idnits 2.17.1 

draft-hallambaker-mesh-platform-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an Introduction section.

  ** The document seems to lack a Security Considerations section.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (September 19, 2016) is 2775 days in the past.  Is
     this intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

     No issues found here.

     Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                    P. Hallam-Baker
3	Internet-Draft                                         Comodo Group Inc.
4	Intended status: Standards Track                      September 19, 2016
5	Expires: March 23, 2017

7	               Mathematical Mesh: Platform Configuration
8	                   draft-hallambaker-mesh-platform-00

10	Abstract

12	   The Mathematical Mesh 'The Mesh' is an end-to-end secure
13	   infrastructure that facilitates the exchange of configuration and
14	   credential data between multiple user devices.  This document
15	   describes how Mesh profiles are stored for application access on
16	   Windows, Linux and OSX platforms.

18	Status of This Memo

20	   This Internet-Draft is submitted in full conformance with the
21	   provisions of BCP 78 and BCP 79.

23	   Internet-Drafts are working documents of the Internet Engineering
24	   Task Force (IETF).  Note that other groups may also distribute
25	   working documents as Internet-Drafts.  The list of current Internet-
26	   Drafts is at http://datatracker.ietf.org/drafts/current/.

28	   Internet-Drafts are draft documents valid for a maximum of six months
29	   and may be updated, replaced, or obsoleted by other documents at any
30	   time.  It is inappropriate to use Internet-Drafts as reference
31	   material or to cite them other than as "work in progress."

33	   This Internet-Draft will expire on March 23, 2017.

35	Copyright Notice

37	   Copyright (c) 2016 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents
42	   (http://trustee.ietf.org/license-info) in effect on the date of
43	   publication of this document.  Please review these documents
44	   carefully, as they describe your rights and restrictions with respect
45	   to this document.  Code Components extracted from this document must
46	   include Simplified BSD License text as described in Section 4.e of
47	   the Trust Legal Provisions and are provided without warranty as
48	   described in the Simplified BSD License.

50	Table of Contents

52	   1.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   2
53	     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   2
54	   2.  Configuration Scope . . . . . . . . . . . . . . . . . . . . .   2
55	   3.  Windows Platform Configuration  . . . . . . . . . . . . . . .   2
56	     3.1.  Registry Key Entries  . . . . . . . . . . . . . . . . . .   3
57	     3.2.  Data File Locations . . . . . . . . . . . . . . . . . . .   4
58	     3.3.  Key Store Entries . . . . . . . . . . . . . . . . . . . .   4
59	     3.4.  Profiles  . . . . . . . . . . . . . . . . . . . . . . . .   4
60	       3.4.1.  Locating a personal profile . . . . . . . . . . . . .   4
61	       3.4.2.  Locating a device profile . . . . . . . . . . . . . .   4
62	       3.4.3.  Locating an application profile . . . . . . . . . . .   5
63	   4.  OSX Platform Configuration  . . . . . . . . . . . . . . . . .   5
64	     4.1.  Key Storage . . . . . . . . . . . . . . . . . . . . . . .   5
65	   5.  Linux Platform Configuration  . . . . . . . . . . . . . . . .   5
66	     5.1.  Key Storage . . . . . . . . . . . . . . . . . . . . . . .   5
67	   6.  JSON configuration File . . . . . . . . . . . . . . . . . . .   6
68	   7.  Application Programming Interface . . . . . . . . . . . . . .   6
69	     7.1.  C#  . . . . . . . . . . . . . . . . . . . . . . . . . . .   6
70	   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
71	   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   6
72	   10. Normative References  . . . . . . . . . . . . . . . . . . . .   6
73	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   7

75	1.  Definitions

77	1.1.  Requirements Language

79	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
80	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
81	   document are to be interpreted as described in RFC 2119 [RFC2119].

83	2.  Configuration Scope

85	3.  Windows Platform Configuration

87	   The Windows Configuration is stored in a combination of Windows Key
88	   Store entries, registry entries and data files.

90	   The profiles that are available to a user are specified as Windows
91	   registry keys.

93	   Cached and archival copies of profiles are stored on the local
94	   machine as data files with file names and locations specified in the
95	   Windows registry.

97	   Cryptographic keys are stored in a Windows key store.

99	   To locate a device, application or personal profile, an application:

101	   Searches for a Windows registry entry that matches the relevant
102	   criteria.

104	   Retrieves the profile data from either a local cached copy or the
105	   corresponding portal.

107	   Accesses the corresponding private keys through the Windows key
108	   store.

110	   The Windows Key store is the natural storage location for
111	   cryptographic keys on the Windows platform as keys are at minimum
112	   protected by the operating system access control mechanism.  The
113	   Windows key store also permits the use of cryptographic hardware
114	   devices.

