertion. This is signed by the service hosting the
a separate profile which MUST be signed by an OnlineSignatureKey account.
Account: String (Optional) Account address. ServiceIDs: String [0..Many] Service address(es).
MasterProfile: DareEnvelope (Optional) Master profile of the account MeshProfileUDF: String (Optional) Master profile of the account
being registered. being registered.
AccountEncryptionKey: PublicKey (Optional) Key used to encrypt data AccountEncryptionKey: PublicKey (Optional) Key used to encrypt data
under this profile under this profile
7.2.11. Structure: ProfileMeshDevicePublic 7.2.9. Structure: ProfileGroup
Inherits: ProfileApplication
Inherits: ProfileApplication Inherits: Profile
DeviceProfile: DareEnvelope (Optional) Device profile of the device
making the request.
Permissions: Permission [0..Many] List of the permissions that the Describes a group. Note that while a group is created by one person
device has been granted. who becomes its first administrator, control of the group may pass to
other administrators over time.
7.2.12. Structure: ProfileMeshDevicePrivate [No fields]
Inherits: ProfileApplication 7.2.10. Structure: ProfileHost
Inherits: ProfileApplication Inherits: Profile
Permissions: Permission [0..Many] List of the permissions that the Inherits: Profile
device has been granted.
ProfileNonce: Binary (Optional) Random nonce used to mask the KeyAuthentication: PublicKey (Optional) Key used to authenticate
fingerprint of the profile UDF. service connections.
ProfileWitness: Binary (Optional) Witness value calculated over the 7.2.11. Connection Classes
ProfileNonce and profile UDF
7.2.13. Structure: DeviceRecryptionKey 7.2.12. Structure: Connection
UDF: String (Optional) The fingerprint of the encryption key Inherits: Assertion
RecryptionKey: PublicKey (Optional) The recryption key Inherits: Assertion
DeviceRecryptionKeyEncrypted: DareEnvelope (Optional) The decryption SubjectUDF: String (Optional) UDF of the connection target.
key encrypted under the user's device key.
7.3. Common Structures AuthorityUDF: String (Optional) UDF of the connection source.
7.3.1. Structure: Permission 7.2.13. Structure: Permission
Name: String (Optional) Name: String (Optional)
Name: String (Optional) Name: String (Optional)
Role: String (Optional) Role: String (Optional)
Role: String (Optional) Role: String (Optional)
Capabilities: DareEnvelope (Optional) Keys or key contributions Capabilities: DareEnvelope (Optional) Keys or key contributions
enabling the operation to be performed enabling the operation to be performed
7.2.14. Structure: ConnectionDevice
Inherits: Connection
Inherits: Connection
Permissions: Permission [0..Many] List of the permissions that the
device has been granted.
KeySignature: PublicKey (Optional) The signature key for use of the
device under the profile
KeyEncryption: PublicKey (Optional) The encryption key for use of
the device under the profile
KeyAuthentication: PublicKey (Optional) The authentication key for
use of the device under the profile
7.2.15. Structure: ConnectionAccount
Inherits: Connection
Inherits: Connection
Permissions: Permission [0..Many] List of the permissions that the
device has been granted.
KeySignature: PublicKey (Optional) The signature key for use of the
device under the profile
KeyEncryption: PublicKey (Optional) The encryption key for use of
the device under the profile
KeyAuthentication: PublicKey (Optional) The authentication key for
use of the device under the profile
7.2.16. Structure: ConnectionService
Inherits: Connection
[No fields]
7.2.17. Structure: ConnectionHost
Inherits: Connection
[No fields]
7.2.18. Structure: ConnectionApplication
Inherits: Connection
[No fields]
7.2.19. Activation Classes
7.2.20. Structure: Activation
Inherits: Assertion
Contains the private activation information for a Mesh application
running on a specific device
[No fields]
7.2.21. Structure: ActivationDevice
Inherits: Assertion
Inherits: Assertion
EnvelopedAssertionDeviceConnection: DareEnvelope (Optional) The
signed AssertionDeviceConnection.
