idnits 2.17.1 

draft-hallambaker-mesh-protocol-07.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an Authors' Addresses Section.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (2 November 2020) is 1265 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

  ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112)


     Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                 P. M. Hallam-Baker
3	Internet-Draft                                      ThresholdSecrets.com
4	Intended status: Informational                           2 November 2020
5	Expires: 6 May 2021

7	            Mathematical Mesh 3.0 Part V: Protocol Reference
8	                   draft-hallambaker-mesh-protocol-07

10	Abstract

12	   The Mathematical Mesh 'The Mesh' is an end-to-end secure
13	   infrastructure that facilitates the exchange of configuration and
14	   credential data between multiple user devices.  The core protocols of
15	   the Mesh are described with examples of common use cases and
16	   reference data.

18	   [Note to Readers]

20	   Discussion of this draft takes place on the MATHMESH mailing list
21	   (mathmesh@ietf.org), which is archived at
22	   https://mailarchive.ietf.org/arch/search/?email_list=mathmesh.

24	   This document is also available online at
25	   http://mathmesh.com/Documents/draft-hallambaker-mesh-protocol.html.

27	Status of This Memo

29	   This Internet-Draft is submitted in full conformance with the
30	   provisions of BCP 78 and BCP 79.

32	   Internet-Drafts are working documents of the Internet Engineering
33	   Task Force (IETF).  Note that other groups may also distribute
34	   working documents as Internet-Drafts.  The list of current Internet-
35	   Drafts is at https://datatracker.ietf.org/drafts/current/.

37	   Internet-Drafts are draft documents valid for a maximum of six months
38	   and may be updated, replaced, or obsoleted by other documents at any
39	   time.  It is inappropriate to use Internet-Drafts as reference
40	   material or to cite them other than as "work in progress."

42	   This Internet-Draft will expire on 6 May 2021.

44	Copyright Notice

46	   Copyright (c) 2020 IETF Trust and the persons identified as the
47	   document authors.  All rights reserved.

49	   This document is subject to BCP 78 and the IETF Trust's Legal
50	   Provisions Relating to IETF Documents (https://trustee.ietf.org/
51	   license-info) in effect on the date of publication of this document.
52	   Please review these documents carefully, as they describe your rights
53	   and restrictions with respect to this document.

55	Table of Contents

57	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   4
58	   2.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   6
59	     2.1.  Requirements Language . . . . . . . . . . . . . . . . . .   6
60	     2.2.  Defined Terms . . . . . . . . . . . . . . . . . . . . . .   6
61	     2.3.  Related Specifications  . . . . . . . . . . . . . . . . .   6
62	     2.4.  Implementation Status . . . . . . . . . . . . . . . . . .   6
63	   3.  Mesh Protocols  . . . . . . . . . . . . . . . . . . . . . . .   6
64	   4.  Mesh Service  . . . . . . . . . . . . . . . . . . . . . . . .   7
65	     4.1.  Data Model  . . . . . . . . . . . . . . . . . . . . . . .   7
66	     4.2.  Partitioning  . . . . . . . . . . . . . . . . . . . . . .   8
67	   5.  Protocol Bindings . . . . . . . . . . . . . . . . . . . . . .   8
68	     5.1.  DNS Web Service Discovery . . . . . . . . . . . . . . . .   8
69	     5.2.  Web Service Protocol Binding  . . . . . . . . . . . . . .   9
70	       5.2.1.  Transport Security  . . . . . . . . . . . . . . . . .   9
71	       5.2.2.  HTTP Message Binding  . . . . . . . . . . . . . . . .   9
72	       5.2.3.  Request . . . . . . . . . . . . . . . . . . . . . . .   9
73	       5.2.4.  Response  . . . . . . . . . . . . . . . . . . . . . .  10
74	     5.3.  DARE Message Encapsulation  . . . . . . . . . . . . . . .  10
75	       5.3.1.  Null Authentication . . . . . . . . . . . . . . . . .  11
76	       5.3.2.  Device Authentication . . . . . . . . . . . . . . . .  11
77	       5.3.3.  Profile Authentication  . . . . . . . . . . . . . . .  11
78	       5.3.4.  Ticket Authentication . . . . . . . . . . . . . . . .  11
79	     5.4.  Payload Encoding  . . . . . . . . . . . . . . . . . . . .  12
80	     5.5.  Error handling and response codes . . . . . . . . . . . .  13
81	   6.  Mesh Service Transactions . . . . . . . . . . . . . . . . . .  13
82	     6.1.  Service Description . . . . . . . . . . . . . . . . . . .  13
83	     6.2.  Account Creation  . . . . . . . . . . . . . . . . . . . .  15
84	       6.2.1.  Bind User Account . . . . . . . . . . . . . . . . . .  15
85	       6.2.2.  Bind Group Account  . . . . . . . . . . . . . . . . .  17
86	       6.2.3.  Unbind Account  . . . . . . . . . . . . . . . . . . .  19
87	     6.3.  Persistence Store Management  . . . . . . . . . . . . . .  19
88	       6.3.1.  Status  . . . . . . . . . . . . . . . . . . . . . . .  19
89	       6.3.2.  Download  . . . . . . . . . . . . . . . . . . . . . .  21
90	       6.3.3.  Conflict Detection  . . . . . . . . . . . . . . . . .  22
91	       6.3.4.  Filtering . . . . . . . . . . . . . . . . . . . . . .  22
92	       6.3.5.  Transact  . . . . . . . . . . . . . . . . . . . . . .  22
93	     6.4.  Messaging . . . . . . . . . . . . . . . . . . . . . . . .  22
94	     6.5.  Publication . . . . . . . . . . . . . . . . . . . . . . .  29
95	       6.5.1.  Claim . . . . . . . . . . . . . . . . . . . . . . . .  29
96	       6.5.2.  Poll Claim  . . . . . . . . . . . . . . . . . . . . .  30

98	     6.6.  Cryptographic . . . . . . . . . . . . . . . . . . . . . .  39
99	       6.6.1.  Generate Key Shares . . . . . . . . . . . . . . . . .  39
100	       6.6.2.  Key Agreement . . . . . . . . . . . . . . . . . . . .  39
101	       6.6.3.  Sign  . . . . . . . . . . . . . . . . . . . . . . . .  39
102	   7.  Message Transactions  . . . . . . . . . . . . . . . . . . . .  39
103	     7.1.  PIN Code  . . . . . . . . . . . . . . . . . . . . . . . .  40
104	       7.1.1.  Registration  . . . . . . . . . . . . . . . . . . . .  40
105	       7.1.2.  Authentication  . . . . . . . . . . . . . . . . . . .  40
106	       7.1.3.  Validation  . . . . . . . . . . . . . . . . . . . . .  41
107	     7.2.  Contact Exchange  . . . . . . . . . . . . . . . . . . . .  42
108	       7.2.1.  Remote  . . . . . . . . . . . . . . . . . . . . . . .  43
109	       7.2.2.  PIN . . . . . . . . . . . . . . . . . . . . . . . . .  45
110	       7.2.3.  EARL  . . . . . . . . . . . . . . . . . . . . . . . .  45
111	     7.3.  Group Invitation  . . . . . . . . . . . . . . . . . . . .  46
112	     7.4.  Confirmation  . . . . . . . . . . . . . . . . . . . . . .  46
113	   8.  Device Connection . . . . . . . . . . . . . . . . . . . . . .  46
114	     8.1.  Device Authenticated  . . . . . . . . . . . . . . . . . .  47
115	     8.2.  PIN Authenticated . . . . . . . . . . . . . . . . . . . .  52
116	     8.3.  EARL connection mode  . . . . . . . . . . . . . . . . . .  53
117	   9.  Protocol Schema . . . . . . . . . . . . . . . . . . . . . . .  53
118	     9.1.  Request Messages  . . . . . . . . . . . . . . . . . . . .  53
119	       9.1.1.  Message: MeshRequest  . . . . . . . . . . . . . . . .  53
120	       9.1.2.  Message: MeshRequestUser  . . . . . . . . . . . . . .  53
121	     9.2.  Response Messages . . . . . . . . . . . . . . . . . . . .  54
122	       9.2.1.  Message: MeshResponse . . . . . . . . . . . . . . . .  54
123	     9.3.  Imported Objects  . . . . . . . . . . . . . . . . . . . .  54
124	     9.4.  Common Structures . . . . . . . . . . . . . . . . . . . .  54
125	       9.4.1.  Structure: KeyValue . . . . . . . . . . . . . . . . .  54
126	       9.4.2.  Structure: ConstraintsSelect  . . . . . . . . . . . .  54
127	       9.4.3.  Structure: ConstraintsData  . . . . . . . . . . . . .  55
128	       9.4.4.  Structure: PolicyAccount  . . . . . . . . . . . . . .  55
129	       9.4.5.  Structure: ContainerStatus  . . . . . . . . . . . . .  56
130	       9.4.6.  Structure: ContainerUpdate  . . . . . . . . . . . . .  56
131	     9.5.  Transaction: Hello  . . . . . . . . . . . . . . . . . . .  56
132	       9.5.1.  Message: MeshHelloResponse  . . . . . . . . . . . . .  56
133	     9.6.  Transaction: BindAccount  . . . . . . . . . . . . . . . .  57
134	       9.6.1.  Message: BindRequest  . . . . . . . . . . . . . . . .  57
135	       9.6.2.  Message: BindResponse . . . . . . . . . . . . . . . .  57
136	     9.7.  Transaction: UnbindAccount  . . . . . . . . . . . . . . .  57
137	       9.7.1.  Message: UnbindRequest  . . . . . . . . . . . . . . .  57
138	       9.7.2.  Message: UnbindResponse . . . . . . . . . . . . . . .  58
139	     9.8.  Transaction: Connect  . . . . . . . . . . . . . . . . . .  58
140	       9.8.1.  Message: ConnectRequest . . . . . . . . . . . . . . .  58
141	       9.8.2.  Message: ConnectResponse  . . . . . . . . . . . . . .  58
142	     9.9.  Transaction: Complete . . . . . . . . . . . . . . . . . .  58
143	       9.9.1.  Message: CompleteRequest  . . . . . . . . . . . . . .  59
144	       9.9.2.  Message: CompleteResponse . . . . . . . . . . . . . .  59
145	     9.10. Transaction: Status . . . . . . . . . . . . . . . . . . .  59
146	       9.10.1.  Message: StatusRequest . . . . . . . . . . . . . . .  59
147	       9.10.2.  Message: StatusResponse  . . . . . . . . . . . . . .  59
148	     9.11. Transaction: Download . . . . . . . . . . . . . . . . . .  60
149	       9.11.1.  Message: DownloadRequest . . . . . . . . . . . . . .  60
150	       9.11.2.  Message: DownloadResponse  . . . . . . . . . . . . .  60
151	     9.12. Transaction: Transact . . . . . . . . . . . . . . . . . .  60
152	       9.12.1.  Message: TransactRequest . . . . . . . . . . . . . .  61
153	       9.12.2.  Message: TransactResponse  . . . . . . . . . . . . .  61
154	       9.12.3.  Structure: EntryResponse . . . . . . . . . . . . . .  61
155	     9.13. Transaction: Post . . . . . . . . . . . . . . . . . . . .  62
156	       9.13.1.  Message: PostRequest . . . . . . . . . . . . . . . .  62
157	       9.13.2.  Message: PostResponse  . . . . . . . . . . . . . . .  62
158	     9.14. Transaction: Claim  . . . . . . . . . . . . . . . . . . .  62
159	       9.14.1.  Message: ClaimRequest  . . . . . . . . . . . . . . .  62
160	       9.14.2.  Message: ClaimResponse . . . . . . . . . . . . . . .  63
161	     9.15. Transaction: PollClaim  . . . . . . . . . . . . . . . . .  63
162	       9.15.1.  Message: PollClaimRequest  . . . . . . . . . . . . .  63
163	       9.15.2.  Message: PollClaimResponse . . . . . . . . . . . . .  63
164	       9.15.3.  Structure: CryptographicOperation  . . . . . . . . .  63
165	       9.15.4.  Structure: CryptographicOperationSign  . . . . . . .  63
166	       9.15.5.  Structure: CryptographicOperationKeyAgreement  . . .  64
167	       9.15.6.  Structure: CryptographicOperationGenerate  . . . . .  64
168	       9.15.7.  Structure: CryptographicOperationShare . . . . . . .  64
169	       9.15.8.  Structure: CryptographicResult . . . . . . . . . . .  64
170	       9.15.9.  Structure: CryptographicResultKeyAgreement . . . . .  64
171	       9.15.10. Structure: CryptographicResultShare  . . . . . . . .  64
172	     9.16. Transaction: Operate  . . . . . . . . . . . . . . . . . .  64
173	       9.16.1.  Message: OperateRequest  . . . . . . . . . . . . . .  64
174	       9.16.2.  Message: OperateResponse . . . . . . . . . . . . . .  65
175	   10. Security Considerations . . . . . . . . . . . . . . . . . . .  65
176	   11. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  65
177	   12. Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  65
178	   13. Normative References  . . . . . . . . . . . . . . . . . . . .  65
179	   14. Informative References  . . . . . . . . . . . . . . . . . . .  66

181	1.  Introduction

183	   This document describes the Mesh Service protocol supported by Mesh
184	   Services, an account-based protocol that facilitates exchange of data
185	   between devices connected to a Mesh profile and between Mesh
186	   accounts.

188	   Mesh Service Accounts support the following services:

190	   *  Provides the master persistence store for the Catalogs and Spools
191	      associated with the account.

193	   *  Enables synchronization of Catalogs and Spools with connected
194	      devices.

196	   *  Enforces access control on inbound Mesh Messages from other users
197	      and other Mesh Services.

199	   *  Authenticates outbound Mesh Messages, certifying that they comply
200	      with abuse mitigation policies.

202	   A Mesh Profile MAY be bound to multiple Mesh Service Accounts at the
203	   same time but only one Mesh Service Account is considered to be
204	   authoritative at a time.  Users may add or remove Mesh Service
205	   Accounts and change the account designated as authoritative at any
206	   time.

208	   The Mesh Services are build from a very small set of primitives which
209	   provide a surprisingly extensive set of capabilities.  These
210	   primitives are:

212	   "Hello"  Describes the features and options provided by the service
213	      and provides a 'null' transaction which MAY be used to establish
214	      an authentication ticket without performing any action,

216	   CreateAccount, DeleteAccount  Manage the creation and deletion of
217	      accounts at the service.

219	   Status, Download, "Upload"  Support synchronization of Mesh
220	      containers between the service (Master) and the connected devices
221	      (Replicas).

223	   Connect  Initiate the process of connecting a device to a Mesh
224	      profile from the device itself.

226	   Post  Request that a Mesh Message be transferred to one or more Mesh
227	      Accounts.

229	   Although these functions could in principle be used to replace many
230	   if not most existing Internet application protocols, the principal
231	   value of any communication protocol lies in the size of the audience
232	   it allows them to communicate with.  Thus, while the Mesh Messaging
233	   service is designed to support efficient and reliable transfer of
234	   messages ranging in size from a few bytes to multiple terabytes, the
235	   near-term applications of these services will be to applications that
236	   are not adequately supported by existing protocols if at all.

238	2.  Definitions

240	   This section presents the related specifications and standard, the
241	   terms that are used as terms of art within the documents and the
242	   terms used as requirements language.

244	2.1.  Requirements Language

246	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
247	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
248	   document are to be interpreted as described in [RFC2119].

250	2.2.  Defined Terms

252	   The terms of art used in this document are described in the _Mesh
253	   Architecture Guide_ [draft-hallambaker-mesh-architecture].

255	2.3.  Related Specifications

257	   The architecture of the Mathematical Mesh is described in the _Mesh
258	   Architecture Guide_ [draft-hallambaker-mesh-architecture].  The Mesh
259	   documentation set and related specifications are described in this
260	   document.

262	2.4.  Implementation Status

264	   The implementation status of the reference code base is described in
265	   the companion document [draft-hallambaker-mesh-developer].

267	3.  Mesh Protocols

269	   The Mesh specifies two separate types of protocol interactions:

271	   Mesh Service Protocol  A synchronous protocol supporting interactions
272	      between devices and a Mesh Service Host and between Mesh Service
273	      hosts.

275	   Mesh Messaging Protocol  An asynchronous protocol that supports
276	      interactions between devices connected to the same account and
277	      between accounts.

279	   The Mesh Messaging Protocol uses the Mesh Service Protocol as
280	   transport.  The Mesh Service Protocol in turn is supported by either
281	   the HTTPS binding over TCP or by the Mesh Datagram binding over UDP.

283	   (Artwork only available as svg: No external link available, see
284	   draft-hallambaker-mesh-protocol-07.html for artwork.)
285	                                  Figure 1

287	   Mesh Services MUST support the HTTPS binding and MAY support the Mesh
288	   Datagram binding.

290	4.  Mesh Service

292	   A Mesh Service is a minimally trusted service.  In particular a user
293	   does not need to trust a Mesh service to protect the confidentiality
294	   or integrity of most data stored in the account catalogs and spools.

296	   Unless the use of the Mesh Service is highly restricted, a user does
297	   need to trust the Mesh Service in certain respects:

299	   Data Loss  A service could refuse to respond to requests to download
300	      data.

302	   Integrity (Stale Data)  The use of Merkle Trees limits but does not
303	      eliminate the ability of a Mesh Service to respond to requests
304	      with stale data.

306	   Messaging  A service could reject requests to post messages to or
307	      accept messages from other mesh users.

309	      This risk is a necessary consequence of the fact that the Mesh
310	      Service Provider is accountable to other Mesh Service Providers
311	      for abuse originating from their service.

313	   Traffic analysis  A Mesh Service has knowledge of the number of Mesh
314	      Messages being sent and received by its users and the addresses to
315	      which they are being sent to or received from.

317	   The need to trust the Mesh Service in these respects is mitigated by
318	   accountability and the user's ability to change Mesh Service
319	   providers at any time they choose with minimal inconvenience.

321	   It is possible that some of these risks will be reduced in future
322	   versions of the Mesh Service Protocol but it is highly unlikely that
323	   these can be eliminated entirely without compromising practicality or
324	   efficiency.

326	4.1.  Data Model

328	   The design of the Mesh Service model followed a quasi-formal approach
329	   in which the system was reduced to schemas which could in principle
330	   be rendered in a formal development method but without construction
331	   of proofs.

333	   Like the contents of Mesh Accounts, a Mesh Service may be represented
334	   by a collection of catalogs and spools, for example:

336	   Account Catalog  Contains the account entries.

338	   Incident Spool  Reports of potential abuse

340	   Backup of the service MAY be implemented using the same container
341	   synchronization mechanism used to synchronize account catalogs and
342	   spools.

344	4.2.  Partitioning

346	   Mesh Services supporting a large number of accounts or large activity
347	   volume MAY partition the account catalog between one or more hosts
348	   using the usual tiered service model in which a front-end server
349	   receives traffic for any account hosted at the server and routes the
350	   request to the back-end service that provides the persistence store
351	   for that account.

353	   In addition, the Mesh Service Protocol supports a 'direct connection'
354	   partitioning model in which devices are given a DNS name which MAY
355	   allow for direct connection to the persistence host or to a front-end
356	   service offering service that is in some way specific to that
357	   account.

359	5.  Protocol Bindings

361	   Mesh Service transactions are mapped to an underlying messaging and
362	   transport protocol.  The following binding

364	   Mesh Services MUST support the Web Service binding specified in this
365	   document and MAY support the UDP binding currently in development.

367	5.1.  DNS Web Service Discovery

369	   The DNS Web Service discovery mechanism is used to discover Mesh
370	   Services regardless of the protocol binding .The service name, DNS
371	   prefix and and .well-known service suffix are specified as follows:

373	   *  Service Name: mmm

375	   *  DNS Prefix: _mmm._tcp

377	   *  Well Known service suffix: /.well-known/mmm

379	5.2.  Web Service Protocol Binding

381	   The Web Service Protocol binding makes use of the most widely
382	   deployed and used protocols:

384	   *  Discovery: DNS Service discovery

386	   *  Transport: TLS

388	   *  Application: HTTP

390	   *  Presentation: DARE Message

392	   *  Encoding: JSON, JSON-B

394	   The chief limitations of the Web Service Protocol Binding are that
395	   the use of TCP based transport results in unsatisfactory latency for
396	   some applications and that the HTTP application layer only serves to
397	   allow a host to support multiple services on the same TCP/IP port.

399	5.2.1.  Transport Security

401	   Mesh Services MUST offer TLS transport and MAY offer non TLS
402	   transport.  MESH clients SHOULD use TLS transport when connecting to
403	   a MESH service.

405	   TLS version 1.3 [RFC8446] or higher MUST be supported.  Client
406	   authentication SHOULD NOT be used.

408	5.2.2.  HTTP Message Binding

410	   All messages are exchanged as HTTP POST transactions.  Support for
411	   and use of HTTP/1.1 [RFC7230] is REQUIRED.  Services MAY support
412	   HTTP/2.

414	   In contrast to other approaches to the design of Web Services, the
415	   only use made of the HTTP transport is to distinguish between
416	   different services on the same host using the Host header and .well-
417	   known convention and for message framing.  No use is made of the URI
418	   request line to identify commands, nor are the caching or proxy
419	   capabilities of HTTP made use of.

421	5.2.3.  Request

423	   The HTTP request MAY contain any valid HTTP header specified in
424	   [RFC7230].

426	   Request Line URI  "/well-known/"<service> (unless overridden using a
427	      TXT path attribute)

429	   Request Line Method  POST

431	   Host: Header  <domain>

433	   Content-Encoding  As specified in section yy below.

435	   Content-Type  As specified in section zz below.

437	   Content-Length or Transfer-Encoding  As specified in [RFC7230].

439	   Payload  The content payload as specified in section XX below.

441	   [No dump of the binding yet]

443	   ~~~~

445	5.2.4.  Response

447	   The response MAY contain any HTTP response header but since JWB
448	   services do not make use of HTTP caching and messages are not
449	   intended to be modified by HTTP intermediaries, only a limited number
450	   of headers have significance:

452	   Response Code  The HTTP response code.  This is processed as
453	      described in section zz below.

455	   Content-Type  As specified in section zz below.

457	   Content-Length or Transfer-Encoding  As specified in [RFC7230].

459	   Cache-Control  Since the only valid HTTP method for a JWB request is
460	      POST, JWB responses are not cacheable.  The use of the cache-
461	      control header is therefore unnecessary.  However, experience
462	      suggests that reviewers find it easier to understand protocol
463	      specifications if they are reminded of the fact that caching is
464	      neither supported nor desired.

466	   [No dump of the binding yet]

468	   ~~~~

470	5.3.  DARE Message Encapsulation

472	   The payload of the HTTP requests and responses is a DARE Message
473	   whose payload contains the Mesh Service request or response.

475	   The DARE Message encapsulation is used to authenticate the request or
476	   response data.  The form of the authentication depending on the
477	   credentials available to the sender at the time the request is made.

479	   Mesh Service MUST support the use of Mutually Authenticated Key
480	   Exchange [draft-hallambaker-mesh-security] to establish the Master
481	   Key used for authentication of requests and responses.

483	   Requests and Responses MUST be authenticated.  Requests and Responses
484	   MUST be encrypted if the transport is not encrypted and MAY be
485	   encrypted otherwise.

487	5.3.1.  Null Authentication

489	   Null Authentication MAY be used to make a "Hello" Request.

491	   The Null Authentication mechanism MUST NOT be used for any Mesh
492	   Service request or response other than a "Hello" request.

494	   Since the Mutually Authenticated key exchange requires both parties
495	   to know the public key of the other, it is not possible for a client
496	   to authenticate itself to the service until it has obtained the
497	   service public key.  One means by which the client MAY obtain the
498	   service public key is by requesting the service return the credential
499	   in a "Hello" transaction.

501	5.3.2.  Device Authentication

503	   Device Authentication is used in two circumstances

505	   *  When requesting creation of an account

507	   *  When a device is requesting connection to a profile.

509	5.3.3.  Profile Authentication

511	   Profile Authentication has the same form as Device Authentication
512	   except that the client provides its Device Connection Assertion as
513	   part of the request:

515	5.3.4.  Ticket Authentication

517	   Ticket Authentication is used after a device has obtained an
518	   authentication ticket from a service.  The ticket is returned in the
519	   response to a previous Profile Authentication exchange.

521	5.4.  Payload Encoding

523	   The Dare Message payload of a "Hello" request MUST be encoded in JSON
524	   encoding.  The payload of all other requests MUST be in either JSON
525	   encoding or one of the encodings advertised as being accepted in a
526	   Hello response from the Service.  Services MUST accept JSON encoding
527	   and MAY support the JSON-B or JSON-C encodings as specified in this
528	   document.  Services MUST generate a response that is compatible with
529	   the DARE Message Content-Type specified in the request.

531	   JSON was originally developed to provide a serialization format for
532	   the JavaScript programming language [ECMA-262].  While this approach
533	   is generally applicable to the type systems of scripting programming
534	   languages, it is less well matched to the richer type systems of
535	   modern object oriented programming languages such as Java and C#.

537	   Working within a subset of the capabilities of JSON allows a Web
538	   Service protocol to be accessed with equal ease from either platform
539	   type.  The following capabilities of JSON are avoided:

541	   The ability to use arbitrary strings as field names.

543	   The use of JSON objects to define maps directly

545	   The following data field types are used:

547	   Integer  Integer values are encoded as JSON number values.

549	   String  Test strings are encoded as JSON text strings.

551	   Boolean  Boolean values are encoded as JSON 'false', 'true' or 'null'
552	      tokens according to value.

554	   Sequence  Sequences of data items that are encoded as JSON arrays

556	   Object of known type  Objects whose type is known to the receiver are
557	      encoded as JSON objects

559	   Object of variable type  Objects whose type is not known to the
560	      receiver are encoded as JSON objects containing a single field
561	      whose name describes the type of the object value and whose value
562	      contains the value.

564	   Binary Data  Byte sequences are converted to BASE64-url encoding
565	      [RFC4648] and encoded as JSON string values.

567	   Date Time  Date Time values are converted to Internet time format as
568	      described in [RFC3339] and encoded as JSON string values.

570	5.5.  Error handling and response codes

572	   It is possible for an error to occur at any of the three layers in
573	   the Web Service binding:

575	   Service Layer

577	   HTTP Layer

579	   Transport Layer

581	   Services SHOULD always attempt to return error codes at the highest
582	   level possible.  However, it is clearly impossible for a connection
583	   that is refused at the Transport layer to return an error code at the
584	   HTTP layer.  It is however possible for a HTTP layer error response
585	   to contain a content body.

587	   In the case that a response contains both a HTTP response code and a
588	   well-formed payload containing a response, the payload response SHALL
589	   have precedence.

