idnits 2.17.1 draft-hallambaker-mesh-security-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Authors' Addresses Section. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (16 January 2020) is 1560 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group P. M. Hallam-Baker 3 Internet-Draft 16 January 2020 4 Intended status: Informational 5 Expires: 19 July 2020 7 Mathematical Mesh 3.0 Part VII: Security Considerations 8 draft-hallambaker-mesh-security-03 10 Abstract 12 The Mathematical Mesh 'The Mesh' is an end-to-end secure 13 infrastructure that facilitates the exchange of configuration and 14 credential data between multiple user devices. The core protocols of 15 the Mesh are described with examples of common use cases and 16 reference data. 18 [Note to Readers] 20 Discussion of this draft takes place on the MATHMESH mailing list 21 (mathmesh@ietf.org), which is archived at 22 https://mailarchive.ietf.org/arch/search/?email_list=mathmesh. 24 This document is also available online at 25 http://mathmesh.com/Documents/draft-hallambaker-mesh-security.html. 27 Status of This Memo 29 This Internet-Draft is submitted in full conformance with the 30 provisions of BCP 78 and BCP 79. 32 Internet-Drafts are working documents of the Internet Engineering 33 Task Force (IETF). Note that other groups may also distribute 34 working documents as Internet-Drafts. The list of current Internet- 35 Drafts is at https://datatracker.ietf.org/drafts/current/. 37 Internet-Drafts are draft documents valid for a maximum of six months 38 and may be updated, replaced, or obsoleted by other documents at any 39 time. It is inappropriate to use Internet-Drafts as reference 40 material or to cite them other than as "work in progress." 42 This Internet-Draft will expire on 19 July 2020. 44 Copyright Notice 46 Copyright (c) 2020 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 51 license-info) in effect on the date of publication of this document. 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 58 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 59 2.1. Requirements Language . . . . . . . . . . . . . . . . . . 5 60 2.2. Defined Terms . . . . . . . . . . . . . . . . . . . . . . 5 61 2.3. Related Specifications . . . . . . . . . . . . . . . . . 6 62 2.4. Implementation Status . . . . . . . . . . . . . . . . . . 6 63 2.5. Shared Classes . . . . . . . . . . . . . . . . . . . . . 6 64 2.5.1. Classes describing keys . . . . . . . . . . . . . . . 6 65 2.5.2. Structure: PublicKey . . . . . . . . . . . . . . . . 6 66 2.5.3. Structure: KeyComposite . . . . . . . . . . . . . . . 6 67 2.5.4. Structure: DeviceRecryptionKey . . . . . . . . . . . 6 68 2.5.5. Structure: KeyOverlay . . . . . . . . . . . . . . . . 7 69 2.5.6. Structure: EscrowedKeySet . . . . . . . . . . . . . . 7 70 2.6. Assertion classes . . . . . . . . . . . . . . . . . . . . 7 71 2.6.1. Structure: Assertion . . . . . . . . . . . . . . . . 7 72 2.6.2. Structure: Condition . . . . . . . . . . . . . . . . 7 73 2.6.3. Profile Classes . . . . . . . . . . . . . . . . . . . 7 74 2.6.4. Structure: Profile . . . . . . . . . . . . . . . . . 7 75 2.6.5. Structure: ProfileMesh . . . . . . . . . . . . . . . 8 76 2.6.6. Structure: ProfileDevice . . . . . . . . . . . . . . 8 77 2.6.7. Structure: ProfileService . . . . . . . . . . . . . . 8 78 2.6.8. Structure: ProfileAccount . . . . . . . . . . . . . . 9 79 2.6.9. Structure: ProfileGroup . . . . . . . . . . . . . . . 9 80 2.6.10. Structure: ProfileHost . . . . . . . . . . . . . . . 9 81 2.6.11. Connection Classes . . . . . . . . . . . . . . . . . 9 82 2.6.12. Structure: Connection . . . . . . . . . . . . . . . . 9 83 2.6.13. Structure: Permission . . . . . . . . . . . . . . . . 10 84 2.6.14. Structure: ConnectionDevice . . . . . . . . . . . . . 10 85 2.6.15. Structure: ConnectionAccount . . . . . . . . . . . . 10 86 2.6.16. Structure: ConnectionGroup . . . . . . . . . . . . . 10 87 2.6.17. Structure: ConnectionService . . . . . . . . . . . . 11 88 2.6.18. Structure: ConnectionHost . . . . . . . . . . . . . . 11 89 2.6.19. Structure: ConnectionApplication . . . . . . . . . . 11 90 2.6.20. Activation Classes . . . . . . . . . . . . . . . . . 11 91 2.6.21. Structure: Activation . . . . . . . . . . . . . . . . 11 92 2.6.22. Structure: ActivationDevice . . . . . . . . . . . . . 11 93 2.6.23. Structure: ActivationAccount . . . . . . . . . . . . 12 94 2.6.24. Structure: ActivationGroup . . . . . . . . . . . . . 