idnits 2.17.1 

draft-hallambaker-mesh-protocol-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 6 instances of too long lines in the document, the longest one
     being 3 characters in excess of 72.

  ** The abstract seems to contain references ([1]), which it shouldn't. 
     Please replace those with straight textual mentions of the documents in
     question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (August 13, 2019) is 1715 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  -- Looks like a reference, but probably isn't: '1' on line 1509

  -- Looks like a reference, but probably isn't: '2' on line 1512

  ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112)


     Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                    P. Hallam-Baker
3	Internet-Draft                                           August 13, 2019
4	Intended status: Informational
5	Expires: February 14, 2020

7	            Mathematical Mesh 3.0 Part V: Protocol Reference
8	                   draft-hallambaker-mesh-protocol-02

10	Abstract

12	   The Mathematical Mesh 'The Mesh' is an end-to-end secure
13	   infrastructure that facilitates the exchange of configuration and
14	   credential data between multiple user devices.  The core protocols of
15	   the Mesh are described with examples of common use cases and
16	   reference data.

18	   This document is also available online at
19	   http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html
20	   [1] .

22	Status of This Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at https://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on February 14, 2020.

39	Copyright Notice

41	   Copyright (c) 2019 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (https://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	Table of Contents

56	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
57	   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   5
58	     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   5
59	     2.2.  Defined Terms . . . . . . . . . . . . . . . . . . . . . .   5
60	     2.3.  Related Specifications  . . . . . . . . . . . . . . . . .   5
61	     2.4.  Implementation Status . . . . . . . . . . . . . . . . . .   5
62	   3.  Mesh Service  . . . . . . . . . . . . . . . . . . . . . . . .   5
63	     3.1.  Data Model  . . . . . . . . . . . . . . . . . . . . . . .   6
64	     3.2.  Partitioning  . . . . . . . . . . . . . . . . . . . . . .   7
65	   4.  Protocol Bindings . . . . . . . . . . . . . . . . . . . . . .   7
66	     4.1.  DNS Web Service Discovery . . . . . . . . . . . . . . . .   7
67	     4.2.  Web Service Protocol Binding  . . . . . . . . . . . . . .   7
68	       4.2.1.  Transport Security  . . . . . . . . . . . . . . . . .   8
69	       4.2.2.  HTTP Message Binding  . . . . . . . . . . . . . . . .   8
70	       4.2.3.  Request . . . . . . . . . . . . . . . . . . . . . . .   8
71	       4.2.4.  Response  . . . . . . . . . . . . . . . . . . . . . .   9
72	     4.3.  DARE Message Encapsulation  . . . . . . . . . . . . . . .  11
73	       4.3.1.  Null Authentication . . . . . . . . . . . . . . . . .  11
74	       4.3.2.  Device Authentication . . . . . . . . . . . . . . . .  11
75	       4.3.3.  Profile Authentication  . . . . . . . . . . . . . . .  11
76	       4.3.4.  Ticket Authentication . . . . . . . . . . . . . . . .  12
77	     4.4.  Payload Encoding  . . . . . . . . . . . . . . . . . . . .  12
78	     4.5.  Error handling and response codes . . . . . . . . . . . .  13
79	   5.  Service Description . . . . . . . . . . . . . . . . . . . . .  13
80	   6.  Account Management  . . . . . . . . . . . . . . . . . . . . .  15
81	   7.  Container Synchronization . . . . . . . . . . . . . . . . . .  16
82	     7.1.  Status Transaction  . . . . . . . . . . . . . . . . . . .  17
83	     7.2.  Download Transaction  . . . . . . . . . . . . . . . . . .  17
84	       7.2.1.  Conflict Detection  . . . . . . . . . . . . . . . . .  17
85	       7.2.2.  Filtering . . . . . . . . . . . . . . . . . . . . . .  17
86	     7.3.  Upload Transaction  . . . . . . . . . . . . . . . . . . .  17
87	   8.  Device Connection . . . . . . . . . . . . . . . . . . . . . .  18
88	     8.1.  Device Authenticated  . . . . . . . . . . . . . . . . . .  18
89	     8.2.  PIN Authenticated . . . . . . . . . . . . . . . . . . . .  19
90	     8.3.  EARL connection mode  . . . . . . . . . . . . . . . . . .  19
91	   9.  Mesh Messaging  . . . . . . . . . . . . . . . . . . . . . . .  19
92	     9.1.  Message Exchange  . . . . . . . . . . . . . . . . . . . .  20
93	       9.1.1.  Client-Service (Post Transaction) . . . . . . . . . .  20
94	       9.1.2.  Service-Service (Post Transaction)  . . . . . . . . .  20
95	       9.1.3.  Service-Client (Synchronization)  . . . . . . . . . .  21
96	   10. Protocol Schema . . . . . . . . . . . . . . . . . . . . . . .  22
97	     10.1.  Request Messages . . . . . . . . . . . . . . . . . . . .  22
98	       10.1.1.  Message: MeshRequest . . . . . . . . . . . . . . . .  22
99	       10.1.2.  Message: MeshRequestUser . . . . . . . . . . . . . .  22
100	     10.2.  Response Messages  . . . . . . . . . . . . . . . . . . .  22
101	       10.2.1.  Message: MeshResponse  . . . . . . . . . . . . . . .  23
102	     10.3.  Imported Objects . . . . . . . . . . . . . . . . . . . .  23
103	     10.4.  Common Structures  . . . . . . . . . . . . . . . . . . .  23
104	       10.4.1.  Structure: KeyValue  . . . . . . . . . . . . . . . .  23
105	       10.4.2.  Structure: ConstraintsSelect . . . . . . . . . . . .  23
106	       10.4.3.  Structure: ConstraintsData . . . . . . . . . . . . .  24
107	       10.4.4.  Structure: PolicyAccount . . . . . . . . . . . . . .  24
108	       10.4.5.  Structure: ContainerStatus . . . . . . . . . . . . .  24
109	       10.4.6.  Structure: ContainerUpdate . . . . . . . . . . . . .  25
110	     10.5.  Transaction: Hello . . . . . . . . . . . . . . . . . . .  25
111	       10.5.1.  Message: MeshHelloResponse . . . . . . . . . . . . .  25
112	     10.6.  Transaction: Complete  . . . . . . . . . . . . . . . . .  26
113	       10.6.1.  Message: CompleteRequest . . . . . . . . . . . . . .  26
114	     10.7.  Transaction: Status  . . . . . . . . . . . . . . . . . .  26
115	       10.7.1.  Message: StatusRequest . . . . . . . . . . . . . . .  26
116	       10.7.2.  Message: StatusResponse  . . . . . . . . . . . . . .  26
117	     10.8.  Transaction: Download  . . . . . . . . . . . . . . . . .  27
118	       10.8.1.  Message: DownloadRequest . . . . . . . . . . . . . .  27
119	       10.8.2.  Message: DownloadResponse  . . . . . . . . . . . . .  27
120	     10.9.  Transaction: Upload  . . . . . . . . . . . . . . . . . .  28
121	       10.9.1.  Message: UploadRequest . . . . . . . . . . . . . . .  28
122	       10.9.2.  Message: UploadResponse  . . . . . . . . . . . . . .  28
123	       10.9.3.  Structure: EntryResponse . . . . . . . . . . . . . .  28
124	     10.10. Transaction: Post  . . . . . . . . . . . . . . . . . . .  29
125	       10.10.1.  Message: PostRequest  . . . . . . . . . . . . . . .  29
126	       10.10.2.  Message: PostResponse . . . . . . . . . . . . . . .  29
127	     10.11. Transaction: Connect . . . . . . . . . . . . . . . . . .  30
128	       10.11.1.  Message: ConnectRequest . . . . . . . . . . . . . .  30
129	       10.11.2.  Message: ConnectResponse  . . . . . . . . . . . . .  30
130	     10.12. Transaction: CreateAccount . . . . . . . . . . . . . . .  30
131	       10.12.1.  Message: CreateRequest  . . . . . . . . . . . . . .  31
132	       10.12.2.  Message: CreateResponse . . . . . . . . . . . . . .  31
133	     10.13. Transaction: DeleteAccount . . . . . . . . . . . . . . .  31
134	       10.13.1.  Message: DeleteRequest  . . . . . . . . . . . . . .  31
135	       10.13.2.  Message: DeleteResponse . . . . . . . . . . . . . .  32
136	   11. Security Considerations . . . . . . . . . . . . . . . . . . .  32
137	   12. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  32
138	   13. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  32
139	   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .  32
140	     14.1.  Normative References . . . . . . . . . . . . . . . . . .  32
141	     14.2.  Informative References . . . . . . . . . . . . . . . . .  33
142	     14.3.  URIs . . . . . . . . . . . . . . . . . . . . . . . . . .  33
143	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  33