591	6.  Mesh Service Transactions

593	6.1.  Service Description

595	   The Hello transaction is used to determine the features supported by
596	   the service and obtain the service credentials

598	   The request payload:

600	   {
601	     "HelloRequest":{}}

603	   The response payload:

605	   {
606	     "MeshHelloResponse":{
607	       "Status":201,
608	       "Version":{
609	         "Major":3,
610	         "Minor":0,
611	         "Encodings":[{
612	             "ID":["application/json"
613	               ]}
614	           ]},
615	       "EnvelopedProfileService":[{
616	           "EnvelopeID":"MC33-WJWJ-I43A-NKBK-G2U5-BYEX-N3FF",
617	           "dig":"S512",
618	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNQzMzLVdKV0otSTQz
619	     QS1OS0JLLUcyVTUtQllFWC1OM0ZGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
620	     VNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk
621	     NyZWF0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMVoifQ"},
622	         "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl
623	     IjogewogICAgICAiVWRmIjogIk1DMzMtV0pXSi1JNDNBLU5LQkstRzJVNS1CWUVYL
624	     U4zRkYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG
625	     ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA
626	     gIlB1YmxpYyI6ICJpVFQwMl9NYmNkYkFndEtDVlZLTkdjby1EWXpsZnU4ZVJHS0dp
627	     Uk9RaGw5RWhlVmxBNEU0CiAgQTQwZWhHbXB4eEpxSV8tS01rZlphSm1BIn19fSwKI
628	     CAgICJTZXJ2aWNlRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQkJPLVdHSV
629	     EtS1RRWS1JQ1FOLTdGU1gtWU9TRy1ENlk1IiwKICAgICAgIlB1YmxpY1BhcmFtZXR
630	     lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2
631	     IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJnbmNxSjZxV1pZa3d3cElPO
632	     HVpS1dZbEVOcmFSSFRERmtmVlJwM0hHUFNRcnIzZnZvblQ3CiAgcXlUTkFIb2ZudW
633	     t1UHJ4QlJwZHM1N2NBIn19fX19",
634	         {
635	           "signatures":[{
636	               "alg":"S512",
637	               "kid":"MC33-WJWJ-I43A-NKBK-G2U5-BYEX-N3FF",
638	               "signature":"kFZ2XkGfZNy8TB2T_00mxvA6_JAn5-IdQvnjDPUu7o
639	     0pClb2E81AEGL-XOnpLbZzeW0PE7T9bpcArHVQXgEyfw5EL_CdYq-EFO887QOeLvs
640	     qqhV6avsNdEYZeurIb1rjyknp8099eZXtTLg7DTMSXj0A"}
641	             ],
642	           "PayloadDigest":"og05O4YE6JX9hWZGPTNAzp8d0XC5f8OopPY9SOCVp-
643	     thLjTdhwMLKyfZrF7twvB9tbe20t82IVYy3NjpVR06wQ"}
644	         ],
645	       "EnvelopedProfileHost":[{
646	           "EnvelopeID":"MDJK-IDLW-LLI2-W6HD-I6L5-CDSD-3ZDY",
647	           "dig":"S512",
648	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNREpLLUlETFctTExJ
649	     Mi1XNkhELUk2TDUtQ0RTRC0zWkRZIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
650	     Uhvc3QiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNyZW
651	     F0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMVoifQ"},
652	         "ewogICJQcm9maWxlSG9zdCI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIjog
653	     ewogICAgICAiVWRmIjogIk1ESkstSURMVy1MTEkyLVc2SEQtSTZMNS1DRFNELTNaR
654	     FkiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2
655	     V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB
656	     1YmxpYyI6ICJoLXI3ZkdHMGpiVGtTRWlybktYR0lHTGtUTnNrUkswczYyejRuc1hJ
657	     NWtYXzAyMEs0cGRlCiAgckZRSXk3NktuVS0ydVpaUFNWcHd0WjZBIn19fSwKICAgI
658	     CJLZXlBdXRoZW50aWNhdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQk9YLTRERkEtVV
659	     g1TC1JTkRPLTVIQk8tQTRPNS1CRTNNIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnM
660	     iOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2Ijog
661	     Ilg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJzbzNLRnJLMjF2U1ZBVkZfVXNmb
662	     C1Lc2RtR3E2LTZudHVEWEhYTTBVM2JGdWlESDhTZjBhCiAgNHk5N181Q3YtcGJqNk
663	     5FSFZrc3QyeEVBIn19fX19",
664	         {
665	           "signatures":[{
666	               "alg":"S512",
667	               "kid":"MDJK-IDLW-LLI2-W6HD-I6L5-CDSD-3ZDY",
668	               "signature":"Cy7q1kvz_p7Za1hkTScHABlzSRWakAjWcNmr8Ck5eX
669	     ILQvXRKx4mK_UPG0qAOwKGl3STqiYFZ2WAgyvXQeCd0IjqTOEDDFQjktk4cbu27S6
670	     bl5qFLR7Q3M6c3pTGiYG0m4gEl4VshMFd37QrAZKuSzUA"}
671	             ],
672	           "PayloadDigest":"G3Cixcg3-7dTirgDfidEuffWAnQ5S9a6uz_oMyS6FT
673	     PkL3YhRHVIPIqR0qzSsbEqIVYpNtg5scLOXi3WhbN6Zg"}
674	         ]}}

676	6.2.  Account Creation

678	6.2.1.  Bind User Account

680	   A User Account is bound to a Mesh Service by completing a
681	   "BindAccount" transaction with the service.

683	   The "BindRequest" message specifies the account address and
684	   "ProfileUser"of the account to be serviced.

686	   The "BindAccount" transaction is unique in that it can fail to
687	   complete for reasons that are outside the scope of the Mesh
688	   specifications.  Creation of an account might require payment to be
689	   made or authentication of the user's credentials.  It is thus quite
690	   normal for the result of a CreateRequest to be the account being
691	   created in an 'on hold' state which can only be changed out of band.

693	   If the request is at least partially successful, a BindResponse
694	   message is returned.  In the case of partial success, a description
695	   of the request status and link to a Web page providing further
696	   details MAY be returned.

698	   The request payload:

700	   {
701	     "HelloRequest":{}}

703	   The response payload:

705	   {
706	     "MeshHelloResponse":{
707	       "Status":201,
708	       "Version":{
709	         "Major":3,
710	         "Minor":0,
711	         "Encodings":[{
712	             "ID":["application/json"
713	               ]}

715	           ]},
716	       "EnvelopedProfileService":[{
717	           "EnvelopeID":"MC33-WJWJ-I43A-NKBK-G2U5-BYEX-N3FF",
718	           "dig":"S512",
719	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNQzMzLVdKV0otSTQz
720	     QS1OS0JLLUcyVTUtQllFWC1OM0ZGIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
721	     VNlcnZpY2UiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIk
722	     NyZWF0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMVoifQ"},
723	         "ewogICJQcm9maWxlU2VydmljZSI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJl
724	     IjogewogICAgICAiVWRmIjogIk1DMzMtV0pXSi1JNDNBLU5LQkstRzJVNS1CWUVYL
725	     U4zRkYiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibG
726	     ljS2V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICA
727	     gIlB1YmxpYyI6ICJpVFQwMl9NYmNkYkFndEtDVlZLTkdjby1EWXpsZnU4ZVJHS0dp
728	     Uk9RaGw5RWhlVmxBNEU0CiAgQTQwZWhHbXB4eEpxSV8tS01rZlphSm1BIn19fSwKI
729	     CAgICJTZXJ2aWNlRW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQkJPLVdHSV
730	     EtS1RRWS1JQ1FOLTdGU1gtWU9TRy1ENlk1IiwKICAgICAgIlB1YmxpY1BhcmFtZXR
731	     lcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2
732	     IjogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJnbmNxSjZxV1pZa3d3cElPO
733	     HVpS1dZbEVOcmFSSFRERmtmVlJwM0hHUFNRcnIzZnZvblQ3CiAgcXlUTkFIb2ZudW
734	     t1UHJ4QlJwZHM1N2NBIn19fX19",
735	         {
736	           "signatures":[{
737	               "alg":"S512",
738	               "kid":"MC33-WJWJ-I43A-NKBK-G2U5-BYEX-N3FF",
739	               "signature":"kFZ2XkGfZNy8TB2T_00mxvA6_JAn5-IdQvnjDPUu7o
740	     0pClb2E81AEGL-XOnpLbZzeW0PE7T9bpcArHVQXgEyfw5EL_CdYq-EFO887QOeLvs
741	     qqhV6avsNdEYZeurIb1rjyknp8099eZXtTLg7DTMSXj0A"}
742	             ],
743	           "PayloadDigest":"og05O4YE6JX9hWZGPTNAzp8d0XC5f8OopPY9SOCVp-
744	     thLjTdhwMLKyfZrF7twvB9tbe20t82IVYy3NjpVR06wQ"}
745	         ],
746	       "EnvelopedProfileHost":[{
747	           "EnvelopeID":"MDJK-IDLW-LLI2-W6HD-I6L5-CDSD-3ZDY",
748	           "dig":"S512",
749	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNREpLLUlETFctTExJ
750	     Mi1XNkhELUk2TDUtQ0RTRC0zWkRZIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
751	     Uhvc3QiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNyZW
752	     F0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMVoifQ"},
753	         "ewogICJQcm9maWxlSG9zdCI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIjog
754	     ewogICAgICAiVWRmIjogIk1ESkstSURMVy1MTEkyLVc2SEQtSTZMNS1DRFNELTNaR
755	     FkiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2
756	     V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB
757	     1YmxpYyI6ICJoLXI3ZkdHMGpiVGtTRWlybktYR0lHTGtUTnNrUkswczYyejRuc1hJ
758	     NWtYXzAyMEs0cGRlCiAgckZRSXk3NktuVS0ydVpaUFNWcHd0WjZBIn19fSwKICAgI
759	     CJLZXlBdXRoZW50aWNhdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQk9YLTRERkEtVV
760	     g1TC1JTkRPLTVIQk8tQTRPNS1CRTNNIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnM
761	     iOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2Ijog
762	     Ilg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJzbzNLRnJLMjF2U1ZBVkZfVXNmb
763	     C1Lc2RtR3E2LTZudHVEWEhYTTBVM2JGdWlESDhTZjBhCiAgNHk5N181Q3YtcGJqNk
764	     5FSFZrc3QyeEVBIn19fX19",
765	         {
766	           "signatures":[{
767	               "alg":"S512",
768	               "kid":"MDJK-IDLW-LLI2-W6HD-I6L5-CDSD-3ZDY",
769	               "signature":"Cy7q1kvz_p7Za1hkTScHABlzSRWakAjWcNmr8Ck5eX
770	     ILQvXRKx4mK_UPG0qAOwKGl3STqiYFZ2WAgyvXQeCd0IjqTOEDDFQjktk4cbu27S6
771	     bl5qFLR7Q3M6c3pTGiYG0m4gEl4VshMFd37QrAZKuSzUA"}
772	             ],
773	           "PayloadDigest":"G3Cixcg3-7dTirgDfidEuffWAnQ5S9a6uz_oMyS6FT
774	     PkL3YhRHVIPIqR0qzSsbEqIVYpNtg5scLOXi3WhbN6Zg"}
775	         ]}}

777	   [Future: Consider converting this to a Messaging flow.]

779	6.2.2.  Bind Group Account

781	   Mesh Group Accounts are created in the same manner as user accounts
782	   except that a ProfileGroup is specified.

784	   The request payload:

786	   {
787	     "BindRequest":{
788	       "AccountAddress":"groupw@example.com",
789	       "EnvelopedProfileAccount":[{
790	           "EnvelopeID":"MDHE-QK2C-RQXN-5CJQ-QROJ-SDQA-XW26",
791	           "dig":"S512",
792	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNREhFLVFLMkMtUlFY
793	     Ti01Q0pRLVFST0otU0RRQS1YVzI2IiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
794	     Udyb3VwIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcm
795	     VhdGVkIjogIjIwMjAtMTEtMDJUMTc6NDE6MzdaIn0"},
796	         "ewogICJQcm9maWxlR3JvdXAiOiB7CiAgICAiUHJvZmlsZVNpZ25hdHVyZSI6
797	     IHsKICAgICAgIlVkZiI6ICJNREhFLVFLMkMtUlFYTi01Q0pRLVFST0otU0RRQS1YV
798	     zI2IiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0
799	     tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJ
800	     QdWJsaWMiOiAiVVpXTDhDb1N3OHZoeW11QWtyNUNlWXBPTFpyNkJSVHpPSUg1dWZN
801	     cjBnb3h6UEFwcW9PagogIEFhejBrSWx4SjRfdUtQNWJCeElwejlLQSJ9fX0sCiAgI
802	     CAiQWNjb3VudEFkZHJlc3MiOiAiZ3JvdXB3QGV4YW1wbGUuY29tIiwKICAgICJBY2
803	     NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNQ01DLTZHNU8tNklITi1
804	     IR05GLVdLR0MtRlJGTi1RQlEzIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7
805	     CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2IjogIlg0N
806	     DgiLAogICAgICAgICAgIlB1YmxpYyI6ICJwYklwVVNVaGlTTlFzSkVhenZiWlVpWX
807	     lPRnl5eHUxb1l2cVE3MEZJcm1fRy1SOW5uSUc0CiAgd0NlVjRVTThsaHpRbnVrUVh
808	     ya2h2R2NBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjogewogICAg
809	     ICAiVWRmIjogIk1ESEUtUUsyQy1SUVhOLTVDSlEtUVJPSi1TRFFBLVhXMjYiLAogI
810	     CAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V5RUNESC
811	     I6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1YmxpYyI
812	     6ICJVWldMOENvU3c4dmh5bXVBa3I1Q2VZcE9MWnI2QlJUek9JSDV1Zk1yMGdveHpQ
813	     QXBxb09qCiAgQWF6MGtJbHhKNF91S1A1YkJ4SXB6OUtBIn19fX19",
814	         {
815	           "signatures":[{
816	               "alg":"S512",
817	               "kid":"MDHE-QK2C-RQXN-5CJQ-QROJ-SDQA-XW26",
818	               "signature":"qp6CXsgAnElmlT1Gqmaqkij1t3VVjWBt034LtAaCcY
819	     GWc4xqxBOvSn2mrsXWRLH7ZkvzlOwKZc0A7KAORyZ3tFJc0KA6KqkqVTdr2R5VZ9x
820	     DKVgnu_bQbfzO6Vk0jrCkBetV7rXTFnvAVfcgXc7G4BMA"}
821	             ],
822	           "PayloadDigest":"plq9bhHRRSJDjoBM-A0stSibGswCs_oD3LV1uOYn3l
823	     pEm2Qa8Ehhrlji-382fepcXWkaTLvWFJg700espozplg"}
824	         ]}}

826	   The response payload:

828	   {
829	     "BindResponse":{
830	       "Status":201,
831	       "StatusDescription":"Operation completed successfully"}}

833	6.2.3.  Unbind Account

835	   An account registration is deleted using the"UnbindAccount"
836	   transaction.

838	   The request payload:

840	   The response payload:

842	6.3.  Persistence Store Management

844	   All the state associated with a Mesh profile is stored as a sequence
845	   of DARE Messages in a Dare Container.  The Mesh Service holding the
846	   master copy of the persistence stores and the devices connected to
847	   the profile containing complete copies (replicas) or partial copies
848	   (redactions).

850	   Thus, the only primitive needed to achieve synchronization of the
851	   profile state are those required for synchronization of a DARE
852	   Container.  These steps are:

854	   *  Obtain the status of the catalogs and spools associated with the
855	      account.

857	   *  Download catalog and spool updates

859	   *  Upload catalog updates.

861	   To ensure a satisfactory user experience, Mesh Messages are
862	   intentionally limited in size to 64 KB or less, thus ensuring that an
863	   application can retrieve the most recent 100 messages almost
864	   instantaneously on a high bandwidth connection and without undue
865	   delay on a slower one.

867	6.3.1.  Status

869	   The status transaction returns the status of the containers the
870	   device is authorized to access for the specified account together
871	   with the updated Device Connection Entry if this has been modified
872	   since the entry presented to authenticate the request was issued.

874	   The request payload:

876	   {
877	     "StatusRequest":{}}

879	   The response payload:

881	   {
882	     "StatusResponse":{
883	       "Status":201,
884	       "StatusDescription":"Operation completed successfully",
885	       "EnvelopedProfileAccount":[{
886	           "EnvelopeID":"MCVI-2KFD-AQTG-FX4N-O4RN-5OIS-BH5E",
887	           "dig":"S512",
888	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNQ1ZJLTJLRkQtQVFU
889	     Ry1GWDROLU80Uk4tNU9JUy1CSDVFIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
890	     VVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNyZW
891	     F0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMloifQ"},
892	         "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIjog
893	     ewogICAgICAiVWRmIjogIk1DVkktMktGRC1BUVRHLUZYNE4tTzRSTi01T0lTLUJIN
894	     UUiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2
895	     V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB
896	     1YmxpYyI6ICI4dUZ1TmhjRHFhZXROVVY5S01YWnRHcXlQMWl1WWVYTE5uOVBDamR3
897	     dHVoZVFVcWJmblhGCiAgSXIzX2lxamt5SUw4VEcyS2JtcWZ2TUlBIn19fSwKICAgI
898	     CJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vydm
899	     ljZVVkZiI6ICJNQzMzLVdKV0otSTQzQS1OS0JLLUcyVTUtQllFWC1OM0ZGIiwKICA
900	     gICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFlELUFEWlQt
901	     Q1JKRy1IT0lELUhHSUctQ0tMNC03TTJUIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlc
902	     nMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2Ij
903	     ogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJLelBFajNGOGpwc0lkLUpzV3F
904	     1SnktLTUydnRKLWFnNEtlVXdrZDhIeVpDeUNGc0gxYk5nCiAgR0xIUlJrN0ZkMzI0
905	     Q1d3N0dHUnJHRkdBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjoge
906	     wogICAgICAiVWRmIjogIk1DVkktMktGRC1BUVRHLUZYNE4tTzRSTi01T0lTLUJINU
907	     UiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V
908	     5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1
909	     YmxpYyI6ICI4dUZ1TmhjRHFhZXROVVY5S01YWnRHcXlQMWl1WWVYTE5uOVBDamR3d
910	     HVoZVFVcWJmblhGCiAgSXIzX2lxamt5SUw4VEcyS2JtcWZ2TUlBIn19fSwKICAgIC
911	     JBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFINS1GVFd
912	     QLTRDNEgtSU9EUS1KV1lJLUhJS1QtQVJPViIsCiAgICAgICJQdWJsaWNQYXJhbWV0
913	     ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNyd
914	     iI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiandZdWpLeTQ1Um1rTmNKan
915	     U1R0EzazdVRGRyem5xb1lrOGhFS2hZOV9zd1F4NnpTSE43SgogIDBLZjB6SENzOE9
916	     rMG5QMXRnQXRVdFBDQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKICAg
917	     ICAgIlVkZiI6ICJNQ1FDLU1EWlItM0hDTC1TVklVLTUzUU0tQlQ0RC1LN0ZFIiwKI
918	     CAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDRE
919	     giOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsaWM
920	     iOiAiYlhwa1F4UFBNbTE4UVBvN0JTSnk5alVEeHd6VW9hTnhVYnZMZ2V5SHpTTmRP
921	     SUFzbDZlOAogIDRaV0xIOE15VWVDLWVuSnBZMVUwRzJVQSJ9fX19fQ",
922	         {
923	           "signatures":[{
924	               "alg":"S512",
925	               "kid":"MCVI-2KFD-AQTG-FX4N-O4RN-5OIS-BH5E",
926	               "signature":"NAOTClRNF51SazbgbIJAdlLx8r4qwXSHr4rdeql-sw
927	     9fIb5fDsmW4jbG-DiKP0S5x8ax1Z6ao6sAYrjGGXrFFRFfgAB2lhC823Pu9uox30d
928	     vTIS0JSLM_IxOg9khTPLCBr22HUBhyyksvHMqH6zwwwwA"}
929	             ],
930	           "PayloadDigest":"CPW9V4gBCAv-rH-EkTtX8aOXZH4nJFkqSZtw84c94_
931	     FDWL-aetsptBePjOYqttZxnz7VP6KpnXSUfaqvGC9J2Q"}
932	         ],
933	       "ContainerStatus":[{
934	           "Container":"MMM_Inbound",
935	           "Index":3},
936	         {
937	           "Container":"MMM_Outbound",
938	           "Index":1},
939	         {
940	           "Container":"MMM_Local",
941	           "Index":2},
942	         {
943	           "Container":"MMM_Access",
944	           "Index":1},
945	         {
946	           "Container":"MMM_Credential",
947	           "Index":3},
948	         {
949	           "Container":"MMM_Device",
950	           "Index":3},
951	         {
952	           "Container":"MMM_Contact",
953	           "Index":2},
954	         {
955	           "Container":"MMM_Application",
956	           "Index":1},
957	         {
958	           "Container":"MMM_Bookmark",
959	           "Index":2},
960	         {
961	           "Container":"MMM_Task",
962	           "Index":2}
963	         ]}}

965	6.3.2.  Download

967	   The download transaction returns a collection of entries from one or
968	   more containers associated with the profile.

970	   Optional filtering criteria MAY be specified to only return objects
971	   matching specific criteria and/or only return certain parts of the
972	   selected messages.

974	   The service MAY limit the number of entries returned in an individual
975	   response for performance reasons.

977	   Obsolete example 1

979	6.3.3.  Conflict Detection

981	   Clients SHOULD check to determine if updates to a container conflict
982	   with pending updates on the device waiting to be uploaded.  For
983	   example, if a contact that the user modified on the device attempting
984	   to synchronize was subsequently deleted.

986	   The means of resolving such conflicts is not in the scope of this
987	   specification.

989	6.3.4.  Filtering

991	   Clients may request container updates be filtered to redact catalog
992	   entries that have been updated or deleted or spool entries that have
993	   been read, deleted or were received before a certain date.

995	6.3.5.  Transact

997	   The transact transaction appends envelopes to one or more stores.
998	   The operation is atomic, that is either all the changes specified
999	   will be made to the stores or none will.  This ensures that
1000	   simultaneous attempts to update a store do not result in race
1001	   conditions.

1003	   Each update to a catalog or container specifies the expected
1004	   container index and apex digest.  This provides a strong guarantee of
1005	   consistency.  The service MUST verify each update to check that the
1006	   Merkle Tree values specified are consistent with the store entries
1007	   and that the signature on the apex value (if specified) is valid and
1008	   correct.

1010	   Services MAY impose limits on the size and number of additions
1011	   performed in response to a "TransactRequest" message to ensure that
1012	   processing time does not degrade performance for other users.

1014	   Obsolete example 2

1016	6.4.  Messaging

1018	   Mesh Messaging is an asynchronous messaging service that allows
1019	   exchange of information between devices connected to a Mesh account
1020	   and between Mesh users.

1022	   To enable effective abuse mitigation, Mesh Messaging enforces a four
1023	   corner communication model in which all outbound and inbound messages
1024	   pass through a Mesh Service which accredits and authorizes the
1025	   messages on the user's behalf.

1027	   (Artwork only available as svg: No external link available, see
1028	   draft-hallambaker-mesh-protocol-07.html for artwork.)

1030	                                  Figure 2

1032	   The Post transaction is used for client-service and service-service
1033	   messaging transactions.

1035	   Client-Service (Post Transaction)

1037	   To send a message, the client creates the Mesh Message structure,
1038	   encapsulates it in a DARE Message and forwards this to its service
1039	   using a "Post" transaction.

1041	   The Post transaction is authenticated to the service by device using
1042	   the usual means of profile or ticket authentication.

1044	   The DARE Message MUST be signed under a device signature key
1045	   accredited by a Device Connection Assertion provided in the message
1046	   signature block.

