idnits 2.17.1 draft-hallambaker-mesh-platform-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The abstract seems to contain references ([1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 23, 2019) is 1646 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 253 Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. Hallam-Baker 3 Internet-Draft October 23, 2019 4 Intended status: Informational 5 Expires: April 25, 2020 7 Mathematical Mesh: Platform Configuration 8 draft-hallambaker-mesh-platform-05 10 Abstract 12 The Mathematical Mesh 'The Mesh' is an end-to-end secure 13 infrastructure that facilitates the exchange of configuration and 14 credential data between multiple user devices. This document 15 describes how Mesh profiles are stored for application access on 16 Windows, Linux and OSX platforms. 18 This document is also available online at 19 http://prismproof.org/Documents/draft-hallambaker-mesh-platform.html 20 [1] . 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at https://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on April 25, 2020. 39 Copyright Notice 41 Copyright (c) 2019 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (https://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 59 2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 3 60 2.3. Related Specifications . . . . . . . . . . . . . . . . . 3 61 2.4. Implementation Status . . . . . . . . . . . . . . . . . . 3 62 3. Mesh Content . . . . . . . . . . . . . . . . . . . . . . . . 3 63 3.1. Directory Layout . . . . . . . . . . . . . . . . . . . . 3 64 3.1.1. CatalogHost . . . . . . . . . . . . . . . . . . . . . 4 65 3.1.2. CatalogDevice . . . . . . . . . . . . . . . . . . . . 4 66 3.1.3. CatalogApplication . . . . . . . . . . . . . . . . . 4 67 3.1.4. CatalogContact . . . . . . . . . . . . . . . . . . . 4 68 3.1.5. CatalogRecrypt . . . . . . . . . . . . . . . . . . . 4 69 3.2. Container Locking . . . . . . . . . . . . . . . . . . . . 4 70 4. Platform Specific Bindings . . . . . . . . . . . . . . . . . 5 71 4.1. Windows . . . . . . . . . . . . . . . . . . . . . . . . . 5 72 4.2. OSX . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 73 4.3. Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 5 74 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 75 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 76 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 77 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 78 7.2. Informative References . . . . . . . . . . . . . . . . . 6 79 7.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 6 80 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 82 1. Introduction 84 This document describes recommended platform specific configuration 85 for Mathematical Mesh applications. The use of common conventions 86 for storage of profiles and private keys allows mesh enabled 87 applications to interoperate on the same machine. 89 Protecting private key material from disclosure to other processes 90 presents complex and difficult technical challenges. Ensuring that a 91 key is properly erased from storage before memory is released relies 92 on a complex series of assumptions about memory management at the 93 compiler, operating system and the platform level. 95 For maximum security, the use of private key storage facilities 96 provided by the platform is preferred. 98 2. Definitions 100 This section presents the related specifications and standard, the 101 terms that are used as terms of art within the documents and the 102 terms used as requirements language. 104 2.1. Requirements Language 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in RFC 2119 [RFC2119] . 110 2.2. Defined Terms 112 The terms of art used in this document are described in the Mesh 113 Architecture Guide [draft-hallambaker-mesh-architecture] . 115 2.3. Related Specifications 117 The architecture of the Mathematical Mesh is described in the Mesh 118 Architecture Guide [draft-hallambaker-mesh-architecture] . The Mesh 119 documentation set and related specifications are described in this 120 document. 122 2.4. Implementation Status 124 The implementation status of the reference code base is described in 125 the companion document [draft-hallambaker-mesh-developer] . 127 3. Mesh Content 129 The catalogs and spools associated with a user's Mesh profiles and 130 accounts are stored in Dare Containers. 132 This section describes the conventions used to describe 134 3.1. Directory Layout 136 host.dare The CatalogHost container with entries for each Mesh 138 -udf>.dcat` The CatalogDevice container for the Mesh with -udf> 140 -udf>/ Directory containing catalogs for the account -udf> 142 -udf>/CatalogApplication.dcat The applications catalog for the 143 account -udf> 145 -udf>/CatalogContact.dcat The contacts catalog for the account 146 -udf> 148 3.1.1. CatalogHost 150 A catalog of DeviceConnection, AdminConnection and PendingConnection 151 entries describing Mesh connections for the device on which the 152 container is hosted. 154 PendingConnection Describes a pending request to join a Mesh. This 155 entry SHOULD be deleted once the request is either completed, 156 refused or has expired. 158 DeviceConnection Describes a non-administrative connection to a Mesh 160 AdminConnection Describes a connection with full administration 161 privileges to a Mesh 163 3.1.2. CatalogDevice 165 Holds the CatalogEntryDevice entries that describe all the devices 166 connected to the Mesh whose UDF fingerprint matches the filename. 168 3.1.3. CatalogApplication 170 Holds application information that is shared across all the 171 administration devices connected to an account. 173 3.1.4. CatalogContact 175 Holds the contact information corresponding to the account. 177 3.1.5. CatalogRecrypt 179 Holds recryption entries to be provisioned to a recryption service 180 associated with the account. The entries are encrypted under the 181 public encryption key of the service and indexed under the UDF of the 182 corresponding decryption key. 184 3.2. Container Locking 186 A combination of file access protections and system locks are used to 187 prevent container data being corrupted through conflicting concurrent 188 access. 190 o Since Dare Containers are append only, the scope for read/write 191 conflict is limited to actions that cause the end of file marker 192 to change. It is thus only necessary for processes to acquire a 193 lock on the file when: 195 o Reading the file to update the last position in the file. 197 o Writing to the file to append an object. 199 A single system-wide names MUTEX is used. 201 To write to the container, a process MUST acquire the named read 202 MUTEX, performs the write operation and releases it. 204 A process reading the container SHOULD NOT acquire the container 205 MUTEX to determine that the end of file marker is greater than zero 206 or that the end of file marker has moved. A process MUST acquire the 207 container MUTEX to update the value of the end of file marker so as 208 to ensure that any pending write operation has completed. 210 The single lock approach was chosen in preference to more 211 sophisticated approaches involving multiple concurrent read locks 212 because the time to acquire the lock is typically greater than the 213 time required to update the end of file position. 215 4. Platform Specific Bindings 217 4.1. Windows 219 4.2. OSX 221 4.3. Linux 223 5. IANA Considerations 225 None 227 6. Acknowledgements 229 TBS 231 7. References 233 7.1. Normative References 235 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 236 Requirement Levels", BCP 14, RFC 2119, 237 DOI 10.17487/RFC2119, March 1997. 239 7.2. Informative References 241 [draft-hallambaker-mesh-architecture] 242 Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: 243 Architecture Guide", draft-hallambaker-mesh- 244 architecture-10 (work in progress), August 2019. 246 [draft-hallambaker-mesh-developer] 247 Hallam-Baker, P., "Mathematical Mesh: Reference 248 Implementation", draft-hallambaker-mesh-developer-08 (work 249 in progress), April 2019. 251 7.3. URIs 253 [1] http://prismproof.org/Documents/draft-hallambaker-mesh- 254 platform.html 256 Author's Address 258 Phillip Hallam-Baker 260 Email: phill@hallambaker.com