145	1.  Introduction

147	   This document describes the Mesh Service protocol supported by Mesh
148	   Services, an account-based protocol that facilitates exchange of data
149	   between devices connected to a Mesh profile and between Mesh
150	   accounts.

152	   Mesh Service Accounts support the following services:

154	   o  Provides the master persistence store for the Catalogs and Spools
155	      associated with the account.

157	   o  Enables synchronization of Catalogs and Spools with connected
158	      devices.

160	   o  Enforces access control on inbound Mesh Messages from other users
161	      and other Mesh Services.

163	   o  Authenticates outbound Mesh Messages, certifying that they comply
164	      with abuse mitigation policies.

166	   A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the
167	   same time but only one Mesh Service Account is considered to be
168	   authoritative at a time.  Users may add or remove Mesh Service
169	   Accounts and change the account designated as authoritative at any
170	   time.

172	   The Mesh Services are build from a very small set of primitives which
173	   provide a surprisingly extensive set of capabilities.  These
174	   primitives are:

176	   Hello  Describes the features and options provided by the service and
177	      provides a 'null' transaction which MAY be used to establish an
178	      authentication ticket without performing any action,

180	   CreateAccount, DeleteAccount  Manage the creation and deletion of
181	      accounts at the service.

183	   Status, Download, Upload  Support synchronization of Mesh containers
184	      between the service (Master) and the connected devices (Replicas).

186	   Connect  Initiate the process of connecting a device to a Mesh
187	      profile from the device itself.

189	   Post  Request that a Mesh Message be transferred to one or more Mesh
190	      Accounts.

192	   Although these functions could in principle be used to replace many
193	   if not most existing Internet application protocols, the principal
194	   value of any communication protocol lies in the size of the audience
195	   it allows them to communicate with.  Thus, while the Mesh Messaging
196	   service is designed to support efficient and reliable transfer of
197	   messages ranging in size from a few bytes to multiple terabytes, the
198	   near-term applications of these services will be to applications that
199	   are not adequately supported by existing protocols if at all.

201	2.  Definitions

203	   This section presents the related specifications and standard, the
204	   terms that are used as terms of art within the documents and the
205	   terms used as requirements language.

207	2.1.  Requirements Language

209	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
210	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
211	   document are to be interpreted as described in [RFC2119] .

213	2.2.  Defined Terms

215	   The terms of art used in this document are described in the Mesh
216	   Architecture Guide [draft-hallambaker-mesh-architecture] .

218	2.3.  Related Specifications

220	   The architecture of the Mathematical Mesh is described in the Mesh
221	   Architecture Guide [draft-hallambaker-mesh-architecture] . The Mesh
222	   documentation set and related specifications are described in this
223	   document.

225	2.4.  Implementation Status

227	   The implementation status of the reference code base is described in
228	   the companion document [draft-hallambaker-mesh-developer] .

230	3.  Mesh Service

232	   A Mesh Service is a minimally trusted service.  In particular a user
233	   does not need to trust a Mesh service to protect the confidentiality
234	   or integrity of most data stored in the account catalogs and spools.

236	   Unless the use of the Mesh Service is highly restricted, a user does
237	   need to trust the Mesh Service in certain respects:

239	   Data Loss  A service could refuse to respond to requests to download
240	      data.

242	   Integrity (Stale Data)  The use of Merkle Trees limits but does not
243	      eliminate the ability of a Mesh Service to respond to requests
244	      with stale data.

246	   Messaging  A service could reject requests to post messages to or
247	      accept messages from other mesh users.

249	      This risk is a necessary consequence of the fact that the Mesh
250	      Service Provider is accountable to other Mesh Service Providers
251	      for abuse originating from their service.

253	   Traffic analysis  A Mesh Service has knowledge of the number of Mesh
254	      Messages being sent and received by its users and the addresses to
255	      which they are being sent to or received from.

257	   The need to trust the Mesh Service in these respects is mitigated by
258	   accountability and the user's ability to change Mesh Service
259	   providers at any time they choose with minimal inconvenience.

261	   It is possible that some of these risks will be reduced in future
262	   versions of the Mesh Service Protocol but it is highly unlikely that
263	   these can be eliminated entirely without compromising practicality or
264	   efficiency.

266	3.1.  Data Model

268	   The design of the Mesh Service model followed a quasi-formal approach
269	   in which the system was reduced to schemas which could in principle
270	   be rendered in a formal development method but without construction
271	   of proofs.

273	   Like the contents of Mesh Accounts, a Mesh Service may be represented
274	   by a collection of catalogs and spools, for example:

276	   Account Catalog  Contains the account entries.

278	   Incident Spool  Reports of potential abuse

280	   Backup of the service MAY be implemented using the same container
281	   synchronization mechanism used to synchronize account catalogs and
282	   spools.

284	3.2.  Partitioning

286	   Mesh Services supporting a large number of accounts or large activity
287	   volume MAY partition the account catalog between one or more hosts
288	   using the usual tiered service model in which a front-end server
289	   receives traffic for any account hosted at the server and routes the
290	   request to the back-end service that provides the persistence store
291	   for that account.

293	   In addition, the Mesh Service Protocol supports a 'direct connection'
294	   partitioning model in which devices are given a DNS name which MAY
295	   allow for direct connection to the persistence host or to a front-end
296	   service offering service that is in some way specific to that
297	   account.

299	4.  Protocol Bindings

301	   Mesh Service transactions are mapped to an underlying messaging and
302	   transport protocol.  The following binding

304	   Mesh Services MUST support the Web Service binding specified in this
305	   document and MAY support the UDP binding currently in development.

307	4.1.  DNS Web Service Discovery

309	   The DNS Web Service discovery mechanism is used to discover Mesh
310	   Services regardless of the protocol binding .The service name, DNS
311	   prefix and and .well-known service suffix are specified as follows:

313	   o  Service Name: mmm

315	   o  DNS Prefix: _mmm._tcp

317	   o  Well Known service suffix: /.well-known/mmm

319	4.2.  Web Service Protocol Binding

321	   The Web Service Protocol binding makes use of the most widely
322	   deployed and used protocols:

324	   o  Discovery: DNS Service discovery

326	   o  Transport: TLS

328	   o  Application: HTTP

330	   o  Presentation: DARE Message
331	   o  Encoding: JSON, JSON-B

333	   The chief limitations of the Web Service Protocol Binding are that
334	   the use of TCP based transport results in unsatisfactory latency for
335	   some applications and that the HTTP application layer only serves to
336	   allow a host to support multiple services on the same TCP/IP port.

