< draft-hallambaker-mesh-udf-02.txt   draft-hallambaker-mesh-udf-03.txt >
Network Working Group P. Hallam-Baker Network Working Group P. Hallam-Baker
Internet-Draft April 4, 2019 Internet-Draft July 3, 2019
Intended status: Informational Intended status: Informational
Expires: October 6, 2019 Expires: January 4, 2020
Mathematical Mesh Part II: Uniform Data Fingerprint. Mathematical Mesh 3.0 Part II: Uniform Data Fingerprint.
draft-hallambaker-mesh-udf-02 draft-hallambaker-mesh-udf-03
Abstract Abstract
This document describes the naming and addressing schemes used in the This document describes the naming and addressing schemes used in the
Mathematical Mesh. The means of generating Uniform Data Fingerprint Mathematical Mesh. The means of generating Uniform Data Fingerprint
(UDF) values and their presentation as text sequences and as URIs are (UDF) values and their presentation as text sequences and as URIs are
described. described.
A UDF consists of a binary sequence, the initial eight bits of which A UDF consists of a binary sequence, the initial eight bits of which
specify a type identifier code. Type identifier codes have been specify a type identifier code. Type identifier codes have been
skipping to change at page 2, line 20 skipping to change at page 2, line 20
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 6, 2019. This Internet-Draft will expire on January 4, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 5, line 18 skipping to change at page 5, line 18
referenced. referenced.
UDFs are typically presented to the user as a Base32 encoded sequence UDFs are typically presented to the user as a Base32 encoded sequence
in groups of five characters separated by dashes. This format in groups of five characters separated by dashes. This format
provides a useful balance between compactness and readability. The provides a useful balance between compactness and readability. The
type identifier codes have been selected so as to provide a useful type identifier codes have been selected so as to provide a useful
mnemonic when presented in Base32 encoding. mnemonic when presented in Base32 encoding.
The following are examples of UDF values: The following are examples of UDF values:
NAZP-JRSC-4SYE-E2LX-LQZO-ZKQP-5J4Q NBLC-XNXJ-JEYQ-U3MK-JN2R-Q5U4-SSBQ
EAUN-7WEC-UZQI-NXXE-FAGJ-KA75-E6BA EAEO-XJC5-33UX-4VS6-6RCR-N7OI-EI6A
SAQE-EIMB-VJSZ-7AG7-MILS-5RX4-3XBU-2 SAQE-KWFO-YAMT-TAIA-PV66-36X4-RBHN-M
MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4 MB5S-R4AJ-3FBT-7NHO-T26Z-2E6Y-WFH4
KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN
ADJH-EPKP-EBN2-5YHG-VQKY-W5RE-BZAT AD2H-V6AG-KC5B-6DYX-DZR4-IBD5-4734
Like email addresses, UDFs are not a Uniform Resource Identifier Like email addresses, UDFs are not a Uniform Resource Identifier
(URI) but may be expressed in URI form by adding the scheme (URI) but may be expressed in URI form by adding the scheme
identifier (UDF) for use in contexts where an identifier in URI identifier (UDF) for use in contexts where an identifier in URI
syntax is required. A UDF URI MAY contain a domain name component syntax is required. A UDF URI MAY contain a domain name component
allowing it to be used as a locator allowing it to be used as a locator
1.1.1. Cryptographic Keys and Nonces 1.1.1. Cryptographic Keys and Nonces
A Nonce (N) UDF represents a short, fixed length randomly chosen A Nonce (N) UDF represents a short, fixed length randomly chosen
binary value. binary value.
Nonce UDFs are used within many Mesh protocols and data formats where Nonce UDFs are used within many Mesh protocols and data formats where
it is necessary to represent a nonce value in text form. it is necessary to represent a nonce value in text form.
Nonce UDF: Nonce UDF:
NAZP-JRSC-4SYE-E2LX-LQZO-ZKQP-5J4Q NBLC-XNXJ-JEYQ-U3MK-JN2R-Q5U4-SSBQ
An Encryption/Authentication (E) UDF has the same format as a Random An Encryption/Authentication (E) UDF has the same format as a Random
UDF but is identified as being intended to be used as a symmetric key UDF but is identified as being intended to be used as a symmetric key
for encryption and/or authentication. for encryption and/or authentication.