KeySignature: KeyOverlay (Optional) The key overlay used to generate
the account signature key from the device signature key
KeyEncryption: KeyOverlay (Optional) The key overlay used to
generate the account encryption key from the device encryption key
KeyAuthentication: KeyOverlay (Optional) The key overlay used to
generate the account authentication key from the device
authentication key
7.2.22. Structure: ActivationAccount
Inherits: Activation
Inherits: Activation
AccountUDF: String (Optional) The UDF of the account
EnvelopedAssertionAccountConnection: DareEnvelope (Optional) The
account connection assertion
KeyEncryption: KeyComposite (Optional) The key contribution for the
decryption key for the device. NB this is NOT an overlay on the
device signature key, it is an overlay on the corresponding
recryption key.
KeyAuthentication: KeyOverlay (Optional) The key overlay used to
generate the account authentication key from the device
authentication key
KeySignature: KeyOverlay (Optional) The key overlay used to generate
the account signature key from the device signature key
7.3. Cataloged items
7.3.1. Data Structures
Classes describing data used in cataloged data.
7.3.2. Structure: Contact 7.3.2. Structure: Contact
Identifier: String (Optional) Inherits: Assertion
Identifier: String (Optional) Inherits: Assertion
Account: String (Optional) Identifier: String (Optional)
Account: String (Optional) Identifier: String (Optional)
FullName: String (Optional) FullName: String (Optional)
FullName: String (Optional) FullName: String (Optional)
Title: String (Optional) Title: String (Optional)
Title: String (Optional) Title: String (Optional)
First: String (Optional) First: String (Optional)
skipping to change at page 29, line 43 skipping to change at page 33, line 22
Last: String (Optional) Last: String (Optional)
Suffix: String (Optional) Suffix: String (Optional)
Suffix: String (Optional) Suffix: String (Optional)
Labels: String [0..Many] Labels: String [0..Many]
Labels: String [0..Many] Labels: String [0..Many]
AssertionAccounts: ProfileAccount [0..Many]
AssertionAccounts: ProfileAccount [0..Many]
Addresses: Address [0..Many] Addresses: Address [0..Many]
Addresses: Address [0..Many] Addresses: Address [0..Many]
Locations: Location [0..Many] Locations: Location [0..Many]
Locations: Location [0..Many] Locations: Location [0..Many]
Roles: Role [0..Many] Roles: Role [0..Many]
skipping to change at page 31, line 16 skipping to change at page 35, line 5
MessageID: String (Optional) The received message to which this is a MessageID: String (Optional) The received message to which this is a
response response
ResponseID: String (Optional) Message that was generated in response ResponseID: String (Optional) Message that was generated in response
to the original (optional). to the original (optional).
Relationship: String (Optional) The relationship type. This can be Relationship: String (Optional) The relationship type. This can be
Read, Unread, Accept, Reject. Read, Unread, Accept, Reject.
7.3.7. Structure: Task
Key: String (Optional) Unique key.
Start: DateTime (Optional)
Start: DateTime (Optional)
Finish: DateTime (Optional)
Finish: DateTime (Optional)
StartTravel: String (Optional)
StartTravel: String (Optional)
FinishTravel: String (Optional)
FinishTravel: String (Optional)
TimeZone: String (Optional)
TimeZone: String (Optional)
Title: String (Optional)
Title: String (Optional)
Description: String (Optional)
Description: String (Optional)
Location: String (Optional)
Location: String (Optional)
Trigger: String [0..Many]
Trigger: String [0..Many]
Conference: String [0..Many]
Conference: String [0..Many]
Repeat: String (Optional)
Repeat: String (Optional)
Busy: Boolean (Optional)
7.4. Catalog Entries 7.4. Catalog Entries
7.4.1. Structure: CatalogEntry 7.4.1. Structure: CatalogedEntry
Base class for cataloged Mesh data.
[No fields] [No fields]
7.4.2. Structure: CatalogEntryDevice 7.4.2. Structure: CatalogedDevice
Inherits: CatalogEntry Inherits: CatalogedEntry
Public device entry, indexed under the device ID Public device entry, indexed under the device ID
Account: String (Optional) The Account to which this entry binds AccountIDs: String [0..Many] The accounts to which this device is
this device. bound.