338	4.2.1.  Transport Security

340	   Mesh Services MUST offer TLS transport and MAY offer non TLS
341	   transport.  MESH clients SHOULD use TLS transport when connecting to
342	   a MESH service.

344	   TLS version 1.3 [RFC8446] or higher MUST be supported.  Client
345	   authentication SHOULD NOT be used.

347	4.2.2.  HTTP Message Binding

349	   All messages are exchanged as HTTP POST transactions.  Support for
350	   and use of HTTP/1.1 [RFC7230] is REQUIRED.  Services MAY support
351	   HTTP/2.

353	   In contrast to other approaches to the design of Web Services, the
354	   only use made of the HTTP transport is to distinguish between
355	   different services on the same host using the Host header and .well-
356	   known convention and for message framing.  No use is made of the URI
357	   request line to identify commands, nor are the caching or proxy
358	   capabilities of HTTP made use of.

360	4.2.3.  Request

362	   The HTTP request MAY contain any valid HTTP header specified in
363	   [RFC7230] .

365	   Request Line URI  /well-known/<service> (unless overridden using a
366	      TXT path attribute)

368	   Request Line Method  POST

370	   Host: Header  <domain>

372	   Content-Encoding  As specified in section yy below.

374	   Content-Type  As specified in section zz below.

376	   Content-Length or Transfer-Encoding  As specified in [RFC7230] .

378	   Payload  The content payload as specified in section XX below.

380	   [Note, this is showing the payload, not the binding as is intended
381	   because the current code doesn't implement it as intended yet]

383	   {
384	     "Hello": {}}

386	4.2.4.  Response

388	   The response MAY contain any HTTP response header but since JWB
389	   services do not make use of HTTP caching and messages are not
390	   intended to be modified by HTTP intermediaries, only a limited number
391	   of headers have significance:

393	   Response Code  The HTTP response code.  This is processed as
394	      described in section zz below.

396	   Content-Type  As specified in section zz below.

398	   Content-Length or Transfer-Encoding  As specified in [RFC7230] .

400	   Cache-Control  Since the only valid HTTP method for a JWB request is
401	      POST, JWB responses are not cacheable.  The use of the cache-
402	      control header is therefore unnecessary.  However, experience
403	      suggests that reviewers find it easier to understand protocol
404	      specifications if they are reminded of the fact that caching is
405	      neither supported nor desired.

407	   [Note, this is showing the payload, not the binding as is intended
408	   because the current code doesn't implement it as intended yet]

410	{
411	  "MeshHelloResponse": {
412	    "Version": {
413	      "Major": 3,
414	      "Minor": 0,
415	      "Encodings": [{
416	          "ID": ["application/json"]}]},
417	    "EnvelopedProfileService": [{
418	        "dig": "S512"},
419	      "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJLZXlPZmZsaW5lU2l
420	  nbmF0dXJlIjogewogICAgICAiVURGIjogIk1CQ1AtT0dGWS1LRkFRLTZFTzMtV
421	  lg2Uy02VjRHLUVOTlUiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICA
422	  gICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0N
423	  DgiLAogICAgICAgICAgIlB1YmxpYyI6ICJtSGxST1NhenBVVHp3Rk5aMHFJMU1
424	  iWGpwdGhPVXhwbGUwVzhOVWFxOE03MVZUNWVOd1hqCiAgY2ZRLXRNbExnd3FfV
425	  WZmMUZHbW1sSC1BIn19fX19",
426	      {
427	        "signatures": [{
428	            "signature": "T1N3-fnOitSUDFezSINPbh76AtbmL2ghN-antjwUrmCL0z_S-
429	  IcArALioAMEaDECg2Q4bgE8IZ4Apgf9SVoj58M_dqeMEWra3mavkV3NEScBcQG
430	  Tn_TxS468u9CxfKBDK9NxI7k6c1XUc4xTZGKejR8A"}],
431	        "PayloadDigest": "JZHVlp6xFPQ3WG9AQrRYVkLbLiM51nEKo7ryZMnK8TJAv
432	  oVKL7kQYlP3dBtayIEvGowVxFURj_vRs0EXo08Blw"}],
433	    "EnvelopedProfileHost": [{
434	        "dig": "S512"},
435	      "ewogICJQcm9maWxlSG9zdCI6IHsKICAgICJLZXlPZmZsaW5lU2lnbmF
436	  0dXJlIjogewogICAgICAiVURGIjogIk1ES1EtVlRURC1IUUtCLVlINk8tSDU3Q
437	  y00S0RILTZLV0kiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICA
438	  gICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiL
439	  AogICAgICAgICAgIlB1YmxpYyI6ICJvdURsS3lJVWtzU19DV1VocW9XYVBGUDk
440	  zS2E5Wmc1M2RRQ0M0NGd1YUdPQkI5UzEyZUhsCiAgejJLb1g5LVBjdFFIMzE1N
441	  jdUY21NRENBIn19fSwKICAgICJLZXlBdXRoZW50aWNhdGlvbiI6IHsKICAgICA
442	  gIlVERiI6ICJNQzNELUlENjItTDVWWi1JV0xDLVdSTFgtN0ZUVC1GN1NUIiwKI
443	  CAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUV
444	  DREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQd
445	  WJsaWMiOiAiNEJmZVcwV1FCNU8zRU9yalc0THZBZGtMejcxQnRKc2xzM3d6dzB
446	  hY3VINUVkdXBXV1Q4dgogIEUzTU9ia2tmbURfNHRQWjdCNlZhbnRlQSJ9fX19f
447	  Q",
448	      {
449	        "signatures": [{
450	            "signature": "POQFQQOpcuNWxUAyi3DSGtaC9yJJJ9J6wr79Qzij8jN52gx4n
451	  8MitwM1T2rYMgJp6WqpSKWJfaUA2wafnkmQvVkiVT-35Mbog22krLD-HySbJAP
452	  a1lUXnzzOzbLSsBwRqPyJS0m60HFxKx0h0gZh0xIA"}],
453	        "PayloadDigest": "C716Q-5VPWfV5imuX-_rgmST2-J8SjFxQ_EQAPrGDD1Mr
454	  UKex_wn2cckWa_qyGsHrYPMKDt_2C4U7ZU9iyUdfw"}]}}

456	4.3.  DARE Message Encapsulation

458	   The payload of the HTTP requests and responses is a DARE Message
459	   whose payload contains the Mesh Service request or response.

461	   The DARE Message encapsulation is used to authenticate the request or
462	   response data.  The form of the authentication depending on the
463	   credentials available to the sender at the time the request is made.

465	   Mesh Service MUST support the use of Mutually Authenticated Key
466	   Exchange [draft-hallambaker-mesh-security] to establish the Master
467	   Key used for authentication of requests and responses.

469	   Requests and Responses MUST be authenticated.  Requests and Responses
470	   MUST be encrypted if the transport is not encrypted and MAY be
471	   encrypted otherwise.

473	4.3.1.  Null Authentication

475	   Null Authentication MAY be used to make a Hello Request.

477	   The Null Authentication mechanism MUST NOT be used for any Mesh
478	   Service request or response other than a Hello request.

480	   Since the Mutually Authenticated key exchange requires both parties
481	   to know the public key of the other, it is not possible for a client
482	   to authenticate itself to the service until it has obtained the
483	   service public key.  One means by which the client MAY obtain the
484	   service public key is by requesting the service return the credential
485	   in a Hello transaction.

487	4.3.2.  Device Authentication

489	   Device Authentication is used in two circumstances

491	   o  When requesting creation of an account

493	   o  When a device is requesting connection to a profile.