KeyValue: KeyValue:
28 DF D8 82 A6 60 86 DE E4 28 0C 95 03 FD 27 82 08 EB A4 5D DE E9 7E 56 5E F4 45 16 FD C8 22 3C
Encryption/Authenticator UDF: Encryption/Authenticator UDF:
EAUN-7WEC-UZQI-NXXE-FAGJ-KA75-E6BA EAEO-XJC5-33UX-4VS6-6RCR-N7OI-EI6A
A Share (S) UDF also represents a short, fixed length binary value A Share (S) UDF also represents a short, fixed length binary value
but only provides one share in secret sharing scheme. Recovery of but only provides one share in secret sharing scheme. Recovery of
the binary value requires a sufficient number of shares. the binary value requires a sufficient number of shares.
Share UDFs are used in the Mesh to support key and data escrow Share UDFs are used in the Mesh to support key and data escrow
operations without the need to rely on trusted hardware. A share UDF operations without the need to rely on trusted hardware. A share UDF
can be copied by hand or printed in human or machine-readable form can be copied by hand or printed in human or machine-readable form
(e.g. QR code). (e.g. QR code).
Key: EAUN-7WEC-UZQI-NXXE-FAGJ-KA75-E6BA Key: EAEO-XJC5-33UX-4VS6-6RCR-N7OI-EI6A
Share 0: SAQE-EIMB-VJSZ-7AG7-MILS-5RX4-3XBU-2 Share 0: SAQE-KWFO-YAMT-TAIA-PV66-36X4-RBHN-M
Share 1: SAQV-WYZK-2ISN-46W7-4ADF-B6HV-XZPR-Q Share 1: SAQY-DRNZ-EJJY-TA5K-TQDZ-NXX3-JB5X-A
Share 2: SARH-JJGT-7HSB-25HA-LX2X-GKXO-T35O-G Share 2: SARL-4MWD-QSG5-TBSU-XKIT-7QX2-BCUA-U
1.1.2. Fingerprint type UDFS 1.1.2. Fingerprint type UDFS
Fingerprint type UDFs contains a fingerprint value calculated over a Fingerprint type UDFs contains a fingerprint value calculated over a
content data item and an IANA media type. content data item and an IANA media type.
A Content Digest type UDF is a fingerprint type UDF in which the A Content Digest type UDF is a fingerprint type UDF in which the
fingerprint is formed using a cryptographic algorithm. Two digest fingerprint is formed using a cryptographic algorithm. Two digest
algorithms are currently supported, SHA-2-512 (M, for Merkle Damgard) algorithms are currently supported, SHA-2-512 (M, for Merkle Damgard)
and SHA-3-512 (K, for Keccak). and SHA-3-512 (K, for Keccak).
skipping to change at page 6, line 46 skipping to change at page 6, line 46
SHA-3-512: KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN SHA-3-512: KCM5-7VB6-IJXJ-WKHX-NZQF-OKGZ-EWVN
An Authentication UDF (A) is formed in the same manner as a An Authentication UDF (A) is formed in the same manner as a
fingerprint but using a Message Authentication Code algorithm and a fingerprint but using a Message Authentication Code algorithm and a
symmetric key. symmetric key.
Authentication UDFs are used to express commitments and to provide a Authentication UDFs are used to express commitments and to provide a
means of blinding fingerprint values within a protocol by means of a means of blinding fingerprint values within a protocol by means of a
nonce. nonce.
SHA-2-512: ADJH-EPKP-EBN2-5YHG-VQKY-W5RE-BZAT SHA-2-512: AD2H-V6AG-KC5B-6DYX-DZR4-IBD5-4734
1.2. UDF URIs 1.2. UDF URIs
The UDF URI scheme allows use of a UDF in contexts where a URF is The UDF URI scheme allows use of a UDF in contexts where a URF is
expected. The UDF URI scheme has two forms, name and locator. expected. The UDF URI scheme has two forms, name and locator.
