idnits 2.17.1 draft-hallambaker-mesh-platform-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (April 11, 2018) is 2200 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 307 Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Hallam-Baker 3 Internet-Draft Comodo Group Inc. 4 Intended status: Informational April 11, 2018 5 Expires: October 13, 2018 7 Mathematical Mesh: Platform Configuration 8 draft-hallambaker-mesh-platform-03 10 Abstract 12 The Mathematical Mesh ?The Mesh? is an end-to-end secure 13 infrastructure that facilitates the exchange of configuration and 14 credential data between multiple user devices. This document 15 describes how Mesh profiles are stored for application access on 16 Windows, Linux and OSX platforms. 18 This document is also available online at 19 http://prismproof.org/Documents/draft-hallambaker-mesh-platform.html 20 [1] . 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on October 13, 2018. 39 Copyright Notice 41 Copyright (c) 2018 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 59 2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 3 60 2.3. Related Specifications . . . . . . . . . . . . . . . . . 3 61 2.4. Implementation Status . . . . . . . . . . . . . . . . . . 3 62 3. Windows Platform Configuration . . . . . . . . . . . . . . . 3 63 3.1. Registry Key Entries . . . . . . . . . . . . . . . . . . 4 64 3.2. Data File Locations . . . . . . . . . . . . . . . . . . . 5 65 3.3. Key Store Entries . . . . . . . . . . . . . . . . . . . . 5 66 3.4. Profiles . . . . . . . . . . . . . . . . . . . . . . . . 5 67 3.4.1. Locating a personal profile . . . . . . . . . . . . . 5 68 3.4.2. Locating a device profile . . . . . . . . . . . . . . 5 69 3.4.3. Locating an application profile . . . . . . . . . . . 5 70 4. OSX Platform Configuration . . . . . . . . . . . . . . . . . 5 71 4.1. Key Storage . . . . . . . . . . . . . . . . . . . . . . . 6 72 5. Linux Platform Configuration . . . . . . . . . . . . . . . . 6 73 5.1. Key Storage . . . . . . . . . . . . . . . . . . . . . . . 6 74 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 75 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 76 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 77 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 78 8.2. Informative References . . . . . . . . . . . . . . . . . 7 79 8.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 7 80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 82 1. Introduction 84 This document describes recommended platform specific configuration 85 for Mathematical Mesh applications. The use of common conventions 86 for storage of profiles and private keys allows mesh enabled 87 applications to interoperate on the same machine. 89 Protecting private key material from disclosure to other processes 90 presents complex and difficult technical challenges. Ensuring that a 91 key is properly erased from storage before memory is released relies 92 on a complex series of assumptions about memory management at the 93 compiler, operating system and the platform level. 95 For maximum security, the use of private key storage facilities 96 provided by the platform is preferred. 98 2. Definitions 100 This section presents the related specifications and standard, the 101 terms that are used as terms of art within the documents and the 102 terms used as requirements language. 104 2.1. Requirements Language 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in RFC 2119 [RFC2119] . 110 2.2. Defined Terms 112 The terms of art used in this document are described in the Mesh 113 Architecture Guide [draft-hallambaker-mesh-architecture] . 115 2.3. Related Specifications 117 The architecture of the Mathematical Mesh is described in the Mesh 118 Architecture Guide [draft-hallambaker-mesh-architecture] . The Mesh 119 documentation set and related specifications are described in this 120 document. 122 2.4. Implementation Status 124 The implementation status of the reference code base is described in 125 the companion document [draft-hallambaker-mesh-developer] . 127 3. Windows Platform Configuration 129 The Windows Configuration is stored in a combination of Windows Key 130 Store entries, registry entries and data files. 132 The profiles that are available to a user are specified as Windows 133 registry keys. 135 Cached and archival copies of profiles are stored on the local 136 machine as data files with file names and locations specified in the 137 Windows registry. 139 Cryptographic keys are stored in a Windows key store. 141 To locate a device, application or personal profile, an application: 143 Searches for a Windows registry entry that matches the relevant 144 criteria. 