116	3.1.  Registry Key Entries

118	   All keys used by the Mathematical Mesh are stored in the following
119	   Windows registry location:

121	   HKEY_CURRENT_USER\SOFTWARE\CryptoMesh

123	   This location has the following sub keys:

125	      PersonalProfiles  (Default) -> UDF fingerprint of the default
126	         personal profile

128	      PersonalProfiles\<UDF>  (Default) -> File location for the
129	         profile.

131	         Archive -> File location for the profile archive.

133	         Portals -> Multistring containing portal accounts to which the
134	         profile is registered.  The default portal is first.

136	      ApplicationProfiles  Web -> UDF fingerprint of default Web
137	         Application profile

139	         SSH -> UDF fingerprint of default SSH Application profile

141	         Network -> UDF fingerprint of default network Application
142	         profile

144	         Mail -> UDF fingerprint of default Mail Application profile
145	         UDF Fingerprint of profile -> File location of profile

147	      DeviceProfiles  (Default) -> UDF fingerprint of default device
148	         profile

150	         UDF Fingerprint of Device profile -> File location of device
151	         profile

153	3.2.  Data File Locations

155	   ApplicationData \CryptoMesh\

157	3.3.  Key Store Entries

159	   <>

161	3.4.  Profiles

163	3.4.1.  Locating a personal profile

165	   To locate the default personal profile, an application:

167	   Retrieves the key PersonalProfiles\(Default) to get <UDF>

169	   Locates the profile with identifier <UDF>

171	   To locate the personal profile with identifier UDF, an application:

173	   Retrieves the key PersonalProfiles\<UDF>

175	   Retrieves the latest version of the profile from the location
176	   specified in PersonalProfiles\<UDF>\(Default)

178	   If necessary, the profile is refreshed from one of the accounts
179	   specified in PersonalProfiles\<UDF>\Portal

181	   In case of an inconsistency being detected, the application MAY use
182	   the archived copies of the profile to resynchronize.

184	   Note that having been connected to a profile at some time in the past
185	   does not guarantee that a device currently has access, even if the
186	   device in question was an administration device for the profile.

188	3.4.2.  Locating a device profile

190	   To locate a device profile an application

192	3.4.3.  Locating an application profile

194	   To locate a device profile an application

196	4.  OSX Platform Configuration

198	   The OSX configuration is stored in a combination of a master
199	   configuration file, profile data files and the OSX KeyChain

201	   The profiles that are available to a user are stored in a JSON
202	   configuration file

204	   Cached and archival copies of profiles are stored on the local
205	   machine as data files with file names and locations specified in the
206	   JSON configuration file

208	   Cryptographic keys are stored in the OSX Key Chain.

210	   File locations

212	   The JSON Configuration file is stored in ~/.cryptomesh/profiles.json

214	   Profile data files are stored in a directory ~/.cryptomesh/<UDF>

216	   The latest copy of the profile is stored in <UDF>.mmm

218	   An archive containing all the stored profiles is stored in
219	   <UDF>.all.mmm

221	4.1.  Key Storage

223	   Private keys are stored in the OSX Key Manager in some fashion to be
224	   decided later.

226	5.  Linux Platform Configuration

228	   The Linux configuration is stored in a combination of a master
229	   configuration file, profile data files and private key files.

231	   The file layout of the Linux configuration and data files is
232	   identical to that of OSX.

234	5.1.  Key Storage

236	   Private Keys are stored in the locations that the Linux applications
237	   that are to use them expect to find them.

239	6.  JSON configuration File

241	7.  Application Programming Interface

243	7.1.  C#

245	   The C# reference code base provides the following classes to provide
246	   access to the Mesh machine configuration:

248	      Goedel.Mesh.RegistrationType

250	      Goedel.Mesh.RegistrationMachine

252	      Goedel.Mesh.RegistrationPersonal

254	      Goedel.Mesh.RegistrationDevice

256	      Goedel.Mesh.RegistrationApplication

258	      Goedel.Portability.Windows

260	      Goedel.Portability.OSX

262	      Goedel.Portability.Linux

264	      Goedel.Mesh.Windows

266	8.  IANA Considerations

268	   None

270	9.  Acknowledgements

272	   TBS

274	10.  Normative References

276	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
277	              Requirement Levels", BCP 14, RFC 2119,
278	              DOI 10.17487/RFC2119, March 1997.

280	Author's Address

282	   Phillip Hallam-Baker
283	   Comodo Group Inc.

285	   Email: philliph@comodo.com