1.2.1. Name Form 1.2.1. Name Form
Name form UDF URIs identify a data resource but do not provide a Name form UDF URIs identify a data resource but do not provide a
means of discovery. The URI is simply the scheme (udf) followed by means of discovery. The URI is simply the scheme (udf) followed by
skipping to change at page 7, line 47 skipping to change at page 7, line 47
of the UDF value specified in the URI to the specified Web Service of the UDF value specified in the URI to the specified Web Service
Endpoint and performing a GET method request on the result. Endpoint and performing a GET method request on the result.
For example, Alice subscribes to Example.com, a purveyor of cat and For example, Alice subscribes to Example.com, a purveyor of cat and
kitten images. The company generates paper and electronic invoices kitten images. The company generates paper and electronic invoices
on a monthly basis. on a monthly basis.
To generate the paper invoice, Example.com first creates a new To generate the paper invoice, Example.com first creates a new
encryption key: encryption key:
EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5 EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH
One or more electronic forms of the invoice are encrypted under the One or more electronic forms of the invoice are encrypted under the
key EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5 and placed on the key EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH and placed on the
Example.com Web site so that the appropriate version is returned if Example.com Web site so that the appropriate version is returned if
Alice scans the QR code. Alice scans the QR code.
The key is then converted to form an EARL for the example.com UDF The key is then converted to form an EARL for the example.com UDF
resolution service: resolution service:
udf://example.com/EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5 udf://example.com/EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH
The EARL is then rendered as a QR code: The EARL is then rendered as a QR code:
[[This figure is not viewable in this format. The figure is [[This figure is not viewable in this format. The figure is
available at http://mathmesh.com/Documents/draft-hallambaker-mesh- available at http://mathmesh.com/Documents/draft-hallambaker-mesh-
udf.html [2].]] udf.html [2].]]
QR Code with embedded decryption and location key QR Code with embedded decryption and location key
A printable invoice containing the QR code is now generated and sent A printable invoice containing the QR code is now generated and sent
skipping to change at page 8, line 34 skipping to change at page 8, line 34
The UDF EARL locator shown above is resolved by first determining the The UDF EARL locator shown above is resolved by first determining the
Web Service Endpoint for the mmm-udf service for the domain Web Service Endpoint for the mmm-udf service for the domain
example.com. example.com.
Discover ("example.com", "mmm-udf") = Discover ("example.com", "mmm-udf") =
https://example.com/.well-known/mmm-udf/ https://example.com/.well-known/mmm-udf/
Next the fingerprint of the source UDF is obtained. Next the fingerprint of the source UDF is obtained.
UDF (EAPP-CYG7-6EMI-XOIN-5WBL-HO5N-QWWE-Y5) = UDF (EB3J-ZV2F-M5C3-MZHS-2CFF-JHQY-Q3G3-MH) =
MD5C-PYID-B7TR-7BQM-3NWB-UANA-YYIX-2RKF-M3WZ-RGF4-D6H2-BLD7-YK32-3WB7 MAI3-3253-XSCV-A575-WB27-XM7J-KQ5Z-TA3D-NPZT-UQED-PS6U-KTCP-YQFR-XECC
Combining the Web Service Endpoint and the fingerprint of the source Combining the Web Service Endpoint and the fingerprint of the source
UDF provides the URI from which the content is obtained using the UDF provides the URI from which the content is obtained using the
normal HTTP GET method: normal HTTP GET method:
https://example.com/.well-known/mmm-udf/MD5C-PYID-B7TR-7BQM-3NWB- https://example.com/.well-known/mmm-udf/MAI3-3253-XSCV-A575-WB27-
UANA-YYIX-2RKF-M3WZ-RGF4-D6H2-BLD7-YK32-3WB7 XM7J-KQ5Z-TA3D-NPZT-UQED-PS6U-KTCP-YQFR-XECC
Having established that Alice can read postal mail sent to a physical Having established that Alice can read postal mail sent to a physical
address and having delivered a secret to that address, this process address and having delivered a secret to that address, this process
might be extended to provide a means of automating the process of might be extended to provide a means of automating the process of
enrolment in electronic delivery of future invoices. enrolment in electronic delivery of future invoices.
