idnits 2.17.1 draft-hallambaker-mesh-platform-06.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a Security Considerations section. ** The document seems to lack an Authors' Addresses Section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (27 July 2020) is 1370 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. M. Hallam-Baker 3 Internet-Draft 27 July 2020 4 Intended status: Informational 5 Expires: 28 January 2021 7 Mathematical Mesh: Platform Configuration 8 draft-hallambaker-mesh-platform-06 10 Abstract 12 The Mathematical Mesh 'The Mesh' is an end-to-end secure 13 infrastructure that facilitates the exchange of configuration and 14 credential data between multiple user devices. This document 15 describes how Mesh profiles are stored for application access on 16 Windows, Linux and OSX platforms. 18 This document is also available online at 19 http://prismproof.org/Documents/draft-hallambaker-mesh-platform.html. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on 28 January 2021. 38 Copyright Notice 40 Copyright (c) 2020 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 45 license-info) in effect on the date of publication of this document. 46 Please review these documents carefully, as they describe your rights 47 and restrictions with respect to this document. 49 Table of Contents 51 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 52 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 2 53 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 54 2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 3 55 2.3. Related Specifications . . . . . . . . . . . . . . . . . 3 56 2.4. Implementation Status . . . . . . . . . . . . . . . . . . 3 57 3. Mesh Content . . . . . . . . . . . . . . . . . . . . . . . . 3 58 3.1. Directory Layout . . . . . . . . . . . . . . . . . . . . 3 59 3.1.1. CatalogHost . . . . . . . . . . . . . . . . . . . . . 3 60 3.1.2. CatalogDevice . . . . . . . . . . . . . . . . . . . . 4 61 3.1.3. CatalogApplication . . . . . . . . . . . . . . . . . 4 62 3.1.4. CatalogContact . . . . . . . . . . . . . . . . . . . 4 63 3.1.5. CatalogRecrypt . . . . . . . . . . . . . . . . . . . 4 64 3.2. Container Locking . . . . . . . . . . . . . . . . . . . . 4 65 4. Platform Specific Bindings . . . . . . . . . . . . . . . . . 5 66 4.1. Windows . . . . . . . . . . . . . . . . . . . . . . . . . 5 67 4.2. OSX . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 68 4.3. Linux . . . . . . . . . . . . . . . . . . . . . . . . . . 5 69 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 70 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 71 7. Normative References . . . . . . . . . . . . . . . . . . . . 5 72 8. Informative References . . . . . . . . . . . . . . . . . . . 5 74 1. Introduction 76 This document describes recommended platform specific configuration 77 for Mathematical Mesh applications. The use of common conventions 78 for storage of profiles and private keys allows mesh enabled 79 applications to interoperate on the same machine. 81 Protecting private key material from disclosure to other processes 82 presents complex and difficult technical challenges. Ensuring that a 83 key is properly erased from storage before memory is released relies 84 on a complex series of assumptions about memory management at the 85 compiler, operating system and the platform level. 87 For maximum security, the use of private key storage facilities 88 provided by the platform is preferred. 90 2. Definitions 92 This section presents the related specifications and standard, the 93 terms that are used as terms of art within the documents and the 94 terms used as requirements language. 96 2.1. Requirements Language 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 100 document are to be interpreted as described in RFC 2119 [RFC2119]. 102 2.2. Defined Terms 104 The terms of art used in this document are described in the _Mesh 105 Architecture Guide_ [draft-hallambaker-mesh-architecture]. 107 2.3. Related Specifications 109 The architecture of the Mathematical Mesh is described in the _Mesh 110 Architecture Guide_ [draft-hallambaker-mesh-architecture]. The Mesh 111 documentation set and related specifications are described in this 112 document. 114 2.4. Implementation Status 116 The implementation status of the reference code base is described in 117 the companion document [draft-hallambaker-mesh-developer]. 119 3. Mesh Content 121 The catalogs and spools associated with a user's Mesh profiles and 122 accounts are stored in Dare Containers. 124 This section describes the conventions used to describe 126 3.1. Directory Layout 128 host.dare The CatalogHost container with entries for each Mesh 130 -udf>.dcat` The CatalogDevice container for the Mesh with -udf> 132 -udf>/ Directory containing catalogs for the account -udf> 134 -udf>/CatalogApplication.dcat The applications catalog for the 135 account -udf> 137 -udf>/CatalogContact.dcat The contacts catalog for the account -udf> 139 3.1.1. CatalogHost 141 A catalog of "DeviceConnection", "AdminConnection" and 142 "PendingConnection" entries describing Mesh connections for the 143 device on which the container is hosted. 145 PendingConnection Describes a pending request to join a Mesh. This 146 entry SHOULD be deleted once the request is either completed, 147 refused or has expired. 149 DeviceConnection Describes a non-administrative connection to a Mesh 151 AdminConnection Describes a connection with full administration 152 privileges to a Mesh 154 3.1.2. CatalogDevice 156 Holds the "CatalogEntryDevice" entries that describe all the devices 157 connected to the Mesh whose UDF fingerprint matches the filename. 159 3.1.3. CatalogApplication 161 Holds application information that is shared across all the 162 administration devices connected to an account. 164 3.1.4. CatalogContact 166 Holds the contact information corresponding to the account. 168 3.1.5. CatalogRecrypt 170 Holds recryption entries to be provisioned to a recryption service 171 associated with the account. The entries are encrypted under the 172 public encryption key of the service and indexed under the UDF of the 173 corresponding decryption key. 175 3.2. Container Locking 177 A combination of file access protections and system locks are used to 178 prevent container data being corrupted through conflicting concurrent 179 access. 181 * Since Dare Containers are append only, the scope for read/write 182 conflict is limited to actions that cause the end of file marker 183 to change. It is thus only necessary for processes to acquire a 184 lock on the file when: 186 * Reading the file to update the last position in the file. 188 * Writing to the file to append an object. 190 A single system-wide names MUTEX is used. 192 To write to the container, a process MUST acquire the named read 193 MUTEX, performs the write operation and releases it. 195 A process reading the container SHOULD NOT acquire the container 196 MUTEX to determine that the end of file marker is greater than zero 197 or that the end of file marker has moved. A process MUST acquire the 198 container MUTEX to update the value of the end of file marker so as 199 to ensure that any pending write operation has completed. 201 The single lock approach was chosen in preference to more 202 sophisticated approaches involving multiple concurrent read locks 203 because the time to acquire the lock is typically greater than the 204 time required to update the end of file position. 206 4. Platform Specific Bindings 208 4.1. Windows 210 4.2. OSX 212 4.3. Linux 214 5. IANA Considerations 216 None 218 6. Acknowledgements 220 TBS 222 7. Normative References 224 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 225 Requirement Levels", BCP 14, RFC 2119, 226 DOI 10.17487/RFC2119, March 1997, 227 . 229 8. Informative References 231 [draft-hallambaker-mesh-architecture] 232 Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: 233 Architecture Guide", Work in Progress, Internet-Draft, 234 draft-hallambaker-mesh-architecture-13, 9 March 2020, 235 . 238 [draft-hallambaker-mesh-developer] 239 Hallam-Baker, P., "Mathematical Mesh: Reference 240 Implementation", Work in Progress, Internet-Draft, draft- 241 hallambaker-mesh-developer-09, 23 October 2019, 242 .