UDF: String (Optional) UDF of the signature key UDF: String (Optional) UDF of the signature key of the device in the
Mesh
AuthUDF: String (Optional) UDF of the authentication ID DeviceUDF: String (Optional) UDF of the signature key of the device
ProfileMeshDevicePublicSigned: DareEnvelope (Optional) The device EnvelopedProfileDevice: DareEnvelope (Optional) The device profile
profile
ProfileMeshDevicePrivateEncrypted: DareEnvelope (Optional) The EnvelopedDeviceConnection: DareEnvelope (Optional) The public
device profile assertion demonstrating connection of the Device to the Mesh
DeviceRecryptionKeys: DeviceRecryptionKey [0..Many] Decryption key EnvelopedDevicePrivate: DareEnvelope (Optional) The device profile
entries.
7.4.3. Structure: CatalogEntryCredential 7.4.3. Structure: CatalogedCredential
Inherits: CatalogEntry Inherits: CatalogedEntry
Inherits: CatalogEntry Inherits: CatalogedEntry
Protocol: String (Optional) Protocol: String (Optional)
Protocol: String (Optional) Protocol: String (Optional)
Service: String (Optional) Service: String (Optional)
Service: String (Optional) Service: String (Optional)
Username: String (Optional) Username: String (Optional)
Username: String (Optional) Username: String (Optional)
Password: String (Optional) Password: String (Optional)
7.4.4. Structure: CatalogEntryNetwork 7.4.4. Structure: CatalogedNetwork
Inherits: CatalogEntry Inherits: CatalogedEntry
Inherits: CatalogEntry Inherits: CatalogedEntry
Protocol: String (Optional) Protocol: String (Optional)
Protocol: String (Optional) Protocol: String (Optional)
Service: String (Optional) Service: String (Optional)
Service: String (Optional) Service: String (Optional)
Username: String (Optional) Username: String (Optional)
Username: String (Optional) Username: String (Optional)
Password: String (Optional) Password: String (Optional)
7.4.5. Structure: CatalogEntryContact 7.4.5. Structure: CatalogedContact
Inherits: CatalogEntry Inherits: CatalogedEntry
Inherits: CatalogEntry Inherits: CatalogedEntry
Self: Boolean (Optional) If true, this catalog entry is for the user
who created the catalog. To be valid, such an entry MUST be
signed by an administration key for the Mesh profile containing
the account to which the catalog belongs.
Key: String (Optional) Unique key. Key: String (Optional) Unique key.
Permissions: Permission [0..Many] List of the permissions that the Permissions: Permission [0..Many] List of the permissions that the
contact has been granted. contact has been granted.
Contact: DareEnvelope (Optional) The (signed) contact data. EnvelopedContact: DareEnvelope (Optional) The (signed) contact data.
7.4.6. Structure: CatalogEntryContactRecryption 7.4.6. Structure: CatalogedContactRecryption
Inherits: CatalogEntryContact Inherits: CatalogedContact
[No fields] [No fields]
7.4.7. Structure: CatalogEntryBookmark 7.4.7. Structure: CatalogedBookmark
Inherits: CatalogEntry Inherits: CatalogedEntry
Inherits: CatalogEntry Inherits: CatalogedEntry
Uri: String (Optional) Uri: String (Optional)
Uri: String (Optional) Uri: String (Optional)
Title: String (Optional) Title: String (Optional)
Title: String (Optional) Title: String (Optional)
Path: String (Optional) Path: String (Optional)
7.4.8. Structure: CatalogEntryTask 7.4.8. Structure: CatalogedTask
Inherits: CatalogEntry
Inherits: CatalogEntry
Task: DareEnvelope (Optional) Inherits: CatalogedEntry
Task: DareEnvelope (Optional) Inherits: CatalogedEntry
Key: String (Optional) Unique key. EnvelopedTask: DareEnvelope (Optional)
7.4.9. Structure: Task EnvelopedTask: DareEnvelope (Optional)
Key: String (Optional) Unique key. Key: String (Optional) Unique key.