1.3. Secure Internet Names 1.3. Secure Internet Names
A SIN is an Internet Identifier that contains a UDF fingerprint of a A SIN is an Internet Identifier that contains a UDF fingerprint of a
security policy document that may be used to verify the security policy document that may be used to verify the
skipping to change at page 18, line 49 skipping to change at page 18, line 49
a_0. a_0.
Applications MAY employ any approach that returns the correct result. Applications MAY employ any approach that returns the correct result.
The use of Lagrange basis polynomials is described in Appendix C. The use of Lagrange basis polynomials is described in Appendix C.
Alice decides to encrypt an important document and split the Alice decides to encrypt an important document and split the
encryption key so that there are five key shares, three of which will encryption key so that there are five key shares, three of which will
be required to recover the key. be required to recover the key.
Alice's master secret is Alice's master secret is
D7 0A 41 C8 49 18 26 84 1F 8D 35 A4 2D 3D E2 C0 12 33 5C BF C8 28 C8 C6 EF E9 74 51 37 A9 B2 BD
This has the UDF representation: This has the UDF representation:
EDLQ-UQOI-JEMC-NBA7-RU22-ILJ5-4LAA EAJD-GXF7-ZAUM-RRXP-5F2F-CN5J-WK6Q
The master secret is converted to an integer applying network byte The master secret is converted to an integer applying network byte
order conventions. Since the master secret is 128 bits, it is order conventions. Since the master secret is 128 bits, it is
guaranteed to be smaller than the modulus. The resulting value guaranteed to be smaller than the modulus. The resulting value
becomes the polynomial value a0. becomes the polynomial value a0.
Since a threshold of three shares is required, we will need a second Since a threshold of three shares is required, we will need a second
order polynomial. The co-efficients of the polynomial a1, a2 are order polynomial. The co-efficients of the polynomial a1, a2 are
random numbers smaller than the modulus: random numbers smaller than the modulus:
a0 = 285837276287220602985847938463112749760 a0 = 24192792240122645239584041884141073085
a1 = 260404829208485657185013721898285611180 a1 = 275645827829392714511516865247251935089
a2 = 133585878431466019109475939096145153722 a2 = 338825755595477295605531041247661976348
The master secret is the value f(0) = a0. The key shares are the The master secret is the value f(0) = a0. The key shares are the
values f(1), f(2)...f(5): values f(1), f(2)...f(5):
f(1) = 339545617006233815816962992025775303155 f(1) = 298382008744054191893257340947286773015
f(2) = 320143347667240603403655316348959952487 f(2) = 229375635676124939367868900210451791120
f(3) = 227630468270240965745924911432666697756 f(3) = 157456039957273351126793327105404338907
f(4) = 62006978815234902843771777276895538962 f(4) = 82623221587499427170030621632144416376
f(5) = 163555246223160878160570521313414687612 f(5) = 4877180566803167497580783790672023527
The first byte of each share specifies the recovery information The first byte of each share specifies the recovery information
(quorum, x value), the remaining bytes specify the share value in (quorum, x value), the remaining bytes specify the share value in
network byte order: network byte order:
f(1) = f(1) =
30 FF 72 1B 6C B9 D0 37 FA A5 67 33 7D B8 FE E9 30 E0 7A 48 D8 4F DD 9B 38 7B B0 95 8A 9C 64 CD
F3 17
f(2) = f(2) =
31 F0 D9 5D B0 A9 04 FC 61 5D 09 7D 35 60 8F 8E 31 AC 90 23 F9 85 95 22 B7 00 9E F1 69 2E 79 BD
67 10
f(3) = f(3) =
32 AB 40 08 94 16 B6 73 B8 46 74 12 CB 23 EF D0 32 76 74 EE 23 69 4F 5F 42 7E B4 87 EC ED E8 82
1C DB
f(4) = f(4) =
33 2E A6 1C 17 02 E4 9D FF 61 A6 F4 3F 03 1F AF 33 3E 28 A7 55 FB 0C 50 DA F5 F1 59 15 DA B1 1E
12 78
f(5) = f(5) =
34 7B 0B 98 39 6D 8F 7B 36 AE A2 21 90 FE 1F 2B 34 03 AB 4F 91 3A CB F7 80 66 55 64 E3 F4 D3 8F
7C E7