495	4.3.3.  Profile Authentication

497	   Profile Authentication has the same form as Device Authentication
498	   except that the client provides its Device Connection Assertion as
499	   part of the request:

501	4.3.4.  Ticket Authentication

503	   Ticket Authentication is used after a device has obtained an
504	   authentication ticket from a service.  The ticket is returned in the
505	   response to a previous Profile Authentication exchange.

507	4.4.  Payload Encoding

509	   The Dare Message payload of a Hello request MUST be encoded in JSON
510	   encoding.  The payload of all other requests MUST be in either JSON
511	   encoding or one of the encodings advertised as being accepted in a
512	   Hello response from the Service.  Services MUST accept JSON encoding
513	   and MAY support the JSON-B or JSON-C encodings as specified in this
514	   document.  Services MUST generate a response that is compatible with
515	   the DARE Message Content-Type specified in the request.

517	   JSON was originally developed to provide a serialization format for
518	   the JavaScript programming language [ECMA-262] . While this approach
519	   is generally applicable to the type systems of scripting programming
520	   languages, it is less well matched to the richer type systems of
521	   modern object oriented programming languages such as Java and C#.

523	   Working within a subset of the capabilities of JSON allows a Web
524	   Service protocol to be accessed with equal ease from either platform
525	   type.  The following capabilities of JSON are avoided:

527	   The ability to use arbitrary strings as field names.

529	   The use of JSON objects to define maps directly

531	   The following data field types are used:

533	   Integer  Integer values are encoded as JSON number values.

535	   String  Test strings are encoded as JSON text strings.

537	   Boolean  Boolean values are encoded as JSON 'false', 'true' or 'null'
538	      tokens according to value.

540	   Sequence  Sequences of data items that are encoded as JSON arrays

542	   Object of known type  Objects whose type is known to the receiver are
543	      encoded as JSON objects

545	   Object of variable type  Objects whose type is not known to the
546	      receiver are encoded as JSON objects containing a single field
547	      whose name describes the type of the object value and whose value
548	      contains the value.

550	   Binary Data  Byte sequences are converted to BASE64-url encoding
551	      [RFC4648] and encoded as JSON string values.

553	   Date Time  Date Time values are converted to Internet time format as
554	      described in [RFC3339] and encoded as JSON string values.

556	4.5.  Error handling and response codes

558	   It is possible for an error to occur at any of the three layers in
559	   the Web Service binding:

561	   Service Layer

563	   HTTP Layer

565	   Transport Layer

567	   Services SHOULD always attempt to return error codes at the highest
568	   level possible.  However, it is clearly impossible for a connection
569	   that is refused at the Transport layer to return an error code at the
570	   HTTP layer.  It is however possible for a HTTP layer error response
571	   to contain a content body.

573	   In the case that a response contains both a HTTP response code and a
574	   well-formed payload containing a response, the payload response SHALL
575	   have precedence.

577	5.  Service Description

579	   The Hello transaction is used to determine the features supported by
580	   the service and obtain the service credentials

582	   The request payload:

584	   {
585	     "Hello": {}}

587	   The response payload:

589	{
590	  "MeshHelloResponse": {
591	    "Version": {
592	      "Major": 3,
593	      "Minor": 0,
594	      "Encodings": [{
595	          "ID": ["application/json"]}]},
596	    "EnvelopedProfileService": [{
597	        "dig": "S512"},
598	      "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJLZXlPZmZsaW5lU2l
599	  nbmF0dXJlIjogewogICAgICAiVURGIjogIk1CQ1AtT0dGWS1LRkFRLTZFTzMtV
600	  lg2Uy02VjRHLUVOTlUiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICA
601	  gICAgICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0N
602	  DgiLAogICAgICAgICAgIlB1YmxpYyI6ICJtSGxST1NhenBVVHp3Rk5aMHFJMU1
603	  iWGpwdGhPVXhwbGUwVzhOVWFxOE03MVZUNWVOd1hqCiAgY2ZRLXRNbExnd3FfV
604	  WZmMUZHbW1sSC1BIn19fX19",
605	      {
606	        "signatures": [{
607	            "signature": "T1N3-fnOitSUDFezSINPbh76AtbmL2ghN-antjwUrmCL0z_S-
608	  IcArALioAMEaDECg2Q4bgE8IZ4Apgf9SVoj58M_dqeMEWra3mavkV3NEScBcQG
609	  Tn_TxS468u9CxfKBDK9NxI7k6c1XUc4xTZGKejR8A"}],
610	        "PayloadDigest": "JZHVlp6xFPQ3WG9AQrRYVkLbLiM51nEKo7ryZMnK8TJAv
611	  oVKL7kQYlP3dBtayIEvGowVxFURj_vRs0EXo08Blw"}],
612	    "EnvelopedProfileHost": [{
613	        "dig": "S512"},
614	      "ewogICJQcm9maWxlSG9zdCI6IHsKICAgICJLZXlPZmZsaW5lU2lnbmF
615	  0dXJlIjogewogICAgICAiVURGIjogIk1ES1EtVlRURC1IUUtCLVlINk8tSDU3Q
616	  y00S0RILTZLV0kiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICA
617	  gICAiUHVibGljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiL
618	  AogICAgICAgICAgIlB1YmxpYyI6ICJvdURsS3lJVWtzU19DV1VocW9XYVBGUDk
619	  zS2E5Wmc1M2RRQ0M0NGd1YUdPQkI5UzEyZUhsCiAgejJLb1g5LVBjdFFIMzE1N
620	  jdUY21NRENBIn19fSwKICAgICJLZXlBdXRoZW50aWNhdGlvbiI6IHsKICAgICA
621	  gIlVERiI6ICJNQzNELUlENjItTDVWWi1JV0xDLVdSTFgtN0ZUVC1GN1NUIiwKI
622	  CAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUV
623	  DREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQd
624	  WJsaWMiOiAiNEJmZVcwV1FCNU8zRU9yalc0THZBZGtMejcxQnRKc2xzM3d6dzB
625	  hY3VINUVkdXBXV1Q4dgogIEUzTU9ia2tmbURfNHRQWjdCNlZhbnRlQSJ9fX19f
626	  Q",
627	      {
628	        "signatures": [{
629	            "signature": "POQFQQOpcuNWxUAyi3DSGtaC9yJJJ9J6wr79Qzij8jN52gx4n
630	  8MitwM1T2rYMgJp6WqpSKWJfaUA2wafnkmQvVkiVT-35Mbog22krLD-HySbJAP
631	  a1lUXnzzOzbLSsBwRqPyJS0m60HFxKx0h0gZh0xIA"}],
632	        "PayloadDigest": "C716Q-5VPWfV5imuX-_rgmST2-J8SjFxQ_EQAPrGDD1Mr
633	  UKex_wn2cckWa_qyGsHrYPMKDt_2C4U7ZU9iyUdfw"}]}}

635	6.  Account Management

637	   A Mesh Account is bound to a Mesh Service by completing a
638	   CreateAccount transaction with the service.

640	   The client requesting the account creation specifies the ProfileMesh
641	   profile describing the requested account and lists of initial entries
642	   to populate the devices and contacts catalogs.  Additional catalogs
643	   MAY be synchronized if the account creation request is accepted.

