< draft-hallambaker-mesh-udf-01.txt   draft-hallambaker-mesh-udf-02.txt >
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft February 25, 2019 Internet-Draft April 4, 2019
Intended status: Informational Intended status: Informational
Expires: August 29, 2019 Expires: October 6, 2019
Mathematical Mesh Part II: Uniform Data Fingerprint. Mathematical Mesh Part II: Uniform Data Fingerprint.
draft-hallambaker-mesh-udf-01 draft-hallambaker-mesh-udf-02
Abstract Abstract
This document describes the naming and addressing schemes used in the This document describes the naming and addressing schemes used in the
Mathematical Mesh. The means of generating Uniform Data Fingerprint Mathematical Mesh. The means of generating Uniform Data Fingerprint
(UDF) values and their presentation as text sequences and as URIs are (UDF) values and their presentation as text sequences and as URIs are
described. described.
A UDF consists of a binary sequence, the initial eight bits of which A UDF consists of a binary sequence, the initial eight bits of which
specify a type identifier code. Type identifier codes have been specify a type identifier code. Type identifier codes have been
skipping to change at page 1, line 41 skipping to change at page 1, line 41
least one label that is a UDF fingerprint of a policy document least one label that is a UDF fingerprint of a policy document
controlling interpretation of the name. SINs allow a direct trust controlling interpretation of the name. SINs allow a direct trust
model to be applied to achieve end-to-end security in existing model to be applied to achieve end-to-end security in existing
Internet applications without the need for trusted third parties. Internet applications without the need for trusted third parties.
UDFs may be presented as URIs to form either names or locators for UDFs may be presented as URIs to form either names or locators for
use with the UDF location service. An Encrypted Authenticated use with the UDF location service. An Encrypted Authenticated
Resource Locator (EARL) is a UDF locator URI presenting a service Resource Locator (EARL) is a UDF locator URI presenting a service
from which an encrypted resource may be obtained and a symmetric key from which an encrypted resource may be obtained and a symmetric key
that may be used to decrypt the content. EARLs may be presented on that may be used to decrypt the content. EARLs may be presented on
paper correspondence as a QR code to securely provide a machine paper correspondence as a QR code to securely provide a machine-
readable version of the same content. This may be applied to readable version of the same content. This may be applied to
automate processes such as invoicing or to provide accessibility automate processes such as invoicing or to provide accessibility
services for the partially sighted. services for the partially sighted.
This document is also available online at This document is also available online at
http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html [1] . http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html [1] .
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 29, 2019. This Internet-Draft will expire on October 6, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 4, line 21 skipping to change at page 4, line 21
9.4. Media Types Registrations . . . . . . . . . . . . . . . . 37 9.4. Media Types Registrations . . . . . . . . . . . . . . . . 37
9.4.1. Media Type: application/pkix-keyinfo . . . . . . . . 37 9.4.1. Media Type: application/pkix-keyinfo . . . . . . . . 37
9.4.2. Media Type: application/udf-encryption . . . . . . . 38 9.4.2. Media Type: application/udf-encryption . . . . . . . 38
9.4.3. Media Type: application/udf-secret . . . . . . . . . 39 9.4.3. Media Type: application/udf-secret . . . . . . . . . 39
9.5. Uniform Data Fingerprint Type Identifier Registry . . . . 40 9.5. Uniform Data Fingerprint Type Identifier Registry . . . . 40
9.5.1. The name of the registry . . . . . . . . . . . . . . 40 9.5.1. The name of the registry . . . . . . . . . . . . . . 40
9.5.2. Required information for registrations . . . . . . . 40 9.5.2. Required information for registrations . . . . . . . 40
9.5.3. Applicable registration policy . . . . . . . . . . . 40 9.5.3. Applicable registration policy . . . . . . . . . . . 40
9.5.4. Size, format, and syntax of registry entries . . . . 40 9.5.4. Size, format, and syntax of registry entries . . . . 40
9.5.5. Initial assignments and reservations . . . . . . . . 41 9.5.5. Initial assignments and reservations . . . . . . . . 41
10. Appendix A: Prime Values for Secret Sharing . . . . . . . . . 41 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 41
11. Recovering Shamir Shared Secret . . . . . . . . . . . . . . . 42 11. Appendix A: Prime Values for Secret Sharing . . . . . . . . . 41
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 45 12. Recovering Shamir Shared Secret . . . . . . . . . . . . . . . 42
12.1. Normative References . . . . . . . . . . . . . . . . . . 45 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 45
12.2. Informative References . . . . . . . . . . . . . . . . . 46 13.1. Normative References . . . . . . . . . . . . . . . . . . 45
12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 47 13.2. Informative References . . . . . . . . . . . . . . . . . 46
13.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 47 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 47
1. Introduction 1. Introduction
A Uniform Data Fingerprint (UDF) is a generalized format for A Uniform Data Fingerprint (UDF) is a generalized format for
presenting and interpreting short binary sequences representing presenting and interpreting short binary sequences representing
cryptographic keys or fingerprints of data of any specified type. cryptographic keys or fingerprints of data of any specified type.