Start: DateTime (Optional) 7.4.9. Structure: CatalogedApplication
Start: DateTime (Optional)
Finish: DateTime (Optional)
Finish: DateTime (Optional)
StartTravel: String (Optional)
StartTravel: String (Optional)
FinishTravel: String (Optional)
FinishTravel: String (Optional)
TimeZone: String (Optional)
TimeZone: String (Optional)
Title: String (Optional)
Title: String (Optional) Inherits: CatalogedEntry
Description: String (Optional) Inherits: CatalogedEntry
Description: String (Optional) Key: String (Optional)
Location: String (Optional) 7.4.10. Structure: CatalogedApplicationAccount
Location: String (Optional) Wrapper for a signed AccountAssertion
Trigger: String [0..Many] Inherits: CatalogedApplication
Trigger: String [0..Many] Inherits: CatalogedApplication
Conference: String [0..Many] EnvelopedAccountAssertion: DareEnvelope (Optional) The account
assertion
Conference: String [0..Many] 7.4.11. Structure: CatalogedMember
Repeat: String (Optional) UDF: String (Optional)
Repeat: String (Optional) UDF: String (Optional)
Busy: Boolean (Optional) Inherits: CatalogedEntry
7.4.10. Structure: CatalogEntryApplication 7.4.12. Structure: CatalogedGroup
Inherits: CatalogEntry Inherits: CatalogedApplication
Inherits: CatalogEntry [No fields]
Key: String (Optional) 7.4.13. Structure: CatalogedApplicationSSH
7.4.11. Structure: CatalogEntryApplicationEntry Inherits: CatalogedApplication
[No fields] [No fields]
7.4.12. Structure: CatalogEntryApplicationRecryption 7.4.14. Structure: CatalogedApplicationMail
[No fields]
7.4.13. Structure: CatalogEntryApplicationSSH Inherits: CatalogedApplication
[No fields] [No fields]
7.4.14. Structure: CatalogEntryApplicationMail 7.4.15. Structure: CatalogedApplicationNetwork
[No fields]
7.4.15. Structure: CatalogEntryApplicationNetwork Inherits: CatalogedApplication
[No fields] [No fields]
7.5. Messages 7.5. Messages
7.5.1. Structure: MeshMessage 7.5.1. Structure: Message
MessageID: String (Optional) MessageID: String (Optional)
MessageID: String (Optional) MessageID: String (Optional)
Sender: String (Optional) Sender: String (Optional)
Sender: String (Optional) Sender: String (Optional)
Recipient: String (Optional) Recipient: String (Optional)
skipping to change at page 35, line 32 skipping to change at page 40, line 4
MessageID: String (Optional) MessageID: String (Optional)
Sender: String (Optional) Sender: String (Optional)
Sender: String (Optional) Sender: String (Optional)
Recipient: String (Optional) Recipient: String (Optional)
Recipient: String (Optional) Recipient: String (Optional)
References: Reference [0..Many] References: Reference [0..Many]
7.5.2. Structure: MeshMessageComplete 7.5.2. Structure: MessageComplete
Inherits: MeshMessage Inherits: Message
[No fields] [No fields]
7.5.3. Structure: MessageConnectionRequest 7.5.3. Structure: MessagePIN
Inherits: MeshMessage
Inherits: MeshMessage
Account: String (Optional) Account: String (Optional)
Account: String (Optional) Account: String (Optional)
DeviceProfile: DareEnvelope (Optional) Device profile of the device Inherits: Message
making the request.
ClientNonce: Binary (Optional) Inherits: Message
ClientNonce: Binary (Optional) Expires: DateTime (Optional)
ServerNonce: Binary (Optional) Expires: DateTime (Optional)
ServerNonce: Binary (Optional) PIN: String (Optional)
Witness: String (Optional) 7.5.4. Structure: RequestConnection
Witness: String (Optional) Connection request message. This message contains the information
PinID: String (Optional) Pin identifier used to identify a PIN Inherits: Message
authenticated request.
7.5.4. Structure: MessageConnectionPIN Inherits: Message
Inherits: MeshMessage ServiceID: String (Optional)
Inherits: MeshMessage ServiceID: String (Optional)
Account: String (Optional) EnvelopedProfileDevice: DareEnvelope (Optional) Device profile of
the device making the request.