645	   The request payload:

647	{
648	  "CreateAccount": {
649	    "ServiceID": "alice@example.com",
650	    "SignedProfileMesh": [{
651	        "dig": "S512"},
652	      "ewogICJQcm9maWxlUGVyc29uYWwiOiB7CiAgICAiS2V5T2ZmbGluZVN
653	  pZ25hdHVyZSI6IHsKICAgICAgIlVERiI6ICJNQU9aLTNNVkUtRzVFTi02NEJJL
654	  UkzUk0tT0RGSi1INVc0IiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiA
655	  gICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkN
656	  DQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiMFZ4cTEwNVFKNHkwSUp1X3BFMml
657	  CbTZ5N05UcnVRUWtaaFVJSkdZdS02bUJoTkpDVEtqbgogIFNJa2tiNlNLNmFMU
658	  mx6cHd2LVVXQ3pNQSJ9fX0sCiAgICAiS2V5c09ubGluZVNpZ25hdHVyZSI6IFt
659	  7CiAgICAgICAgIlVERiI6ICJNQkU3LVVDSkYtWkFaMi1NTEdQLUxCNTUtSFpCV
660	  C1YTUhWIiwKICAgICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICA
661	  gICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgICAiY3J2IjogIkVkNDQ4I
662	  iwKICAgICAgICAgICAgIlB1YmxpYyI6ICJSZDNzbkRaLWlPT1lBMUJTcGhkN0g
663	  5SjFDNXhmU1Iyb2pCRUdLMVNsalJVRDA4TVI0dEZzCiAgV28wWTJjR0NPWUxiS
664	  ElpNmFUNkhmZkFBIn19fV0sCiAgICAiS2V5RW5jcnlwdGlvbiI6IHsKICAgICA
665	  gIlVERiI6ICJNQkdBLUMyVVEtUUZWRy01SE5BLTJXVFotSUtOSy1FV0hUIiwKI
666	  CAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUV
667	  DREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQd
668	  WJsaWMiOiAiNDJJeVZKV2c0VzFKOS1GMGl0UEFEZDAweUFZUXdCOGtXUDBVa1l
669	  XTHFKdVI2ZzB3bmtZUQogIENGOFpyNHpUZTJsTmhEUFVmOEJSOFZTQSJ9fX19f
670	  Q",
671	      {
672	        "signatures": [{
673	            "signature": "VALT2etUKtiTIYngz7uaXF3OxOFiE_VpdeHHLe1Rpz6HjuyQ4
674	  j7WWJf2Aj7rmhMTYRW2H9NcjdAAd80TRAuxvtIRZhqLl5HL7UHwkzRumbPGic2
675	  7dqudEyGp-FD6VYqHxD7WztJMzHklLk-COjbP4y8A"}],
676	        "PayloadDigest": "8QolTaruD1-DZwTZ-aB7olA1eit5fb7TUhRSI1heCNYjR
677	  FJ1vSAArAq4h_Wr7AVBnk1WzLLDnEaF8xZezfz2MA"}],
678	    "SignedAssertionAccount": [{
679	        "dig": "S512"},
680	      "ewogICJQcm9maWxlQWNjb3VudCI6IHsKICAgICJTZXJ2aWNlSURzIjo
681	  gWyJhbGljZUBleGFtcGxlLmNvbSJdLAogICAgIk1lc2hQcm9maWxlVURGIjogI
682	  k1BT1otM01WRS1HNUVOLTY0QkktSTNSTS1PREZKLUg1VzQiLAogICAgIktleUV
683	  uY3J5cHRpb24iOiB7CiAgICAgICJVREYiOiAiTUFGWi1WVU1QLTdQVTMtNFRQN
684	  y03TVJaLUJLQlEtVk1OTiIsCiAgICAgICJQdWJsaWNQYXJhbWV0ZXJzIjogewo
685	  gICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNydiI6ICJFZ
686	  DQ0OCIsCiAgICAgICAgICAiUHVibGljIjogIjFsY1pVTmpIR0pXa1BXbVM5TUh
687	  lR1lOZkRTWkdVTzRsR2s1WHBxN1hnSC0tU0dMUUU0RV8KICBzLTBiMFBJOG0wZ
688	  mp0eklNVUVZRElfSUEifX19fX0",
689	      {
690	        "signatures": [{
691	            "signature": "0tYuHZB3Xmk_MaOGK09khjSHr9jHUx_JLTixvYDZ7zEGCN_nD
692	  TcLLeZujb8-wqMJalMjb_7aAggAmapk0tPfnGGbYnWmwBIKamrdpbnfMHtFm-i
693	  Ny4S2rfaVLNEHSH9s42mYsdw9eitPX8xZEgXUIQ8A"}],
694	        "PayloadDigest": "alXz9HJmuEpu2PglvnL5U-_nm4PLrWlWGIMlP5rfRUE4f
695	  heefPxgiqG8rBAGahZPyGSpIzCK-7Sgh0sxx7-pgw"}]}}
696	<t>
697	The response payload: </t>
698	<figure anchor="s-6-6" suppress-title="true">
699	<artwork>
700	<![CDATA[{
701	  "CreateResponse": {
702	    "Status": 201,
703	    "StatusDescription": "Operation completed successfully"}}

705	   An account registration is deleted using the DeleteAccount
706	   transaction.

708	7.  Container Synchronization

710	   All the state associated with a Mesh profile is stored as a sequence
711	   of DARE Messages in a Dare Container.  The Mesh Service holding the
712	   master copy of the persistence stores and the devices connected to
713	   the profile containing complete copies (replicas) or partial copies
714	   (redactions).

716	   Thus, the only primitive needed to achieve synchronization of the
717	   profile state are those required for synchronization of a DARE
718	   Container.  These steps are:

720	   o  Obtain the status of the catalogs and spools associated with the
721	      account.

723	   o  Download catalog and spool updates

725	   o  Upload catalog updates.

727	   To ensure a satisfactory user experience, Mesh Messages are
728	   intentionally limited in size to 64 KB or less, thus ensuring that an
729	   application can retrieve the most recent 100 messages almost
730	   instantaneously on a high bandwidth connection and without undue
731	   delay on a slower one.

733	7.1.  Status Transaction

735	   The status transaction returns the status of the containers the
736	   device is authorized to access for the specified account together
737	   with the updated Device Connection Entry if this has been modified
738	   since the entry presented to authenticate the request was issued.

740	7.2.  Download Transaction

742	   The download transaction returns a collection of entries from one or
743	   more containers associated with the profile.

745	   Optional filtering criteria MAY be specified to only return objects
746	   matching specific criteria and/or only return certain parts of the
747	   selected messages.

749	   The service MAY limit the number of entries returned in an individual
750	   response for performance reasons.

752	7.2.1.  Conflict Detection

754	   Clients SHOULD check to determine if updates to a container conflict
755	   with pending updates on the device waiting to be uploaded.  For
756	   example, if a contact that the user modified on the device attempting
757	   to synchronize was subsequently deleted.

759	   The means of resolving such conflicts is not in the scope of this
760	   specification.

762	7.2.2.  Filtering

764	   Clients may request container updates be filtered to redact catalog
765	   entries that have been updated or deleted or spool entries that have
766	   been read, deleted or were received before a certain date.

768	7.3.  Upload Transaction

770	   The upload transaction upload objects to a catalog or spool.

772	   Multiple objects MAY be uploaded at once.  Object updates MAY be
773	   conditional on the successful completion of other upload requests.

775	   The transaction MAY be performed in one request/response round trip
776	   or with separate round trips to confirm that the transaction is
777	   accepted by the service before sending large number of updates.

779	8.  Device Connection

781	   Devices request connection to a Mesh profile using the Connect
782	   transaction.  Three connection mechanisms are currently defined.  All
783	   three of which offer strong mutual authentication.

785	   Device Authenticated

787	   Pin Authenticated

789	   EARL Connection Mode

791	   The first two of these mechanisms are initiated from the device being
792	   connected which requires that the Mesh Service Account it is being
793	   connected to be entered into it.  Use of these mechanisms thus
794	   requires keyboard and display affordances or accessibility
795	   equivalents.