The UDF format provides a superset of the OpenPGP [RFC4880] The UDF format provides a superset of the OpenPGP [RFC4880]
fingerprint encoding capability with greater encoding density and fingerprint encoding capability with greater encoding density and
readability. readability.
skipping to change at page 5, line 18 skipping to change at page 5, line 18
referenced. referenced.
UDFs are typically presented to the user as a Base32 encoded sequence UDFs are typically presented to the user as a Base32 encoded sequence
in groups of five characters separated by dashes. This format in groups of five characters separated by dashes. This format
provides a useful balance between compactness and readability. The provides a useful balance between compactness and readability. The
type identifier codes have been selected so as to provide a useful type identifier codes have been selected so as to provide a useful
mnemonic when presented in Base32 encoding. mnemonic when presented in Base32 encoding.
The following are examples of UDF values: The following are examples of UDF values:
NA4C-5USH-UPDO-KGBT-VTXN-UGY4-47KP NAZP-JRSC-4SYE-E2LX-LQZO-ZKQP-5J4Q
ECNY-JVFQ-26XG-25SM-2GT6-6KNE-XGPA EAUN-7WEC-UZQI-NXXE-FAGJ-KA75-E6BA
SAQM-GT3M-N3EA-CLAZ-DHCC-DPUO-RFSO-E SAQE-EIMB-VJSZ-7AG7-MILS-5RX4-3XBU-2
MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4 MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4
KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN
ACON-ADL2-6W6O-LDE7-XJ7B-EFQE-BUOZ ADJH-EPKP-EBN2-5YHG-VQKY-W5RE-BZAT
Like email addresses, UDFs are not a Uniform Resource Identifier Like email addresses, UDFs are not a Uniform Resource Identifier
(URI) but may be expressed in URI form by adding the scheme (URI) but may be expressed in URI form by adding the scheme
identifier (UDF) for use in contexts where an identifier in URI identifier (UDF) for use in contexts where an identifier in URI
syntax is required. A UDF URI MAY contain a domain name component syntax is required. A UDF URI MAY contain a domain name component
allowing it to be used as a locator allowing it to be used as a locator
1.1.1. Cryptographic Keys and Nonces 1.1.1. Cryptographic Keys and Nonces
A Nonce (N) UDF represents a short, fixed length randomly chosen A Nonce (N) UDF represents a short, fixed length randomly chosen
binary value. binary value.
Nonce UDFs are used within many Mesh protocols and data formats where Nonce UDFs are used within many Mesh protocols and data formats where
it is necessary to represent a nonce value in text form. it is necessary to represent a nonce value in text form.
Nonce UDF: Nonce UDF:
NA4C-5USH-UPDO-KGBT-VTXN-UGY4-47KP NAZP-JRSC-4SYE-E2LX-LQZO-ZKQP-5J4Q
An Encryption/Authentication (E) UDF has the same format as a Random An Encryption/Authentication (E) UDF has the same format as a Random
UDF but is identified as being intended to be used as a symmetric key UDF but is identified as being intended to be used as a symmetric key
for encryption and/or authentication. for encryption and/or authentication.