12 95 2.7. Cataloged items . . . . . . . . . . . . . . . . . . . . . 12 96 2.7.1. Data Structures . . . . . . . . . . . . . . . . . . . 12 97 2.7.2. Structure: ContactMesh . . . . . . . . . . . . . . . 12 98 2.7.3. Structure: Contact . . . . . . . . . . . . . . . . . 12 99 2.7.4. Structure: Role . . . . . . . . . . . . . . . . . . . 13 100 2.7.5. Structure: Address . . . . . . . . . . . . . . . . . 13 101 2.7.6. Structure: Location . . . . . . . . . . . . . . . . . 13 102 2.7.7. Structure: Reference . . . . . . . . . . . . . . . . 14 103 2.7.8. Structure: Task . . . . . . . . . . . . . . . . . . . 14 104 2.8. Catalog Entries . . . . . . . . . . . . . . . . . . . . . 15 105 2.8.1. Structure: CatalogedEntry . . . . . . . . . . . . . . 15 106 2.8.2. Structure: CatalogedDevice . . . . . . . . . . . . . 15 107 2.8.3. Structure: AccountEntry . . . . . . . . . . . . . . . 15 108 2.8.4. Structure: CatalogedCredential . . . . . . . . . . . 15 109 2.8.5. Structure: CatalogedNetwork . . . . . . . . . . . . . 16 110 2.8.6. Structure: CatalogedContact . . . . . . . . . . . . . 16 111 2.8.7. Structure: CatalogedContactRecryption . . . . . . . . 16 112 2.8.8. Structure: CatalogedBookmark . . . . . . . . . . . . 16 113 2.8.9. Structure: CatalogedTask . . . . . . . . . . . . . . 17 114 2.8.10. Structure: CatalogedApplication . . . . . . . . . . . 17 115 2.8.11. Structure: CatalogedMember . . . . . . . . . . . . . 17 116 2.8.12. Structure: CatalogedGroup . . . . . . . . . . . . . . 17 117 2.8.13. Structure: CatalogedApplicationSSH . . . . . . . . . 17 118 2.8.14. Structure: CatalogedApplicationMail . . . . . . . . . 17 119 2.8.15. Structure: CatalogedApplicationNetwork . . . . . . . 17 120 2.9. Messages . . . . . . . . . . . . . . . . . . . . . . . . 18 121 2.9.1. Structure: Message . . . . . . . . . . . . . . . . . 18 122 2.9.2. Structure: MessageComplete . . . . . . . . . . . . . 18 123 2.9.3. Structure: MessagePIN . . . . . . . . . . . . . . . . 18 124 2.9.4. Structure: RequestConnection . . . . . . . . . . . . 18 125 2.9.5. Structure: AcknowledgeConnection . . . . . . . . . . 18 126 2.9.6. Structure: OfferGroup . . . . . . . . . . . . . . . . 19 127 2.9.7. Structure: RequestContact . . . . . . . . . . . . . . 19 128 2.9.8. Structure: ReplyContact . . . . . . . . . . . . . . . 19 129 2.9.9. Structure: GroupInvitation . . . . . . . . . . . . . 19 130 2.9.10. Structure: RequestConfirmation . . . . . . . . . . . 19 131 2.9.11. Structure: ResponseConfirmation . . . . . . . . . . . 20 132 2.9.12. Structure: RequestTask . . . . . . . . . . . . . . . 20 133 3. Mesh Portal Service Reference . . . . . . . . . . . . . . . . 20 134 3.1. Request Messages . . . . . . . . . . . . . . . . . . . . 20 135 3.1.1. Message: MeshRequest . . . . . . . . . . . . . . . . 20 136 3.2. Response Messages . . . . . . . . . . . . . . . . . . . . 20 137 3.2.1. Message: MeshResponse . . . . . . . . . . . . . . . . 21 138 3.3. Imported Objects . . . . . . . . . . . . . . . . . . . . 21 139 3.4. Common Structures . . . . . . . . . . . . . . . . . . . . 21 140 3.4.1. Structure: KeyValue . . . . . . . . . . . . . . . . . 21 141 3.4.2. Structure: SearchConstraints . . . . . . . . . . . . 21 142 3.5. Transaction: Hello . . . . . . . . . . . . . . . . . . . 22 143 3.6. Transaction: ValidateAccount . . . . . . . . . . . . . . 22 144 3.6.1. Message: ValidateRequest . . . . . . . . . . . . . . 22 145 3.6.2. Message: ValidateResponse . . . . . . . . . . . . . . 22 146 3.7. Transaction: CreateAccount . . . . . . . . . . . . . . . 23 147 3.7.1. Message: CreateRequest . . . . . . . . . . . . . . . 23 148 3.7.2. Message: CreateResponse . . . . . . . . . . . . . . . 24 149 3.8. Transaction: DeleteAccount . . . . . . . . . . . . . . . 24 150 3.8.1. Message: DeleteRequest . . . . . . . . . . . . . . . 24 151 3.8.2. Message: DeleteResponse . . . . . . . . . . . . . . . 24 152 3.9. Transaction: Get . . . . . . . . . . . . . . . . . . . . 24 153 3.9.1. Message: GetRequest . . . . . . . . . . . . . . . . . 25 154 3.9.2. Message: GetResponse . . . . . . . . . . . . . . . . 25 155 3.10. Transaction: Publish . . . . . . . . . . . . . . . . . . 25 156 3.10.1. Message: PublishRequest . . . . . . . . . . . . . . 26 157 3.10.2. Message: PublishResponse . . . . . . . . . . . . . . 26 158 3.11. Transaction: Status . . . . . . . . . . . . . . . . . . . 26 159 3.11.1. Message: StatusRequest . . . . . . . . . . . . . . . 26 160 3.11.2. Message: StatusResponse . . . . . . . . . . . . . . 