1048	   The request payload:

1050	   {
1051	     "ConnectRequest":{
1052	       "EnvelopedRequestConnection":[{
1053	           "EnvelopeID":"MDW7-EM2L-BHBZ-76DY-TLRJ-PYBG-MUL7",
1054	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJORDVCLVVINkgtT0tB
1055	     RC1BM1o3LVJZWUwtN1NEQS02N1czIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWVzd
1056	     ENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCi
1057	     AgIkNyZWF0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMloifQ"},
1058	         "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOiAi
1059	     TkQ1Qi1VSDZILU9LQUQtQTNaNy1SWVlMLTdTREEtNjdXMyIsCiAgICAiQXV0aGVud
1060	     GljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlEIjogIk1DRUstTVlWUS
1061	     1aSzNHLTdDRTQtWTVVVy1DS1Q0LUVGRTUiLAogICAgICAgICJkaWciOiAiUzUxMiI
1062	     sCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKUkNJ
1063	     NklDSk5RMFZMTFUxWlZsRXRXa3N6UnkwCiAgM1EwVTBMVmsxVlZjdFEwdFVOQzFGU
1064	     mtVMUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxkbW
1065	     xqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV04
1066	     wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJd0xURXhMVEF5VkRFM09qUXhP
1067	     ak15V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V3b
1068	     2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNKVl
1069	     pHWWlPaUFpVFVORlN5MU5XVlpSTFZwTE0wY3ROCiAgME5GTkMxWk5WVlhMVU5MVkR
1070	     RdFJVWkZOU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KICBn
1071	     ZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0FnS
1072	     UNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2
1073	     xqSWpvZ0ltWjFla1ZqYjI4NGMwdDNaR0ZLWVRkCiAgcVIzZGxiWEZJVkhCUmNHTmh
1074	     RVGc0UzFCU01XZFlaR3gzTUdscWRVaEZNR2xEVEZZS0lDQjNVbUpIU1hGTE4KICBF
1075	     dHVRbXh5TkRSVFpXcFZVazkwUjBFaWZYMTlMQW9nSUNBZ0lrSmhjMlZGYm1OeWVYQ
1076	     jBhVzl1SWpvZ2V3bwogIGdJQ0FnSUNBaVZXUm1Jam9nSWsxQlRFc3RVbFpLTkMxTF
1077	     ZrMVVMVkpOVFVRdFJUZElXUzFCUkZCR0xWZFJRCiAgMVlpTEFvZ0lDQWdJQ0FpVUh
1078	     WaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2wKICBq
1079	     UzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaVdEUTBPQ0lzQ
1080	     2lBZ0lDQWdJQ0FnSQogIENBaVVIVmliR2xqSWpvZ0lsVjBhWHBmY1dJemVIQnhNWE
1081	     JOVlRCcVVsUlhSbUY0VTIxRVRTMUpVRUk0VG1oCiAgUGVEWnhkekpMVXpkdVJXTnJ
1082	     MVXg1UjFnS0lDQnFPVzB3WmxvelJYSkpXVFZ6VjJwR1NtRjZOeTEyTmtFaWYKICBY
1083	     MTlMQW9nSUNBZ0lrSmhjMlZCZFhSb1pXNTBhV05oZEdsdmJpSTZJSHNLSUNBZ0lDQ
1084	     WdJbFZrWmlJNklDSgogIE5RMU5hTFV4VlExTXRXamREUlMxRE1rTkxMVU5hTjFndF
1085	     QxTTJXUzFKVlZJM0lpd0tJQ0FnSUNBZ0lsQjFZCiAgbXhwWTFCaGNtRnRaWFJsY25
1086	     NaU9pQjdDaUFnSUNBZ0lDQWdJbEIxWW14cFkwdGxlVVZEUkVnaU9pQjdDaUEKICBn
1087	     SUNBZ0lDQWdJQ0FpWTNKMklqb2dJbGcwTkRnaUxBb2dJQ0FnSUNBZ0lDQWdJbEIxW
1088	     W14cFl5STZJQ0ptTwogIFV0SU0xa3hjRnBRUldSVlpuUnBObU4xVEVSZmNVMWFRa3
1089	     hPVGpsWVMyTlhZM1IyTUdnMFIycEpVWFJmVEVSCiAgUVNEVXRDaUFnU2twWGVISnR
1090	     RMDk0ZDNOVlpIVnZkVFJQYmpKa1IzRkJJbjE5ZlN3S0lDQWdJQ0pDWVhObFUKICAy
1091	     bG5ibUYwZFhKbElqb2dld29nSUNBZ0lDQWlWV1JtSWpvZ0lrMUNTVk10VkRNMFRTM
1092	     URVbFF5TFRVeU5FVQogIHRUME5GVEMwMlZWRTJMVkpQTTBraUxBb2dJQ0FnSUNBaV
1093	     VIVmliR2xqVUdGeVlXMWxkR1Z5Y3lJNklIc0tJCiAgQ0FnSUNBZ0lDQWlVSFZpYkd
1094	     salMyVjVSVU5FU0NJNklIc0tJQ0FnSUNBZ0lDQWdJQ0pqY25ZaU9pQWlSV1EKICAw
1095	     TkRnaUxBb2dJQ0FnSUNBZ0lDQWdJbEIxWW14cFl5STZJQ0pXYW5sbGVURjBaVEJoY
1096	     1ROQlRqVlVORGRNVgogIGxvdE0xbFFhRW96ZDI4NWFreGplbE5PWVhkcldGUlNRbk
1097	     5ZVjNSUmMxTmpDaUFnTlhsb2MwWmFNVTlOWjAxCiAgb09YQnllRVpFVVRsd1dWVkJ
1098	     JbjE5ZlgxOSIsCiAgICAgIHsKICAgICAgICAic2lnbmF0dXJlcyI6IFt7CiAgICAg
1099	     ICAgICAgICJhbGciOiAiUzUxMiIsCiAgICAgICAgICAgICJraWQiOiAiTUNFSy1NW
1100	     VZRLVpLM0ctN0NFNC1ZNVVXLUNLVDQtRUZFNSIsCiAgICAgICAgICAgICJzaWduYX
1101	     R1cmUiOiAiQ2NhWDYzTzZDd0E3ZXhTTVo0T2YtUE5kTTNTQ0lyN0otM1hNVWZfQXF
1102	     NMmdKTldyeQogIHBfM012MzJ2dlFXUHhHcVUwZmdMUVVSc0xvQUFzT2ZaVUNtZ25D
1103	     YXlBbTRFdDZtcFZDZjFEUl9OSkpfSS1kCiAgNHozRUFoemtwUmV1YTdkY203c1lQN
1104	     HlJVDk3V05jUGhUaE92TmZ4d0EifV0sCiAgICAgICAgIlBheWxvYWREaWdlc3QiOi
1105	     AiZldPZEFkWGZlRWl5ZEEteG4tZkNWSlJXcW04UmkyUUgzbUIyWHdUTkN4amMzCiA
1106	     gVWh3OHlhWnVLYkRZQTBnZkZfVHdrMi1HQ3NldFBLc3ZnWmVuUEFzb1EifV0sCiAg
1107	     ICAiQ2xpZW50Tm9uY2UiOiAiaEUxeFlzMVBGQjYzMzhGTEt0WlhMQSIsCiAgICAiQ
1108	     WNjb3VudEFkZHJlc3MiOiAiYWxpY2VAZXhhbXBsZS5jb20ifX0"
1109	         ]}}

1111	   The response payload:

1113	   {
1114	     "ConnectResponse":{
1115	       "Status":201,
1116	       "StatusDescription":"Operation completed successfully",
1117	       "EnvelopedAcknowledgeConnection":[{
1118	           "EnvelopeID":"MDVL-XLOH-2F52-7QOD-OPC2-7MGO-FFAS",
1119	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJSUkhLLTI3UFEtWEpY
1120	     TS1BSkQ1LTVZNjctREpaWi1LRUNIIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm93b
1121	     GVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3
1122	     QiLAogICJDcmVhdGVkIjogIjIwMjAtMTEtMDJUMTc6NDE6MzJaIn0",
1123	           "ContainerInfo":{
1124	             "Index":1,
1125	             "TreePosition":0},
1126	           "Received":"2020-11-02T17:41:32Z"},
1127	         "ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZUlk
1128	     IjogIlJSSEstMjdQUS1YSlhNLUFKRDUtNVk2Ny1ESlpaLUtFQ0giLAogICAgIkVud
1129	     mVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJRC
1130	     I6ICJNRFc3LUVNMkwtQkhCWi03NkRZLVRMUkotUFlCRy1NVUw3IiwKICAgICAgICA
1131	     iQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpSQ0k2SUNKT1JEVkNM
1132	     VlZJTmtndFQwdEJSQzEKICBCTTFvM0xWSlpXVXd0TjFORVFTMDJOMWN6SWl3S0lDQ
1133	     WlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0aU
1134	     xBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJCiA
1135	     gc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1DMHhNUzB3TWxReE56bzBNVG96TWxv
1136	     aWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNklIc
1137	     0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa1ExUWkxVlNEWklMVTlMUVVRdF
1138	     FUTmFOeTFTV1ZsTUxUZFRSRUV0TmpkWE0KICB5SXNDaUFnSUNBaVFYVjBhR1Z1ZEd
1139	     sallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVWxF
1140	     SWpvZ0lrMURSVXN0VFZsV1VTMWFTek5ITFRkRFJUUXRXVFZWVnkxRFMxUTBMVVZHU
1141	     lRVaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJQ0
1142	     FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIaGt
1143	     WMVpLVWtOSk5rbERTazVSTUZaTVRGVXhXbFpzUlhSWGEzTjZVbmt3QwogIGlBZ00x
1144	     RXdWVEJNVm1zeFZsWmpkRkV3ZEZWT1F6RkdVbXRWTVVscGQwdEpRMEZwVkZkV2VtT
1145	     XlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4cV
1146	     dsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppYVR
1147	     sMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRnBE
1148	     U1RaSlEwbDVUVVJKZDB4VVJYaE1WRUY1VmtSRk0wOXFVWGhQYWsxNVYybEtPU0o5T
1149	     EFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNTV3
1150	     B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqRmp
1151	     iVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZPUgogIGxONU1V
1152	     NVhWbHBTVEZad1RFMHdZM1JPQ2lBZ01FNUdUa014V2s1V1ZsaE1WVTVNVmtSUmRGS
1153	     lZXa1pPVTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxkV0
1154	     1GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oVjA
1155	     1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbmxr
1156	     YVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZJV
1157	     m1saVIyeHFTCiAgV3B2WjBsdFdqRmxhMVpxWWpJNE5HTXdkRE5hUjBaTFdWUmtDaU
1158	     FnY1ZJelpHeGlXRVpKVmtoQ1VtTkhUbWgKICBSVkdjMFV6RkNVMDFYWkZsYVIzZ3p
1159	     UVWRzY1dSVmFFWk5SMnhFVkVaWlMwbERRak5WYlVwSVUxaEdURTRLSQogIENCRmRI
1160	     VlJiWGg1VGtSU1ZGcFhjRlpWYXprd1VqQkZhV1pZTVRsTVFXOW5TVU5CWjBsclNta
1161	     GpNbFpHWW0xCiAgT2VXVllRakJoVnpsMVNXcHZaMlYzYndvZ0lHZEpRMEZuU1VOQm
1162	     FWWlhVbTFKYW05blNXc3hRbFJGYzNSVmIKICBGcExUa014VEZack1WVk1Wa3BPVkZ
1163	     WUmRGSlVaRWxYVXpGQ1VrWkNSMHhXWkZKUkNpQWdNVmxwVEVGdlowbAogIERRV2RK
1164	     UTBGcFZVaFdhV0pIYkdwVlIwWjVXVmN4YkdSSFZubGplVWsyU1VoelMwbERRV2RKU
1165	     TBGblNVTkJhCiAgVlZJVm1saVIyd0tJQ0JxVXpKV05WSlZUa1ZUUTBrMlNVaHpTMG
1166	     xEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGwKICBwVDJsQmFWZEVVVEJQUTBselEybEJ
1167	     aMGxEUVdkSlEwRm5TUW9nSUVOQmFWVklWbWxpUjJ4cVNXcHZaMGxzVgogIGpCaFdI
1168	     Qm1ZMWRKZW1WSVFuaE5XRUpPVmxSQ2NWVnNVbGhTYlVZMFZUSXhSVlJUTVVwVlJVa
1169	     zBWRzFvQ2lBCiAgZ1VHVkVXbmhrZWtwTVZYcGtkVkpYVG5KTVZYZzFVakZuUzBsRF
1170	     FuRlBWekIzV214dmVsSllTa3BYVkZaNlYKICBqSndSMU50UmpaT2VURXlUbXRGYVd
1171	     ZS0lDQllNVGxNUVc5blNVTkJaMGxyU21oak1sWkNaRmhTYjFwWE5UQgogIGhWMDVv
1172	     WkVkc2RtSnBTVFpKU0hOTFNVTkJaMGxEUVdkSmJGWnJXbWxKTmtsRFNnb2dJRTVST
1173	     VU1aFRGVjRWCiAgbEV4VFhSWGFtUkVVbE14UkUxclRreE1WVTVoVGpGbmRGUXhUVE
1174	     pYVXpGS1ZsWkpNMGxwZDB0SlEwRm5TVU4KICBCWjBsc1FqRlpDaUFnYlhod1dURkN
1175	     hR050Um5SYVdGSnNZMjVOYVU5cFFqZERhVUZuU1VOQlowbERRV2RKYgogIEVJeFdX
1176	     MTRjRmt3ZEd4bFZWWkVVa1ZuYVU5cFFqZERhVUVLSUNCblNVTkJaMGxEUVdkSlEwR
1177	     nBXVE5LTWtsCiAgcWIyZEpiR2N3VGtSbmFVeEJiMmRKUTBGblNVTkJaMGxEUVdkSm
1178	     JFSXhXVzE0Y0ZsNVNUWkpRMHB0VHdvZ0kKICBGVjBTVTB4YTNoalJuQlJVbGRTVmx
1179	     wdVVuQk9iVTR4VkVWU1ptTlZNV0ZSYTNoUFZHcHNXVk15VGxoWk0xSQogIHlUVWRu
1180	     TUZJeWNFcFZXRkptVkVWU0NpQWdVVk5FVlhSRGFVRm5VMnR3V0dWSVNuUlJNRGswW
1181	     kROT1ZscElWCiAgblprVkZKUVltcEthMUl6UmtKSmJqRTVabE4zUzBsRFFXZEpRMH
1182	     BEV1ZoT2JGVUtJQ0F5Ykc1aWJVWXdaRmgKICBLYkVscWIyZGxkMjluU1VOQlowbER
1183	     RV2xXVjFKdFNXcHZaMGxyTVVOVFZrMTBWa1JOTUZSVE1VUlZiRkY1VAogIEZSVmVV
1184	     NUZWUW9nSUhSVU1FNUdWRU13TWxaV1JUSk1Wa3BRVFRCcmFVeEJiMmRKUTBGblNVT
1185	     kJhVlZJVm1sCiAgaVIyeHFWVWRHZVZsWE1XeGtSMVo1WTNsSk5rbEljMHRKQ2lBZ1
1186	     EwRm5TVU5CWjBsRFFXbFZTRlpwWWtkc2EKICBsTXlWalZTVlU1RlUwTkpOa2xJYzB
1187	     0SlEwRm5TVU5CWjBsRFFXZEpRMHBxWTI1WmFVOXBRV2xTVjFFS0lDQQogIHdUa1Ju
1188	     YVV4QmIyZEpRMEZuU1VOQlowbERRV2RKYkVJeFdXMTRjRmw1U1RaSlEwcFhZVzVzY
1189	     kdWVVJqQmFWCiAgRUpvWTFST1FsUnFWbFZPUkdSTlZnb2dJR3h2ZEUweGJGRmhSVz
1190	     k2WkRJNE5XRnJlR3BsYkU1UFdWaGtjbGQKICBHVWxOUmJrNVpWak5TVW1NeFRtcER
1191	     hVUZuVGxoc2IyTXdXbUZOVlRsT1dqQXhDaUFnYjA5WVFubGxSVnBGVgogIFZSc2Qx
1192	     ZFdWa0pKYmpFNVpsZ3hPU0lzQ2lBZ0lDQWdJSHNLSUNBZ0lDQWdJQ0FpYzJsbmJtR
1193	     jBkWEpsY3lJCiAgNklGdDdDaUFnSUNBZ0lDQWdJQ0FnSUNKaGJHY2lPaUFpVXpVeE
1194	     1pSXNDaUFnSUNBZ0lDQWdJQ0FnSUNKcmEKICBXUWlPaUFpVFVORlN5MU5XVlpSTFZ
1195	     wTE0wY3ROME5GTkMxWk5WVlhMVU5MVkRRdFJVWkZOU0lzQ2lBZ0lDQQogIGdJQ0Fn
1196	     SUNBZ0lDSnphV2R1WVhSMWNtVWlPaUFpUTJOaFdEWXpUelpEZDBFM1pYaFRUVm8wV
1197	     DJZdFVFNWtUCiAgVE5UUTBseU4wb3RNMWhOVldaZlFYRk5NbWRLVGxkeWVRb2dJSE
1198	     JmTTAxMk16SjJkbEZYVUhoSGNWVXdabWQKICBNVVZWU2MweHZRVUZ6VDJaYVZVTnR
1199	     aMjVEWVhsQmJUUkZkRFp0Y0ZaRFpqRkVVbDlPU2twZlNTMWtDaUFnTgogIEhvelJV
1200	     Rm9lbXR3VW1WMVlUZGtZMjAzYzFsUU5IbEpWRGszVjA1alVHaFVhRTkyVG1aNGQwR
1201	     WlmVjBzQ2lBCiAgZ0lDQWdJQ0FnSWxCaGVXeHZZV1JFYVdkbGMzUWlPaUFpWmxkUF
1202	     pFRmtXR1psUldsNVpFRXRlRzR0WmtOV1MKICBsSlhjVzA0VW1reVVVZ3piVUl5V0h
1203	     kVVRrTjRhbU16Q2lBZ1ZXaDNPSGxoV25WTFlrUlpRVEJuWmtaZlZIZAogIHJNaTFI
1204	     UTNObGRGQkxjM1puV21WdVVFRnpiMUVpZlYwc0NpQWdJQ0FpUTJ4cFpXNTBUbTl1W
1205	     TJVaU9pQWlhCiAgRVV4ZUZsek1WQkdRall6TXpoR1RFdDBXbGhNUVNJc0NpQWdJQ0
1206	     FpUVdOamIzVnVkRUZrWkhKbGMzTWlPaUEKICBpWVd4cFkyVkFaWGhoYlhCc1pTNWp
1207	     iMjBpZlgwIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiVGw0NXozMkN2OFZzVTByMTA2
1208	     b2xNdyIsCiAgICAiV2l0bmVzcyI6ICJSUkhLLTI3UFEtWEpYTS1BSkQ1LTVZNjctR
1209	     EpaWi1LRUNIIn19",
1210	         {}
1211	         ],
1212	       "EnvelopedProfileAccount":[{
1213	           "EnvelopeID":"MCVI-2KFD-AQTG-FX4N-O4RN-5OIS-BH5E",
1214	           "dig":"S512",
1215	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNQ1ZJLTJLRkQtQVFU
1216	     Ry1GWDROLU80Uk4tNU9JUy1CSDVFIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
1217	     VVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNyZW
1218	     F0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMloifQ"},
1219	         "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIjog
1220	     ewogICAgICAiVWRmIjogIk1DVkktMktGRC1BUVRHLUZYNE4tTzRSTi01T0lTLUJIN
1221	     UUiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2
1222	     V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB
1223	     1YmxpYyI6ICI4dUZ1TmhjRHFhZXROVVY5S01YWnRHcXlQMWl1WWVYTE5uOVBDamR3
1224	     dHVoZVFVcWJmblhGCiAgSXIzX2lxamt5SUw4VEcyS2JtcWZ2TUlBIn19fSwKICAgI
1225	     CJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vydm
1226	     ljZVVkZiI6ICJNQzMzLVdKV0otSTQzQS1OS0JLLUcyVTUtQllFWC1OM0ZGIiwKICA
1227	     gICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFlELUFEWlQt
1228	     Q1JKRy1IT0lELUhHSUctQ0tMNC03TTJUIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlc
1229	     nMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2Ij
1230	     ogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJLelBFajNGOGpwc0lkLUpzV3F
1231	     1SnktLTUydnRKLWFnNEtlVXdrZDhIeVpDeUNGc0gxYk5nCiAgR0xIUlJrN0ZkMzI0
1232	     Q1d3N0dHUnJHRkdBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjoge
1233	     wogICAgICAiVWRmIjogIk1DVkktMktGRC1BUVRHLUZYNE4tTzRSTi01T0lTLUJINU
1234	     UiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V
1235	     5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1
1236	     YmxpYyI6ICI4dUZ1TmhjRHFhZXROVVY5S01YWnRHcXlQMWl1WWVYTE5uOVBDamR3d
1237	     HVoZVFVcWJmblhGCiAgSXIzX2lxamt5SUw4VEcyS2JtcWZ2TUlBIn19fSwKICAgIC
1238	     JBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFINS1GVFd
1239	     QLTRDNEgtSU9EUS1KV1lJLUhJS1QtQVJPViIsCiAgICAgICJQdWJsaWNQYXJhbWV0
1240	     ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNyd
1241	     iI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiandZdWpLeTQ1Um1rTmNKan
1242	     U1R0EzazdVRGRyem5xb1lrOGhFS2hZOV9zd1F4NnpTSE43SgogIDBLZjB6SENzOE9
1243	     rMG5QMXRnQXRVdFBDQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKICAg
1244	     ICAgIlVkZiI6ICJNQ1FDLU1EWlItM0hDTC1TVklVLTUzUU0tQlQ0RC1LN0ZFIiwKI
1245	     CAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDRE
1246	     giOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsaWM
1247	     iOiAiYlhwa1F4UFBNbTE4UVBvN0JTSnk5alVEeHd6VW9hTnhVYnZMZ2V5SHpTTmRP
1248	     SUFzbDZlOAogIDRaV0xIOE15VWVDLWVuSnBZMVUwRzJVQSJ9fX19fQ",
1249	         {
1250	           "signatures":[{
1251	               "alg":"S512",
1252	               "kid":"MCVI-2KFD-AQTG-FX4N-O4RN-5OIS-BH5E",
1253	               "signature":"NAOTClRNF51SazbgbIJAdlLx8r4qwXSHr4rdeql-sw
1254	     9fIb5fDsmW4jbG-DiKP0S5x8ax1Z6ao6sAYrjGGXrFFRFfgAB2lhC823Pu9uox30d
1255	     vTIS0JSLM_IxOg9khTPLCBr22HUBhyyksvHMqH6zwwwwA"}
1256	             ],

1258	           "PayloadDigest":"CPW9V4gBCAv-rH-EkTtX8aOXZH4nJFkqSZtw84c94_
1259	     FDWL-aetsptBePjOYqttZxnz7VP6KpnXSUfaqvGC9J2Q"}
1260	         ]}}

1262	   Service-Service (Post Transaction)

1264	   The Mesh Service receiving the message from the user's device MAY
1265	   attempt immediate retransmission or queue it to be sent at a future
1266	   time.  Mesh Services SHOULD forward messages without undue delay.

1268	   The Post transaction forwarding the message to the destination
1269	   service carries the same payload as the original request but is
1270	   authenticated by the service forwarding it.  This authentication MAY
1271	   be my means of either profile or ticket authentication.

1273	   Missing example 33

1275	   _Denial of Service Mitigation_

1277	   Services SHOULD implement Denial of Service mitigation strategies
1278	   including limiting the maximum time taken to complete a transaction
1279	   and refusing connections from clients that engage in patterns of
1280	   behavior consistent with abuse.

1282	   The limitation in message size allows Mesh Services to aggressively
1283	   time out connections that take too long to complete a transaction.  A
1284	   Mesh Service that hosted on a 10Mb/s link should be able to transfer
1285	   20 messages a second.  If the service is taking more than 5 seconds
1286	   to complete a transaction, either the source or the destination
1287	   service is overloaded or the message itself is an attack.

1289	   Imposing hard constraints on Mesh Service performance requires
1290	   deployments to scale and apply resources appropriately.  If a service
1291	   is attempting to transfer 100 messages simultaneously and 40% are
1292	   taking 4 seconds or more, this indicates that the number of
1293	   simultaneous transfers being attempted should be reduced.
1294	   Contrawise, if 90% are completinin less than a second, the number of
1295	   threads allocated to sending outbound messages might be increased.

1297	   _Access Control_

1299	   The inbound service MUST subject inbound messages to Access Control
1300	   according to the credentials presented in the DARE Message payload.

1302	   After verifying the signature and checking that the key is properly
1303	   accredited in accordance with site policy, the service applies
1304	   authorization controls taking account of:

1306	   *  The accreditation of the sender

1308	   *  The accreditation of the transmitting Service

1310	   *  The type of Mesh Message being sent

1312	   *  User policy as specified in their Contact Catalog

1314	   *  Site policy.

1316	   Service-Client (Synchronization)

1318	   The final recipient receives the message by synchronizing their
1319	   device.  The message received will be appended to the inbound spool.

1321	6.5.  Publication

1323	   The Publication mechanism allows content to be published through a
1324	   Mesh Account and retrieved by means of the EARL mechanism described
1325	   in Uniform Data Fingerprint [draft-hallambaker-mesh-udf].  This
1326	   mechanism is used in certain flows supported by the Mesh Device
1327	   Connection and Contact Exchange functions.

1329	   Content is published by appending an entry to an account's
1330	   Publication spool.  The content may then be retrieved by issuing a
1331	   claim to the account specifying the publication identifier that is
1332	   authenticated under the value specified in the EARL.

1334	   Use of the Publication spool to post content necessarily requires
1335	   that the content be smaller than the maximum message size imposed by
1336	   the Mesh Service so that it can be uploaded to the service by means
1337	   of a Transact transaction.

1339	   Publication of large data items will require modification of the
1340	   protocol to support use of a detached message body.  Transfer of a
1341	   detached message body is outside the scope of this document.

1343	6.5.1.  Claim

1345	   The Claim Transaction is used to obtain the publication from the
1346	   service.  The claim request contains a "MessageClaim" signed by the
1347	   party requesting the device.  This in turn contains a proof of
1348	   knowledge of the authentication PIN that can be verified by the
1349	   content creator and a proof of knowledge of the authentication PIN
1350	   that can be verified by the service.

1352	   The request payload:

1354	   The response payload:

1356	6.5.2.  Poll Claim

1358	   The static device connection protocol allows a device connected to an
1359	   account to retrieve the latest claim made for a particular
1360	   publication.  This is used in the device connection protocol.

1362	   The device polling the service specifies the identifier of the
1363	   publication it is attempting to obtain the claim for.