KeyValue: KeyValue:
9B 84 D4 B0 D7 AE 6D 76 4C D1 A7 EF 29 A4 B9 9E 28 DF D8 82 A6 60 86 DE E4 28 0C 95 03 FD 27 82
Encryption/Authenticator UDF: Encryption/Authenticator UDF:
ECNY-JVFQ-26XG-25SM-2GT6-6KNE-XGPA EAUN-7WEC-UZQI-NXXE-FAGJ-KA75-E6BA
A Share (S) UDF also represents a short, fixed length binary value A Share (S) UDF also represents a short, fixed length binary value
but only provides one share in secret sharing scheme. Recovery of but only provides one share in secret sharing scheme. Recovery of
the binary value requires a sufficient number of shares. the binary value requires a sufficient number of shares.
Share UDFs are used in the Mesh to support key and data escrow Share UDFs are used in the Mesh to support key and data escrow
operations without the need to rely on trusted hardware. A share UDF operations without the need to rely on trusted hardware. A share UDF
can be copied by hand or printed in human or machine-readable form can be copied by hand or printed in human or machine-readable form
(e.g. QR code). (e.g. QR code).
Key: ECNY-JVFQ-26XG-25SM-2GT6-6KNE-XGPA Key: EAUN-7WEC-UZQI-NXXE-FAGJ-KA75-E6BA
Share 0: SAQM-GT3M-N3EA-CLAZ-DHCC-DPUO-RFSO-E Share 0: SAQE-EIMB-VJSZ-7AG7-MILS-5RX4-3XBU-2
Share 1: SAQ6-WGQE-FS4F-H2V3-423J-XDPT-NYIC-M Share 1: SAQV-WYZK-2ISN-46W7-4ADF-B6HV-XZPR-Q
Share 2: SARB-FZE3-5KUK-NKK6-WOUR-KXKY-KK5T-O Share 2: SARH-JJGT-7HSB-25HA-LX2X-GKXO-T35O-G
1.1.2. Fingerprint type UDFS 1.1.2. Fingerprint type UDFS
Fingerprint type UDFs contains a fingerprint value calculated over a Fingerprint type UDFs contains a fingerprint value calculated over a
content data item and an IANA media type. content data item and an IANA media type.
A Content Digest type UDF is a fingerprint type UDF in which the A Content Digest type UDF is a fingerprint type UDF in which the
fingerprint is formed using a cryptographic algorithm. Two digest fingerprint is formed using a cryptographic algorithm. Two digest
algorithms are currently supported, SHA-2-512 (M, for Merkle Damgard) algorithms are currently supported, SHA-2-512 (M, for Merkle Damgard)
and SHA-3-512 (K, for Keccak). and SHA-3-512 (K, for Keccak).
skipping to change at page 6, line 46 skipping to change at page 6, line 46
SHA-3-512: KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN SHA-3-512: KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN
An Authentication UDF (A) is formed in the same manner as a An Authentication UDF (A) is formed in the same manner as a
fingerprint but using a Message Authentication Code algorithm and a fingerprint but using a Message Authentication Code algorithm and a
symmetric key. symmetric key.
Authentication UDFs are used to express commitments and to provide a Authentication UDFs are used to express commitments and to provide a
means of blinding fingerprint values within a protocol by means of a means of blinding fingerprint values within a protocol by means of a
nonce. nonce.
SHA-2-512: ACON-ADL2-6W6O-LDE7-XJ7B-EFQE-BUOZ SHA-2-512: ADJH-EPKP-EBN2-5YHG-VQKY-W5RE-BZAT
1.2. UDF URIs 1.2. UDF URIs
The UDF URI scheme allows use of a UDF in contexts where a URF is The UDF URI scheme allows use of a UDF in contexts where a URF is
expected. The UDF URI scheme has two forms, name and locator. expected. The UDF URI scheme has two forms, name and locator.