26 161 3.12. Transaction: ConnectStart . . . . . . . . . . . . . . . . 27 162 3.12.1. Message: ConnectStartRequest . . . . . . . . . . . . 27 163 3.12.2. Message: ConnectStartResponse . . . . . . . . . . . 27 164 3.13. Transaction: ConnectStatus . . . . . . . . . . . . . . . 27 165 3.13.1. Message: ConnectStatusRequest . . . . . . . . . . . 27 166 3.13.2. Message: ConnectStatusResponse . . . . . . . . . . . 28 167 3.14. Transaction: ConnectPending . . . . . . . . . . . . . . . 28 168 3.14.1. Message: ConnectPendingRequest . . . . . . . . . . . 28 169 3.14.2. Message: ConnectPendingResponse . . . . . . . . . . 28 170 3.15. Transaction: ConnectComplete . . . . . . . . . . . . . . 29 171 3.15.1. Message: ConnectCompleteRequest . . . . . . . . . . 29 172 3.15.2. Message: ConnectCompleteResponse . . . . . . . . . . 29 173 3.16. Transaction: Transfer . . . . . . . . . . . . . . . . . . 29 174 3.16.1. Message: TransferRequest . . . . . . . . . . . . . . 30 175 3.16.2. Message: TransferResponse . . . . . . . . . . . . . 30 176 4. Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 177 4.1. Data . . . . . . . . . . . . . . . . . . . . . . . . . . 30 178 4.2. Credentials . . . . . . . . . . . . . . . . . . . . . . . 30 179 4.3. Reputation . . . . . . . . . . . . . . . . . . . . . . . 30 180 4.3.1. Outbound Messaging Abuse () . . . . . . . . . . . . . 30 181 5. Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 182 5.1. Confidentiality . . . . . . . . . . . . . . . . . . . . . 30 183 5.1.1. Privacy . . . . . . . . . . . . . . . . . . . . . . . 30 184 5.2. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 31 185 5.3. Availability . . . . . . . . . . . . . . . . . . . . . . 31 186 5.3.1. Data loss . . . . . . . . . . . . . . . . . . . . . . 31 187 5.3.2. Partial data survivability . . . . . . . . . . . . . 31 188 5.4. Inbound Messaging Abuse (Spam) . . . . . . . . . . . . . 31 189 6. Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 190 6.1. End point Compromise . . . . . . . . . . . . . . . . . . 31 191 7. Controls . . . . . . . . . . . . . . . . . . . . . . . . . . 31 192 7.1. Cryptographic . . . . . . . . . . . . . . . . . . . . . . 31 193 7.1.1. Triple lock . . . . . . . . . . . . . . . . . . . . . 31 194 7.1.2. Key Protection . . . . . . . . . . . . . . . . . . . 32 195 7.1.3. Key and Nonce Generation . . . . . . . . . . . . . . 32 196 7.1.4. Key Escrow and Recovery . . . . . . . . . . . . . . . 32 197 7.1.5. Profile Verification . . . . . . . . . . . . . . . . 32 198 7.1.6. Identity Validation . . . . . . . . . . . . . . . . . 33 199 7.1.7. Trust Broker Accountability . . . . . . . . . . . . . 33 200 7.2. Mesh Messaging . . . . . . . . . . . . . . . . . . . . . 33 201 7.2.1. Ingress Control . . . . . . . . . . . . . . . . . . . 33 202 7.2.2. Egress Control . . . . . . . . . . . . . . . . . . . 33 203 7.2.3. Security Signal . . . . . . . . . . . . . . . . . . . 33 204 7.2.4. Accountability . . . . . . . . . . . . . . . . . . . 34 205 8. Security Considerations . . . . . . . . . . . . . . . . . . . 34 206 8.1. Integrity . . . . . . . . . . . . . . . . . . . . . . . . 34 207 8.1.1. DNS Spoofing . . . . . . . . . . . . . . . . . . . . 34 208 8.1.2. TLS Downgrade . . . . . . . . . . . . . . . . . . . . 34 209 8.1.3. TLS Service Impersonation . . . . . . . . . . . . . . 34 210 8.1.4. Request Replay Attack . . . . . . . . . . . . . . . . 34 211 8.1.5. Response Replay Attack . . . . . . . . . . . . . . . 34 212 8.2. Confidentiality . . . . . . . . . . . . . . . . . . . . . 34 213 8.2.1. Side Channel Attack . . . . . . . . . . . . . . . . . 34 214 8.2.2. Session Key Leakage . . . . . . . . . . . . . . . . . 34 215 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 34 216 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 34 217 11. Normative References . . . . . . . . . . . . . . . . . . . . 34 218 12. Informative References . . . . . . . . . . . . . . . . . . . 35 220 1. Introduction 222 2. Definitions 224 This section presents the related specifications and standard, the 225 terms that are used as terms of art within the documents and the 226 terms used as requirements language. 228 2.1. Requirements Language 230 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 231 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 232 document are to be interpreted as described in [RFC2119]. 234 2.2. Defined Terms 236 The terms of art used in this document are described in the _Mesh 237 Architecture Guide_ [draft-hallambaker-mesh-architecture]. 