1365	   The request payload:

1367	   {
1368	     "TransactRequest":{
1369	       "Updates":[{
1370	           "Container":"MMM_Device",
1371	           "Envelopes":[[{
1372	                 "enc":"A256CBC",
1373	                 "kid":"EBQK-SYQV-OFWW-GELI-2ADO-UIQR-5RSK",
1374	                 "Salt":"ClY0vt4W_qvD-TvvrQJ39Q",
1375	                 "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNQk5KLTNQTk
1376	     ctTlVCQS1LMlVJLTRNQlgtTURTSS1WUkJGIiwKICAiRXZlbnQiOiAiTmV3In0",
1377	                 "ContainerInfo":{
1378	                   "Index":2,
1379	                   "TreePosition":845}},
1380	               "65M_sy0xZ9WEPwSBH57Cd86ZG0DjNeAMANrQv14_Ndvz0lL5K2vkSF
1381	     hJkEJ5o5Dv7slP2A1dksSqw9keNhWm1XRVNZTyhQRV20GNFd8nofQwauTdY_oGK5K
1382	     9tjsy-a9764KKNmt31xuYJEoXGDf0nODX7rK2BV5_xrpzzLGvguWN3DtVx5prHBUR
1383	     8AScuv9h7EZ1eodDrdRMFr_aLIkmxabfpFCRy7HGEPOdN-MUf3f3jEsBHIXdRVEMA
1384	     FzuWHRsrfbz6O0ub3MrHi9Z-U_PZQOALIPYWwJLdhyzqKE_UwU1YkQW_IoIYkHy1u
1385	     SYMpsnABs_bVFTdNWVrrET6BoXEaPS9lGRH1qmSaMMg8JVa6w53IpU8laWD3A7H4f
1386	     w1G82pGUmNq21J0-rrPEuE6VW1Z6ndlvyKmGvaj6bstQq1PKn_I_esK5IIzqzkcDw
1387	     MppXj4XXucXv6X8HZZn5DUlIAZVZNT7du-F7sc427Pyt3imsX0sIuvhcEBHY7FUm7
1388	     mH8_CafH0eEkPqimgY4zzYe4-G9Yj7Vs1iMyAM_d3yJFiyXdcCbhHDd1edD2SpzyE
1389	     HXWtUjR_u7abu4mc2h1cFS9kHhQYSqolOb7a9TJEteWxx-euUbCKhmr3o0xSH36zs
1390	     Zm_ALY0VyMqNeK3WVGdXAaph_H_XvoJ-ykb73q2njTJMa0sN5MhJ6-h8fX5zV8mEi
1391	     9UNMcyll_LEk1NJn9_gdEHqAzbKn2K8DCnRU7u-f_c_R_kUDbYCu_75DLrEAclw0R
1392	     Xx4jSurHkFzG220zsZYuakI4sI1y2IqmAcKgMBrWXL_MHs0xi694X7Y0D6dDZeQ67
1393	     q7XADKYnMPZ-TWYlXkjo4v9HyX06VTzujNVp9nkF6W0LOBeOHnIaA_jJj3d6Z-yA2
1394	     8Apfwl7uTicltUzuOp1eEzBJc-znugDKqGSG5OapGlYs4JPpEv1uu9tHeU02RA529
1395	     cwVhMhiNJKZhc1SJcv2q6CieVlyOdE6veauLoT6KcuxOcuPDfsunUiT_TXob1YxBT
1396	     qbFg9BOyNGonkBppLSNiEM_WDIwgX9CSfZPzeTwQlnk3bIqdS5XBHiXRsTAFqmco-
1397	     2kfEwH2F8XCaIBbnjgYMI1kjc9ltiht3oFheqETuDNhVlqcItqpFH266tWEJXw_AN
1398	     YYurj_iz_VBpxqkhI6AlqIlZnWDxk1w0OqbDxf9p8KLjZBSvzqzuyznzJu0rkvHza
1399	     _2fE_j--iGrWrLANfyPIg7YW1KfW74N-A_fbA5iuMTENCK3zwOtWEHexXxp4mnE4l
1400	     gtOJwuOTuSgD8KplcNlEsIs9gs9aQ_1-RLlEQs9tX7m2LJMFuvZb5zsLFURE1Jz6X
1401	     U_qhgsVwZpUoxkZmwY4vm3vGIKEztlWgYVuT4NlP0XJbrx_Ji1hfMKI2Vx7bum3mV
1402	     -Lqt5D7CrMXhotG7mN103uOe0LhRMvyJM9cDLfyahOKQzG9smBMYCDLPAmwGlTVj3
1403	     _MoZ28aC8z0lSJSC3kCVit2zHQfETgkSS2vXwfWb8D_yUqJ49KLdmCX6-01NtgDZi
1404	     ERHIMRB70Rp9sk_s-s0g_qyqImFCvt8QOq_JsiSXFFKNy6CMqegcobr6WnyxNupiU
1405	     pkHUr0jI2EKCmmDXeEPgssUALJmNpuy-blspldASzxnFuFecJbV-tS9H-EA64DFPJ
1406	     RE0_DLalxboe4U9dYVbnH_HgeJd62IQyI4A1eWgD5YQkDbrdmTAFamZU2C38ikP47
1407	     4HnIR7WfpccKXUu8dvv7Nm8DF4bCvPcckWWR3_QM8An6sKKSHUXYNeP68_cfL7oNz
1408	     1MPx19veR0B0KXt2wuMcypwlXJEzOwLQi-mxrz04VAo3lSoruJG62NeemXsnX1jpg
1409	     C3GghGBQ_mgCCQoePVK1IizYL5eM-1TEuBkg39u7Ah9trzMbX_-tyKnXCTPX2KJH2
1410	     2-j_aNU1bbnHcUf6jw4R00So4822C_FTW52ZX8mVcVu9Rz0AwARqyhN37edfe0Jed
1411	     WGsHc4eT0v2CkhURsBZ4Jmq8w_UOzU99fZhs-FwySvV9nXOcPySZYTa_gcsj5ss6h
1412	     iQAkXdEWPkyfn1SDoBvA9pHYWoXpaeKpd6TwK8bND7BP8CEPGsNVjASDXH9-BDZRe
1413	     PV2xFxTHAU-jcZhSDf3t5z_YEN1XUCgFiReNJSo1QLdFKYL3yqLLz3kybKQfLmCpz
1414	     XI0JpqZyHGM6vIFeWMJeQnnoXFeQdHthUcKhOiEKn7vAvUDt9UvKEVrQbuLR9QNXz
1415	     WPy6MTswz52cTK1rTpqcuJ-tmWQPJGZlnmQln2WGdfcK9wVhvWK7hBxfMPO798sp9
1416	     hfPh34tTTWedgX8pGFmm5wZhytyWjSkQcpKLXkopMeVorg6vEjkVIOJrz7SYuQPi_
1417	     6uxXu9HGcHdwrvYIp1fBUtlHtDaTxoS2kaVrnlDrCsSDDw8jp2sLJEooZsaSLuFbt
1418	     Q9FGfPHB7Kfoba2wv_nXnJiY61TDj-1B78f-p9N98parqaX71_hO8_-AdRruBnoDf
1419	     ITdmmUJfqo1Tamp3GyGEhGQEzbq9E2H6x1GnnSrvmSdOJKV6JteDfmyzPp8DAXnc6
1420	     cA-oV6x_rq6ATHg1s9eFyU93BCz2HSJU8Agn2n76UZJR8J6p4TKsgh4p0dxw2LcTg
1421	     NAdzoln_MSt7yjMmIs-9vHPoo6x24hV12DKenmy-G6GyheSAOfGPJqWRIybQLORp_
1422	     -lw5CCn3xwgoy9guu4HTkJjlidxJPMm3UQfClWIqDVA20iRZReNRsUhJceh0ZgnWf
1423	     -sKlMm9GsHvYJJmFE8HwlldZLiiPtqX4IopSC76MATM-ihkSUTQ515RsFV9BEGXGG
1424	     7swYn_hKQPAJnpuyeAcegQP2gV8EujP0s-ke9nwOImR-AEMFMAPK0pEMr5RjP5GdF
1425	     ie-D8Xt9j9XtYRJhkhSdZ8yOg8hwnw46n3icUVlYQqKP6LOB-2k6H4v5mG64tp3Ij
1426	     7EFQ7xVdz-q9J7OXDaQ0fiwiC3QXlRKh_ogJEUzOAwGYgzMlsRbRwFVeBCO2fG8PA
1427	     0fvxXCscJR7gT7HtDWOMAXOFhMfKQweQwKKianf7YD0DuHvJ1tr9SOF5DKQNyswSJ
1428	     u1ow6-ZeLBj2gSLKV5XCAr8-ffJToEACuKTy7Y7m0joyyAk9BuN8kw1xth2xfU6-0
1429	     pROoQkF-diciab4T3Y8yQuxyxnSm2j_ckG9Tjh1FSim57nq1C48DJLo0oc7gOAPID
1430	     6ZpoG_o45L8lui8pQDq2gPWr50L9FHtKCwhgGw8xMsR-dVQUazHFF_xl90aCfpPnh
1431	     HH7ZaoVIswayE0LoK0oixCpmA2s_cwtVcc6ihYcovIq2x7ZQy0WF0dstEfthGtfap
1432	     HYjXT05lQ3XEoIEEmcwbra_2D47bSw94_ohq0JrBNkAVDzr3zJiI0armVggmLWMxV
1433	     zcZBXLSAUGo6GN0ecUCsQUsaVXP7vb2m5lNE4tA0W9stXnqcXiW4rd2fETu6XTOMU
1434	     9ZKx18K1pEI7WxQRtSYCKZNv6d49SYSgQw4R_Ojz3Trtax2k3qPA_6LBA4HIbPTOY
1435	     D-4LRwwpoDd4x3ExAq429AASyyMBx3Hn4Ot-aISnTvfyq4W8-KQgsuUuxPgXjkQ_W
1436	     1rCGv_4bRtJTvtgcYXV5247YRKVjdMAjtrwO2cfGJMLniyevHw4ieO0bd4HXRWcqk
1437	     Q93r1s7IGPtu0W99dguuEEMG5aB1q36szsbZMFVZh8rD9d3SGU2icA5Xn1gDWym-8
1438	     hZcwlKGh5bBg8xCsvTK0oBkqPkTDJteuXANdCgwOWG52Mtp6sRtBIqUmspwNCvikh
1439	     _4c-DHWt-xMEN28Fe3J8H1dZFCV3tWhOdW9nLavRKDKatntMdeBYozxqhFrEx0H1e
1440	     ICJ935vFothS3XL6rkE89LIhoFQD_8gi-BNc8YNwB3FOXWu110CZITFcsHg7Xivzp
1441	     fqhGvylNR7k-z157Gue3OaqUlmCbrBaqLrKv_20AT-ZlUWJ2n1t-DVlNREUC1DYTV
1442	     sgjbdtkLda6ZhwX9jaUA0kJDfE9sPGikDnElg2mjwiiCd55dAXKB8QTlRwYkrNxr7
1443	     N8x5QqWhQSUGIkRQbHKcra2svARmW8HOJDKk4wJn6lk1Q2TCsWjChzjjLA8rwSc6u
1444	     ga_6t7soye5iII3ZwgLlj8t6x8fj0x4CNIdN9uGtOzr6OgyYiuAdKSengLwSWDWXL
1445	     53nXl-y88ME4g68lsQvV_SLSjxSiEA_6wujlX976SEI6QsTkoCKDXe9hfPwZ2n4wd
1446	     O8Ys0vstDjQcDYaBh1yYxn8ND52W0oIjseGgpJqAIm-1gP1iFJRr4fIRTJKYZy0t2
1447	     c8zmYrAG61MLkE9IStJo2dXgvdkdKIVXMoYDzvBdIsjxF5IuBMZkrdR48OZ4qFMH3
1448	     tKARrmbNDvXqjrzk1-RvLdhT2tYPitPwLpweS58Fqgp-puRF6fCZDZsKEVQH5JfMK
1449	     nhLAfFRnVc3Qv2HNbQvQYbTCj49d8vKu2V8QRzxRp48-cOxph8XvA0Zzme2xQjSmO
1450	     ZcEZ_n8EcAyzQUKal-d5b3CMAYsJHGSJNVXp7nS7G3ZidXcqnrOqIXGo0xnyoiJYC
1451	     l2nCliqEJw4epjFvE0aRow6g_TXAZuvD2B_mv1PrMrLRf7RUVn-t0KxOPOqo115gV
1452	     us8XGaa7ehLldoFdwiMoDzqu7wxG0MgiFKbT62F-B2gI5GrpoOY-a4GzuJnuvr64A
1453	     9L5TPHnYB5pV107yvM_UaElLolPkczhx-CBqSUBa23mpLYPFweKW4-Tgw9q1FicD3
1454	     FKQxwb9kndIbaHYPHmcmqRgDtWwcbwoAsXiPCKCtI4qOVEvS62xa9nwBtCzAWyKlz
1455	     cvYuN7BuQbnh54Tv5u_eXsf9E-56xfzUYfDqie6RG_TE2Lg8gQJdjH4NMS6wupYkZ
1456	     AvpyWjHyfW3hleE2cCPHqXlHfYNX6q_gActDsgJ7hDN_3G7qwTUpAgOYVF3zugWxI
1457	     ii6ZmXaq8dPAKHK5tBzjJOWQ1DS_gBOB1g4qTJtw6f8lD_9dIRbu5VISkplzRTDcI
1458	     HpDrce5oUh7lfumoP9vmF36r0NjMPAlPWsqpYc3SAP3ScVW37TnxECYGPruxln5Pu
1459	     xgR3VHxpJz11ijbOBUHOhiIcu1RWBNtT2CLN3EwNrUwRt9R3YK0gx_eacQnNoWAZI
1460	     OZdZZAqFBb7Kk0713M98bMmjSCtgrAE0udxjh_RZ_IxbPfClvaWH22ZiJrtXmkE3u
1461	     BNA3ynM4jeVLKlSC-epe8ejL4BmSUS9_oXeKjMl2NZIMqnwvyjpPxlIYqcnXWIlLg
1462	     qsmOXJaHf3SoHqi_7jC3Oyyy_-swTGtPSi61ShaultsP7N9c0BO1JWbhXa8SRGCji
1463	     EB_XunKOlA2OOo8LoUhJ-zUK-eweajby2knWGl-J1LHhwL3PVgeosBq_jlmes8e7u
1464	     IZlK5Qhlc2rlA7EBFs8xwDnaXlRe__13qaeryxRDGznGAwE3JuMFRUJukGLtfp9xk
1465	     WuAlOVJVQbfQnSxX_dFAkJo1u0j2yR_14HenqLQkT9jxbyFYq1e-zLMXh1HI07JRK
1466	     AImLYzFktu4Jw2htnwsPFe1TyTQvdscjM0U4sOiD_EazpHU-9OhWGT2DxW8yoaV88
1467	     AgB1l8EscPicCmOWFrLaCG4rAnlHQNgg__TvhbZGpTO8qJDRfNnPD2Z92Wh7tK5oE
1468	     QL60Mkrpu0008AECtmd-w2-ECTLgXeOgxdPVY_vYS0AbQWhrkRwFrODEBy7UcXoRz
1469	     R64IxyiDt6PfdkvwTMLffQPCrvpVbwmI6_yaHFPXe8EC0-7Yq55jVnEDuD5NBiADe
1470	     z_BjBCfwsckX3HhcRAUyZ2UIe_JmnCYlaTr91h7lCU2qCsSJc0lmIsDGmUKHl48Su
1471	     vl0zFYLtuHitancmQ-FUoY5qjOuCnO2v4EqEN_5ArGLwdzpEOodNxiKyY5h1S19TX
1472	     2M8qrmRdzWmKa7cUS2inCqQUi9GnJp6Vb29JDN6WyUr7elyA7Xu0qKBPXoS-Thktd
1473	     ZIJqqb4RsfTBdD5plVzqWMIIhn7MmFG9iro80ioLcm1gr-wxpQ2tnerg4g8vUi5vS
1474	     EWXw_w0Ttp8_Xij3D73CtScw_V7X58E1nnTHjq4bkNUsydJ5xZr7SkU80-QMe55xS
1475	     OmqTEMWgeUHft47R3VYEGhFVlQ36Kdk121pQs3wApXtaEynftMo5kpc6ConK1YqR0
1476	     Yuw5ntnpWdE0Hpd9yhQ-qnPhwokwiasmDZutxlh45PlOxGbuBd408xu0hyN7W92CC
1477	     BnvRcRWZKbOvugADGeKpufmznsUtTo9XSdQ1ojP8ZxU4QSLHPcaMpX8f1L41VUiTe
1478	     maXmuelntWzjTXmRD8e0kn9PNQrYCvRWz4vNDj7ASTHqYFdHmCmr9wH0zSAOLuddn
1479	     o8bX0mWoB3SEkx-FLvJu50_A4falaU8WJopvA2z_GLJoPsxletclDf7RZAZzoQE0a
1480	     ti-UHxU2HmeW-68JGgDuN6j3TOJoC_jdJzfJSWxS_qfymvM_uo_ZTuJ9l3Nj3ufny
1481	     Ou4yg7g422mM166dVMjiFrLtOZBC38ewaodrNTzaKicc_418bBai3-lSd6S8JHzoP
1482	     NiBIfXPf5ycr6R_CPEwliWLplGGBtd7thnuKBVsn-vovhw7U4qM580zMQBKNmvW00
1483	     cq6rBZ7HNb7KcDznXXrVj1LFr4bgRk8cNxyPKlhhRzUslmpz9T-tmx6UUsH6Fh8tE
1484	     mL1FMd9RpDg5qIMRGpNqZFYrGWyGn4rS3gvbqrBhh3UE8eBTHpEkaadWXeslkHN52
1485	     Vz6gES49N2XkfkeCFq7FqaHmwuIwfmycA_O-iIs8d22U7ekr1KMrSU5KA67bBeq0V
1486	     elVI6UmqQLEfXIt_4NnEeGPD1gOfIVc-1sNCfnHn0VMQK7dahkvWV9Ar171Idn54D
1487	     6K4Hysh3Tqz0iWIhHd3MRR2ABnWrWy-RqhrZKAwx6pd8sQ6IuPoY7F3pZ7F67ueNU
1488	     8u4xSspnQhyQJTDHQYqpGw4i-Gl89XdnUje2GOpyoHfh6kL2DWMpMY32Jn8HoX_f5
1489	     Pw7OcJ6gwpi8ooPvx-5AmFLWH3zF59i-bHGWTfsgvjp4TCYF4sGGmZ1Y3qXmSRYcp
1490	     dg_CcDgYLtFyvu4a6h-Kg3_1Mc9bWuwS9j5zDiXLaUWf3baxzrXRBLdpnLghPZLOq
1491	     6HMPvkQKQ2t7kBCoGDecJiPXCNcQf5O9Psyb5JSBhVxyzZuSJK-P6WEIBCwYcDtnJ
1492	     lHAA89_J8FlQbmUPK_TfxX8uiNGgdp7CQJviL5IW2DcGbjYMdCwVnvSKDKaK0KLNj
1493	     DbiyBOhelcTT73wfXjn81qCSemUgdn4C8eACGdwNhyH71kUf6i8sVtBJv1ClzY-3z
1494	     BRtrAUJdNs8GVcHL-kUuc5IKxrPIBGY-SrjkyYLKOWeN2oInsj3gcVm9g1FX_8_FG
1495	     DZxVerSo8C-FC-2I5M6j1pO_VELZzisz9FEiYUmyantmwVFXGWQOv2FcnSdA3VC6w
1496	     puDr-TCNQFUoRILtCtLkx5hGlxWFOXMjA_mozhM5dAnQ95iopr3Yb7ZrUf_YoRfLK
1497	     YSckvxaVW7M4c08B3YBWeHLGnepTQVLKbYMgZenJpsEr1GlF35BKJYz4aSKlaTBfk
1498	     faQMRNk5rrC0TqFRdmkkr6LiF1WSfWQcfBgzVDlIpC5JVjc_SUeV9Yjd7vkRhyAuH
1499	     X7dWGEyiKte0GQ2RmeWHsAXDT34PT1j0__aj9njnJGCTOAVIVZjpPJR-f3oHUObgg
1500	     gL-wQvgSkBOYkM9C7_CusNX100U8FezhpUPWbwmtIPpV3-yqdhDUNlyTOVe-p9Dv0
1501	     PF11dGan80M2PCrO31AX-r8C3m1EhzCzVDwmPHyOEXo-YBQSJ2Kafr7UQC0A5DltG
1502	     e49aK9QFQCrRsLt8m-GS37UroV9RhBnoqFyJWkwnbPGz7y_o5dFljM397VbU-SknM
1503	     v7cK675HDKom6IILcpTlujUyYSg5Q6Lc9SJUUr7Zjd16TTgjvarV-zz9vx0eoll_9
1504	     b6FP-Vm5-CmDMzHzXO53AWm32sP02GnzzbjNYcGL8RrlfuS0zc0jTBgmnEs-0Pvl4
1505	     nJwbv7s4IDjRDLakAC7RGVNp5cCsQTLJLZxXXplSs3XbT3NefUSjQSxJ2qp42aMdn
1506	     wwBt-5GHaKDkNidTPT36-e8-fWmu5Pn7Od5g8VpD4oA4qG5acsraEyGOjEG9CXDMp
1507	     m492eMXP9Vgxr3b_Gik0tWeMaNOx5jfy4qO8dETL_gXwW0FTkT5sxLdpHoQoEBEID
1508	     2RY9mOLMFLWfMAAeQyicsf3u6Uy_0g0sS7ZIy1NZLG8peQL-Bk8f23J0cbfIQAu1i
1509	     wsYQfUhGUVASKAvBeV7pYaeQx2ldDllkJZzMeHum_90al9rI16V6ln3afRJHgCN9C
1510	     fs4cPzyqjz657bkv6anBpbOkMVjy160TNszlhZgTwxsoJ9DzdrtQEjyU9sP5pSR7J
1511	     U8cK-wISBol5Wuh1-fHpmgQ7066nMOnl9ZLLZXJEiLhY_C-8Ps9M0ekjjSct8RBNR
1512	     zdsDHQ4V5ad8fRIFUVX--3_h6TkgsS0b33I-9QAaN505gy3jUy6NHPI0U6KVia04J
1513	     NEzWD_-ABCgci9wUtXy08PFYqbWTYWQiRsATUFiPFiIoizVWUOX406I05TjtJUqZm
1514	     Tokso8KUxqb_ywZzW0OZ01LU_J0HZm8bwkII8n4-GhzUA784xQgeyk4CdQsZNF3Ps
1515	     LmxekhFzCafVxF7kl6on02yhmNKACtVAEi1_omFSqmD9QUSpb814nmGDjnR6rDQ6G
1516	     PW4MUgGUObBNTQQahKFZ16q_8G3UbdwZ2Tt7G6JgU1s7w-NsiRH_O-Twhs7dMwjMh
1517	     1LKpMEfTxIWpu1W07Dz87iah4vPh9S0VjgwJyE7TuiIO4P1Tbw4wl1UUQ-JNQPqT-
1518	     lqFM2DrBojN8dxP4qdtSdAnNjQh6LnA_kFD2fWiROWgT77cYb34kD679o4erlsa3G
1519	     KVYskvXnuK5ZYfhQHidekY31ZyYm_AzViXKw0zWCEZg-CgBwMdAHFXv_YWiP3vmIe
1520	     YrXx94cqWLM-L4NflaiAG10lJGsgBTnnNMwWIngTumx21WhkfxNkZW7rUZoPWNndk
1521	     GkmHCG884Xerr-VFSQwwlwRRn6LaRPRYLVpjdGFBNRfrkxTT2gNv1C9fy1kY7nkYt
1522	     Efg-iowIgwkldU3EIV3ZkNUlTUfTiYhgwO4OfQ6rg_NqWNpIP5HhbPYU7QbMd_val
1523	     VPWA6h8C-XN-mS_zyy70xEUpPjaTYIfSd1RZ-DLSkvyvR_7eUFY8Jt8w3xChqcVod
1524	     6bJ1iLh33RJ2AU2r2ru4m9enTTgfSuqVLdE3yFZXydC3SQyb2UYmTXweLJ-ZhdbU-
1525	     r23JlFIHRBa04CpqS7nbZJgn12JuIpFy7pcelyLf6YA7_WfhdOXy06hoIEeYFl0Q2
1526	     FOxTe8jlZqcUZn1L-O3URd_zSmc6SV4qwcpI0uDoa-K2H_IDxPo7xPwpkdqNTKPJp
1527	     ov7EL_gOGbCxfEs_6tmMZLzBzJmt91Gw7gjSaiQp3bW1-zYopCW9QC2pLCXBCM51N
1528	     k_3lyiYWWwDOGvaVyeaa5LHVbiMFWgsexCf-lCUNa1UtZQWYxmQLLHYwQqHtQsOlb
1529	     XH690YRY0e5-9E2lxG7uElQXEK2n0DwuNAS1RMu8PBuXnp2EoFQpg9m9S30-mKBKQ
1530	     kteXyduPoprvjkhi5vsQuT8FFKOr9pAkjpPy0EhPfWD57iFN4G64BBG7xHslm5vzd
1531	     T4HIPTDOgYIVLywOBee-YQHvTUwp0PsO79q7cIerjI-52VmcrOn2fjY7aJf4jdEiu
1532	     zBTweVfSzn1qqptB83aKAbp7FoSjcBsX9w-abS7KpxOUHMjoHM8dViQ2vsB2NqZlX
1533	     TC03pHKbekCOLRD0WJQAUzmiR8XAo_S_A423rV7oh_JsO88rP5LmUS7NOZNqwTRhG
1534	     mfbpU6R8-QOoZ7mBvFT51bigvPbv_u7xUHVEL44mQFTAYQ9Ltl7eyW7eWiHNfI5ke
1535	     0WSpH_2aeVKKUU9xDYtELXe8D7u3pbSONSZ7B-jSP9S8DdCZYTXcbRssW1z9Vt-4U
1536	     0fgckFtUVuE-xc9nu-fexjY5nNpcXapIjKf0oO0Q2hReunI_WyE2BQyynv6I-6KBO
1537	     z-zZdJmsfAUqzlOdtFEsyv7sx8oAUnBSpQr9fKAct9SChdYL78vO-DIhR-tyrLEYz
1538	     cg6eGMpZOK9wIfBp94Yg4M-QDFVsDP4c8GbC1nuriw2MTHb084DkGFRmF49r4fua4
1539	     BbfvCi26kwJmnIj0bUx39fWgxUIkLxQN3Rb7tRHHajS9PzRx1GRczDd8n8Ur9moHS
1540	     W8_HSlNG-kF3uX3R8gLpXApItKnZ-5W3RrabryOYE3blOax5weyFUqH3FQQDG3NI0
1541	     11s99vlGfw22vvDhYf8AaG5pBPreWxuuddkmpnCq7YsmE1zm_bv206CMBbaZCsiSr
1542	     jWoHRM46783XQRN20iYztNRon9w_uWQ__pbpD09jn0OuQu_N9prYOTflA6OdveJzZ
1543	     eszz9muMI4ZOksDXgWt8Skeacvyc34fjrNAxqyKIODyVWHLoiBKjefqrd2gtHLORo
1544	     O8-_OKYom0HEaHqZSC85cJoe6hmifQb62U4gRRrW1u_7w-WylB2HgY85HWdSwxmsC
1545	     OYjNx3DVrvMrRlJHZySuoGw7Gj6WpWGoDBCsfU5iiox7JQRcHPV2z5IAnHA0QAsUX
1546	     XT0O5AVIiGsjgOxGxti3NcynSgjtoLU2x_JBJ10OuSe_ew-HSXs2ur4nT4VwdpYBv
1547	     xnFFf5Iemh37o6mO-orxsOR3bBufkhfQr7-46z6OUfW3B_Wt73T8MxfJQPg5TugPG
1548	     txdaIMhSG_ZNzRNxi6i0d-tueygRYVc0loDawpatlsEdOzGZYVfWMOgUN0ap02sCt
1549	     XGIMukoSjq4fPOZJVvvKbX4Bm5zYXIej7iFvlh_m5INOdsH_ZRINEEhysJoek3owT
1550	     GPuFWLa5KC0Uz_4s05p7_5EqwPhJw1rJ1J4nwHuykpSXrSBdRhC6LfCS2dbfPzi9a
1551	     2TDZO1ezc3Q4Sr7JOmH0Mct4nH_qQggc7rHbJDNpPl8nI4aNUblSNS_kPzZQlQzqo
1552	     cuw9nURV0miQyLThg7Zi0p9Y01A4Gir2-ZVgcmGE67dQJ2AlY4srjMatwScjs6KI7
1553	     nkh9VgdBNMInAoRKDSo7zTzIjLySXZRVKzBymvLKfWu48G9AO6a1_jkmOXOxRwHKR
1554	     x0CmZkygtDBjN3WfHvZyUEWxKDD3uTxCHWUjbMxqqOIXiDYBQsuSFjKFXTb6D3Mn8
1555	     QwTqXTxE86hiX2UaDxKoVHNZFobU9ndY4ZDabuKlf6w3tYiIxwGk4aCK95P4fRwZD
1556	     4h4ccCb4FnUFAbWjhVQ1FYIvdkUXXnylCm46hpWAM8om_bCghRdSec34jcbyGEQ-a
1557	     qwSkpbl1k50XJIqwIGIJ1K8HmViRBW1di01mhROZ9iEkSC_pJYMgirINAVoUjkhcA
1558	     SwtQjiPtrSkD48qNEU6Wxk_TdhlPzVGTATDj20HxBPlu1vcSPRVIJYhh86jKrELUH
1559	     Itfuhd5hDQjpMIJfOjw9eLRo7gErek-CWfa3jKHyWvitmjfGFZK_rvkFMSakYY7ho
1560	     vgGG1PtspvvNMrOU7KKujtP4bDkLXAkYhy-bOmuNlzMLA3YRaBjDPUeOq-hNTAXKa
1561	     7HoE8NMlUoTf5Il5f2ZNjP9rK9nfbBGnhqm9yHfA4x5R5f1NFn-k5i3pGqiL8CG2f
1562	     cl12-GftVn6H-Lz5UleyUadDmJipJbBhr_aGSy5tFYRgkG1_8g0AK_6ZTdSDAViCa
1563	     fca0pPrXyirCV6r-1j0yr78aWnQJfMEQ3N9RG6lgDq52x2SF_NZLsRLnD961EHxd9
1564	     pUYVZ0_Wj_Iz6DM5pMGCL3BiKg9-uu-OtLv-LYrs1Cp7kKmEIIMcTs6zdhbHAPdEw
1565	     3qHs2VPgSoUiIWUhnrSy5dVFju1o31p1ssrLJvmYKpQpt3GWpBOrdo1Nw4jYuCwBU
1566	     1qQGiqwaezX7ZtqJlqCjO5o5TgIHfrH_sILqbUnksMKR6Qt-ZyPru1RViTcGWVG-o
1567	     OoQDRNF1aEfbQcH8b_D2HJrUjeC2tplPWS1U-CDfH2yZ6U3ub8usZ5srAMqyXJYpG
1568	     HXeeWh8sPWMHNkkTMvtQLkz98gdLEDYwwSYLHzrpqi8JJU4Oc5tWCmo-0YzTWfBXE
1569	     24ksliLgTW_GYFn2JUhnqYVKMBr6Aq4axGN8S9Y1SwvDU5aee1lTDHw2_TS9SjxNS
1570	     ZuNmRSwx1NdT8Bb3lWku4y1oBxlcph-OYoDhBHs-oHsiR0RTtAqKJz6TpmOvkkuzb
1571	     KK2AYg19Pq4B",
1572	               {
1573	                 "PayloadDigest":"QMPBj6seeYHz0Qsm-ZbIACc2Kt_yv6iRCwBr
1574	     VzMWsJxppQWluV4n0pwfVkoY0AxdC87mA4nJ7I1e3VDjFwDF_w",
1575	                 "TreeDigest":"2J9OgvdgKNPzRLZwl5U6m1fkbYqsmIi83OoG2P8
1576	     Axca-GYjfFByypNU0-sS9RiqQtn9cWuuXw9jnkIrYum9TwQ"}
1577	               ]
1578	             ]}
1579	         ],
1580	       "Local":[[{