1.2.1. Name Form 1.2.1. Name Form
Name form UDF URIs identify a data resource but do not provide a Name form UDF URIs identify a data resource but do not provide a
means of discovery. The URI is simply the scheme (udf) followed by means of discovery. The URI is simply the scheme (udf) followed by
skipping to change at page 7, line 47 skipping to change at page 7, line 47
of the UDF value specified in the URI to the specified Web Service of the UDF value specified in the URI to the specified Web Service
Endpoint and performing a GET method request on the result. Endpoint and performing a GET method request on the result.
For example, Alice subscribes to Example.com, a purveyor of cat and For example, Alice subscribes to Example.com, a purveyor of cat and
kitten images. The company generates paper and electronic invoices kitten images. The company generates paper and electronic invoices
on a monthly basis. on a monthly basis.
To generate the paper invoice, Example.com first creates a new To generate the paper invoice, Example.com first creates a new
encryption key: encryption key:
EAQE-BCUO-RXQ2-RQND-PVQ2-24T6-BK6W-PG EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5
One or more electronic forms of the invoice are encrypted under the One or more electronic forms of the invoice are encrypted under the
key EAQE-BCUO-RXQ2-RQND-PVQ2-24T6-BK6W-PG and placed on the key EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5 and placed on the
Example.com Web site so that the appropriate version is returned if Example.com Web site so that the appropriate version is returned if
Alice scans the QR code. Alice scans the QR code.
The key is then converted to form an EARL for the example.com UDF The key is then converted to form an EARL for the example.com UDF
resolution service: resolution service:
udf://example.com/EAQE-BCUO-RXQ2-RQND-PVQ2-24T6-BK6W-PG udf://example.com/EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5
The EARL is then rendered as a QR code: The EARL is then rendered as a QR code:
[[This figure is not viewable in this format. The figure is [[This figure is not viewable in this format. The figure is
available at http://mathmesh.com/Documents/draft-hallambaker-mesh- available at http://mathmesh.com/Documents/draft-hallambaker-mesh-
udf.html [2].]] udf.html [2].]]
QR Code with embedded decryption and location key QR Code with embedded decryption and location key
A printable invoice containing the QR code is now generated and sent A printable invoice containing the QR code is now generated and sent
skipping to change at page 8, line 34 skipping to change at page 8, line 34
The UDF EARL locator shown above is resolved by first determining the The UDF EARL locator shown above is resolved by first determining the
Web Service Endpoint for the mmm-udf service for the domain Web Service Endpoint for the mmm-udf service for the domain
example.com. example.com.
Discover ("example.com", "mmm-udf") = Discover ("example.com", "mmm-udf") =
https://example.com/.well-known/mmm-udf/ https://example.com/.well-known/mmm-udf/
Next the fingerprint of the source UDF is obtained. Next the fingerprint of the source UDF is obtained.
UDF (EAQE-BCUO-RXQ2-RQND-PVQ2-24T6-BK6W-PG) = UDF (EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5) =
MCR2-OH2Y-4XG7-Y3PP-3MFT-R57N-MZ4G-B3FN-2Z5S-K35M-PQHJ-ZZS2-4RR7-ILTA MD5C-PYID-B7TR-7BQM-3NWB-UANA-YYIX-2RKF-M3WZ-RGF4-D6H2-BLD7-YK32-3WB7
Combining the Web Service Endpoint and the fingerprint of the source Combining the Web Service Endpoint and the fingerprint of the source
UDF provides the URI from which the content is obtained using the UDF provides the URI from which the content is obtained using the
normal HTTP GET method: normal HTTP GET method:
https://example.com/.well-known/mmm-udf/MCR2-OH2Y-4XG7-Y3PP-3MFT- https://example.com/.well-known/mmm-udf/MD5C-PYID-B7TR-7BQM-3NWB-
R57N-MZ4G-B3FN-2Z5S-K35M-PQHJ-ZZS2-4RR7-ILTA UANA-YYIX-2RKF-M3WZ-RGF4-D6H2-BLD7-YK32-3WB7
Having established that Alice can read postal mail sent to a physical Having established that Alice can read postal mail sent to a physical
address and having delivered a secret to that address, this process address and having delivered a secret to that address, this process
might be extended to provide a means of automating the process of might be extended to provide a means of automating the process of
enrolment in electronic delivery of future invoices. enrolment in electronic delivery of future invoices.