239 2.3. Related Specifications 241 The architecture of the Mathematical Mesh is described in the _Mesh 242 Architecture Guide_ [draft-hallambaker-mesh-architecture]. The Mesh 243 documentation set and related specifications are described in this 244 document. 246 2.4. Implementation Status 248 The implementation status of the reference code base is described in 249 the companion document [draft-hallambaker-mesh-developer]. 251 2.5. Shared Classes 253 The following classes are used as common elements in Mesh profile 254 specifications. 256 2.5.1. Classes describing keys 258 2.5.2. Structure: PublicKey 260 The PublicKey class is used to describe public key pairs and trust 261 assertions associated with a public key. 263 UDF: String (Optional) UDF fingerprint of the public key parameters/ 265 X509Certificate: Binary (Optional) List of X.509 Certificates 267 X509Chain: Binary [0..Many] X.509 Certificate chain. 269 X509CSR: Binary (Optional) X.509 Certificate Signing Request. 271 2.5.3. Structure: KeyComposite 273 Service: String (Optional) Service holding the additional 274 contribution 276 2.5.4. Structure: DeviceRecryptionKey 278 UDF: String (Optional) The fingerprint of the encryption key 280 Contact: Contact (Optional) The User's Mesh contact information 282 RecryptionKey: PublicKey (Optional) The recryption key 284 EnvelopedRecryptionKeyDevice: DareEnvelope (Optional) The decryption 285 key encrypted under the user's device key. 287 2.5.5. Structure: KeyOverlay 289 UDF: String (Optional) Fingerprint of the resulting composite key 290 (to allow verification) 292 BaseUDF: String (Optional) Fingerprint specifying the base key 294 2.5.6. Structure: EscrowedKeySet 296 A set of escrowed keys. 298 [No fields] 300 2.6. Assertion classes 302 Classes that are derived from an assertion. 304 2.6.1. Structure: Assertion 306 Parent class from which all assertion classes are derived 308 Names: String [0..Many] Fingerprints of index terms for profile 309 retrieval. The use of the fingerprint of the name rather than the 310 name itself is a precaution against enumeration attacks and other 311 forms of abuse. 313 Updated: DateTime (Optional) The time instant the profile was last 314 modified. 316 NotaryToken: String (Optional) A Uniform Notary Token providing 317 evidence that a signature was performed after the notary token was 318 created. 320 2.6.2. Structure: Condition 322 Parent class from which all condition classes are derived. 324 [No fields] 326 2.6.3. Profile Classes 328 Profiles are self signed assertions. 330 2.6.4. Structure: Profile 332 Inherits: Assertion 334 Parent class from which all profile classes are derived 335 KeyOfflineSignature: PublicKey (Optional) The permanent signature 336 key used to sign the profile itself. The UDF of the key is used 337 as the permanent object identifier of the profile. Thus, by 338 definition, the KeySignature value of a Profile does not change 339 under any circumstance. The only case in which a 341 KeysOnlineSignature: PublicKey [0..Many] A Personal profile contains 342 at least one OSK which is used to sign device administration 343 application profiles. 345 2.6.5. Structure: ProfileMesh 347 Inherits: Profile 349 Describes the long term parameters associated with a personal 350 profile. 352 KeysMasterEscrow: PublicKey [0..Many] A Personal Profile MAY contain 353 one or more PMEK keys to enable escrow of private keys used for 354 stored data. 356 KeyEncryption: PublicKey (Optional) Key used to pass encrypted data 357 to the device such as a DeviceUseEntry 359 2.6.6. Structure: ProfileDevice 361 Inherits: Profile 363 Describes a mesh device. 365 Description: String (Optional) Description of the device 367 KeyEncryption: PublicKey (Optional) Key used to pass encrypted data 368 to the device such as a DeviceUseEntry 370 KeyAuthentication: PublicKey (Optional) Key used to authenticate 371 requests made by the device. 373 2.6.7. Structure: ProfileService 375 Inherits: Profile 377 Profile of a Mesh Service 379 KeyAuthentication: PublicKey (Optional) Key used to authenticate 380 service connections. 382 2.6.8. Structure: ProfileAccount 384 Inherits: Profile 386 Account assertion. This is signed by the service hosting the 387 account. 389 ServiceIDs: String [0..Many] Service address(es). 391 MeshProfileUDF: String (Optional) Master profile of the account 392 being registered. 