The UDF presentation of the key shares is thus: The UDF presentation of the key shares is thus:
f(1) = SAYP-64Q3-NS45-AN72-UVTT-G7NY-73U7-G f(1) = SAYO-A6SI-3BH5-3GZY-POYJ-LCU4-MTGR-O
f(2) = SAY7-BWK5-WCUQ-J7DB-LUEX-2NLA-R6HG-O f(2) = SAY2-ZEBD-7GCZ-KIVX-ACPP-C2JO-PG6R-A
f(3) = SAZK-WQAI-SQLL-M45Y-IZ2B-FSZD-57IB-Y f(3) = SAZH-M5HO-ENUU-6X2C-P22I-P3HN-5CBN-W
f(4) = SAZS-5JQ4-C4BO-JHP7-MGTP-IPYD-D6XR-E f(4) = SAZT-4KFH-KX5Q-YUG2-6XYV-SFO2-WEPH-Q
f(5) = SA2H-WC4Y-HFWY-66ZW-V2RC-DEH6-D4VX-Y f(5) = SA2A-HK2P-SE5M-X54A-MZKW-JY7U-2OH6-O
To recover the value f(0) from any three shares, we need to fit a To recover the value f(0) from any three shares, we need to fit a
polynomial curve to the three points and use it to calculate the polynomial curve to the three points and use it to calculate the
value at x=0 using the Lagrange polynomial basis. value at x=0 using the Lagrange polynomial basis.
5. Variable Length UDFs 5. Variable Length UDFs
Variable length UDFs are used to represent fingerprint values Variable length UDFs are used to represent fingerprint values
calculated over a content type identifier and the cryptographic calculated over a content type identifier and the cryptographic
digest of a content data item. The fingerprint value MAY be digest of a content data item. The fingerprint value MAY be
skipping to change at page 32, line 32 skipping to change at page 32, line 32
Secret Share (set) The content data returned is decrypted and Secret Share (set) The content data returned is decrypted and
authenticated using the shared secret as the initial keying authenticated using the shared secret as the initial keying
material (see below). material (see below).
6.2.5. Decryption and Authentication 6.2.5. Decryption and Authentication
The steps performed to decode cryptographically enhanced content data The steps performed to decode cryptographically enhanced content data
depends on the content type specified in the returned content. Two depends on the content type specified in the returned content. Two
formats are currently supported: formats are currently supported:
o DARE Message format as specified in o DARE Envelope format as specified in [draft-hallambaker-mesh-dare]
[draft-hallambaker-mesh-dare-message]
o Cryptographic Message Syntax (CMS) Symmetric Key Package as o Cryptographic Message Syntax (CMS) Symmetric Key Package as
specified in [RFC6031] specified in [RFC6031]
6.2.6. QR Presentation 6.2.6. QR Presentation
Encoding of a UDF URI as a QR code requires only the characters in Encoding of a UDF URI as a QR code requires only the characters in
alphanumeric encoding, thus achieving compactness with minimal alphanumeric encoding, thus achieving compactness with minimal
overhead. overhead.
skipping to change at page 41, line 29 skipping to change at page 41, line 29
96 SHA-2-512 [This document] 96 SHA-2-512 [This document]
97 SHA-2-512 with 20 trailing zeros [This document] 97 SHA-2-512 with 20 trailing zeros [This document]
98 SHA-2-512 with 30 trailing zeros [This document] 98 SHA-2-512 with 30 trailing zeros [This document]
99 SHA-2-512 with 40 trailing zeros [This document] 99 SHA-2-512 with 40 trailing zeros [This document]
100 SHA-2-512 with 50 trailing zeros [This document] 100 SHA-2-512 with 50 trailing zeros [This document]
104 Random nonce [This document] 104 Random nonce [This document]
144 Shamir Secret Share [This document] 144 Shamir Secret Share [This document]
10. Acknowledgements 10. Acknowledgements
A list of people who have contributed to the design of the Mesh is
presented in [draft-hallambaker-mesh-architecture] .
Thanks are due to Viktor Dukhovni, Damian Weber and an anonymous Thanks are due to Viktor Dukhovni, Damian Weber and an anonymous
member of the cryptography@metzdowd.com list for assisting in the member of the cryptography@metzdowd.com list for assisting in the
compilation of the table of prime values. compilation of the table of prime values.