1.3. Secure Internet Names 1.3. Secure Internet Names
A SIN is an Internet Identifier that contains a UDF fingerprint of a A SIN is an Internet Identifier that contains a UDF fingerprint of a
security policy document that may be used to verify the security policy document that may be used to verify the
skipping to change at page 18, line 49 skipping to change at page 18, line 49
a_0. a_0.
Applications MAY employ any approach that returns the correct result. Applications MAY employ any approach that returns the correct result.
The use of Lagrange basis polynomials is described in Appendix C. The use of Lagrange basis polynomials is described in Appendix C.
Alice decides to encrypt an important document and split the Alice decides to encrypt an important document and split the
encryption key so that there are five key shares, three of which will encryption key so that there are five key shares, three of which will
be required to recover the key. be required to recover the key.
Alice's master secret is Alice's master secret is
98 E3 AE F6 0C CA 1A 53 9A 42 30 B5 D6 AB 80 A6 D7 0A 41 C8 49 18 26 84 1F 8D 35 A4 2D 3D E2 C0
This has the UDF representation: This has the UDF representation:
ECMO-HLXW-BTFB-UU42-IIYL-LVVL-QCTA EDLQ-UQOI-JEMC-NBA7-RU22-ILJ5-4LAA
The master secret is converted to an integer applying network byte The master secret is converted to an integer applying network byte
order conventions. Since the master secret is 128 bits, it is order conventions. Since the master secret is 128 bits, it is
guaranteed to be smaller than the modulus. The resulting value guaranteed to be smaller than the modulus. The resulting value
becomes the polynomial value a0. becomes the polynomial value a0.
Since a threshold of three shares is required, we will need a second Since a threshold of three shares is required, we will need a second
order polynomial. The co-efficients of the polynomial a1, a2 are order polynomial. The co-efficients of the polynomial a1, a2 are
random numbers smaller than the modulus: random numbers smaller than the modulus:
a0 = 203224855379551779909878019697389830310 a0 = 285837276287220602985847938463112749760
a1 = 213435878098443219772173517206501812827 a1 = 260404829208485657185013721898285611180
a2 = 14119443632507462021491753632290899362 a2 = 133585878431466019109475939096145153722
The master secret is the value f(0) = a0. The key shares are the The master secret is the value f(0) = a0. The key shares are the
values f(1), f(2)...f(5): values f(1), f(2)...f(5):
f(1) = 90497810189563998240168683104414330992 f(1) = 339545617006233815816962992025775303155
f(2) = 6009652264591140613442853776020630398 f(2) = 320143347667240603403655316348959952487
f(3) = 290042748525571670493075139143976940035 f(3) = 227630468270240965745924911432666697756
f(4) = 262032365130628660952316324344746836889 f(4) = 62006978815234902843771777276895538962
f(5) = 262260869000700575454541016810098532467 f(5) = 163555246223160878160570521313414687612
The first byte of each share specifies the recovery information The first byte of each share specifies the recovery information
(quorum, x value), the remaining bytes specify the share value in (quorum, x value), the remaining bytes specify the share value in
network byte order: network byte order:
f(1) = f(1) =
30 44 15 3E 87 77 6F 2D 78 FF E9 CE FB 72 B9 F0 30 FF 72 1B 6C B9 D0 37 FA A5 67 33 7D B8 FE E9
70 F3
f(2) = f(2) =
31 04 85 6A BB 9B AF 30 8C 51 55 0F 4A 38 1A 6B 31 F0 D9 5D B0 A9 04 FC 61 5D 09 7D 35 60 8F 8E
7E 67
f(3) = f(3) =