394 KeyEncryption: PublicKey (Optional) Key used to encrypt data under 395 this profile 397 2.6.9. Structure: ProfileGroup 399 Inherits: Profile 401 Describes a group. Note that while a group is created by one person 402 who becomes its first administrator, control of the group may pass to 403 other administrators over time. 405 ServiceIDs: String [0..Many] Service address(es). 407 KeyEncryption: PublicKey (Optional) Key currently used to encrypt 408 data under this profile 410 2.6.10. Structure: ProfileHost 412 Inherits: Profile 414 KeyAuthentication: PublicKey (Optional) Key used to authenticate 415 service connections. 417 2.6.11. Connection Classes 419 2.6.12. Structure: Connection 421 Inherits: Assertion 423 SubjectUDF: String (Optional) UDF of the connection target. 425 AuthorityUDF: String (Optional) UDF of the connection source. 427 2.6.13. Structure: Permission 429 Name: String (Optional) 431 Role: String (Optional) 433 Capabilities: DareEnvelope (Optional) Keys or key contributions 434 enabling the operation to be performed 436 2.6.14. Structure: ConnectionDevice 438 Inherits: Connection 440 Permissions: Permission [0..Many] List of the permissions that the 441 device has been granted. 443 KeySignature: PublicKey (Optional) The signature key for use of the 444 device under the profile 446 KeyEncryption: PublicKey (Optional) The encryption key for use of 447 the device under the profile 449 KeyAuthentication: PublicKey (Optional) The authentication key for 450 use of the device under the profile 452 2.6.15. Structure: ConnectionAccount 454 Inherits: Connection 456 ServiceID: String [0..Many] The list of service identifiers. 458 Permissions: Permission [0..Many] List of the permissions that the 459 device has been granted. 461 KeySignature: PublicKey (Optional) The signature key for use of the 462 device under the profile 464 KeyEncryption: PublicKey (Optional) The encryption key for use of 465 the device under the profile 467 KeyAuthentication: PublicKey (Optional) The authentication key for 468 use of the device under the profile 470 2.6.16. Structure: ConnectionGroup 472 Describes the connection of a member to a group. 474 Inherits: Connection 475 KeyEncryption: KeyComposite (Optional) The decryption key for the 476 user within the group 478 2.6.17. Structure: ConnectionService 480 Inherits: Connection 482 [No fields] 484 2.6.18. Structure: ConnectionHost 486 Inherits: Connection 488 [No fields] 490 2.6.19. Structure: ConnectionApplication 492 Inherits: Connection 494 [No fields] 496 2.6.20. Activation Classes 498 2.6.21. Structure: Activation 500 Inherits: Assertion 502 Contains the private activation information for a Mesh application 503 running on a specific device 505 [No fields] 507 2.6.22. Structure: ActivationDevice 509 Inherits: Assertion 511 EnvelopedAssertionDeviceConnection: DareEnvelope (Optional) The 512 signed AssertionDeviceConnection. 514 KeySignature: KeyOverlay (Optional) The key overlay used to generate 515 the account signature key from the device signature key 517 KeyEncryption: KeyOverlay (Optional) The key overlay used to 518 generate the account encryption key from the device encryption key 520 KeyAuthentication: KeyOverlay (Optional) The key overlay used to 521 generate the account authentication key from the device 522 authentication key 524 2.6.23. Structure: ActivationAccount 526 Inherits: Activation 528 AccountUDF: String (Optional) The UDF of the account 530 KeyGroup: KeyComposite (Optional) The key contribution for the 531 decryption key for the device. NB this is NOT an overlay on the 532 device signature key, it is an overlay on the corresponding 533 recryption key. 535 KeyEncryption: KeyOverlay (Optional) The key overlay used to 536 generate the account encryption key from the device encryption key 538 KeyAuthentication: KeyOverlay (Optional) The key overlay used to 539 generate the account authentication key from the device 540 authentication key 542 KeySignature: KeyOverlay (Optional) The key overlay used to generate 543 the account signature key from the device signature key 545 2.6.24. Structure: ActivationGroup 547 Inherits: Activation 549 GroupUDF: String (Optional) The UDF of the group 551 KeyEncryption: KeyOverlay (Optional) The key overlay that 552 compliments the member's group decryption key. 554 2.7. Cataloged items 556 2.7.1. Data Structures 558 Classes describing data used in cataloged data. 560 2.7.2. Structure: ContactMesh 562 UDF: String (Optional) 564 ServiceID: String [0..Many] 566 2.7.3. Structure: Contact 568 Inherits: Assertion 