11. Appendix A: Prime Values for Secret Sharing 11. Appendix A: Prime Values for Secret Sharing
The following are the prime values to be used for sharing secrets of The following are the prime values to be used for sharing secrets of
up to 512 bits. up to 512 bits.
If it is necessary to share larger secrets, the corresponding prime If it is necessary to share larger secrets, the corresponding prime
skipping to change at page 45, line 15 skipping to change at page 45, line 15
var Result = x % p; var Result = x % p;
return Result.Sign >= 0 ? Result : Result + p; return Result.Sign >= 0 ? Result : Result + p;
} }
} }
} }
13. References 13. References
13.1. Normative References 13.1. Normative References
[draft-hallambaker-mesh-dare-message] [draft-hallambaker-mesh-architecture]
"[Reference Not Found!]". Hallam-Baker, P., "Mathematical Mesh Part I: Architecture
Guide", draft-hallambaker-mesh-architecture-07 (work in
progress), April 2019.
[draft-hallambaker-mesh-dare]
Hallam-Baker, P., "Mathematical Mesh Part III : Data At
Rest Encryption (DARE)", draft-hallambaker-mesh-dare-01
(work in progress), April 2019.
[draft-hallambaker-mesh-security] [draft-hallambaker-mesh-security]
"[Reference Not Found!]". Hallam-Baker, P., "Mathematical Mesh Part VII: Security
Considerations", draft-hallambaker-mesh-security-00 (work
in progress), April 2019.
[draft-hallambaker-web-service-discovery] [draft-hallambaker-web-service-discovery]
Hallam-Baker, P., "DNS Web Service Discovery", draft- Hallam-Baker, P., "DNS Web Service Discovery", draft-
hallambaker-web-service-discovery-01 (work in progress), hallambaker-web-service-discovery-02 (work in progress),
February 2019. April 2019.
[RFC2014] Weinrib, A. and J. Postel, "IRTF Research Group Guidelines [RFC2014] Weinrib, A. and J. Postel, "IRTF Research Group Guidelines
and Procedures", BCP 8, RFC 2014, DOI 10.17487/RFC2014, and Procedures", BCP 8, RFC 2014, DOI 10.17487/RFC2014,
October 1996. October 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997. DOI 10.17487/RFC2119, March 1997.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
skipping to change at page 46, line 12 skipping to change at page 46, line 22
[SHA-2] NIST, "Secure Hash Standard", August 2015. [SHA-2] NIST, "Secure Hash Standard", August 2015.
[SHA-3] Dworkin, M., "SHA-3 Standard: Permutation-Based Hash and [SHA-3] Dworkin, M., "SHA-3 Standard: Permutation-Based Hash and
Extendable-Output Functions", August 2015. Extendable-Output Functions", August 2015.
13.2. Informative References 13.2. Informative References
[draft-hallambaker-mesh-developer] [draft-hallambaker-mesh-developer]
Hallam-Baker, P., "Mathematical Mesh: Reference Hallam-Baker, P., "Mathematical Mesh: Reference
Implementation", draft-hallambaker-mesh-developer-07 (work Implementation", draft-hallambaker-mesh-developer-08 (work
in progress), April 2018. in progress), April 2019.
[draft-hallambaker-mesh-trust] [draft-hallambaker-mesh-trust]
Hallam-Baker, P., "Mathematical Mesh Part IV: The Trust Hallam-Baker, P., "Mathematical Mesh Part VI: The Trust
Mesh", draft-hallambaker-mesh-trust-00 (work in progress), Mesh", draft-hallambaker-mesh-trust-01 (work in progress),
January 2019. April 2019.
[RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker, [RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086, "Randomness Requirements for Security", BCP 106, RFC 4086,
DOI 10.17487/RFC4086, June 2005. DOI 10.17487/RFC4086, June 2005.
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880, Thayer, "OpenPGP Message Format", RFC 4880,
DOI 10.17487/RFC4880, November 2007. DOI 10.17487/RFC4880, November 2007.
[RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known
 End of changes. 33 change blocks. 
61 lines changed or deleted 72 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/