32 DA 34 33 92 79 8A 23 8D 8E 83 F1 A2 26 CC F2 32 AB 40 08 94 16 B6 73 B8 46 74 12 CB 23 EF D0
03 1C
f(4) = f(4) =
33 C5 21 99 0C 11 00 06 7C B7 76 76 03 3E D1 83 33 2E A6 1C 17 02 E4 9D FF 61 A6 F4 3F 03 1F AF
99 12
f(5) = f(5) =
34 C5 4D 9B 28 62 10 D9 59 CC 2C 9C 6D 80 28 20 34 7B 0B 98 39 6D 8F 7B 36 AE A2 21 90 FE 1F 2B
73 7C
The UDF presentation of the key shares is thus: The UDF presentation of the key shares is thus:
f(1) = SAYE-IFJ6-Q53W-6LLY-77U4-563S-XHYH-A f(1) = SAYP-64Q3-NS45-AN72-UVTT-G7NY-73U7-G
f(2) = SAYQ-JBLK-XON2-6MEM-KFKQ-6SRY-DJVX-4 f(2) = SAY7-BWK5-WCUQ-J7DB-LUEX-2NLA-R6HG-O
f(3) = SAZN-UNBT-SJ4Y-UI4N-R2B7-DIRG-ZTZA-G f(3) = SAZK-WQAI-SQLL-M45Y-IZ2B-FSZD-57IB-Y
f(4) = SAZ4-KIMZ-BQIQ-ABT4-W53H-MAZ6-2GBZ-S f(4) = SAZS-5JQ4-C4BO-JHP7-MGTP-IPYD-D6XR-E
f(5) = SA2M-KTM3-FBRB-BWKZ-ZQWJ-Y3MA-FAQH-G f(5) = SA2H-WC4Y-HFWY-66ZW-V2RC-DEH6-D4VX-Y
To recover the value f(0) from any three shares, we need to fit a To recover the value f(0) from any three shares, we need to fit a
polynomial curve to the three points and use it to calculate the polynomial curve to the three points and use it to calculate the
value at x=0 using the Lagrange polynomial basis. value at x=0 using the Lagrange polynomial basis.
5. Variable Length UDFs 5. Variable Length UDFs
Variable length UDFs are used to represent fingerprint values Variable length UDFs are used to represent fingerprint values
calculated over a content type identifier and the cryptographic calculated over a content type identifier and the cryptographic
digest of a content data item. The fingerprint value MAY be digest of a content data item. The fingerprint value MAY be
skipping to change at page 32, line 33 skipping to change at page 32, line 33
authenticated using the shared secret as the initial keying authenticated using the shared secret as the initial keying
material (see below). material (see below).
6.2.5. Decryption and Authentication 6.2.5. Decryption and Authentication
The steps performed to decode cryptographically enhanced content data The steps performed to decode cryptographically enhanced content data
depends on the content type specified in the returned content. Two depends on the content type specified in the returned content. Two
formats are currently supported: formats are currently supported:
o DARE Message format as specified in o DARE Message format as specified in
[draft-hallambaker-dare-message] [draft-hallambaker-mesh-dare-message]
o Cryptographic Message Syntax (CMS) Symmetric Key Package as o Cryptographic Message Syntax (CMS) Symmetric Key Package as
specified in [RFC6031] specified in [RFC6031]
6.2.6. QR Presentation 6.2.6. QR Presentation
Encoding of a UDF URI as a QR code requires only the characters in Encoding of a UDF URI as a QR code requires only the characters in
alphanumeric encoding, thus achieving compactness with minimal alphanumeric encoding, thus achieving compactness with minimal
overhead. overhead.
skipping to change at page 33, line 13 skipping to change at page 33, line 13
prefix mm-- are reserved for use as Strong Internet Names. The prefix mm-- are reserved for use as Strong Internet Names. The
characters following the prefix are a Content Digest type UDF in characters following the prefix are a Content Digest type UDF in
Base32 presentation. Base32 presentation.
Since DNS labels are limited to 63 characters, the presentation of Since DNS labels are limited to 63 characters, the presentation of
the SIN itself is limited to 59 characters and thus 240 bits of the SIN itself is limited to 59 characters and thus 240 bits of
precision. precision.