1581	             "EnvelopeID":"MB5Q-B3IF-WZUQ-2QFA-ULYK-4NYZ-7IOC",
1582	             "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNRFZBLTNBM0QtSj
1583	     NYSi1BSkNXLTI2SlUtNkFLUy1RNTJKIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVzcG9
1584	     uZENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIs
1585	     CiAgIkNyZWF0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTo0MVoifQ"},
1586	           "ewogICJSZXNwb25kQ29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOi
1587	     AiTURWQS0zQTNELUozWEotQUpDVy0yNkpVLTZBS1MtUTUySiIsCiAgICAiUmVzdWx
1588	     0IjogIkFjY2VwdCIsCiAgICAiQ2F0YWxvZ2VkRGV2aWNlIjogewogICAgICAiVWRm
1589	     IjogIk1CMzItRkNCSS1UREdELUpTWFQtM1FYUC1DM1NKLVhIUk0iLAogICAgICAiR
1590	     GV2aWNlVWRmIjogIk1CTkotM1BORy1OVUJBLUsyVUktNE1CWC1NRFNJLVZSQkYiLA
1591	     ogICAgICAiRW52ZWxvcGVkUHJvZmlsZVVzZXIiOiBbewogICAgICAgICAgIkVudmV
1592	     sb3BlSUQiOiAiTUNPSS1YU0dYLTNRUDMtNUY2Ny1YSkFHLVJJNTctMktRSiIsCiAg
1593	     ICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgIkNvbnRlbnRNZXRhRGF0Y
1594	     SI6ICJld29nSUNKVmJtbHhkV1ZKUkNJNklDSk5RMDlKTFZoVFIxZ3RNMUZRTXkwCi
1595	     AgMVJqWTNMVmhLUVVjdFVrazFOeTB5UzFGS0lpd0tJQ0FpVFdWemMyRm5aVlI1Y0d
1596	     VaU9pQWlVSEp2Wm1sc1oKICBWVnpaWElpTEFvZ0lDSmpkSGtpT2lBaVlYQndiR2xq
1597	     WVhScGIyNHZiVzF0TDI5aWFtVmpkQ0lzQ2lBZ0lrTgogIHlaV0YwWldRaU9pQWlNa
1598	     kF5TUMweE1TMHdNbFF4TnpvME1UbzBNRm9pZlEifSwKICAgICAgICAiZXdvZ0lDSl
1599	     FjbTltYVd4bFZYTmxjaUk2SUhzS0lDQWdJQ0pRY205bWFXeAogIGxVMmxuYm1GMGR
1600	     YSmxJam9nZXdvZ0lDQWdJQ0FpVldSbUlqb2dJazFEVDBrdFdGTkhXQzB6VVZBekxU
1601	     VkdOCiAgamN0V0VwQlJ5MVNTVFUzTFRKTFVVb2lMQW9nSUNBZ0lDQWlVSFZpYkdsa
1602	     lVHRnlZVzFsZEdWeWN5STZJSHMKICBLSUNBZ0lDQWdJQ0FpVUhWaWJHbGpTMlY1Ul
1603	     VORVNDSTZJSHNLSUNBZ0lDQWdJQ0FnSUNKamNuWWlPaUFpUgogIFdRME5EZ2lMQW9
1604	     nSUNBZ0lDQWdJQ0FnSWxCMVlteHBZeUk2SUNJd2VFbEZZVU5KTWtKQ00yMW5Ua1JZ
1605	     YW1SCiAgRGRWVnRORVJZYlVoemFWTm1WMHQ1VUd4elltUlNTVFYyUkdwd1ZuaDNSV
1606	     nBPQ2lBZ1ZXbGFUbk5STlc5aWQKICBsbFVZMlp5V0dkTVJ6VklOVmxCSW4xOWZTd0
1607	     tJQ0FnSUNKQlkyTnZkVzUwUVdSa2NtVnpjeUk2SUNKdFlXdAogIGxja0JsZUdGdGN
1608	     HeGxMbU52YlNJc0NpQWdJQ0FpVTJWeWRtbGpaVlZrWmlJNklDSk5Rek16TFZkS1Yw
1609	     b3RTCiAgVFF6UVMxT1MwSkxMVWN5VlRVdFFsbEZXQzFPTTBaR0lpd0tJQ0FnSUNKQ
1610	     lkyTnZkVzUwUlc1amNubHdkR2wKICB2YmlJNklIc0tJQ0FnSUNBZ0lsVmtaaUk2SU
1611	     NKTlFWcGFMVXRKTWs4dFdsUllTeTFZU2tRMExWcFdTRk10TQogIDFoU1N5MUNTemM
1612	     zSWl3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0Fn
1613	     SUNBCiAgZ0lsQjFZbXhwWTB0bGVVVkRSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM
1614	     0oySWpvZ0lsZzBORGdpTEFvZ0kKICBDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDST
1615	     JXRUZtWkVWTk9VMTJWMDlWWlhKa01HTkNjalZLZFRad01UYwogIHhkWGRFT0ZseFF
1616	     tTTNkbE53WTB0ck5uUkNWazQzUzBOUUNpQWdZMTh3ZVdZeGRFOVBRVGhRWkcxNVox
1617	     OTNaCiAgVWxLZWpoQkluMTlmU3dLSUNBZ0lDSkJaRzFwYm1semRISmhkRzl5VTJsb
1618	     mJtRjBkWEpsSWpvZ2V3b2dJQ0EKICBnSUNBaVZXUm1Jam9nSWsxRFQwa3RXRk5IV0
1619	     MwelVWQXpMVFZHTmpjdFdFcEJSeTFTU1RVM0xUSkxVVW9pTAogIEFvZ0lDQWdJQ0F
1620	     pVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2xq
1621	     UzJWCiAgNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaVJXUTBOR
1622	     GdpTEFvZ0lDQWdJQ0FnSUNBZ0kKICBsQjFZbXhwWXlJNklDSXdlRWxGWVVOSk1rSk
1623	     NNMjFuVGtSWWFtUkRkVlZ0TkVSWWJVaHphVk5tVjB0NVVHeAogIHpZbVJTU1RWMlJ
1624	     HcHdWbmgzUlZwT0NpQWdWV2xhVG5OUk5XOWlkbGxVWTJaeVdHZE1SelZJTlZsQklu
1625	     MTlmCiAgU3dLSUNBZ0lDSkJZMk52ZFc1MFFYVjBhR1Z1ZEdsallYUnBiMjRpT2lCN
1626	     0NpQWdJQ0FnSUNKVlpHWWlPaUEKICBpVFVOSVFpMHpRekpKTFRkSFVsUXRSVkpTTl
1627	     MxS1QwTXpMVmRZVTBRdFJreFFSaUlzQ2lBZ0lDQWdJQ0pRZAogIFdKc2FXTlFZWEp
1628	     oYldWMFpYSnpJam9nZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9n
1629	     ZXdvCiAgZ0lDQWdJQ0FnSUNBZ0ltTnlkaUk2SUNKWU5EUTRJaXdLSUNBZ0lDQWdJQ
1630	     0FnSUNKUWRXSnNhV01pT2lBaU8KICBHNXdSRVJ0VW5WYWJVMVNZV2hPTjJGU1dYUT
1631	     VZVGRuTUhCSk1EUmljbUZhYVZWWlUzRTNjR3R4TURObExYaAogIHdhSFJvUXdvZ0l
1632	     IZDFPRWxNVTJsUlRESnVSV1ZqV0UwNVVVbEtYMmxYUVNKOWZYMHNDaUFnSUNBaVFX
1633	     TmpiCiAgM1Z1ZEZOcFoyNWhkSFZ5WlNJNklIc0tJQ0FnSUNBZ0lsVmtaaUk2SUNKT
1634	     lExVlNMVWN5UWtFdFVFRk1XQzEKICBOVFVwYUxWWk1XRFV0UkZFMldTMU5URVF5SW
1635	     l3S0lDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pTwogIGlCN0NpQWdJQ0F
1636	     nSUNBZ0lsQjFZbXhwWTB0bGVVVkRSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oy
1637	     SWpvCiAgZ0lrVmtORFE0SWl3S0lDQWdJQ0FnSUNBZ0lDSlFkV0pzYVdNaU9pQWlUR
1638	     jlPU3kxUmVIWTFZMjUyUmpsQlMKICBFWmlXbnBRVm5CeFRWQkJZak5tZDNWMmN6ZG
1639	     1aekZPWkRCS2VXVkVWWFZmTVdKS05Rb2dJR3BtYUd4bmQyOQogIHpWR1JIV2pKaVF
1640	     XeGpSRlpDTFZsSlFTSjlmWDE5ZlEiLAogICAgICAgIHsKICAgICAgICAgICJzaWdu
1641	     YXR1cmVzIjogW3sKICAgICAgICAgICAgICAiYWxnIjogIlM1MTIiLAogICAgICAgI
1642	     CAgICAgICJraWQiOiAiTUNPSS1YU0dYLTNRUDMtNUY2Ny1YSkFHLVJJNTctMktRSi
1643	     IsCiAgICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJFZ0kxWDlWNXhGUjl6cHhGc1F
1644	     NZXNfRzlzZ3AtcnAxd1o5Ym5XYkgwOGVCVFZ2eVk4CiAgUXVTOGR3dUtvVG9CTnQ3
1645	     M0FsZnpnbzR2ajBBMGpkVFBEcnRnd1VXUW95S1JhS0Vwd05yanVzTXFPeWlSQXcKI
1646	     CBxRDBJcUhtajBGU1dDbzNRZFdkQTV4cDdnekpld2lySXFZYmRuX1FRQSJ9XSwKIC
1647	     AgICAgICAgICJQYXlsb2FkRGlnZXN0IjogInpiMlJTUXRsb3ZPSmhvYzdqUU9yb2t
1648	     UUGRHNFp2TDJLcnZxS0tiTXlVZ0V5TQogIFdDcDZMbzExQS1oY183UVJkRzc4dFZs
1649	     MHZCdmpjTjJZVVNfbWlVQ0FRIn1dLAogICAgICAiRW52ZWxvcGVkUHJvZmlsZURld
1650	     mljZSI6IFt7CiAgICAgICAgICAiRW52ZWxvcGVJRCI6ICJNQk5KLTNQTkctTlVCQS
1651	     1LMlVJLTRNQlgtTURTSS1WUkJGIiwKICAgICAgICAgICJkaWciOiAiUzUxMiIsCiA
1652	     gICAgICAgICAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpSQ0k2
1653	     SUNKTlFrNUtMVE5RVGtjdFRsVkNRUzEKICBMTWxWSkxUUk5RbGd0VFVSVFNTMVdVa
1654	     0pHSWl3S0lDQWlUV1Z6YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFVSbGRtbG
1655	     paU0lzQ2lBZ0ltTjBlU0k2SUNKaGNIQnNhV05oZEdsdmJpOXRiVzB2YjJKcVpXTjB
1656	     JaXdLSUNBCiAgaVEzSmxZWFJsWkNJNklDSXlNREl3TFRFeExUQXlWREUzT2pReE9q
1657	     UXdXaUo5In0sCiAgICAgICAgImV3b2dJQ0pRY205bWFXeGxSR1YyYVdObElqb2dld
1658	     29nSUNBZ0lsQnliMloKICBwYkdWVGFXZHVZWFIxY21VaU9pQjdDaUFnSUNBZ0lDSl
1659	     ZaR1lpT2lBaVRVSk9TaTB6VUU1SExVNVZRa0V0UwogIHpKVlNTMDBUVUpZTFUxRVU
1660	     wa3RWbEpDUmlJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWpvCiAg
1661	     Z2V3b2dJQ0FnSUNBZ0lDSlFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0FnSUNBZ
1662	     0lDQWdJbU55ZGlJNkkKICBDSkZaRFEwT0NJc0NpQWdJQ0FnSUNBZ0lDQWlVSFZpYk
1663	     dsaklqb2dJbTlaTmpWdWRuSXdWRkY0TlRaSFZXVgogIFVSQzFSZUUxT2FXSmtRbXR
1664	     PWm1GRGRrUlVWM0ZoYVdKTFMwdHhSRmhpUTFRd2RtOEtJQ0IxY2xobkxWSnNVCiAg
1665	     WEZEUzNWRVpFOHRkMVo2TFhsVWRVRWlmWDE5TEFvZ0lDQWdJa0poYzJWRmJtTnllW
1666	     EIwYVc5dUlqb2dld28KICBnSUNBZ0lDQWlWV1JtSWpvZ0lrMUVRamN0TTFOR1FpMU
1667	     9RVE5PTFRKWlUxTXRXRlJWVUMxU1JrMUVMVVZVVgogIGpJaUxBb2dJQ0FnSUNBaVV
1668	     IVmliR2xqVUdGeVlXMWxkR1Z5Y3lJNklIc0tJQ0FnSUNBZ0lDQWlVSFZpYkdsCiAg
1669	     alMyVjVSVU5FU0NJNklIc0tJQ0FnSUNBZ0lDQWdJQ0pqY25ZaU9pQWlXRFEwT0NJc
1670	     0NpQWdJQ0FnSUNBZ0kKICBDQWlVSFZpYkdsaklqb2dJbWxXT1ZSWmJVcGphVTVRUk
1671	     VSd1ZYcEVkVXRtT0hObWQzbElNRzlYZFdwbVdFZwogIHpjV2hPYkVSa1RFWkVXVkZ
1672	     3VUc0MGFtZ0tJQ0JaUzFkR2FsZE1UWEZUTkY5cFltODNXSG96TUdOSU1FRWlmCiAg
1673	     WDE5TEFvZ0lDQWdJa0poYzJWQmRYUm9aVzUwYVdOaGRHbHZiaUk2SUhzS0lDQWdJQ
1674	     0FnSWxWa1ppSTZJQ0oKICBOUVVwQkxWZEVXa3N0TkVNeU5pMVpWRTlCTFZSRVNrUX
1675	     RRVnBHU3kxVlZVdEhJaXdLSUNBZ0lDQWdJbEIxWQogIG14cFkxQmhjbUZ0WlhSbGN
1676	     uTWlPaUI3Q2lBZ0lDQWdJQ0FnSWxCMVlteHBZMHRsZVVWRFJFZ2lPaUI3Q2lBCiAg
1677	     Z0lDQWdJQ0FnSUNBaVkzSjJJam9nSWxnME5EZ2lMQW9nSUNBZ0lDQWdJQ0FnSWxCM
1678	     VlteHBZeUk2SUNKdloKICBsTmpObFZ5VnpNelZXUXpkbTlMVHpGZmJXMW9UVVJQYz
1679	     JoT05GbFdVMEZUYWxGd2EwbGFWRVZWYWxJdE9VSgogIHBSa2RIQ2lBZ2REUndlR1I
1680	     1ZHpJMVpXOXNhakU1VlVocWFGUnZXV1ZCSW4xOWZTd0tJQ0FnSUNKQ1lYTmxVCiAg
1681	     MmxuYm1GMGRYSmxJam9nZXdvZ0lDQWdJQ0FpVldSbUlqb2dJazFEVkVRdFZGTkRXa
1682	     TFYTTB3MkxVMVpORmcKICB0U3pORVRTMU1WMWxUTFZvMVYwOGlMQW9nSUNBZ0lDQW
1683	     lVSFZpYkdsalVHRnlZVzFsZEdWeWN5STZJSHNLSQogIENBZ0lDQWdJQ0FpVUhWaWJ
1684	     HbGpTMlY1UlVORVNDSTZJSHNLSUNBZ0lDQWdJQ0FnSUNKamNuWWlPaUFpUldRCiAg
1685	     ME5EZ2lMQW9nSUNBZ0lDQWdJQ0FnSWxCMVlteHBZeUk2SUNKak5GZHVVM2d6T0hVM
1686	     GJEbHNYMDlOWTFGQmMKICBXOWFOVkpZTFdwNGNrdzBhbUkwTWxaNFltRTRXbmhvTT
1687	     Jwa1VEaHZNa2RFQ2lBZ05ITjBkRGxPTWpGT1pYYwogIHdUbTF4T0ZCaVV6bFhVMWx
1688	     CSW4xOWZYMTkiLAogICAgICAgIHsKICAgICAgICAgICJzaWduYXR1cmVzIjogW3sK
1689	     ICAgICAgICAgICAgICAiYWxnIjogIlM1MTIiLAogICAgICAgICAgICAgICJraWQiO
1690	     iAiTUJOSi0zUE5HLU5VQkEtSzJVSS00TUJYLU1EU0ktVlJCRiIsCiAgICAgICAgIC
1691	     AgICAgInNpZ25hdHVyZSI6ICJlU0w0dmhad2RTZkJ2eFBzelpZMHp5a1F1WDNkVnk
1692	     zVTVRVmZhNTN6YlE1eUxPZVN0CiAgMG9kUzlFMk5URTQ0M0t2cHhkM1hCSTB0T29B
1693	     YmZDOGdOeXNCaUFHb1FublVlY1VRNVBmcmdtRGdBMUdJWmIKICAzY2tDS1B5NnY5N
1694	     VpHSkNjOG1lcGs3LVg4OWxjenhrZGhsdFJmbGpFQSJ9XSwKICAgICAgICAgICJQYX
1695	     lsb2FkRGlnZXN0IjogImZZeTdSUnBjV3poZl81UlBhLUtCVmNxWE1WQmp2bS1nN2d
1696	     xbEE3QUJBMHZtQQogIEZDMlQ4RjhJb3VxQ2M1RTZ5U3JNYW1BMHBzVGZCcEJYSHc2
1697	     VWZ5ZjF3In1dLAogICAgICAiRW52ZWxvcGVkQ29ubmVjdGlvblVzZXIiOiBbewogI
1698	     CAgICAgICAgImRpZyI6ICJTNTEyIiwKICAgICAgICAgICJDb250ZW50TWV0YURhdG
1699	     EiOiAiZXdvZ0lDSk5aWE56WVdkbFZIbHdaU0k2SUNKRGIyNXVaV04wYVc5dVJHVgo
1700	     gIDJhV05sSWl3S0lDQWlZM1I1SWpvZ0ltRndjR3hwWTJGMGFXOXVMMjF0YlM5dllt
1701	     cGxZM1FpTEFvZ0lDSkRjCiAgbVZoZEdWa0lqb2dJakl3TWpBdE1URXRNREpVTVRjN
1702	     k5ERTZOREZhSW4wIn0sCiAgICAgICAgImV3b2dJQ0pEYjI1dVpXTjBhVzl1UkdWMm
1703	     FXTmxJam9nZXdvZ0lDQWdJa1IKICBsZG1salpWTnBaMjVoZEhWeVpTSTZJSHNLSUN
1704	     BZ0lDQWdJbFZrWmlJNklDSk5SRmcxTFVaQk5FSXRXa2ROTQogIHkxWlZsRTNMVXhQ
1705	     UzFBdFJGVlFSaTAzTmxWUUlpd0tJQ0FnSUNBZ0lsQjFZbXhwWTFCaGNtRnRaWFJsY
1706	     25NCiAgaU9pQjdDaUFnSUNBZ0lDQWdJbEIxWW14cFkwdGxlVVZEUkVnaU9pQjdDaU
1707	     FnSUNBZ0lDQWdJQ0FpWTNKMkkKICBqb2dJa1ZrTkRRNElpd0tJQ0FnSUNBZ0lDQWd
1708	     JQ0pRZFdKc2FXTWlPaUFpZVhNM1FWRk9VVzlXVEVsMmMycAogIHNkemxPZGxCclRY
1709	     RXpSa2hCUW5sVFFsRm1XbDlGUzI1bWRXRm5lREJpTUZkT2FFRTBlZ29nSUc0NE5VM
1710	     VRVCiAgVlk1WTFGWFlrRldRekZOV0RWRFpqaDVRU0o5Zlgwc0NpQWdJQ0FpUkdWMm
1711	     FXTmxSVzVqY25sd2RHbHZiaUkKICA2SUhzS0lDQWdJQ0FnSWxWa1ppSTZJQ0pOUTF
1712	     ORExWWkpXRVF0U2xKTU5pMDNWVFJVTFZRM05rVXRVekpSVwogIEMwM05sVklJaXdL
1713	     SUNBZ0lDQWdJbEIxWW14cFkxQmhjbUZ0WlhSbGNuTWlPaUI3Q2lBZ0lDQWdJQ0FnS
1714	     WxCCiAgMVlteHBZMHRsZVVWRFJFZ2lPaUI3Q2lBZ0lDQWdJQ0FnSUNBaVkzSjJJam
1715	     9nSWxnME5EZ2lMQW9nSUNBZ0kKICBDQWdJQ0FnSWxCMVlteHBZeUk2SUNJd1h6bE5
1716	     hVmRyVDJ0RWJ6RnVVVTUyVWxaclJUVkxSVU5vUW05MVNXMAogIHRMVlF6VlRSa1ZE
1717	     VnJhRWcyU0MxbUxYSjVOa2hIQ2lBZ01qWm9Wa1ZhYWs1MVF6bHZaWFpOYWxwSVMzS
1718	     XhXCiAgSGRCSW4xOWZTd0tJQ0FnSUNKRVpYWnBZMlZCZFhSb1pXNTBhV05oZEdsdm
1719	     JpSTZJSHNLSUNBZ0lDQWdJbFYKICBrWmlJNklDSk5SRWhXTFRWU05GY3RUMFpVV2k
1720	     xWE5FcFRMVTVhU1RVdFNsRlpXUzFLVlU5UUlpd0tJQ0FnSQogIENBZ0lsQjFZbXhw
1721	     WTFCaGNtRnRaWFJsY25NaU9pQjdDaUFnSUNBZ0lDQWdJbEIxWW14cFkwdGxlVVZEU
1722	     kVnCiAgaU9pQjdDaUFnSUNBZ0lDQWdJQ0FpWTNKMklqb2dJbGcwTkRnaUxBb2dJQ0
1723	     FnSUNBZ0lDQWdJbEIxWW14cFkKICB5STZJQ0pRTFVSc05uSktSMnhLYjA1UWQzUkl
1724	     jM0pWWDJsak5UUnliek00Uld4Wk1UaEVkVUZQWkVsR1FYSQogIDFaVXAzZWpSMlFU
1725	     Z3dDaUFnUkRaSWFtSkZRVEJXUjNJdFZFRnFWbXR3U0Y5b1kxTkJJbjE5ZlgxOSIsC
1726	     iAgICAgICAgewogICAgICAgICAgInNpZ25hdHVyZXMiOiBbewogICAgICAgICAgIC
1727	     AgICJhbGciOiAiUzUxMiIsCiAgICAgICAgICAgICAgImtpZCI6ICJNQlNXLUVZWTc
1728	     tVjZLRS0zWk9SLVYzQUgtRE1NNS1KMlpNIiwKICAgICAgICAgICAgICAic2lnbmF0
1729	     dXJlIjogIktDQXY2Wk9VQTNYeWZwWlcwSWN1YzRLZ3FBUFgxWmRLa2V4bmlKREtCS
1730	     UttcmFRRjIKICA3Z082QnF1TXpWaU5ENUJfbU1uYVByV3hMUUFkUHliN0tBR2U4OX
1731	     BqVS0zaVpOblBqM1V1MDVBNU5Bdy1JYgogIDBveVlnOE5yYzNjVUx4N1FTN2J4RVp
1732	     UYzBEQ3NicDFsd1Rid0dnZ0lBIn1dLAogICAgICAgICAgIlBheWxvYWREaWdlc3Qi
1733	     OiAiTlhZSWxqUWV5MjVqQ2RnVmlKUkJUX0VHRTlITDJkWmNOVWc5RHdJVHZzVC0zC
1734	     iAgZTZObmctXzM3UnBYTWlLRnlWQ0VISXRBSUF0S1h3ZHphbjVqTVM0aWcifV0sCi
1735	     AgICAgICJFbnZlbG9wZWRBY3RpdmF0aW9uRGV2aWNlIjogW3sKICAgICAgICAgICJ
1736	     lbmMiOiAiQTI1NkNCQyIsCiAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAg
1737	     ICAgImtpZCI6ICJFQlFHLUtSR0wtU0tXSS1LQllBLUNWS1ItN0hBSC02STJGIiwKI
1738	     CAgICAgICAgICJTYWx0IjogIk1QemhNY0dBTDllVGxCZVdraXdNVWciLAogICAgIC
1739	     AgICAgInJlY2lwaWVudHMiOiBbewogICAgICAgICAgICAgICJraWQiOiAiTURCNy0
1740	     zU0ZCLU5BM04tMllTUy1YVFVQLVJGTUQtRVRWMiIsCiAgICAgICAgICAgICAgImVw
1741	     ayI6IHsKICAgICAgICAgICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgI
1742	     CAgICAgICAgICAiY3J2IjogIlg0NDgiLAogICAgICAgICAgICAgICAgICAiUHVibG
1743	     ljIjogIlNWY1JoeWNhLV9QQkF3V1pHT2hlMVJoVnRWMHdySlRxRFlLUkdNNExKR2Q
1744	     xVS1URlc2a3QKICBmYjIxT2MwcEJPRzJwUmZXYW5vaWR2UUEifX0sCiAgICAgICAg
1745	     ICAgICAgIndtayI6ICJ0c0dWUjQ0bUYxVDk3LUpXa2NkZU5GX2RWb3I5dVEyaFRDZ
1746	     GRmTFRjaXlfYnZVN1JWeVktSVEifV0sCiAgICAgICAgICAiQ29udGVudE1ldGFEYX
1747	     RhIjogImV3b2dJQ0pOWlhOellXZGxWSGx3WlNJNklDSkJZM1JwZG1GMGFXOXVSR1Y
1748	     KICAyYVdObElpd0tJQ0FpWTNSNUlqb2dJbUZ3Y0d4cFkyRjBhVzl1TDIxdGJTOXZZ
1749	     bXBsWTNRaUxBb2dJQ0pEYwogIG1WaGRHVmtJam9nSWpJd01qQXRNVEV0TURKVU1UY
1750	     zZOREU2TkRGYUluMCJ9LAogICAgICAgICJCRjZ4UmxqejZRVzRzSndocmhxMVZkSj
1751	     FibHBsS0ZwMy0tcDVEelE4ZjdKCiAgYmVOZE1Jak1yQ2ZyTTBQYmhMdW9GWFdYQVJ
1752	     1cW5QZ1FMTWFrR0JnMnMtMWRnX1RoSUo5SzdOb2RFMmlyS3gKICB1eDJ0YmhPRk1U
1753	     TFBsM2FZTUtRUDN2aC0xNUV3YS1CTU9HWGhKSGJSbW00U3N4a3FBOFhwckFjWUx4a
1754	     UNvcAogIDBZUl82aVlJdWtMelBNSjVEUm5WajRCMHJlbnZpaTNLZzVoRWdXU00xSH
1755	     dER1laVkVWVzcwSDZzZnh5cTBNCiAgdWhybUtWdkpHRXZaRmxFOHFfVWMzVDZYUjJ
1756	     fIiwKICAgICAgICB7CiAgICAgICAgICAic2lnbmF0dXJlcyI6IFt7CiAgICAgICAg
1757	     ICAgICAgImFsZyI6ICJTNTEyIiwKICAgICAgICAgICAgICAia2lkIjogIk1CU1ctR
1758	     VlZNy1WNktFLTNaT1ItVjNBSC1ETU01LUoyWk0iLAogICAgICAgICAgICAgICJzaW
1759	     duYXR1cmUiOiAia3lqU3hqSUlBX3dzWlBqWllpWVIxQ1NKSThrMU52dTJZNldzdm5
1760	     oekROa3UzZXgyVAogIFd3QmJXRmV1YnVGdGlVaTRrNEJSeU90NWpnQW01NkFYU1d5
1761	     WnVxRnozZmVlb09GYk9zQ1dGV1dKS3ItNncxCiAgSGw0S3VTU3RpTWhGeld5YWRMe
1762	     GxLV1E2RFhiMS04VTdhVkFxYi15RUEiLAogICAgICAgICAgICAgICJ3aXRuZXNzIj
1763	     ogImdaczk2dnhkY25zcVpyRWpoNzdBQzRocXEzLWlZek96dkJXN0NRdkp5ZFkifV0
1764	     sCiAgICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJnRkxJZ3I3UTd3cnRjbHBBWU1G
1765	     UWlSYk9XcmdMNXNfMWN4aEZQcmlrN3N4SlIKICBwbkRhZlROS2pSTEp6ajB5cDZxe
1766	     ExDNUxnMGNQd1pGc0VQcW5yVmdGUSJ9XSwKICAgICAgIkVudmVsb3BlZEFjdGl2YX
1767	     Rpb25BY2NvdW50IjogW3sKICAgICAgICAgICJkaWciOiAiUzUxMiIsCiAgICAgICA
1768	     gICAiQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pOWlhOellXZGxWSGx3WlNJNklD
1769	     SkJZM1JwZG1GMGFXOXVRV04KICBqYjNWdWRDSXNDaUFnSW1OMGVTSTZJQ0poY0hCc
1770	     2FXTmhkR2x2Ymk5dGJXMHZiMkpxWldOMElpd0tJQ0FpUQogIDNKbFlYUmxaQ0k2SU
1771	     NJeU1ESXdMVEV4TFRBeVZERTNPalF4T2pReFdpSjkifSwKICAgICAgICAiZXdvZ0l
1772	     DSkJZM1JwZG1GMGFXOXVRV05qYjNWdWRDSTZJSHQ5ZlEiLAogICAgICAgIHsKICAg
1773	     ICAgICAgICJzaWduYXR1cmVzIjogW3sKICAgICAgICAgICAgICAiYWxnIjogIlM1M
1774	     TIiLAogICAgICAgICAgICAgICJraWQiOiAiTUJTVy1FWVk3LVY2S0UtM1pPUi1WM0
1775	     FILURNTTUtSjJaTSIsCiAgICAgICAgICAgICAgInNpZ25hdHVyZSI6ICJpaGZwUDl
1776	     mUkd3ZFhFTkozck9GTFBCcHpycDBlQnVvS2NLamJKSGxkV01LSGg2azllCiAgMlhk
1777	     QzMwNlAySVF0N19vRVFjNWxRXzhDeU1BWkp3R1FoVERuOUNEUzRwX0d3bFk0Rk9oT
1778	     zlNejhQRUNydGcKICBscEVtWnFlU2xwWThpRFlsOVF6enRCdUY3TjJwbl9JalVleD
1779	     N1VlFnQSJ9XSwKICAgICAgICAgICJQYXlsb2FkRGlnZXN0IjogInhnUjVqN05pVWJ
1780	     EdktXalA3SWpJNEh1TUFQTEQ4LXJ1M2NNSVRtZ0lpUHVYOQogIGdoMWxsa3kxY2da
1781	     UGMxelUwd3dZR0t1Y1Y2bUdlZ3NWNXdnN1pHWW9BIn1dfX19"
1782	           ]
1783	         ]}}