797	   The last mechanism is initiated from an administration device that is
798	   already connected to the account.  It is intended for use in
799	   circumstances where the device being connected does not have the
800	   necessary affordances to allow the Device or PIN authenticated modes.

802	   In either case, the connection request is completed by the device
803	   requesting synchronization with the Mesh Account using its device
804	   credential for authentication.  If the connection request was
805	   accepted, the device will be provisioned with the Device Connection
806	   Assertion allowing it to complete the process.

808	   The Device Connection Assertion includes an overlay device profile
809	   containing a set of private key contributions to be used to perform
810	   key cogeneration on the original set of device keys to create a new
811	   device profile to be used for all purposes associated with the Mesh
812	   Profile to which it has just been connected.  This assures the user
813	   that the keys the device uses for performing operation in the context
814	   of their profile are not affected by any compromise that might have
815	   occurred during manufacture or at any point after up to the time it
816	   was connected to their profile.

818	8.1.  Device Authenticated

820	   The direct connection mechanism requires that both the administration
821	   device and the device originating the connection request have data
822	   entry and output affordances and that it is possible for the user to
823	   compare the authentication codes presented by the two devices to
824	   check that they are identical.

826	8.2.  PIN Authenticated

828	   The PIN Connection mechanism is similar to the Direct connection
829	   mechanism except that the process is initiated on an administration
830	   device by requesting assignment of a new authentication PIN.  The PIN
831	   is then input to the connecting device to authenticate the request.

833	8.3.  EARL connection mode

835	   The EARL/QR code connection mechanisms are used to connect a
836	   constrained device to a Mesh profile by means of an Encrypted
837	   Authenticated Resource Locator, typically presented as a QR code on
838	   the device itself or its packaging.

840	9.  Mesh Messaging

842	   Mesh Messages provide a means of communication between Mesh Service
843	   Accounts with capabilities that are not possible or poorly supported
844	   in traditional SMTP mail messaging:

846	   o  End-to-end confidentiality and authentication by default.

848	   o  Abuse mitigation by applying access control to every inbound and
849	      outbound message.

851	   o  End-to-end secure group messaging.

853	   o  Transfer of very large data sets (Terabytes).

855	   Note that although Mesh Messaging is designed to facilitate the
856	   transfer of very large data sets, the size of Mesh Messages
857	   themselves is severely restricted.  The current default maximum size
858	   being 64 KB.  This approach allows Mesh

860	   In addition, the platform anticipates but does not currently support
861	   additional cryptographic security capabilities:

863	   o  Traffic analysis resistance using mix networks (Chaum).

865	   o  Simultaneous contract binding using fair contract signing
866	      (Micali).

868	   While these capabilities might in time cause Mesh Messaging to
869	   replace SMTP, this is not a near term goal.  The short-term goal of
870	   Mesh Messaging is to support the Contact Exchange and Confirmation
871	   applications.

873	   Two important classes of application that are not currently supported
874	   directly are payments and presence.  While prototypes of these
875	   applications have been considered, it is not clear if these are best
876	   implemented as special cases of the Confirmation and Contact Exchange
877	   applications or as separate applications in their own right.

879	9.1.  Message Exchange

881	   To enable effective abuse mitigation, Mesh Messaging enforces a four
882	   corner communication model in which all outbound and inbound messages
883	   pass through a Mesh Service which accredits and authorizes the
884	   messages on the user's behalf.

886	   [[This figure is not viewable in this format.  The figure is
887	   available at http://mathmesh.com/Documents/draft-hallambaker-mesh-
888	   protocol.html [2].]]

890	   The Post transaction is used for client-service and service-service
891	   messaging transactions.

893	9.1.1.  Client-Service (Post Transaction)

895	   To send a message, the client creates the Mesh Message structure,
896	   encapsulates it in a DARE Message and forwards this to its service
897	   using a Post transaction.

899	   The Post transaction is authenticated to the service by device using
900	   the usual means of profile or ticket authentication.

902	   The DARE Message MUST be signed under a device signature key
903	   accredited by a Device Connection Assertion provided in the message
904	   signature block.

906	9.1.2.  Service-Service (Post Transaction)

908	   The Mesh Service receiving the message from the user's device MAY
909	   attempt immediate retransmission or queue it to be sent at a future
910	   time.  Mesh Services SHOULD forward messages without undue delay.

912	   The Post transaction forwarding the message to the destination
913	   service carries the same payload as the original request but is
914	   authenticated by the service forwarding it.  This authentication MAY
915	   be my means of either profile or ticket authentication.

917	9.1.2.1.  Denial of Service Mitigation

919	   Services SHOULD implement Denial of Service mitigation strategies
920	   including limiting the maximum time taken to complete a transaction
921	   and refusing connections from clients that engage in patterns of
922	   behavior consistent with abuse.

924	   The limitation in message size allows Mesh Services to aggressively
925	   time out connections that take too long to complete a transaction.  A
926	   Mesh Service that hosted on a 10Mb/s link should be able to transfer
927	   20 messages a second.  If the service is taking more than 5 seconds
928	   to complete a transaction, either the source or the destination
929	   service is overloaded or the message itself is an attack.

931	   Imposing hard constraints on Mesh Service performance requires
932	   deployments to scale and apply resources appropriately.  If a service
933	   is attempting to transfer 100 messages simultaneously and 40% are
934	   taking 4 seconds or more, this indicates that the number of
935	   simultaneous transfers being attempted should be reduced.
936	   Contrawise, if 90% are completinin less than a second, the number of
937	   threads allocated to sending outbound messages might be increased.

939	9.1.2.2.  Access Control

941	   The inbound service MUST subject inbound messages to Access Control
942	   according to the credentials presented in the DARE Message payload.

944	   After verifying the signature and checking that the key is properly
945	   accredited in accordance with site policy, the service applies
946	   authorization controls taking account of:

948	   o  The accreditation of the sender

950	   o  The accreditation of the transmitting Service

952	   o  The type of Mesh Message being sent

954	   o  User policy as specified in their Contact Catalog

956	   o  Site policy.

958	9.1.3.  Service-Client (Synchronization)

960	   The final recipient receives the message by synchronizing their
961	   inbound spool.

963	10.  Protocol Schema

965	   HTTP Well Known Service Prefix: /.well-known/mmm

967	   Every Mesh Portal Service transaction consists of exactly one request
968	   followed by exactly one response.  Mesh Service transactions MAY
969	   cause modification of the data stored in the Mesh Service or the Mesh
970	   itself but do not cause changes to the connection state.  The
971	   protocol itself is thus idempotent.  There is no set sequence in
972	   which operations are required to be performed.  It is not necessary
973	   to perform a Hello transaction prior to any other transaction.

975	10.1.  Request Messages

977	   A Mesh Portal Service request consists of a payload object that
978	   inherits from the MeshRequest class.  When using the HTTP binding,
979	   the request MUST specify the portal DNS address in the HTTP Host
980	   field.

982	10.1.1.  Message: MeshRequest

984	   Base class for all request messages.

986	   [No fields]

988	10.1.2.  Message: MeshRequestUser

990	   Base class for all request messages made by a user.

992	   Inherits: MeshRequest

994	   Inherits: MeshRequest

996	   Account: String (Optional)  The fully qualified account name
997	      (including DNS address) to which the request is directed.

999	   DeviceProfile: DareEnvelope (Optional)  Device profile of the device
1000	      making the request.

1002	10.2.  Response Messages

1004	   A Mesh Portal Service response consists of a payload object that
1005	   inherits from the MeshResponse class.  When using the HTTP binding,
1006	   the response SHOULD report the Status response code in the HTTP
1007	   response message.  However the response code returned in the payload
1008	   object MUST always be considered authoritative.