8. Security Considerations 8. Security Considerations
This section describes security considerations arising from the use
of UDF in general applications.
Additional security considerations for use of UDFs in Mesh services
and applications are described in the Mesh Security Considerations
guide [draft-hallambaker-mesh-security] .
8.1. Confidentiality 8.1. Confidentiality
Encrypted locator is a bearer token Encrypted locator is a bearer token
8.2. Availability 8.2. Availability
Corruption of a part of a shared secret may prevent recovery Corruption of a part of a shared secret may prevent recovery
8.3. Integrity 8.3. Integrity
skipping to change at page 41, line 27 skipping to change at page 41, line 27
82 SHA-3-512 with 40 trailing zeros [This document] 82 SHA-3-512 with 40 trailing zeros [This document]
83 SHA-3-512 with 50 trailing zeros [This document] 83 SHA-3-512 with 50 trailing zeros [This document]
96 SHA-2-512 [This document] 96 SHA-2-512 [This document]
97 SHA-2-512 with 20 trailing zeros [This document] 97 SHA-2-512 with 20 trailing zeros [This document]
98 SHA-2-512 with 30 trailing zeros [This document] 98 SHA-2-512 with 30 trailing zeros [This document]
99 SHA-2-512 with 40 trailing zeros [This document] 99 SHA-2-512 with 40 trailing zeros [This document]
100 SHA-2-512 with 50 trailing zeros [This document] 100 SHA-2-512 with 50 trailing zeros [This document]
104 Random nonce [This document] 104 Random nonce [This document]
144 Shamir Secret Share [This document] 144 Shamir Secret Share [This document]
10. Appendix A: Prime Values for Secret Sharing 10. Acknowledgements
Thanks are due to Viktor Dukhovni, Damian Weber and an anonymous
member of the cryptography@metzdowd.com list for assisting in the
compilation of the table of prime values.
11. Appendix A: Prime Values for Secret Sharing
The following are the prime values to be used for sharing secrets of The following are the prime values to be used for sharing secrets of
up to 512 bits. up to 512 bits.
If it is necessary to share larger secrets, the corresponding prime If it is necessary to share larger secrets, the corresponding prime
may be found by choosing a value (2^32)^n that is larger than the may be found by choosing a value (2^32)^n that is larger than the
secret to be encoded and determining the next largest number that is secret to be encoded and determining the next largest number that is
prime. prime.
+----------------+----------------------+ +----------------+----------------------+
skipping to change at page 42, line 31 skipping to change at page 42, line 31
| 448 | 211 | | 448 | 211 |
| 480 | 165 | | 480 | 165 |
| 512 | 75 | | 512 | 75 |
+----------------+----------------------+ +----------------+----------------------+
Table 3 Table 3
For example, the prime to be used to share a 128 bit value is 2^128 + For example, the prime to be used to share a 128 bit value is 2^128 +
51. 51.
11. Recovering Shamir Shared Secret 12. Recovering Shamir Shared Secret
The value of a Shamir Shared secret may be recovered using Lagrange The value of a Shamir Shared secret may be recovered using Lagrange
basis polynomials. basis polynomials.
To share a secret with a threshold of n shares and L bits we To share a secret with a threshold of n shares and L bits we
constructed f(x) a polynomial of degree n in the modular field p constructed f(x) a polynomial of degree n in the modular field p
where p is the smallest prime greater than 2^L: where p is the smallest prime greater than 2^L:
f(x) = a_0 + a_1.x + a_2.x^2 + ... a_n.x^n f(x) = a_0 + a_1.x + a_2.x^2 + ... a_n.x^n
skipping to change at page 45, line 11 skipping to change at page 45, line 11
/// x mod p /// x mod p
public static BigInteger Modulus( public static BigInteger Modulus(
BigInteger x, BigInteger x,
BigInteger p) { BigInteger p) {
var Result = x % p; var Result = x % p;
return Result.Sign >= 0 ? Result : Result + p; return Result.Sign >= 0 ? Result : Result + p;
} }
} }
} }
12. References 13. References
12.1. Normative References 13.1. Normative References
[draft-hallambaker-dare-message] [draft-hallambaker-mesh-dare-message]
Hallam-Baker, P., "Data At Rest Encryption Part 1: DARE "[Reference Not Found!]".