1785	   The response payload:

1787	   {
1788	     "TransactResponse":{
1789	       "Status":201,
1790	       "StatusDescription":"Operation completed successfully"}}

1792	6.6.  Cryptographic

1794	   The Operate transaction is used to perform one or more cryptographic
1795	   operations using private key material recorded in the Threshold
1796	   Catalog.  Such operations typically represent one part of a threshold
1797	   key operation divided between the service and a device connected to
1798	   an account.

1800	   As with all operations involving the Threshold catalog, the request
1801	   MUST meet the authentication criteria specified by the catalog entry.
1802	   These typically include the request being authenticated by a specific
1803	   key.

1805	6.6.1.  Generate Key Shares

1807	   "CryptographicOperationShare" is used to request that a private key
1808	   held by the service to be divided into two or more key shares.  One
1809	   key share is then encrypted under the encryption key of the service
1810	   and the others are encrypted under public keys specified in the
1811	   request.  These parameters are returned in a
1812	   "CryptographicResultShare".

1814	   The request payload:

1816	   The response payload:

1818	6.6.2.  Key Agreement

1820	   CryptographicOperationKeyAgreement is used to request a threshold key
1821	   agreement operation on a specified public key.

1823	   The request payload:

1825	   The response payload:

1827	6.6.3.  Sign

1829	   Threshold signature is not currently supported.

1831	7.  Message Transactions

1833	   Message transactions are interaction between devices connected to the
1834	   same account and between accounts.

1836	   All messages are signed by the sender and encrypted under the
1837	   encryption key of the recipient if this is known to the sender.

1839	7.1.  PIN Code

1841	   The PIN Code Message Transaction is used to register and validate PIN
1842	   codes used to authenticate other message transactions.  This is
1843	   currently used as an option in the Device Connection and Contact
1844	   Exchange transactions.

1846	   Derivation of the SaltedPin, MessageId and Witness values from their
1847	   respective inputs is described in the Schema Reference
1848	   [draft-hallambaker-mesh-schema].

1850	7.1.1.  Registration

1852	   To register a PIN code to an "Account", a device:

1854	   *  Generates the "PIN" code value

1856	   *  Calculates the "SaltedPin" value for the specified "Action"

1858	   *  Calculates the "PinId" binding the specified "SaltedPin"to the
1859	      "Account".

1861	   *  Creates and signs "MessagePin" containing the "SaltedPin",
1862	      "Action" and "Account" values with the "MessageId" value "PinId".

1864	   *  Appends the "MessagePin"value to the "Administration" Spool of the
1865	      "Account".

1867	   Note that this construction provides limited protection against
1868	   forgery attacks by a party with access to the "MessagePin".  A party
1869	   with such access can use it to construct the witness value required
1870	   to authenticate a request.

1872	   PIN Code values consist of an opaque sequence of octets represented
1873	   as a UDF nonce value.  Codes are presented in canonical UDF form,
1874	   i.e. Base32 encoding separated into groups of 4 characters.  The PIN
1875	   value is converted to binary form for calculation of the "SaltedPin",
1876	   thus ensuring that the canonical form of the PIN value is used.

1878	7.1.2.  Authentication

1880	   The PIN Code value is passed out of band to a user who will enter it
1881	   into a device to authenticate a request made to the issuer.

1883	   A request that MAY be validated by means of a PIN is a subclass of
1884	   MessagePinValidated and contains the following fields:

1886	   AuthenticatedData  A DARE Envelope containing the data that is
1887	      authenticated.

1889	   ClientNonce  A nonce value used to prevent certain replay attacks.

1891	   PinId  Digest value binding the "SaltedPin"to the "Account".

1893	   PinWitness  Witness value calculated as KDF (Device.UDF +
1894	      AccountAddress, ClientNonce)

1896	   The device uses the PIN code and Action identifier corresponding to
1897	   the desired request to calculate the "SaltedPin" value in the same
1898	   manner as during registration.  This value is then used to calculate
1899	   the "PinId" and "PinWitness" values.

1901	7.1.3.  Validation

1903	   The PIN code is validated by performing the steps of:

1905	   *  Calculating the "SaltedPin" value from the PIN code and "Action"

1907	   *  Calculating "PinId" from "SaltedPin" and "Account"

1909	   *  Retrieving a "MessagePin" from the Administration spool with the
1910	      "MessageId" "PinId".

1912	   *  Calculating the "PinWitness" value from "SaltedPin", "ClientNonce"
1913	      and "AuthenticatedData" and checking this matches the value
1914	      specified in the message.

1916	   *  Performing the requested action.

1918	   *  Posting a "Complete" message to the "Administration" Spool of the
1919	      "Account" marking the PIN code as used.

1921	   This process can fail at multiple points resulting in different error
1922	   results:

1924	   "PinInvalid"  No PIN code is specified, the Pin code indicates an
1925	      unsupported algorithm or the calculated "PinWitness" does not
1926	      match the one specified by the request.

1928	   "PinUsed"  The PIN code has been used previously.

1930	   "PinExpired"  The PIN code is no longer valid.

1932	   Note that in the case that an attempt is made to reuse a PIN, it is
1933	   not automatically the case that the first use of the PIN was the one
1934	   that was valid and only the second attempt was invalid.
1935	   Implementations SHOULD alert the user to the attempted re-use so that
1936	   this possibility can be considered and appropriate action taken.

1938	   Bob's client creates a PIN value and records it in his Local spool:

1940	   Missing example 40

1942	   The response from Alice's client is authenticated under the PIN:

1944	   Missing example 41

1946	   Bob's client can now check:

1948	   Some math here

1950	7.2.  Contact Exchange

1952	   The contact exchange transaction is used to support unilateral or
1953	   mutual exchange of contact information.  Contact exchange has three
1954	   functions in the Mesh:

1956	   *  To exchange public key information to allow encryption of messages
1957	      sent to and verification of signatures on messages sent from the
1958	      contact subject.

1960	   *  To exchange contact information allowing use of other
1961	      communication protocols (e.g. telephone, SMS, xmpp, SMTP, OpenPGP,
1962	      S/MIME, etc).

1964	   *  To request that the recipient grant privileges to accept certain
1965	      types of messages from the contact subject.

1967	   Registration of the subject's contact information in the Mesh Naming
1968	   Service eliminates the need for the first of these functions but not
1969	   the other two.  To prevent abuse, every Mesh Message is subject to
1970	   access control and a Mesh service will only accept a message from a
1971	   sender if there is an entry in the Threshold Catalog of the account
1972	   that expressly permits delivery of messages of the specified type
1973	   that are authenticated by an authorized signature key.

1975	7.2.1.  Remote

1977	   The Remote Contact Exchange transaction consists of a sequence of
1978	   "MessageContact" messages sent from the initiator to the responder,
1979	   responder to the initiator, etc.  While there is in principle no
1980	   limit on the number of messages exchanged, most exchanges will be
1981	   completed in three exchanges or less:

1983	   Initiator to Responder  Contains Initiator contact data without
1984	      authentication context from the exchange.

1986	   Responder to Initiator (optional)  Contains Responder contact data
1987	      authenticated under a PIN challenge presented in the previous
1988	      message.

1990	   Initiator to Responder (optional)  Contains Initiator contact data
1991	      authenticated under a PIN challenge presented in the previous
1992	      message.

1994	   Each message provides the recipient with additional information which
1995	   MAY motivate the recipient to provide additional contact information
1996	   to the sender.

1998	   {
1999	     "MessageContact":{
2000	       "MessageId":"NACV-TW2M-ICI2-5VBJ-QKAS-44FO-BRIP",
2001	       "Sender":"bob@example.com",
2002	       "Recipient":"alice@example.com",
2003	       "AuthenticatedData":[{
2004	           "dig":"S512",
2005	           "ContentMetaData":"ewogICJNZXNzYWdlVHlwZSI6ICJDb250YWN0UGVy
2006	     c29uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3QiLAogICJDcmVhd
2007	     GVkIjogIjIwMjAtMTEtMDJUMTc6NDE6MzVaIn0"},
2008	         "ewogICJDb250YWN0UGVyc29uIjogewogICAgIkFuY2hvcnMiOiBbewogICAg
2009	     ICAgICJVZGYiOiAiTUQ3Ny1CTlBKLUVOWVgtVU5UWC1BT1VMLVNGVVYtRDNLSCIsC
2010	     iAgICAgICAgIlZhbGlkYXRpb24iOiAiU2VsZiJ9XSwKICAgICJOZXR3b3JrQWRkcm
2011	     Vzc2VzIjogW3sKICAgICAgICAiQWRkcmVzcyI6ICJib2JAZXhhbXBsZS5jb20iLAo
2012	     gICAgICAgICJFbnZlbG9wZWRQcm9maWxlQWNjb3VudCI6IFt7CiAgICAgICAgICAg
2013	     ICJFbnZlbG9wZUlEIjogIk1ENzctQk5QSi1FTllYLVVOVFgtQU9VTC1TRlVWLUQzS
2014	     0giLAogICAgICAgICAgICAiZGlnIjogIlM1MTIiLAogICAgICAgICAgICAiQ29udG
2015	     VudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpSQ0k2SUNKTlJEYzNMVUpPVUV
2016	     vdFJVNVpXQzEKICBWVGxSWUxVRlBWVXd0VTBaVlZpMUVNMHRJSWl3S0lDQWlUV1Z6
2017	     YzJGblpWUjVjR1VpT2lBaVVISnZabWxzWgogIFZWelpYSWlMQW9nSUNKamRIa2lPa
2018	     UFpWVhCd2JHbGpZWFJwYjI0dmJXMXRMMjlpYW1WamRDSXNDaUFnSWtOCiAgeVpXRj
2019	     BaV1FpT2lBaU1qQXlNQzB4TVMwd01sUXhOem8wTVRvek5Wb2lmUSJ9LAogICAgICA
2020	     gICAgImV3b2dJQ0pRY205bWFXeGxWWE5sY2lJNklIc0tJQ0FnSUNKUWNtOW1hV3gK
2021	     ICBsVTJsbmJtRjBkWEpsSWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxRU56Y3RRa
2022	     zVRU2kxRlRsbFlMVlZPVgogIEZndFFVOVZUQzFUUmxWV0xVUXpTMGdpTEFvZ0lDQW
2023	     dJQ0FpVUhWaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzCiAgS0lDQWdJQ0FnSUNBaVV
2024	     IVmliR2xqUzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaVIK
2025	     ICBXUTBORGdpTEFvZ0lDQWdJQ0FnSUNBZ0lsQjFZbXhwWXlJNklDSkxXR1IyYXpSd
2026	     1ozaEtMVTlWT0ZFdE5HbwogIHlNMWxpWDJOdlVXcEhYM0ozZWpGRmRrTklSRmRoWn
2027	     pSYVpFaE9TVGRJYVdwQkNpQWdMWFZMWjFwTWMwczNhCiAgVlozUTBaWlNEVkVkREp
2028	     vUzFWQkluMTlmU3dLSUNBZ0lDSkJZMk52ZFc1MFFXUmtjbVZ6Y3lJNklDSmliMkoK
2029	     ICBBWlhoaGJYQnNaUzVqYjIwaUxBb2dJQ0FnSWxObGNuWnBZMlZWWkdZaU9pQWlUV
2030	     U16TXkxWFNsZEtMVWswTQogIDBFdFRrdENTeTFITWxVMUxVSlpSVmd0VGpOR1JpSX
2031	     NDaUFnSUNBaVFXTmpiM1Z1ZEVWdVkzSjVjSFJwYjI0CiAgaU9pQjdDaUFnSUNBZ0l
2032	     DSlZaR1lpT2lBaVRVRkdTQzFWUlZaUUxWbEpTRXN0TmxoTlR5MU1ORVpLTFVOWVIK
2033	     ICBVRXRVRTFRUlNJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWpvZ
2034	     2V3b2dJQ0FnSUNBZ0lDSgogIFFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0FnSU
2035	     NBZ0lDQWdJbU55ZGlJNklDSllORFE0SWl3S0lDQWdJCiAgQ0FnSUNBZ0lDSlFkV0p
2036	     zYVdNaU9pQWljV3RvUnpSTFJuVXhaRWR6YkRCMWVrRTBWVmhVWDJKeE5ERm9UekoK
2037	     ICBvVDJoTlgxOTZaRzAzYTNCVFMzVlhOVU16Y1hkb1J3b2dJRkJsYVdsUmEyTnJXR
2038	     k5UUVVOM1NsZFBhV3cyWgogIDE5elFTSjlmWDBzQ2lBZ0lDQWlRV1J0YVc1cGMzUn
2039	     lZWFJ2Y2xOcFoyNWhkSFZ5WlNJNklIc0tJQ0FnSUNBCiAgZ0lsVmtaaUk2SUNKTlJ
2040	     EYzNMVUpPVUVvdFJVNVpXQzFWVGxSWUxVRlBWVXd0VTBaVlZpMUVNMHRJSWl3S0kK
2041	     ICBDQWdJQ0FnSWxCMVlteHBZMUJoY21GdFpYUmxjbk1pT2lCN0NpQWdJQ0FnSUNBZ
2042	     0lsQjFZbXhwWTB0bGVVVgogIERSRWdpT2lCN0NpQWdJQ0FnSUNBZ0lDQWlZM0oySW
2043	     pvZ0lrVmtORFE0SWl3S0lDQWdJQ0FnSUNBZ0lDSlFkCiAgV0pzYVdNaU9pQWlTMWh
2044	     rZG1zMGNHZDRTaTFQVlRoUkxUUnFNak5aWWw5amIxRnFSMTl5ZDNveFJYWkRTRVIK
2045	     ICBYWVdjMFdtUklUa2szU0dscVFRb2dJQzExUzJkYVRITkxOMmxXZDBOR1dVZzFSS
2046	     FF5YUV0VlFTSjlmWDBzQwogIGlBZ0lDQWlRV05qYjNWdWRFRjFkR2hsYm5ScFkyRj
2047	     BhVzl1SWpvZ2V3b2dJQ0FnSUNBaVZXUm1Jam9nSWsxCiAgRFFVY3RWVm8yV2kxV1R
2048	     WWldMVkZLUlVrdE5WSlhRUzFhVlZGS0xVRlVObEVpTEFvZ0lDQWdJQ0FpVUhWaWIK
2049	     ICBHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2xqUzJWN
2050	     VJVTkVTQ0k2SUhzS0lDQQogIGdJQ0FnSUNBZ0lDSmpjbllpT2lBaVdEUTBPQ0lzQ2
2051	     lBZ0lDQWdJQ0FnSUNBaVVIVmliR2xqSWpvZ0lrSlpWCiAgMFl6U21zMmNscENkblJ
2052	     1YzBNNE1tSXllVXhJWW1OdFducE5aVjlvVXpoRmFteFdOV2RMTldsSGJFaHdRVzQK
2053	     ICB4UTJZS0lDQkRaeTFGZVhSelVVdDVTbTFHWHpKcU5tNDJVa0l3U1VFaWZYMTlMQ
2054	     W9nSUNBZ0lrRmpZMjkxYgogIG5SVGFXZHVZWFIxY21VaU9pQjdDaUFnSUNBZ0lDSl
2055	     ZaR1lpT2lBaVRVRkhWUzFaUTB4SExWcFVTMUV0VFRkCiAgT1ZpMVhORmxVTFZjM1I
2056	     wWXRRVkZTU1NJc0NpQWdJQ0FnSUNKUWRXSnNhV05RWVhKaGJXVjBaWEp6SWpvZ2UK
2057	     ICB3b2dJQ0FnSUNBZ0lDSlFkV0pzYVdOTFpYbEZRMFJJSWpvZ2V3b2dJQ0FnSUNBZ
2058	     0lDQWdJbU55ZGlJNklDSgogIEZaRFEwT0NJc0NpQWdJQ0FnSUNBZ0lDQWlVSFZpYk
2059	     dsaklqb2dJaTFrWWxKcFdtOUhiVTQyTkVSNVpIRlpiCiAgbVZNVFd4VFEwZGZjbEJ
2060	     XZFZaSFVWZFhTaTF0YldkRk5WVjZRa1pHUm1SSlZHb0tJQ0J0TWtkcFEyRkZNbloK
2061	     ICA2U1cxSU1UQmFSVkI1VGtoblZVRWlmWDE5ZlgwIiwKICAgICAgICAgIHsKICAgI
2062	     CAgICAgICAgInNpZ25hdHVyZXMiOiBbewogICAgICAgICAgICAgICAgImFsZyI6IC
2063	     JTNTEyIiwKICAgICAgICAgICAgICAgICJraWQiOiAiTUQ3Ny1CTlBKLUVOWVgtVU5
2064	     UWC1BT1VMLVNGVVYtRDNLSCIsCiAgICAgICAgICAgICAgICAic2lnbmF0dXJlIjog
2065	     InZOWV9jc05Zdjg3N2Myb2VtVnQzZEJ4Y25rVUtiQWtuYi01Znpsand6SmxCUjF3T
2066	     TcKICBlWFE4dUt6Qkdrb3EtZjRDcTlKWjktYUU1c0FwSkdMczFUNzhxR0lnUkJqRD
2067	     QwdXA4YklYU0lCeldkOUZ3LQogIG8zMUdEako2Q2VSV3Y4WHZFSW5KMzU4LWJJVGd
2068	     memlvcW5VX1czeVFBIn1dLAogICAgICAgICAgICAiUGF5bG9hZERpZ2VzdCI6ICJi
2069	     UG9RdmFQM1RWSklPcmdsREptSndHOWRoa09iT2JfS2ppTk9EY1lfREFvX0IKICBDZ
2070	     Hhqd3V0ZDZhdnQwRVo0aVg1MS1heFR3OU1rNTJNYXJrN09vSi05USJ9XSwKICAgIC
2071	     AgICAiUHJvdG9jb2xzIjogW3sKICAgICAgICAgICAgIlByb3RvY29sIjogIm1tbSJ
2072	     9XX1dfX0",
2073	         {
2074	           "signatures":[{
2075	               "alg":"S512",
2076	               "kid":"MAGU-YCLG-ZTKQ-M7NV-W4YT-W7GF-AQRI",
2077	               "signature":"vLoD6-skGReAhu-iuI5iXuiaoaOQTjR7SaBE8xhNJU
2078	     J41ja1-qZY40lmCwqmiavCNRo35GSLk_wACI7SzVYU98GeLLJ0WdAVk3kHVS0fh1c
2079	     UlrT7gU7HUWxnRXuLdbvBk66EKU8Ubn6xFaylAAniPTAA"}
2080	             ],
2081	           "PayloadDigest":"y5fPwfjsg64veJqRI5Zkc_ET2Jf3aYqIM_c5E4KxAg
2082	     Dt0OBtJL-ARkhxi0aCZw32LXFqWTK_tDRBR4kKl4YYoQ"}
2083	         ],
2084	       "Reply":true,
2085	       "Subject":"alice@example.com",
2086	       "PIN":"AADY-YL2H-5LIT-6PDV-USRI-74XS-YVJA"}}

2088	   The Mesh Contact Exchange transaction does not provide for validation
2089	   of the contact information beyond the binding to the Mesh Account
2090	   Address used to perform the exchange.

2092	7.2.2.  PIN

2094	   Exchange of a PIN code out of band allows the initial
2095	   "MessageContact" to be authenticated.  This mode of authentication is
2096	   particularly suited to in-person exchange of credentials where the
2097	   PIN code and other information required to complete the transaction
2098	   are passed by some means of short range communication such as
2099	   Bluetooth or presentation of a QR code.  In either case, the
2100	   connection information is presented in the form of a URI combining
2101	   the type of interaction (contact exchange), the contact address and
2102	   the authentication data.

2104	   When they meet in person, Alice creates a pin code and presents it to
2105	   Bob on her mobile.

2107	   QR code is yadda yaddda

2109	   The resulting contact exchange does not change the contact data
2110	   itself but does change the valudation method.  It is more difficult
2111	   and riskier to falsify an in-person exchange than a remote one.

2113	7.2.3.  EARL

2115	   A "MessageContact" message MAY be published as an EARL.  This allows
2116	   contact data to be presented to the recipient on a printed document
2117	   such as a business card in machine readable format such as a QR code.

2119	   Alice creates a contact and publishes it through her service.

2121	   QR code is yadda yaddda

2123	7.3.  Group Invitation

2125	   The "GroupInvitation" message is used to invite a recipient to join a
2126	   Mesh Group.  The message specifies the group name and the contact
2127	   entry for the group.  The contact entry includes the
2128	   "CapabilityDecryptServiced" used to decrypt messages sent to the
2129	   group when combined with information provided by the threshold
2130	   service for the group.