1010	10.2.1.  Message: MeshResponse

1012	   Base class for all response messages.  Contains only the status code
1013	   and status description fields.

1015	   [No fields]

1017	10.3.  Imported Objects

1019	   The Mesh Service protocol makes use of JSON objects defined in the
1020	   JOSE Signatgure and Encryption specifications and in the DARE Data At
1021	   Rest Encryption extensions to JOSE.

1023	10.4.  Common Structures

1025	   The following common structures are used in the protocol messages:

1027	10.4.1.  Structure: KeyValue

1029	   Describes a Key/Value structure used to make queries for records
1030	   matching one or more selection criteria.

1032	   Key: String (Optional)  The data retrieval key.

1034	   Value: String (Optional)  The data value to match.

1036	10.4.2.  Structure: ConstraintsSelect

1038	   Specifies constraints to be applied to a search result.  These allow
1039	   a client to limit the number of records returned, the quantity of
1040	   data returned, the earliest and latest data returned, etc.

1042	   Container: String (Optional)  The container to be searched.

1044	   IndexMin: Integer (Optional)  Only return objects with an index value
1045	      that is equal to or higher than the value specified.

1047	   IndexMax: Integer (Optional)  Only return objects with an index value
1048	      that is equal to or lower than the value specified.

1050	   NotBefore: DateTime (Optional)  Only data published on or after the
1051	      specified time instant is requested.

1053	   Before: DateTime (Optional)  Only data published before the specified
1054	      time instant is requested.  This excludes data published at the
1055	      specified time instant.

1057	   PageKey: String (Optional)  Specifies a page key returned in a
1058	      previous search operation in which the number of responses
1059	      exceeded the specified bounds.

1061	      When a page key is specified, all the other search parameters
1062	      except for MaxEntries and MaxBytes are ignored and the service
1063	      returns the next set of data responding to the earlier query.

1065	10.4.3.  Structure: ConstraintsData

1067	   Specifies constraints on the data to be sent.

1069	   MaxEntries: Integer (Optional)  Maximum number of entries to send.

1071	   BytesOffset: Integer (Optional)  Specifies an offset to be applied to
1072	      the payload data before it is sent.  This allows large payloads to
1073	      be transferred incrementally.

1075	   BytesMax: Integer (Optional)  Maximum number of payload bytes to
1076	      send.

1078	   Header: Boolean (Optional)  Return the entry header

1080	   Payload: Boolean (Optional)  Return the entry payload

1082	   Trailer: Boolean (Optional)  Return the entry trailer

1084	10.4.4.  Structure: PolicyAccount

1086	   Describes the account creation policy including constraints on
1087	   account names, whether there is an open account creation policy, etc.

1089	   Minimum: Integer (Optional)  Specifies the minimum length of an
1090	      account name.

1092	   Maximum: Integer (Optional)  Specifies the maximum length of an
1093	      account name.

1095	   InvalidCharacters: String (Optional)  A list of characters that the
1096	      service does not accept in account names.  The list of characters
1097	      MAY not be exhaustive but SHOULD include any illegal characters in
1098	      the proposed account name.

1100	10.4.5.  Structure: ContainerStatus

1102	   Container: String (Optional)

1104	   Container: String (Optional)
1105	   Index: Integer (Optional)

1107	   Index: Integer (Optional)

1109	   Digest: Binary (Optional)

1111	10.4.6.  Structure: ContainerUpdate

1113	   Container: String (Optional)  The container to which the entries are
1114	      to be uploaded.

1116	   Envelopes: DareEnvelope [0..Many]  The entries to be uploaded.

1118	10.5.  Transaction: Hello

1120	   Request: HelloRequest

1122	   Request: HelloRequest

1124	   Response: MeshHelloResponse

1126	   Report service and version information.

1128	   The Hello transaction provides a means of determining which protocol
1129	   versions, message encodings and transport protocols are supported by
1130	   the service.

1132	   The PostConstraints field MAY be used to advise senders of a maximum
1133	   size of payload that MAY be sent in an initial Post request.

1135	10.5.1.  Message: MeshHelloResponse

1137	   ConstraintsUpdate: ConstraintsData (Optional)  Specifies the default
1138	      data constraints for updates.

1140	   ConstraintsPost: ConstraintsData (Optional)  Specifies the default
1141	      data constraints for message senders.

1143	   PolicyAccount: PolicyAccount (Optional)  Specifies the account
1144	      creation policy

1146	   EnvelopedProfileService: DareEnvelope (Optional)  The enveloped
1147	      master profile of the service.

1149	   EnvelopedProfileHost: DareEnvelope (Optional)  The enveloped profile
1150	      of the host.

1152	10.6.  Transaction: Complete

1154	   Request: CompleteRequest

1156	   Request: CompleteRequest

1158	   Response: StatusResponse

1160	10.6.1.  Message: CompleteRequest

1162	   Inherits: StatusRequest

1164	   Inherits: StatusRequest

1166	   ServiceID: String (Optional)

1168	10.7.  Transaction: Status

1170	   Request: StatusRequest

1172	   Request: StatusRequest

1174	   Response: StatusResponse

1176	10.7.1.  Message: StatusRequest

1178	   Inherits: MeshRequestUser

1180	   Inherits: MeshRequestUser

1182	   DeviceUDF: String (Optional)

1184	   DeviceUDF: String (Optional)

1186	   Catalogs: String [0..Many]

1188	   Catalogs: String [0..Many]

1190	   Spools: String [0..Many]

1192	10.7.2.  Message: StatusResponse

1194	   Inherits: MeshResponse

1196	   Inherits: MeshResponse

1198	   EnvelopedProfileMaster: DareEnvelope (Optional)  The master profile
1199	      that provides the root of trust for this Mesh

1201	   EnvelopedAccountAssertion: DareEnvelope (Optional)  The current
1202	      account assertion

1204	   ContainerStatus: ContainerStatus [0..Many]

1206	   ContainerStatus: ContainerStatus [0..Many]

1208	   EnvelopedCatalogEntryDevice: DareEnvelope (Optional)  The catalog
1209	      device entry

1211	10.8.  Transaction: Download

1213	   Request: DownloadRequest

1215	   Request: DownloadRequest

1217	   Response: DownloadResponse

1219	   Request objects from the specified container with the specified
1220	   search criteria.

1222	10.8.1.  Message: DownloadRequest

1224	   Inherits: MeshRequestUser

1226	   Request objects from the specified container(s).

1228	   A client MAY request only objects matching specified search criteria
1229	   be returned and MAY request that only specific fields or parts of the
1230	   payload be returned.

1232	   Select: ConstraintsSelect [0..Many]  Specifies constraints to be
1233	      applied to a search result.  These allow a client to limit the
1234	      number of records returned, the quantity of data returned, the
1235	      earliest and latest data returned, etc.

1237	   ConstraintsPost: ConstraintsData (Optional)  Specifies the data
1238	      constraints to be applied to the responses.

1240	10.8.2.  Message: DownloadResponse

1242	   Inherits: MeshResponse

1244	   Return the set of objects requested.

1246	   Services SHOULD NOT return a response that is disproportionately
1247	   large relative to the speed of the network connection without a clear
1248	   indication from the client that it is relevant.  A service MAY limit
1249	   the number of objects returned.  A service MAY limit the scope of
1250	   each response.