146 Retrieves the profile data from either a local cached copy or the 147 corresponding portal. 149 Accesses the corresponding private keys through the Windows key 150 store. 152 The Windows Key store is the natural storage location for 153 cryptographic keys on the Windows platform as keys are at minimum 154 protected by the operating system access control mechanism. The 155 Windows key store also permits the use of cryptographic hardware 156 devices. 158 3.1. Registry Key Entries 160 All keys used by the Mathematical Mesh are stored in the following 161 Windows registry location: 163 HKEY_CURRENT_USER\SOFTWARE\CryptoMesh 165 This location has the following sub keys: 167 PersonalProfiles (Default) -> UDF fingerprint of the default 168 personal profile 170 PersonalProfiles\<UDF> (Default) -> File location for the 171 profile. 173 Archive -> File location for the profile archive. 175 Portals -> Multistring containing portal accounts to which the 176 profile is registered. The default portal is first. 178 ApplicationProfiles Web -> UDF fingerprint of default Web 179 Application profile 181 SSH -> UDF fingerprint of default SSH Application profile 183 Network -> UDF fingerprint of default network Application profile 185 Mail -> UDF fingerprint of default Mail Application profile 187 -> File location of profile 189 DeviceProfiles (Default) -> UDF fingerprint of default device 190 profile 192 -> File location of device 193 profile 195 3.2. Data File Locations 197 ApplicationData \CryptoMesh\ 199 3.3. Key Store Entries 201 3.4. Profiles 203 3.4.1. Locating a personal profile 205 To locate the default personal profile, an application: 207 Retrieves the key PersonalProfiles\(Default) to get 209 Locates the profile with identifier 211 To locate the personal profile with identifier UDF, an application: 213 Retrieves the key PersonalProfiles\ 215 Retrieves the latest version of the profile from the location 216 specified in PersonalProfiles\\(Default) 218 If necessary, the profile is refreshed from one of the accounts 219 specified in PersonalProfiles\\Portal 221 In case of an inconsistency being detected, the application MAY use 222 the archived copies of the profile to resynchronize. 224 Note that having been connected to a profile at some time in the past 225 does not guarantee that a device currently has access, even if the 226 device in question was an administration device for the profile. 228 3.4.2. Locating a device profile 230 To locate a device profile an application 232 3.4.3. Locating an application profile 234 To locate a device profile an application 236 4. OSX Platform Configuration 238 The OSX configuration is stored in a combination of a master 239 configuration file, profile data files and the OSX KeyChain 241 The profiles that are available to a user are stored in a JSON 242 configuration file 243 Cached and archival copies of profiles are stored on the local 244 machine as data files with file names and locations specified in the 245 JSON configuration file 247 Cryptographic keys are stored in the OSX Key Chain. 249 File locations 251 The JSON Configuration file is stored in ~/.cryptomesh/profiles.json 253 Profile data files are stored in a directory ~/.cryptomesh/ 255 The latest copy of the profile is stored in .mmm 257 An archive containing all the stored profiles is stored in 258 .all.mmm 260 4.1. Key Storage 262 Private keys are stored in the OSX Key Manager in some fashion to be 263 decided later. 265 5. Linux Platform Configuration 267 The Linux configuration is stored in a combination of a master 268 configuration file, profile data files and private key files. 270 The file layout of the Linux configuration and data files is 271 identical to that of OSX. 273 5.1. Key Storage 275 Private Keys are stored in the locations that the Linux applications 276 that are to use them expect to find them. 278 6. IANA Considerations 280 None 282 7. Acknowledgements 284 TBS 286 8. References 287 8.1. Normative References 289 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 290 Requirement Levels", BCP 14, RFC 2119, 291 DOI 10.17487/RFC2119, March 1997. 293 8.2. Informative References 295 [draft-hallambaker-mesh-architecture] 296 Hallam-Baker, P., "Mathematical Mesh: Architecture", 297 draft-hallambaker-mesh-architecture-04 (work in progress), 298 September 2017. 300 [draft-hallambaker-mesh-developer] 301 Hallam-Baker, P., "Mathematical Mesh: Reference 302 Implementation", draft-hallambaker-mesh-developer-06 (work 303 in progress), April 2018. 305 8.3. URIs 307 [1] http://prismproof.org/Documents/draft-hallambaker-mesh- 308 platform.html 310 Author's Address 312 Phillip Hallam-Baker 313 Comodo Group Inc. 315 Email: philliph@comodo.com