2132	   Receipt of a "GroupInvitation" message does not require a response.

2134	7.4.  Confirmation

2136	   The confirmation transaction consists of a "RequestConfirmation"
2137	   message from the initiator followed by a "ResponseConfirmation" from
2138	   the responder.

2140	   The "RequestConfirmation" message specifies the action that is
2141	   requested.

2143	   The "ResponseConfirmation" message contains the enveloped
2144	   RequestConfirmation message signed by the initiator and the
2145	   disposition of the responder, "Accept = true" if the request is
2146	   accepted and "Accept = false" otherwise.

2148	   The service sends out the following challenge:

2150	   {
2151	     "RequestConfirmation":{
2152	       "MessageId":"NAII-QGL5-YARH-DJRY-VIBX-QPOE-RDZS",
2153	       "Sender":"console@example.com",
2154	       "Recipient":"alice@example.com",
2155	       "Text":"start"}}

2157	   Alice accepts the challeng and returns the following response:

2159	   Missing example 43

2161	8.  Device Connection

2163	   Connection of a device to a Mesh Account combines synchronous and
2164	   asynchronous elements and therefore uses a combination of Mesh
2165	   Service Protocol and Mesh Messaging interactions.

2167	   Three connection mechanisms are currently defined.  All three of
2168	   which offer strong mutual authentication.

2170	   Device Authenticated

2172	   Pin Authenticated

2174	   EARL Connection Mode

2176	   The first two of these mechanisms are initiated from the device being
2177	   connected which requires that the Mesh Service Account it is being
2178	   connected to be entered into it.  Use of these mechanisms thus
2179	   requires keyboard and display affordances or accessibility
2180	   equivalents.

2182	   The last mechanism is initiated from an administration device that is
2183	   already connected to the account.  It is intended for use in
2184	   circumstances where the device being connected does not have the
2185	   necessary affordances to allow the Device or PIN authenticated modes.

2187	   In either case, the connection request is completed by the device
2188	   requesting synchronization with the Mesh Account using its device
2189	   credential for authentication.  If the connection request was
2190	   accepted, the device will be provisioned with the Device Connection
2191	   Assertion allowing it to complete the process.

2193	   The Device Connection Assertion includes an overlay device profile
2194	   containing a set of private key contributions to be used to perform
2195	   key cogeneration on the original set of device keys to create a new
2196	   device profile to be used for all purposes associated with the Mesh
2197	   Profile to which it has just been connected.  This assures the user
2198	   that the keys the device uses for performing operation in the context
2199	   of their profile are not affected by any compromise that might have
2200	   occurred during manufacture or at any point after up to the time it
2201	   was connected to their profile.

2203	8.1.  Device Authenticated

2205	   The direct connection mechanism requires that both the administration
2206	   device and the device originating the connection request have data
2207	   entry and output affordances and that it is possible for the user to
2208	   compare the authentication codes presented by the two devices to
2209	   check that they are identical.

2211	   Missing example 44

2213	   The request payload:

2215	   {
2216	     "ConnectRequest":{
2217	       "EnvelopedRequestConnection":[{
2218	           "EnvelopeID":"MDW7-EM2L-BHBZ-76DY-TLRJ-PYBG-MUL7",
2219	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJORDVCLVVINkgtT0tB
2220	     RC1BM1o3LVJZWUwtN1NEQS02N1czIiwKICAiTWVzc2FnZVR5cGUiOiAiUmVxdWVzd
2221	     ENvbm5lY3Rpb24iLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCi
2222	     AgIkNyZWF0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMloifQ"},
2223	         "ewogICJSZXF1ZXN0Q29ubmVjdGlvbiI6IHsKICAgICJNZXNzYWdlSWQiOiAi
2224	     TkQ1Qi1VSDZILU9LQUQtQTNaNy1SWVlMLTdTREEtNjdXMyIsCiAgICAiQXV0aGVud
2225	     GljYXRlZERhdGEiOiBbewogICAgICAgICJFbnZlbG9wZUlEIjogIk1DRUstTVlWUS
2226	     1aSzNHLTdDRTQtWTVVVy1DS1Q0LUVGRTUiLAogICAgICAgICJkaWciOiAiUzUxMiI
2227	     sCiAgICAgICAgIkNvbnRlbnRNZXRhRGF0YSI6ICJld29nSUNKVmJtbHhkV1ZKUkNJ
2228	     NklDSk5RMFZMTFUxWlZsRXRXa3N6UnkwCiAgM1EwVTBMVmsxVlZjdFEwdFVOQzFGU
2229	     mtVMUlpd0tJQ0FpVFdWemMyRm5aVlI1Y0dVaU9pQWlVSEp2Wm1sc1oKICBVUmxkbW
2230	     xqWlNJc0NpQWdJbU4wZVNJNklDSmhjSEJzYVdOaGRHbHZiaTl0YlcwdmIySnFaV04
2231	     wSWl3S0lDQQogIGlRM0psWVhSbFpDSTZJQ0l5TURJd0xURXhMVEF5VkRFM09qUXhP
2232	     ak15V2lKOSJ9LAogICAgICAiZXdvZ0lDSlFjbTltYVd4bFJHVjJhV05sSWpvZ2V3b
2233	     2dJQ0FnSWxCeWIyWgogIHBiR1ZUYVdkdVlYUjFjbVVpT2lCN0NpQWdJQ0FnSUNKVl
2234	     pHWWlPaUFpVFVORlN5MU5XVlpSTFZwTE0wY3ROCiAgME5GTkMxWk5WVlhMVU5MVkR
2235	     RdFJVWkZOU0lzQ2lBZ0lDQWdJQ0pRZFdKc2FXTlFZWEpoYldWMFpYSnpJam8KICBn
2236	     ZXdvZ0lDQWdJQ0FnSUNKUWRXSnNhV05MWlhsRlEwUklJam9nZXdvZ0lDQWdJQ0FnS
2237	     UNBZ0ltTnlkaUk2SQogIENKRlpEUTBPQ0lzQ2lBZ0lDQWdJQ0FnSUNBaVVIVmliR2
2238	     xqSWpvZ0ltWjFla1ZqYjI4NGMwdDNaR0ZLWVRkCiAgcVIzZGxiWEZJVkhCUmNHTmh
2239	     RVGc0UzFCU01XZFlaR3gzTUdscWRVaEZNR2xEVEZZS0lDQjNVbUpIU1hGTE4KICBF
2240	     dHVRbXh5TkRSVFpXcFZVazkwUjBFaWZYMTlMQW9nSUNBZ0lrSmhjMlZGYm1OeWVYQ
2241	     jBhVzl1SWpvZ2V3bwogIGdJQ0FnSUNBaVZXUm1Jam9nSWsxQlRFc3RVbFpLTkMxTF
2242	     ZrMVVMVkpOVFVRdFJUZElXUzFCUkZCR0xWZFJRCiAgMVlpTEFvZ0lDQWdJQ0FpVUh
2243	     WaWJHbGpVR0Z5WVcxbGRHVnljeUk2SUhzS0lDQWdJQ0FnSUNBaVVIVmliR2wKICBq
2244	     UzJWNVJVTkVTQ0k2SUhzS0lDQWdJQ0FnSUNBZ0lDSmpjbllpT2lBaVdEUTBPQ0lzQ
2245	     2lBZ0lDQWdJQ0FnSQogIENBaVVIVmliR2xqSWpvZ0lsVjBhWHBmY1dJemVIQnhNWE
2246	     JOVlRCcVVsUlhSbUY0VTIxRVRTMUpVRUk0VG1oCiAgUGVEWnhkekpMVXpkdVJXTnJ
2247	     MVXg1UjFnS0lDQnFPVzB3WmxvelJYSkpXVFZ6VjJwR1NtRjZOeTEyTmtFaWYKICBY
2248	     MTlMQW9nSUNBZ0lrSmhjMlZCZFhSb1pXNTBhV05oZEdsdmJpSTZJSHNLSUNBZ0lDQ
2249	     WdJbFZrWmlJNklDSgogIE5RMU5hTFV4VlExTXRXamREUlMxRE1rTkxMVU5hTjFndF
2250	     QxTTJXUzFKVlZJM0lpd0tJQ0FnSUNBZ0lsQjFZCiAgbXhwWTFCaGNtRnRaWFJsY25
2251	     NaU9pQjdDaUFnSUNBZ0lDQWdJbEIxWW14cFkwdGxlVVZEUkVnaU9pQjdDaUEKICBn
2252	     SUNBZ0lDQWdJQ0FpWTNKMklqb2dJbGcwTkRnaUxBb2dJQ0FnSUNBZ0lDQWdJbEIxW
2253	     W14cFl5STZJQ0ptTwogIFV0SU0xa3hjRnBRUldSVlpuUnBObU4xVEVSZmNVMWFRa3
2254	     hPVGpsWVMyTlhZM1IyTUdnMFIycEpVWFJmVEVSCiAgUVNEVXRDaUFnU2twWGVISnR
2255	     RMDk0ZDNOVlpIVnZkVFJQYmpKa1IzRkJJbjE5ZlN3S0lDQWdJQ0pDWVhObFUKICAy
2256	     bG5ibUYwZFhKbElqb2dld29nSUNBZ0lDQWlWV1JtSWpvZ0lrMUNTVk10VkRNMFRTM
2257	     URVbFF5TFRVeU5FVQogIHRUME5GVEMwMlZWRTJMVkpQTTBraUxBb2dJQ0FnSUNBaV
2258	     VIVmliR2xqVUdGeVlXMWxkR1Z5Y3lJNklIc0tJCiAgQ0FnSUNBZ0lDQWlVSFZpYkd
2259	     salMyVjVSVU5FU0NJNklIc0tJQ0FnSUNBZ0lDQWdJQ0pqY25ZaU9pQWlSV1EKICAw
2260	     TkRnaUxBb2dJQ0FnSUNBZ0lDQWdJbEIxWW14cFl5STZJQ0pXYW5sbGVURjBaVEJoY
2261	     1ROQlRqVlVORGRNVgogIGxvdE0xbFFhRW96ZDI4NWFreGplbE5PWVhkcldGUlNRbk
2262	     5ZVjNSUmMxTmpDaUFnTlhsb2MwWmFNVTlOWjAxCiAgb09YQnllRVpFVVRsd1dWVkJ
2263	     JbjE5ZlgxOSIsCiAgICAgIHsKICAgICAgICAic2lnbmF0dXJlcyI6IFt7CiAgICAg
2264	     ICAgICAgICJhbGciOiAiUzUxMiIsCiAgICAgICAgICAgICJraWQiOiAiTUNFSy1NW
2265	     VZRLVpLM0ctN0NFNC1ZNVVXLUNLVDQtRUZFNSIsCiAgICAgICAgICAgICJzaWduYX
2266	     R1cmUiOiAiQ2NhWDYzTzZDd0E3ZXhTTVo0T2YtUE5kTTNTQ0lyN0otM1hNVWZfQXF
2267	     NMmdKTldyeQogIHBfM012MzJ2dlFXUHhHcVUwZmdMUVVSc0xvQUFzT2ZaVUNtZ25D
2268	     YXlBbTRFdDZtcFZDZjFEUl9OSkpfSS1kCiAgNHozRUFoemtwUmV1YTdkY203c1lQN
2269	     HlJVDk3V05jUGhUaE92TmZ4d0EifV0sCiAgICAgICAgIlBheWxvYWREaWdlc3QiOi
2270	     AiZldPZEFkWGZlRWl5ZEEteG4tZkNWSlJXcW04UmkyUUgzbUIyWHdUTkN4amMzCiA
2271	     gVWh3OHlhWnVLYkRZQTBnZkZfVHdrMi1HQ3NldFBLc3ZnWmVuUEFzb1EifV0sCiAg
2272	     ICAiQ2xpZW50Tm9uY2UiOiAiaEUxeFlzMVBGQjYzMzhGTEt0WlhMQSIsCiAgICAiQ
2273	     WNjb3VudEFkZHJlc3MiOiAiYWxpY2VAZXhhbXBsZS5jb20ifX0"
2274	         ]}}

2276	   Missing example 45

2278	   The response payload:

2280	   {
2281	     "ConnectResponse":{
2282	       "Status":201,
2283	       "StatusDescription":"Operation completed successfully",
2284	       "EnvelopedAcknowledgeConnection":[{
2285	           "EnvelopeID":"MDVL-XLOH-2F52-7QOD-OPC2-7MGO-FFAS",
2286	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJSUkhLLTI3UFEtWEpY
2287	     TS1BSkQ1LTVZNjctREpaWi1LRUNIIiwKICAiTWVzc2FnZVR5cGUiOiAiQWNrbm93b
2288	     GVkZ2VDb25uZWN0aW9uIiwKICAiY3R5IjogImFwcGxpY2F0aW9uL21tbS9vYmplY3
2289	     QiLAogICJDcmVhdGVkIjogIjIwMjAtMTEtMDJUMTc6NDE6MzJaIn0",
2290	           "ContainerInfo":{
2291	             "Index":1,
2292	             "TreePosition":0},
2293	           "Received":"2020-11-02T17:41:32Z"},
2294	         "ewogICJBY2tub3dsZWRnZUNvbm5lY3Rpb24iOiB7CiAgICAiTWVzc2FnZUlk
2295	     IjogIlJSSEstMjdQUS1YSlhNLUFKRDUtNVk2Ny1ESlpaLUtFQ0giLAogICAgIkVud
2296	     mVsb3BlZFJlcXVlc3RDb25uZWN0aW9uIjogW3sKICAgICAgICAiRW52ZWxvcGVJRC
2297	     I6ICJNRFc3LUVNMkwtQkhCWi03NkRZLVRMUkotUFlCRy1NVUw3IiwKICAgICAgICA
2298	     iQ29udGVudE1ldGFEYXRhIjogImV3b2dJQ0pWYm1seGRXVkpSQ0k2SUNKT1JEVkNM
2299	     VlZJTmtndFQwdEJSQzEKICBCTTFvM0xWSlpXVXd0TjFORVFTMDJOMWN6SWl3S0lDQ
2300	     WlUV1Z6YzJGblpWUjVjR1VpT2lBaVVtVnhkV1Z6ZAogIEVOdmJtNWxZM1JwYjI0aU
2301	     xBb2dJQ0pqZEhraU9pQWlZWEJ3YkdsallYUnBiMjR2YlcxdEwyOWlhbVZqZENJCiA
2302	     gc0NpQWdJa055WldGMFpXUWlPaUFpTWpBeU1DMHhNUzB3TWxReE56bzBNVG96TWxv
2303	     aWZRIn0sCiAgICAgICJld29nSUNKU1pYRjFaWE4wUTI5dWJtVmpkR2x2YmlJNklIc
2304	     0tJQ0FnSUNKCiAgTlpYTnpZV2RsU1dRaU9pQWlUa1ExUWkxVlNEWklMVTlMUVVRdF
2305	     FUTmFOeTFTV1ZsTUxUZFRSRUV0TmpkWE0KICB5SXNDaUFnSUNBaVFYVjBhR1Z1ZEd
2306	     sallYUmxaRVJoZEdFaU9pQmJld29nSUNBZ0lDQWdJQ0pGYm5abGJHOQogIHdaVWxF
2307	     SWpvZ0lrMURSVXN0VFZsV1VTMWFTek5ITFRkRFJUUXRXVFZWVnkxRFMxUTBMVVZHU
2308	     lRVaUxBb2dJCiAgQ0FnSUNBZ0lDSmthV2NpT2lBaVV6VXhNaUlzQ2lBZ0lDQWdJQ0
2309	     FnSWtOdmJuUmxiblJOWlhSaFJHRjBZU0kKICA2SUNKbGQyOW5TVU5LVm1KdGJIaGt
2310	     WMVpLVWtOSk5rbERTazVSTUZaTVRGVXhXbFpzUlhSWGEzTjZVbmt3QwogIGlBZ00x
2311	     RXdWVEJNVm1zeFZsWmpkRkV3ZEZWT1F6RkdVbXRWTVVscGQwdEpRMEZwVkZkV2VtT
2312	     XlSbTVhVmxJCiAgMVkwZFZhVTlwUVdsVlNFcDJXbTFzYzFvS0lDQlZVbXhrYld4cV
2313	     dsTkpjME5wUVdkSmJVNHdaVk5KTmtsRFMKICBtaGpTRUp6WVZkT2FHUkhiSFppYVR
2314	     sMFlsY3dkbUl5U25GYVYwNHdTV2wzUzBsRFFRb2dJR2xSTTBwc1dWaAogIFNiRnBE
2315	     U1RaSlEwbDVUVVJKZDB4VVJYaE1WRUY1VmtSRk0wOXFVWGhQYWsxNVYybEtPU0o5T
2316	     EFvZ0lDQWdJCiAgQ0FpWlhkdlowbERTbEZqYlRsdFlWZDRiRkpIVmpKaFYwNXNTV3
2317	     B2WjJWM2IyZEpRMEZuU1d4Q2VXSXlXZ28KICBnSUhCaVIxWlVZVmRrZFZsWVVqRmp
2318	     iVlZwVDJsQ04wTnBRV2RKUTBGblNVTktWbHBIV1dsUGFVRnBWRlZPUgogIGxONU1V
2319	     NVhWbHBTVEZad1RFMHdZM1JPQ2lBZ01FNUdUa014V2s1V1ZsaE1WVTVNVmtSUmRGS
2320	     lZXa1pPVTBsCiAgelEybEJaMGxEUVdkSlEwcFJaRmRLYzJGWFRsRlpXRXBvWWxkV0
2321	     1GcFlTbnBKYW04S0lDQm5aWGR2WjBsRFEKICBXZEpRMEZuU1VOS1VXUlhTbk5oVjA
2322	     1TVdsaHNSbEV3VWtsSmFtOW5aWGR2WjBsRFFXZEpRMEZuU1VOQlowbAogIHRUbmxr
2323	     YVVrMlNRb2dJRU5LUmxwRVVUQlBRMGx6UTJsQlowbERRV2RKUTBGblNVTkJhVlZJV
2324	     m1saVIyeHFTCiAgV3B2WjBsdFdqRmxhMVpxWWpJNE5HTXdkRE5hUjBaTFdWUmtDaU
2325	     FnY1ZJelpHeGlXRVpKVmtoQ1VtTkhUbWgKICBSVkdjMFV6RkNVMDFYWkZsYVIzZ3p
2326	     UVWRzY1dSVmFFWk5SMnhFVkVaWlMwbERRak5WYlVwSVUxaEdURTRLSQogIENCRmRI
2327	     VlJiWGg1VGtSU1ZGcFhjRlpWYXprd1VqQkZhV1pZTVRsTVFXOW5TVU5CWjBsclNta
2328	     GpNbFpHWW0xCiAgT2VXVllRakJoVnpsMVNXcHZaMlYzYndvZ0lHZEpRMEZuU1VOQm
2329	     FWWlhVbTFKYW05blNXc3hRbFJGYzNSVmIKICBGcExUa014VEZack1WVk1Wa3BPVkZ
2330	     WUmRGSlVaRWxYVXpGQ1VrWkNSMHhXWkZKUkNpQWdNVmxwVEVGdlowbAogIERRV2RK
2331	     UTBGcFZVaFdhV0pIYkdwVlIwWjVXVmN4YkdSSFZubGplVWsyU1VoelMwbERRV2RKU
2332	     TBGblNVTkJhCiAgVlZJVm1saVIyd0tJQ0JxVXpKV05WSlZUa1ZUUTBrMlNVaHpTMG
2333	     xEUVdkSlEwRm5TVU5CWjBsRFNtcGpibGwKICBwVDJsQmFWZEVVVEJQUTBselEybEJ
2334	     aMGxEUVdkSlEwRm5TUW9nSUVOQmFWVklWbWxpUjJ4cVNXcHZaMGxzVgogIGpCaFdI
2335	     Qm1ZMWRKZW1WSVFuaE5XRUpPVmxSQ2NWVnNVbGhTYlVZMFZUSXhSVlJUTVVwVlJVa
2336	     zBWRzFvQ2lBCiAgZ1VHVkVXbmhrZWtwTVZYcGtkVkpYVG5KTVZYZzFVakZuUzBsRF
2337	     FuRlBWekIzV214dmVsSllTa3BYVkZaNlYKICBqSndSMU50UmpaT2VURXlUbXRGYVd
2338	     ZS0lDQllNVGxNUVc5blNVTkJaMGxyU21oak1sWkNaRmhTYjFwWE5UQgogIGhWMDVv
2339	     WkVkc2RtSnBTVFpKU0hOTFNVTkJaMGxEUVdkSmJGWnJXbWxKTmtsRFNnb2dJRTVST
2340	     VU1aFRGVjRWCiAgbEV4VFhSWGFtUkVVbE14UkUxclRreE1WVTVoVGpGbmRGUXhUVE
2341	     pYVXpGS1ZsWkpNMGxwZDB0SlEwRm5TVU4KICBCWjBsc1FqRlpDaUFnYlhod1dURkN
2342	     hR050Um5SYVdGSnNZMjVOYVU5cFFqZERhVUZuU1VOQlowbERRV2RKYgogIEVJeFdX
2343	     MTRjRmt3ZEd4bFZWWkVVa1ZuYVU5cFFqZERhVUVLSUNCblNVTkJaMGxEUVdkSlEwR
2344	     nBXVE5LTWtsCiAgcWIyZEpiR2N3VGtSbmFVeEJiMmRKUTBGblNVTkJaMGxEUVdkSm
2345	     JFSXhXVzE0Y0ZsNVNUWkpRMHB0VHdvZ0kKICBGVjBTVTB4YTNoalJuQlJVbGRTVmx
2346	     wdVVuQk9iVTR4VkVWU1ptTlZNV0ZSYTNoUFZHcHNXVk15VGxoWk0xSQogIHlUVWRu
2347	     TUZJeWNFcFZXRkptVkVWU0NpQWdVVk5FVlhSRGFVRm5VMnR3V0dWSVNuUlJNRGswW
2348	     kROT1ZscElWCiAgblprVkZKUVltcEthMUl6UmtKSmJqRTVabE4zUzBsRFFXZEpRMH
2349	     BEV1ZoT2JGVUtJQ0F5Ykc1aWJVWXdaRmgKICBLYkVscWIyZGxkMjluU1VOQlowbER
2350	     RV2xXVjFKdFNXcHZaMGxyTVVOVFZrMTBWa1JOTUZSVE1VUlZiRkY1VAogIEZSVmVV
2351	     NUZWUW9nSUhSVU1FNUdWRU13TWxaV1JUSk1Wa3BRVFRCcmFVeEJiMmRKUTBGblNVT
2352	     kJhVlZJVm1sCiAgaVIyeHFWVWRHZVZsWE1XeGtSMVo1WTNsSk5rbEljMHRKQ2lBZ1
2353	     EwRm5TVU5CWjBsRFFXbFZTRlpwWWtkc2EKICBsTXlWalZTVlU1RlUwTkpOa2xJYzB
2354	     0SlEwRm5TVU5CWjBsRFFXZEpRMHBxWTI1WmFVOXBRV2xTVjFFS0lDQQogIHdUa1Ju
2355	     YVV4QmIyZEpRMEZuU1VOQlowbERRV2RKYkVJeFdXMTRjRmw1U1RaSlEwcFhZVzVzY
2356	     kdWVVJqQmFWCiAgRUpvWTFST1FsUnFWbFZPUkdSTlZnb2dJR3h2ZEUweGJGRmhSVz
2357	     k2WkRJNE5XRnJlR3BsYkU1UFdWaGtjbGQKICBHVWxOUmJrNVpWak5TVW1NeFRtcER
2358	     hVUZuVGxoc2IyTXdXbUZOVlRsT1dqQXhDaUFnYjA5WVFubGxSVnBGVgogIFZSc2Qx
2359	     ZFdWa0pKYmpFNVpsZ3hPU0lzQ2lBZ0lDQWdJSHNLSUNBZ0lDQWdJQ0FpYzJsbmJtR
2360	     jBkWEpsY3lJCiAgNklGdDdDaUFnSUNBZ0lDQWdJQ0FnSUNKaGJHY2lPaUFpVXpVeE
2361	     1pSXNDaUFnSUNBZ0lDQWdJQ0FnSUNKcmEKICBXUWlPaUFpVFVORlN5MU5XVlpSTFZ
2362	     wTE0wY3ROME5GTkMxWk5WVlhMVU5MVkRRdFJVWkZOU0lzQ2lBZ0lDQQogIGdJQ0Fn
2363	     SUNBZ0lDSnphV2R1WVhSMWNtVWlPaUFpUTJOaFdEWXpUelpEZDBFM1pYaFRUVm8wV
2364	     DJZdFVFNWtUCiAgVE5UUTBseU4wb3RNMWhOVldaZlFYRk5NbWRLVGxkeWVRb2dJSE
2365	     JmTTAxMk16SjJkbEZYVUhoSGNWVXdabWQKICBNVVZWU2MweHZRVUZ6VDJaYVZVTnR
2366	     aMjVEWVhsQmJUUkZkRFp0Y0ZaRFpqRkVVbDlPU2twZlNTMWtDaUFnTgogIEhvelJV
2367	     Rm9lbXR3VW1WMVlUZGtZMjAzYzFsUU5IbEpWRGszVjA1alVHaFVhRTkyVG1aNGQwR
2368	     WlmVjBzQ2lBCiAgZ0lDQWdJQ0FnSWxCaGVXeHZZV1JFYVdkbGMzUWlPaUFpWmxkUF
2369	     pFRmtXR1psUldsNVpFRXRlRzR0WmtOV1MKICBsSlhjVzA0VW1reVVVZ3piVUl5V0h
2370	     kVVRrTjRhbU16Q2lBZ1ZXaDNPSGxoV25WTFlrUlpRVEJuWmtaZlZIZAogIHJNaTFI
2371	     UTNObGRGQkxjM1puV21WdVVFRnpiMUVpZlYwc0NpQWdJQ0FpUTJ4cFpXNTBUbTl1W
2372	     TJVaU9pQWlhCiAgRVV4ZUZsek1WQkdRall6TXpoR1RFdDBXbGhNUVNJc0NpQWdJQ0
2373	     FpUVdOamIzVnVkRUZrWkhKbGMzTWlPaUEKICBpWVd4cFkyVkFaWGhoYlhCc1pTNWp
2374	     iMjBpZlgwIl0sCiAgICAiU2VydmVyTm9uY2UiOiAiVGw0NXozMkN2OFZzVTByMTA2
2375	     b2xNdyIsCiAgICAiV2l0bmVzcyI6ICJSUkhLLTI3UFEtWEpYTS1BSkQ1LTVZNjctR
2376	     EpaWi1LRUNIIn19",
2377	         {}
2378	         ],
2379	       "EnvelopedProfileAccount":[{
2380	           "EnvelopeID":"MCVI-2KFD-AQTG-FX4N-O4RN-5OIS-BH5E",
2381	           "dig":"S512",
2382	           "ContentMetaData":"ewogICJVbmlxdWVJRCI6ICJNQ1ZJLTJLRkQtQVFU
2383	     Ry1GWDROLU80Uk4tNU9JUy1CSDVFIiwKICAiTWVzc2FnZVR5cGUiOiAiUHJvZmlsZ
2384	     VVzZXIiLAogICJjdHkiOiAiYXBwbGljYXRpb24vbW1tL29iamVjdCIsCiAgIkNyZW
2385	     F0ZWQiOiAiMjAyMC0xMS0wMlQxNzo0MTozMloifQ"},
2386	         "ewogICJQcm9maWxlVXNlciI6IHsKICAgICJQcm9maWxlU2lnbmF0dXJlIjog
2387	     ewogICAgICAiVWRmIjogIk1DVkktMktGRC1BUVRHLUZYNE4tTzRSTi01T0lTLUJIN
2388	     UUiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2
2389	     V5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB
2390	     1YmxpYyI6ICI4dUZ1TmhjRHFhZXROVVY5S01YWnRHcXlQMWl1WWVYTE5uOVBDamR3
2391	     dHVoZVFVcWJmblhGCiAgSXIzX2lxamt5SUw4VEcyS2JtcWZ2TUlBIn19fSwKICAgI
2392	     CJBY2NvdW50QWRkcmVzcyI6ICJhbGljZUBleGFtcGxlLmNvbSIsCiAgICAiU2Vydm
2393	     ljZVVkZiI6ICJNQzMzLVdKV0otSTQzQS1OS0JLLUcyVTUtQllFWC1OM0ZGIiwKICA
2394	     gICJBY2NvdW50RW5jcnlwdGlvbiI6IHsKICAgICAgIlVkZiI6ICJNRFlELUFEWlQt
2395	     Q1JKRy1IT0lELUhHSUctQ0tMNC03TTJUIiwKICAgICAgIlB1YmxpY1BhcmFtZXRlc
2396	     nMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDREgiOiB7CiAgICAgICAgICAiY3J2Ij
2397	     ogIlg0NDgiLAogICAgICAgICAgIlB1YmxpYyI6ICJLelBFajNGOGpwc0lkLUpzV3F
2398	     1SnktLTUydnRKLWFnNEtlVXdrZDhIeVpDeUNGc0gxYk5nCiAgR0xIUlJrN0ZkMzI0
2399	     Q1d3N0dHUnJHRkdBIn19fSwKICAgICJBZG1pbmlzdHJhdG9yU2lnbmF0dXJlIjoge
2400	     wogICAgICAiVWRmIjogIk1DVkktMktGRC1BUVRHLUZYNE4tTzRSTi01T0lTLUJINU
2401	     UiLAogICAgICAiUHVibGljUGFyYW1ldGVycyI6IHsKICAgICAgICAiUHVibGljS2V
2402	     5RUNESCI6IHsKICAgICAgICAgICJjcnYiOiAiRWQ0NDgiLAogICAgICAgICAgIlB1
2403	     YmxpYyI6ICI4dUZ1TmhjRHFhZXROVVY5S01YWnRHcXlQMWl1WWVYTE5uOVBDamR3d
2404	     HVoZVFVcWJmblhGCiAgSXIzX2lxamt5SUw4VEcyS2JtcWZ2TUlBIn19fSwKICAgIC
2405	     JBY2NvdW50QXV0aGVudGljYXRpb24iOiB7CiAgICAgICJVZGYiOiAiTUFINS1GVFd
2406	     QLTRDNEgtSU9EUS1KV1lJLUhJS1QtQVJPViIsCiAgICAgICJQdWJsaWNQYXJhbWV0
2407	     ZXJzIjogewogICAgICAgICJQdWJsaWNLZXlFQ0RIIjogewogICAgICAgICAgImNyd
2408	     iI6ICJYNDQ4IiwKICAgICAgICAgICJQdWJsaWMiOiAiandZdWpLeTQ1Um1rTmNKan
2409	     U1R0EzazdVRGRyem5xb1lrOGhFS2hZOV9zd1F4NnpTSE43SgogIDBLZjB6SENzOE9
2410	     rMG5QMXRnQXRVdFBDQSJ9fX0sCiAgICAiQWNjb3VudFNpZ25hdHVyZSI6IHsKICAg
2411	     ICAgIlVkZiI6ICJNQ1FDLU1EWlItM0hDTC1TVklVLTUzUU0tQlQ0RC1LN0ZFIiwKI
2412	     CAgICAgIlB1YmxpY1BhcmFtZXRlcnMiOiB7CiAgICAgICAgIlB1YmxpY0tleUVDRE
2413	     giOiB7CiAgICAgICAgICAiY3J2IjogIkVkNDQ4IiwKICAgICAgICAgICJQdWJsaWM
2414	     iOiAiYlhwa1F4UFBNbTE4UVBvN0JTSnk5alVEeHd6VW9hTnhVYnZMZ2V5SHpTTmRP
2415	     SUFzbDZlOAogIDRaV0xIOE15VWVDLWVuSnBZMVUwRzJVQSJ9fX19fQ",
2416	         {
2417	           "signatures":[{
2418	               "alg":"S512",
2419	               "kid":"MCVI-2KFD-AQTG-FX4N-O4RN-5OIS-BH5E",
2420	               "signature":"NAOTClRNF51SazbgbIJAdlLx8r4qwXSHr4rdeql-sw
2421	     9fIb5fDsmW4jbG-DiKP0S5x8ax1Z6ao6sAYrjGGXrFFRFfgAB2lhC823Pu9uox30d
2422	     vTIS0JSLM_IxOg9khTPLCBr22HUBhyyksvHMqH6zwwwwA"}
2423	             ],
2424	           "PayloadDigest":"CPW9V4gBCAv-rH-EkTtX8aOXZH4nJFkqSZtw84c94_
2425	     FDWL-aetsptBePjOYqttZxnz7VP6KpnXSUfaqvGC9J2Q"}
2426	         ]}}