1252	   Updates: ContainerUpdate [0..Many]  The updated data

1254	10.9.  Transaction: Upload

1256	   Request: UploadRequest

1258	   Request: UploadRequest

1260	   Response: UploadResponse

1262	   Request objects from the specified container with the specified
1263	   search criteria.

1265	10.9.1.  Message: UploadRequest

1267	   Inherits: MeshRequestUser

1269	   Upload entries to a container.  This request is only valid if it is
1270	   issued by the owner of the account

1272	   Updates: ContainerUpdate [0..Many]  The data to be updated

1274	   Self: DareEnvelope [0..Many]  Entries to be added to the inbound
1275	      spool on the account, e.g. completion messages.

1277	10.9.2.  Message: UploadResponse

1279	   Inherits: MeshResponse

1281	   Response to an upload request.

1283	   Entries: EntryResponse [0..Many]  The responses to the entries.

1285	   ConstraintsData: ConstraintsData (Optional)  If the upload request
1286	      contains redacted entries, specifies constraints that apply to the
1287	      redacted entries as a group.  Thus the total payloads of all the
1288	      messages must not exceed the specified value.

1290	10.9.3.  Structure: EntryResponse

1292	   IndexRequest: Integer (Optional)  The index value of the entry in the
1293	      request.

1295	   IndexContainer: Integer (Optional)  The index value assigned to the
1296	      entry in the container.

1298	   Result: String (Optional)  Specifies the result of attempting to add
1299	      the entry to a catalog or spool.  Valid values for a message are
1300	      'Accept', 'Reject'.  Valid values for an entry are 'Accept',
1301	      'Reject' and 'Conflict'.

1303	   ConstraintsData: ConstraintsData (Optional)  If the entry was
1304	      redacted, specifies constraints that apply to the redacted entries
1305	      as a group.  Thus the total payloads of all the messages must not
1306	      exceed the specified value.

1308	10.10.  Transaction: Post

1310	   Request: PostRequest

1312	   Request: PostRequest

1314	   Response: PostResponse

1316	   Request to post to a spool from an external party.  The request and
1317	   response messages are extensions of the corresponding messages for
1318	   the Upload transaction.  It is expected that additional fields will
1319	   be added as the need arises.

1321	10.10.1.  Message: PostRequest

1323	   Inherits: MeshRequest

1325	   Inherits: MeshRequest

1327	   Accounts: String [0..Many]  The account(s) to which the request is
1328	      directed.

1330	   Message: DareEnvelope [0..Many]  The entries to be uploaded.  These
1331	      MAY be either complete messages or redacted messages.  In either
1332	      case, the messages MUST conform to the ConstraintsUpdate specified
1333	      by the service

1335	   Self: DareEnvelope [0..Many]  Messages to be appended to the user's
1336	      self spool. this is typically used to post notifications to the
1337	      user to mark messages as having been read or responded to.

1339	10.10.2.  Message: PostResponse

1341	   Inherits: UploadResponse

1343	   [No fields]

1345	10.11.  Transaction: Connect

1347	   Request: ConnectRequest

1349	   Request: ConnectRequest

1351	   Response: ConnectResponse

1353	   Request information necessary to begin making a connection request.

1355	10.11.1.  Message: ConnectRequest

1357	   Inherits: MeshRequest

1359	   Inherits: MeshRequest

1361	   MessageConnectionRequestClient: DareEnvelope (Optional)  The
1362	      connection request generated by the client

1364	10.11.2.  Message: ConnectResponse

1366	   Inherits: MeshResponse

1368	   Inherits: MeshResponse

1370	   EnvelopedConnectionResponse: DareEnvelope (Optional)  The connection
1371	      request generated by the client

1373	   EnvelopedProfileMaster: DareEnvelope (Optional)  The master profile
1374	      that provides the root of trust for this Mesh

1376	   EnvelopedAccountAssertion: DareEnvelope (Optional)  The current
1377	      account assertion

1379	10.12.  Transaction: CreateAccount

1381	   Request: CreateRequest

1383	   Request: CreateRequest

1385	   Response: CreateResponse

1387	   Request creation of a new service account.

1389	   Attempt

1391	10.12.1.  Message: CreateRequest

1393	   Request binding of an account to a service address.

1395	   Inherits: MeshRequest

1397	   Inherits: MeshRequest

1399	   ServiceID: String (Optional)  The service account to bind to.

1401	   SignedProfileMesh: DareEnvelope (Optional)  The persistent profile
1402	      that will be used to validate changes to the account assertion.

1404	   SignedAssertionAccount: DareEnvelope (Optional)  The signed assertion
1405	      describing the account.

1407	10.12.2.  Message: CreateResponse

1409	   Inherits: MeshResponse

1411	   Reports the success or failure of a Create transaction.

1413	   Reason: String (Optional)  Text explaining the status of the creation
1414	      request.

1416	   URL: String (Optional)  A URL to which the user is directed to
1417	      complete the account creation request.

1419	10.13.  Transaction: DeleteAccount

1421	   Request: DeleteRequest

1423	   Request: DeleteRequest

1425	   Response: DeleteResponse

1427	   Request deletion of a new service account.

1429	   Attempt

1431	10.13.1.  Message: DeleteRequest

1433	   Request creation of a new portal account.  The request specifies the
1434	   requested account identifier and the Mesh profile to be associated
1435	   with the account.

1437	   Inherits: MeshRequestUser

1439	   [No fields]

1441	10.13.2.  Message: DeleteResponse

1443	   Inherits: MeshResponse

1445	   Reports the success or failure of a Delete transaction.

1447	   [No fields]

1449	11.  Security Considerations

1451	   The security considerations for use and implementation of Mesh
1452	   services and applications are described in the Mesh Security
1453	   Considerations guide [draft-hallambaker-mesh-security] .

1455	12.  IANA Considerations

1457	   All the IANA considerations for the Mesh documents are specified in
1458	   this document

1460	13.  Acknowledgements

1462	   A list of people who have contributed to the design of the Mesh is
1463	   presented in [draft-hallambaker-mesh-architecture] .

1465	14.  References

1467	14.1.  Normative References

1469	   [draft-hallambaker-mesh-architecture]
1470	              Hallam-Baker, P., "Mathematical Mesh 3.0 Part I:
1471	              Architecture Guide", draft-hallambaker-mesh-
1472	              architecture-09 (work in progress), July 2019.

1474	   [draft-hallambaker-mesh-security]
1475	              Hallam-Baker, P., "Mathematical Mesh Part VII: Security
1476	              Considerations", draft-hallambaker-mesh-security-01 (work
1477	              in progress), July 2019.

1479	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1480	              Requirement Levels", BCP 14, RFC 2119,
1481	              DOI 10.17487/RFC2119, March 1997.

1483	   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
1484	              Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002.

1486	   [RFC4648]  Josefsson, S., "The Base16, Base32, and Base64 Data
1487	              Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006.

1489	   [RFC7230]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
1490	              (HTTP/1.1): Message Syntax and Routing", RFC 7230,
1491	              DOI 10.17487/RFC7230, June 2014.

1493	   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
1494	              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018.

1496	14.2.  Informative References

1498	   [draft-hallambaker-mesh-developer]
1499	              Hallam-Baker, P., "Mathematical Mesh: Reference
1500	              Implementation", draft-hallambaker-mesh-developer-08 (work
1501	              in progress), April 2019.

1503	   [ECMA-262]
1504	              Ecma International, "ECMAScript(R) 2017 Language
1505	              Specification", June 2017.

1507	14.3.  URIs

1509	   [1] http://mathmesh.com/Documents/draft-hallambaker-mesh-
1510	       protocol.html

1512	   [2] http://mathmesh.com/Documents/draft-hallambaker-mesh-
1513	       protocol.html

1515	Author's Address

1517	   Phillip Hallam-Baker

1519	   Email: phill@hallambaker.com