570 MeshAccounts: DareEnvelope [0..Many] The Mesh Account Connection - 571 the main event really 573 Email: String (Optional) 575 Identifier: String (Optional) 577 FullName: String (Optional) 579 Title: String (Optional) 581 First: String (Optional) 583 Middle: String (Optional) 585 Last: String (Optional) 587 Suffix: String (Optional) 589 Labels: String [0..Many] 591 AssertionAccounts: ProfileAccount [0..Many] 593 Addresses: Address [0..Many] 595 Locations: Location [0..Many] 597 Roles: Role [0..Many] 599 2.7.4. Structure: Role 601 CompanyName: String (Optional) 603 Addresses: Address [0..Many] 605 Locations: Location [0..Many] 607 2.7.5. Structure: Address 609 URI: String (Optional) 611 Labels: String [0..Many] 613 2.7.6. Structure: Location 615 Appartment: String (Optional) 617 Street: String (Optional) 619 District: String (Optional) 620 Locality: String (Optional) 622 County: String (Optional) 624 Postcode: String (Optional) 626 Country: String (Optional) 628 2.7.7. Structure: Reference 630 MessageID: String (Optional) The received message to which this is a 631 response 633 ResponseID: String (Optional) Message that was generated in response 634 to the original (optional). 636 Relationship: String (Optional) The relationship type. This can be 637 Read, Unread, Accept, Reject. 639 2.7.8. Structure: Task 641 Key: String (Optional) Unique key. 643 Start: DateTime (Optional) 645 Finish: DateTime (Optional) 647 StartTravel: String (Optional) 649 FinishTravel: String (Optional) 651 TimeZone: String (Optional) 653 Title: String (Optional) 655 Description: String (Optional) 657 Location: String (Optional) 659 Trigger: String [0..Many] 661 Conference: String [0..Many] 663 Repeat: String (Optional) 665 Busy: Boolean (Optional) 667 2.8. Catalog Entries 669 2.8.1. Structure: CatalogedEntry 671 Base class for cataloged Mesh data. 673 [No fields] 675 2.8.2. Structure: CatalogedDevice 677 Inherits: CatalogedEntry 679 Public device entry, indexed under the device ID 681 UDF: String (Optional) UDF of the signature key of the device in the 682 Mesh 684 DeviceUDF: String (Optional) UDF of the signature key of the device 686 EnvelopedProfileDevice: DareEnvelope (Optional) The device profile 688 EnvelopedConnectionDevice: DareEnvelope (Optional) The public 689 assertion demonstrating connection of the Device to the Mesh 691 EnvelopedActivationDevice: DareEnvelope (Optional) The activations 692 of the device within the Mesh 694 Accounts: AccountEntry [0..Many] The accounts that this device is 695 connected to 697 2.8.3. Structure: AccountEntry 699 AccountUDF: String (Optional) UDF of the account profile 701 EnvelopedProfileAccount: DareEnvelope (Optional) The account profile 703 EnvelopedConnectionAccount: DareEnvelope (Optional) The connection 704 of this device to the account 706 EnvelopedActivationAccount: DareEnvelope (Optional) The activation 707 data for this device to the account 709 2.8.4. Structure: CatalogedCredential 711 Inherits: CatalogedEntry 713 Protocol: String (Optional) 714 Service: String (Optional) 716 Username: String (Optional) 718 Password: String (Optional) 720 2.8.5. Structure: CatalogedNetwork 722 Inherits: CatalogedEntry 724 Protocol: String (Optional) 726 Service: String (Optional) 728 Username: String (Optional) 730 Password: String (Optional) 732 2.8.6. Structure: CatalogedContact 734 Inherits: CatalogedEntry 736 Self: Boolean (Optional) If true, this catalog entry is for the user 737 who created the catalog. To be valid, such an entry MUST be 738 signed by an administration key for the Mesh profile containing 739 the account to which the catalog belongs. 741 Key: String (Optional) Unique key. 743 Permissions: Permission [0..Many] List of the permissions that the 744 contact has been granted. 746 EnvelopedContact: DareEnvelope (Optional) The (signed) contact data. 748 2.8.7. Structure: CatalogedContactRecryption 750 Inherits: CatalogedContact 752 [No fields] 754 2.8.8. Structure: CatalogedBookmark 756 Inherits: CatalogedEntry 758 Uri: String (Optional) 760 Title: String (Optional) 761 Path: String (Optional) 763 2.8.9. Structure: CatalogedTask 765 Inherits: CatalogedEntry 767 EnvelopedTask: DareEnvelope (Optional) 769 Title: String (Optional) 771 Key: String (Optional) Unique key. 773 2.8.10. Structure: CatalogedApplication 775 Inherits: CatalogedEntry 777 Key: String (Optional) 779 2.8.11. Structure: CatalogedMember 781 UDF: String (Optional) 783 Inherits: CatalogedEntry 785 2.8.12. Structure: CatalogedGroup 787 Inherits: CatalogedApplication 789 Profile: ProfileGroup (Optional) 791 2.8.13. Structure: CatalogedApplicationSSH 793 Inherits: CatalogedApplication 795 [No fields] 797 2.8.14. Structure: CatalogedApplicationMail 799 Inherits: CatalogedApplication 801 [No fields] 803 2.8.15. Structure: CatalogedApplicationNetwork 805 Inherits: CatalogedApplication 807 [No fields] 809 2.9. Messages 811 2.9.1. Structure: Message 813 MessageID: String (Optional) 815 Sender: String (Optional) 817 Recipient: String (Optional) 819 References: Reference [0..Many] 821 2.9.2. Structure: MessageComplete 823 Inherits: Message 825 [No fields] 827 2.9.3. Structure: MessagePIN 829 Account: String (Optional) 831 Inherits: Message 833 Expires: DateTime (Optional) 835 PIN: String (Optional) 837 2.9.4. Structure: RequestConnection 839 Connection request message. This message contains the information 841 Inherits: Message 843 ServiceID: String (Optional) 845 EnvelopedProfileDevice: DareEnvelope (Optional) Device profile of 846 the device making the request. 848 ClientNonce: Binary (Optional) 850 PinUDF: String (Optional) Fingerprint of the PIN value used to 851 authenticate the request. 853 2.9.5. Structure: AcknowledgeConnection 855 Connection request message generated by a service on receipt of a 856 valid MessageConnectionRequestClient 857 Inherits: Message 859 EnvelopedRequestConnection: DareEnvelope (Optional) The client 860 connection request. 862 ServerNonce: Binary (Optional) 864 Witness: String (Optional) 866 2.9.6. Structure: OfferGroup 868 Inherits: Message 870 [No fields] 872 2.9.7. Structure: RequestContact 874 Inherits: Message 876 Reply: Boolean (Optional) 878 Subject: String (Optional) 880 Self: DareEnvelope (Optional) The contact data. 882 2.9.8. Structure: ReplyContact 884 Inherits: RequestContact 886 [No fields] 888 2.9.9. Structure: GroupInvitation 890 Inherits: Message 892 Text: String (Optional) 894 EncryptedPartDecrypt: DareEnvelope (Optional) 896 2.9.10. Structure: RequestConfirmation 898 Inherits: Message 900 Text: String (Optional) 902 2.9.11. Structure: ResponseConfirmation 904 Inherits: Message 906 Request: RequestConfirmation (Optional) 908 Accept: Boolean (Optional) 910 2.9.12. Structure: RequestTask 912 Inherits: Message 914 [No fields] 916 3. Mesh Portal Service Reference 918 HTTP Well Known Service Prefix: /.well-known/mmm 920 Every Mesh Portal Service transaction consists of exactly one request 921 followed by exactly one response. Mesh Service transactions MAY 922 cause modification of the data stored in the Mesh Portal or the Mesh 923 itself but do not cause changes to the connection state. The 924 protocol itself is thus idempotent. There is no set sequence in 925 which operations are required to be performed. It is not necessary 926 to perform a Hello transaction prior to a ValidateAccount, Publish or 927 any other transaction. 929 3.1. Request Messages 931 A Mesh Portal Service request consists of a payload object that 932 inherits from the MeshRequest class. When using the HTTP binding, 933 the request MUST specify the portal DNS address in the HTTP Host 934 field. 936 3.1.1. Message: MeshRequest 938 Base class for all request messages. 940 Portal: String (Optional) Name of the Mesh Portal Service to which 941 the request is directed. 943 3.2. Response Messages 945 A Mesh Portal Service response consists of a payload object that 946 inherits from the MeshResponse class. When using the HTTP binding, 947 the response SHOULD report the Status response code in the HTTP 948 response message. However the response code returned in the payload 949 object MUST always be considered authoritative. 951 3.2.1. Message: MeshResponse 953 Base class for all response messages. Contains only the status code 954 and status description fields. 956 [No fields] 958 3.3. Imported Objects 960 The Mesh Service protocol makes use of JSON objects defined in the 961 JOSE Signatgure and Encryption specifications. 963 3.4. Common Structures 965 The following common structures are used in the protocol messages: 967 3.4.1. Structure: KeyValue 969 Describes a Key/Value structure used to make queries for records 970 matching one or more selection criteria. 972 Key: String (Optional) The data retrieval key. 974 Value: String (Optional) The data value to match. 