2428	   Alice reads her pending messages, notes that the witness value
2429	   matches the one displayed earlier and approves the connection
2430	   request.

2432	   Missing example 46

2434	   This is then fetched...

2436	8.2.  PIN Authenticated

2438	   The PIN Connection mechanism is similar to the Direct connection
2439	   mechanism except that the process is initiated on an administration
2440	   device by requesting assignment of a new authentication PIN.  The PIN
2441	   is then input to the connecting device to authenticate the request.

2443	   {
2444	     "MessagePin":{
2445	       "MessageId":"ADL6-WU4C-QQPP-XQKR-IFLJ-GVS4-DGW3",
2446	       "Account":"alice@example.com",
2447	       "Expires":"2020-11-03T17:41:37Z",
2448	       "Automatic":true,
2449	       "SaltedPin":"AAEF-6MYB-TTAO-4OQG-APVQ-XNCI-NFRZ",
2450	       "Action":"Device"}}

2452	8.3.  EARL connection mode

2454	   The EARL/QR code connection mechanisms are used to connect a
2455	   constrained device to a Mesh profile by means of an Encrypted
2456	   Authenticated Resource Locator, typically presented as a QR code on
2457	   the device itself or its packaging.

2459	   [To be specified]

2461	9.  Protocol Schema

2463	   HTTP Well Known Service Prefix: /.well-known/mmm

2465	   Every Mesh Portal Service transaction consists of exactly one request
2466	   followed by exactly one response.  Mesh Service transactions MAY
2467	   cause modification of the data stored in the Mesh Service or the Mesh
2468	   itself but do not cause changes to the connection state.  The
2469	   protocol itself is thus idempotent.  There is no set sequence in
2470	   which operations are required to be performed.  It is not necessary
2471	   to perform a Hello transaction prior to any other transaction.

2473	9.1.  Request Messages

2475	   A Mesh Portal Service request consists of a payload object that
2476	   inherits from the MeshRequest class.  When using the HTTP binding,
2477	   the request MUST specify the portal DNS address in the HTTP Host
2478	   field.

2480	9.1.1.  Message: MeshRequest

2482	   Base class for all request messages.

2484	   [No fields]

2486	9.1.2.  Message: MeshRequestUser

2488	   Base class for all request messages made by a user.

2490	   Inherits: MeshRequest

2492	   Account: String (Optional)  The fully qualified account name
2493	      (including DNS address) to which the request is directed.

2495	   EnvelopedProfileDevice: Enveloped (Optional)  Device profile of the
2496	      device making the request.

2498	9.2.  Response Messages

2500	   A Mesh Portal Service response consists of a payload object that
2501	   inherits from the MeshResponse class.  When using the HTTP binding,
2502	   the response SHOULD report the Status response code in the HTTP
2503	   response message.  However the response code returned in the payload
2504	   object MUST always be considered authoritative.

2506	9.2.1.  Message: MeshResponse

2508	   Base class for all response messages.  Contains only the status code
2509	   and status description fields.

2511	   [No fields]

2513	9.3.  Imported Objects

2515	   The Mesh Service protocol makes use of JSON objects defined in the
2516	   JOSE Signatgure and Encryption specifications and in the DARE Data At
2517	   Rest Encryption extensions to JOSE.

2519	9.4.  Common Structures

2521	   The following common structures are used in the protocol messages:

2523	9.4.1.  Structure: KeyValue

2525	   Describes a Key/Value structure used to make queries for records
2526	   matching one or more selection criteria.

2528	   Key: String (Optional)  The data retrieval key.

2530	   Value: String (Optional)  The data value to match.

2532	9.4.2.  Structure: ConstraintsSelect

2534	   Specifies constraints to be applied to a search result.  These allow
2535	   a client to limit the number of records returned, the quantity of
2536	   data returned, the earliest and latest data returned, etc.

2538	   Container: String (Optional)  The container to be searched.

2540	   IndexMin: Integer (Optional)  Only return objects with an index value
2541	      that is equal to or higher than the value specified.

2543	   IndexMax: Integer (Optional)  Only return objects with an index value
2544	      that is equal to or lower than the value specified.

2546	   NotBefore: DateTime (Optional)  Only data published on or after the
2547	      specified time instant is requested.

2549	   Before: DateTime (Optional)  Only data published before the specified
2550	      time instant is requested.  This excludes data published at the
2551	      specified time instant.

2553	   PageKey: String (Optional)  Specifies a page key returned in a
2554	      previous search operation in which the number of responses
2555	      exceeded the specified bounds.

2557	      When a page key is specified, all the other search parameters
2558	      except for MaxEntries and MaxBytes are ignored and the service
2559	      returns the next set of data responding to the earlier query.

2561	9.4.3.  Structure: ConstraintsData

2563	   Specifies constraints on the data to be sent.

2565	   MaxEntries: Integer (Optional)  Maximum number of entries to send.

2567	   BytesOffset: Integer (Optional)  Specifies an offset to be applied to
2568	      the payload data before it is sent.  This allows large payloads to
2569	      be transferred incrementally.

2571	   BytesMax: Integer (Optional)  Maximum number of payload bytes to
2572	      send.

2574	   Header: Boolean (Optional)  Return the entry header

2576	   Payload: Boolean (Optional)  Return the entry payload

2578	   Trailer: Boolean (Optional)  Return the entry trailer

2580	9.4.4.  Structure: PolicyAccount

2582	   Describes the account creation policy including constraints on
2583	   account names, whether there is an open account creation policy, etc.

2585	   Minimum: Integer (Optional)  Specifies the minimum length of an
2586	      account name.

2588	   Maximum: Integer (Optional)  Specifies the maximum length of an
2589	      account name.

2591	   InvalidCharacters: String (Optional)  A list of characters that the
2592	      service does not accept in account names.  The list of characters
2593	      MAY not be exhaustive but SHOULD include any illegal characters in
2594	      the proposed account name.

2596	9.4.5.  Structure: ContainerStatus

2598	   Container: String (Optional)

2600	   Index: Integer (Optional)

2602	   Digest: Binary (Optional)

2604	9.4.6.  Structure: ContainerUpdate

2606	   Inherits: ContainerStatus

2608	   Envelopes: DareEnvelope [0..Many]  The entries to be uploaded.

2610	9.5.  Transaction: Hello

2612	   Request: HelloRequest

2614	   Response: MeshHelloResponse

2616	   Report service and version information.

2618	   The Hello transaction provides a means of determining which protocol
2619	   versions, message encodings and transport protocols are supported by
2620	   the service.

2622	   The PostConstraints field MAY be used to advise senders of a maximum
2623	   size of payload that MAY be sent in an initial Post request.

2625	9.5.1.  Message: MeshHelloResponse

2627	   ConstraintsUpdate: ConstraintsData (Optional)  Specifies the default
2628	      data constraints for updates.

2630	   ConstraintsPost: ConstraintsData (Optional)  Specifies the default
2631	      data constraints for message senders.

2633	   PolicyAccount: PolicyAccount (Optional)  Specifies the account
2634	      creation policy

2636	   EnvelopedProfileService: Enveloped (Optional)  The enveloped master
2637	      profile of the service.

2639	   EnvelopedProfileHost: Enveloped (Optional)  The enveloped profile of
2640	      the host.

2642	9.6.  Transaction: BindAccount

2644	   Request: BindRequest

2646	   Response: BindResponse

2648	   Request creation of a new service account or group.

2650	   Attempt

2652	9.6.1.  Message: BindRequest

2654	   Request binding of an account to a service address.

2656	   Inherits: MeshRequest

2658	   AccountAddress: String (Optional)  The service account to bind to.

2660	   EnvelopedProfileAccount: Enveloped (Optional)  The signed assertion
2661	      describing the account.

2663	9.6.2.  Message: BindResponse

2665	   Inherits: MeshResponse

2667	   Reports the success or failure of a Create transaction.

2669	   Reason: String (Optional)  Text explaining the status of the creation
2670	      request.

2672	   URL: String (Optional)  A URL to which the user is directed to
2673	      complete the account creation request.

2675	9.7.  Transaction: UnbindAccount

2677	   Request: UnbindRequest

2679	   Response: UnbindResponse

2681	   Request deletion of a service account.

2683	9.7.1.  Message: UnbindRequest

2685	   Request creation of a new portal account.  The request specifies the
2686	   requested account identifier and the Mesh profile to be associated
2687	   with the account.

2689	   Inherits: MeshRequestUser

2691	   [No fields]

2693	9.7.2.  Message: UnbindResponse

2695	   Inherits: MeshResponse

2697	   Reports the success or failure of a Delete transaction.

2699	   [No fields]

2701	9.8.  Transaction: Connect

2703	   Request: ConnectRequest

2705	   Response: ConnectResponse

2707	   Request information necessary to begin making a connection request.

2709	9.8.1.  Message: ConnectRequest

2711	   Inherits: MeshRequest

2713	   EnvelopedRequestConnection: Enveloped (Optional)  The connection
2714	      request generated by the client

2716	   Rights: String [0..Many]  List of named access rights.

2718	9.8.2.  Message: ConnectResponse

2720	   Inherits: MeshResponse

2722	   EnvelopedAcknowledgeConnection: Enveloped (Optional)  The connection
2723	      request generated by the client

2725	   EnvelopedProfileAccount: Enveloped (Optional)  The user profile that
2726	      provides the root of trust for this Mesh

2728	9.9.  Transaction: Complete

2730	   Request: CompleteRequest

2732	   Response: CompleteResponse

2734	9.9.1.  Message: CompleteRequest

2736	   Inherits: StatusRequest

2738	   AccountAddress: String (Optional)

2740	   ResponseID: String (Optional)

2742	9.9.2.  Message: CompleteResponse

2744	   Inherits: MeshResponse

2746	   EnvelopedRespondConnection: Enveloped (Optional)  The signed
2747	      assertion describing the result of the connect request

2749	9.10.  Transaction: Status

2751	   Request: StatusRequest

2753	   Response: StatusResponse

2755	9.10.1.  Message: StatusRequest

2757	   Inherits: MeshRequestUser

2759	   DeviceUDF: String (Optional)

2761	   ProfileMasterDigest: Binary (Optional)

2763	   Catalogs: String [0..Many]

2765	   Spools: String [0..Many]

2767	9.10.2.  Message: StatusResponse

2769	   Inherits: MeshResponse

2771	   EnvelopedProfileAccount: Enveloped (Optional)  The account profile
2772	      providing the root of trust for this account.

2774	   EnvelopedCatalogedDevice: Enveloped (Optional)  The catalog device
2775	      entry

2777	   ContainerStatus: ContainerStatus [0..Many]

2779	9.11.  Transaction: Download

2781	   Request: DownloadRequest

2783	   Response: DownloadResponse

2785	   Request objects from the specified container with the specified
2786	   search criteria.

2788	9.11.1.  Message: DownloadRequest

2790	   Inherits: MeshRequestUser

2792	   Request objects from the specified container(s).

2794	   A client MAY request only objects matching specified search criteria
2795	   be returned and MAY request that only specific fields or parts of the
2796	   payload be returned.

2798	   Select: ConstraintsSelect [0..Many]  Specifies constraints to be
2799	      applied to a search result.  These allow a client to limit the
2800	      number of records returned, the quantity of data returned, the
2801	      earliest and latest data returned, etc.

2803	   ConstraintsPost: ConstraintsData (Optional)  Specifies the data
2804	      constraints to be applied to the responses.

2806	9.11.2.  Message: DownloadResponse

2808	   Inherits: MeshResponse

2810	   Return the set of objects requested.

2812	   Services SHOULD NOT return a response that is disproportionately
2813	   large relative to the speed of the network connection without a clear
2814	   indication from the client that it is relevant.  A service MAY limit
2815	   the number of objects returned.  A service MAY limit the scope of
2816	   each response.

2818	   Updates: ContainerUpdate [0..Many]  The updated data

2820	9.12.  Transaction: Transact

2822	   Request: TransactRequest

2824	   Response: TransactResponse
2825	   Attempt an atomic transaction on the containers and spools associated
2826	   with an account.

2828	9.12.1.  Message: TransactRequest

2830	   Inherits: MeshRequestUser

2832	   Upload entries to a container.  This request is only valid if it is
2833	   issued by the owner of the account

2835	   Updates: ContainerUpdate [0..Many]  The data to be updated

2837	   Accounts: String [0..Many]  The account(s) to which the request is
2838	      directed.

2840	   Outbound: Enveloped [0..Many]  The messages to be sent to other
2841	      accounts

2843	   Inbound: Enveloped [0..Many]  Messages to be appended to the user's
2844	      inbound spool. this is typically used to post notifications to the
2845	      user to mark messages as having been read or responded to.

2847	   Local: Enveloped [0..Many]  Messages to be appended to the user's
2848	      local spool.  This is used to allow connecting devices to collect
2849	      activation messages before they have connected to the mesh.

2851	9.12.2.  Message: TransactResponse

2853	   Inherits: MeshResponse

2855	   Response to an upload request.

2857	   Entries: EntryResponse [0..Many]  The responses to the entries.

2859	   ConstraintsData: ConstraintsData (Optional)  If the upload request
2860	      contains redacted entries, specifies constraints that apply to the
2861	      redacted entries as a group.  Thus the total payloads of all the
2862	      messages must not exceed the specified value.

2864	9.12.3.  Structure: EntryResponse

2866	   IndexRequest: Integer (Optional)  The index value of the entry in the
2867	      request.

2869	   IndexContainer: Integer (Optional)  The index value assigned to the
2870	      entry in the container.

2872	   Result: String (Optional)  Specifies the result of attempting to add
2873	      the entry to a catalog or spool.  Valid values for a message are
2874	      'Accept', 'Reject'.  Valid values for an entry are 'Accept',
2875	      'Reject' and 'Conflict'.

2877	   ConstraintsData: ConstraintsData (Optional)  If the entry was
2878	      redacted, specifies constraints that apply to the redacted entries
2879	      as a group.  Thus the total payloads of all the messages must not
2880	      exceed the specified value.

2882	9.13.  Transaction: Post

2884	   Request: PostRequest

2886	   Response: PostResponse

2888	   Request to post to a spool from an external party.  The request and
2889	   response messages are extensions of the corresponding messages for
2890	   the Upload transaction.  It is expected that additional fields will
2891	   be added as the need arises.

2893	9.13.1.  Message: PostRequest

2895	   Inherits: MeshRequest

2897	   Accounts: String [0..Many]  The account(s) to which the request is
2898	      directed.

2900	   Messages: Enveloped [0..Many]  The messages to be sent to the
2901	      addresses specified in Accounts.

2903	9.13.2.  Message: PostResponse

2905	   Inherits: TransactResponse

2907	   [No fields]

2909	9.14.  Transaction: Claim

2911	   Request: ClaimRequest

2913	   Response: ClaimResponse

2915	   Claim a publication

2917	9.14.1.  Message: ClaimRequest

2919	   Inherits: MeshRequest
2920	   EnvelopedMessageClaim: Enveloped (Optional)  The claim message

2922	9.14.2.  Message: ClaimResponse

2924	   Inherits: MeshResponse

2926	   CatalogedPublication: CatalogedPublication (Optional)  The encrypted
2927	      device profile

2929	9.15.  Transaction: PollClaim

2931	   Request: PollClaimRequest

2933	   Response: PollClaimResponse

2935	   Check party making claim

2937	9.15.1.  Message: PollClaimRequest

2939	   Inherits: MeshRequest

2941	   PublicationId: String (Optional)  The envelope identifier formed from
2942	      the PublicationId.

2944	   TargetAccountAddress: String (Optional)  Account to which the claim
2945	      is directed

2947	9.15.2.  Message: PollClaimResponse

2949	   Inherits: MeshResponse

2951	   EnvelopedMessage: Enveloped (Optional)  The claim message

2953	9.15.3.  Structure: CryptographicOperation

2955	   KeyId: String (Optional)  The key identifier

2957	   KeyCoefficient: Binary (Optional)  Lagrange coefficient multiplier to
2958	      be applied to the private key

2960	9.15.4.  Structure: CryptographicOperationSign

2962	   Inherits: CryptographicOperation

2964	   Data: Binary (Optional)  The data to sign

2966	   PartialR: Binary (Optional)  Contribution to the R offset.

2968	9.15.5.  Structure: CryptographicOperationKeyAgreement

2970	   Inherits: CryptographicOperation

2972	   [No fields]

2974	9.15.6.  Structure: CryptographicOperationGenerate

2976	   Inherits: CryptographicOperation

2978	   [No fields]

2980	9.15.7.  Structure: CryptographicOperationShare

2982	   Inherits: CryptographicOperation

2984	   Threshold: Integer (Optional)

2986	   Shares: Integer (Optional)

2988	9.15.8.  Structure: CryptographicResult

2990	   Error: String (Optional)

2992	9.15.9.  Structure: CryptographicResultKeyAgreement

2994	   Inherits: CryptographicResult

2996	   [No fields]

2998	9.15.10.  Structure: CryptographicResultShare

3000	   Inherits: CryptographicResult

3002	   [No fields]

3004	9.16.  Transaction: Operate

3006	   Request: OperateRequest

3008	   Response: OperateResponse

3010	   Perform a set of cryptographic operations

3012	9.16.1.  Message: OperateRequest

3014	   Inherits: MeshRequest
3015	   AccountAddress: String (Optional)  The service account the capability
3016	      is bound to

3018	9.16.2.  Message: OperateResponse

3020	   Inherits: MeshResponse

3022	   [No fields]

3024	10.  Security Considerations

3026	   The security considerations for use and implementation of Mesh
3027	   services and applications are described in the Mesh Security
3028	   Considerations guide [draft-hallambaker-mesh-security].

3030	11.  IANA Considerations

3032	   All the IANA considerations for the Mesh documents are specified in
3033	   this document

3035	12.  Acknowledgements

3037	   A list of people who have contributed to the design of the Mesh is
3038	   presented in [draft-hallambaker-mesh-architecture].

3040	13.  Normative References

3042	   [draft-hallambaker-mesh-architecture]
3043	              Hallam-Baker, P., "Mathematical Mesh 3.0 Part I:
3044	              Architecture Guide", Work in Progress, Internet-Draft,
3045	              draft-hallambaker-mesh-architecture-14, 27 July 2020,
3046	              <https://tools.ietf.org/html/draft-hallambaker-mesh-
3047	              architecture-14>.

3049	   [draft-hallambaker-mesh-schema]
3050	              Hallam-Baker, P., "Mathematical Mesh 3.0 Part IV: Schema
3051	              Reference", Work in Progress, Internet-Draft, draft-
3052	              hallambaker-mesh-schema-05, 16 January 2020,
3053	              <https://tools.ietf.org/html/draft-hallambaker-mesh-
3054	              schema-05>.

3056	   [draft-hallambaker-mesh-security]
3057	              Hallam-Baker, P., "Mathematical Mesh 3.0 Part VII:
3058	              Security Considerations", Work in Progress, Internet-
3059	              Draft, draft-hallambaker-mesh-security-05, 27 July 2020,
3060	              <https://tools.ietf.org/html/draft-hallambaker-mesh-
3061	              security-05>.

3063	   [draft-hallambaker-mesh-udf]
3064	              Hallam-Baker, P., "Mathematical Mesh 3.0 Part II: Uniform
3065	              Data Fingerprint.", Work in Progress, Internet-Draft,
3066	              draft-hallambaker-mesh-udf-10, 27 July 2020,
3067	              <https://tools.ietf.org/html/draft-hallambaker-mesh-udf-
3068	              10>.

3070	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
3071	              Requirement Levels", BCP 14, RFC 2119,
3072	              DOI 10.17487/RFC2119, March 1997,
3073	              <https://www.rfc-editor.org/rfc/rfc2119>.

3075	   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
3076	              Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
3077	              <https://www.rfc-editor.org/rfc/rfc3339>.

3079	   [RFC4648]  Josefsson, S., "The Base16, Base32, and Base64 Data
3080	              Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,
3081	              <https://www.rfc-editor.org/rfc/rfc4648>.

3083	   [RFC7230]  Fielding, R. and J. Reschke, "Hypertext Transfer Protocol
3084	              (HTTP/1.1): Message Syntax and Routing", RFC 7230,
3085	              DOI 10.17487/RFC7230, June 2014,
3086	              <https://www.rfc-editor.org/rfc/rfc7230>.

3088	   [RFC8446]  Rescorla, E., "The Transport Layer Security (TLS) Protocol
3089	              Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
3090	              <https://www.rfc-editor.org/rfc/rfc8446>.

3092	14.  Informative References

3094	   [draft-hallambaker-mesh-developer]
3095	              Hallam-Baker, P., "Mathematical Mesh: Reference
3096	              Implementation", Work in Progress, Internet-Draft, draft-
3097	              hallambaker-mesh-developer-10, 27 July 2020,
3098	              <https://tools.ietf.org/html/draft-hallambaker-mesh-
3099	              developer-10>.

3101	   [ECMA-262] Ecma International, "ECMAScript(R) 2017 Language
3102	              Specification", June 2017.