Message Syntax", draft-hallambaker-dare-message-02 (work
in progress), August 2018. [draft-hallambaker-mesh-security]
"[Reference Not Found!]".
[draft-hallambaker-web-service-discovery] [draft-hallambaker-web-service-discovery]
Hallam-Baker, P., "DNS Web Service Discovery", draft- Hallam-Baker, P., "DNS Web Service Discovery", draft-
hallambaker-web-service-discovery-01 (work in progress), hallambaker-web-service-discovery-01 (work in progress),
February 2019. February 2019.
[RFC2014] Weinrib, A. and J. Postel, "IRTF Research Group Guidelines [RFC2014] Weinrib, A. and J. Postel, "IRTF Research Group Guidelines
and Procedures", BCP 8, RFC 2014, DOI 10.17487/RFC2014, and Procedures", BCP 8, RFC 2014, DOI 10.17487/RFC2014,
October 1996. October 1996.
skipping to change at page 46, line 5 skipping to change at page 46, line 8
[RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax [RFC6031] Turner, S. and R. Housley, "Cryptographic Message Syntax
(CMS) Symmetric Key Package Content Type", RFC 6031, (CMS) Symmetric Key Package Content Type", RFC 6031,
DOI 10.17487/RFC6031, December 2010. DOI 10.17487/RFC6031, December 2010.
[SHA-2] NIST, "Secure Hash Standard", August 2015. [SHA-2] NIST, "Secure Hash Standard", August 2015.
[SHA-3] Dworkin, M., "SHA-3 Standard: Permutation-Based Hash and [SHA-3] Dworkin, M., "SHA-3 Standard: Permutation-Based Hash and
Extendable-Output Functions", August 2015. Extendable-Output Functions", August 2015.
12.2. Informative References 13.2. Informative References
[draft-hallambaker-mesh-developer] [draft-hallambaker-mesh-developer]
Hallam-Baker, P., "Mathematical Mesh: Reference Hallam-Baker, P., "Mathematical Mesh: Reference
Implementation", draft-hallambaker-mesh-developer-07 (work Implementation", draft-hallambaker-mesh-developer-07 (work
in progress), April 2018. in progress), April 2018.
[draft-hallambaker-mesh-trust] [draft-hallambaker-mesh-trust]
Hallam-Baker, P., "Mathematical Mesh Part IV: The Trust Hallam-Baker, P., "Mathematical Mesh Part IV: The Trust
Mesh", draft-hallambaker-mesh-trust-00 (work in progress), Mesh", draft-hallambaker-mesh-trust-00 (work in progress),
January 2019. January 2019.
skipping to change at page 47, line 5 skipping to change at page 47, line 10
RFC 7595, DOI 10.17487/RFC7595, June 2015. RFC 7595, DOI 10.17487/RFC7595, June 2015.
[Shamir79] [Shamir79]
"[Reference Not Found!]". "[Reference Not Found!]".
[XMLSchema] [XMLSchema]
Gao, S., Sperberg-McQueen, C., Thompson, H., Mendelsohn, Gao, S., Sperberg-McQueen, C., Thompson, H., Mendelsohn,
N., Beech, D., and M. Maloney, "W3C XML Schema Definition N., Beech, D., and M. Maloney, "W3C XML Schema Definition
Language (XSD) 1.1 Part 1: Structures", April 2012. Language (XSD) 1.1 Part 1: Structures", April 2012.
12.3. URIs 13.3. URIs
[1] http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html [1] http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html
[2] http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html [2] http://mathmesh.com/Documents/draft-hallambaker-mesh-udf.html
Author's Address Author's Address
Phillip Hallam-Baker Phillip Hallam-Baker
Email: phill@hallambaker.com Email: phill@hallambaker.com
 End of changes. 37 change blocks. 
66 lines changed or deleted 81 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/