Account: String (Optional) ClientNonce: Binary (Optional)
Expires: DateTime (Optional) ClientNonce: Binary (Optional)
Expires: DateTime (Optional) PinUDF: String (Optional) Fingerprint of the PIN value used to
authenticate the request.
PIN: String (Optional) 7.5.5. Structure: AcknowledgeConnection
7.5.5. Structure: MessageContactRequest Connection request message generated by a service on receipt of a
valid MessageConnectionRequestClient
Inherits: MeshMessage Inherits: Message
Inherits: MeshMessage Inherits: Message
Contact: DareEnvelope (Optional) The contact data. EnvelopedMessageConnectionRequest: DareEnvelope (Optional) The
client connection request.
7.5.6. Structure: MessageConfirmationRequest ServerNonce: Binary (Optional)
Inherits: MeshMessage ServerNonce: Binary (Optional)
Inherits: MeshMessage Witness: String (Optional)
7.5.6. Structure: RequestContact
Inherits: Message
Inherits: Message
Reply: Boolean (Optional)
Reply: Boolean (Optional)
Self: DareEnvelope (Optional) The contact data.
7.5.7. Structure: RequestConfirmation
Inherits: Message
Inherits: Message
Text: String (Optional) Text: String (Optional)
7.5.7. Structure: MessageConfirmationResponse 7.5.8. Structure: ResponseConfirmation
Inherits: MeshMessage Inherits: Message
Inherits: MeshMessage Inherits: Message
ResponseID: String (Optional) ResponseID: String (Optional)
ResponseID: String (Optional) ResponseID: String (Optional)
Accept: Boolean (Optional) Accept: Boolean (Optional)
7.5.8. Structure: MessageTaskRequest 7.5.9. Structure: RequestTask
Inherits: MeshMessage Inherits: Message
[No fields] [No fields]
8. Security Considerations 8. Security Considerations
The security considerations for use and implementation of Mesh The security considerations for use and implementation of Mesh
services and applications are described in the Mesh Security services and applications are described in the Mesh Security
Considerations guide [draft-hallambaker-mesh-security] . Considerations guide [draft-hallambaker-mesh-security] .
9. IANA Considerations 9. IANA Considerations
skipping to change at page 37, line 44 skipping to change at page 42, line 33
10. Acknowledgements 10. Acknowledgements
A list of people who have contributed to the design of the Mesh is A list of people who have contributed to the design of the Mesh is
presented in [draft-hallambaker-mesh-architecture] . presented in [draft-hallambaker-mesh-architecture] .
11. References 11. References
11.1. Normative References 11.1. Normative References
[draft-hallambaker-mesh-architecture] [draft-hallambaker-mesh-architecture]
Hallam-Baker, P., "Mathematical Mesh Part I: Architecture Hallam-Baker, P., "Mathematical Mesh 3.0 Part I:
Guide", draft-hallambaker-mesh-architecture-07 (work in Architecture Guide", draft-hallambaker-mesh-
progress), April 2019. architecture-08 (work in progress), July 2019.
[draft-hallambaker-mesh-cryptography] [draft-hallambaker-mesh-cryptography]
Hallam-Baker, P., "Mathematical Mesh Part VIII: Hallam-Baker, P., "Mathematical Mesh 3.0 Part VIII:
Cryptographic Algorithms", draft-hallambaker-mesh- Cryptographic Algorithms", draft-hallambaker-mesh-
cryptography-00 (work in progress), April 2019. cryptography-01 (work in progress), July 2019.
[draft-hallambaker-mesh-notary] [draft-hallambaker-mesh-notary]
"[Reference Not Found!]". "[Reference Not Found!]".
[draft-hallambaker-mesh-protocol] [draft-hallambaker-mesh-protocol]
Hallam-Baker, P., "Mathematical Mesh Part V: Protocol Hallam-Baker, P., "Mathematical Mesh Part V: Protocol
Reference", draft-hallambaker-mesh-protocol-00 (work in Reference", draft-hallambaker-mesh-protocol-00 (work in
progress), April 2019. progress), April 2019.
[draft-hallambaker-mesh-security] [draft-hallambaker-mesh-security]
 End of changes. 179 change blocks. 
373 lines changed or deleted 572 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/