976 3.4.2. Structure: SearchConstraints 978 Specifies constraints to be applied to a search result. These allow 979 a client to limit the number of records returned, the quantity of 980 data returned, the earliest and latest data returned, etc. 982 NotBefore: DateTime (Optional) Only data published on or after the 983 specified time instant is requested. 985 Before: DateTime (Optional) Only data published before the specified 986 time instant is requested. This excludes data published at the 987 specified time instant. 989 MaxEntries: Integer (Optional) Maximum number of data entries to 990 return. 992 MaxBytes: Integer (Optional) Maximum number of data bytes to return. 994 PageKey: String (Optional) Specifies a page key returned in a 995 previous search operation in which the number of responses 996 exceeded the specified bounds. 998 When a page key is specified, all the other search parameters 999 except for MaxEntries and MaxBytes are ignored and the service 1000 returns the next set of data responding to the earlier query. 1002 3.5. Transaction: Hello 1004 Request: HelloRequest 1006 Response: HelloResponse 1008 Report service and version information. 1010 The Hello transaction provides a means of determining which protocol 1011 versions, message encodings and transport protocols are supported by 1012 the service. 1014 3.6. Transaction: ValidateAccount 1016 Request: ValidateRequest 1018 Response: ValidateResponse 1020 Request validation of a proposed name for a new account. 1022 For validation of a user's account name during profile creation. 1024 3.6.1. Message: ValidateRequest 1026 Inherits: MeshRequest 1028 Describes the proposed account properties. Currently, these are 1029 limited to the account name but could be extended in future versions 1030 of the protocol. 1032 Account: String (Optional) Account name requested 1034 Reserve: Boolean (Optional) If true, request a reservation for the 1035 specified account name. Note that the service is not obliged to 1036 honor reservation requests. 1038 Language: String [0..Many] List of ISO language codes in order of 1039 preference. For creating explanatory text. 1041 3.6.2. Message: ValidateResponse 1043 Inherits: MeshResponse 1045 States whether the proposed account properties are acceptable and 1046 (optional) returns an indication of what properties are valid. 1048 Note that receiving a 'Valid' responseto a Validate Request does not 1049 guarantee creation of the account. In addition to the possibility 1050 that the account namecould be requested by another user between the 1051 Validate and Create transactions, a portal service MAY perform more 1052 stringent validation criteria when an account is actually being 1053 created. For example, checking with the authoritative list of 1054 current accounts rather than a cached copy. 1056 Valid: Boolean (Optional) If true, the specified account identifier 1057 is acceptable. If false, the account identifier is rejected. 1059 Minimum: Integer (Optional) Specifies the minimum length of an 1060 account name. 1062 Maximum: Integer (Optional) Specifies the maximum length of an 1063 account name. 1065 InvalidCharacters: String (Optional) A list of characters that the 1066 service does not accept in account names. The list of characters 1067 MAY not be exhaustive but SHOULD include any illegal characters in 1068 the proposed account name. 1070 Reason: String (Optional) Text explaining the reason an account name 1071 was rejected. 1073 3.7. Transaction: CreateAccount 1075 Request: CreateRequest 1077 Response: CreateResponse 1079 Request creation of a new portal account. 1081 Unlike a profile, a mesh account is specific to a particular Mesh 1082 portal. A mesh account must be created and accepted before a profile 1083 can be published. 1085 3.7.1. Message: CreateRequest 1087 Request creation of a new portal account. The request specifies the 1088 requested account identifier and the Mesh profile to be associated 1089 with the account. 1091 Inherits: MeshRequest 1093 Account: String (Optional) Account identifier requested. 1095 3.7.2. Message: CreateResponse 1097 Inherits: MeshResponse 1099 Reports the success or failure of a Create transaction. 1101 [No fields] 1103 3.8. Transaction: DeleteAccount 1105 Request: DeleteRequest 1107 Response: DeleteResponse 1109 Request deletion of a portal account. 1111 Deletes a portal account but not the underlying profile. Once 1112 registered, profiles are permanent. 1114 3.8.1. Message: DeleteRequest 1116 Request deletion of a new portal account. The request specifies the 1117 requested account identifier. 1119 Inherits: MeshRequest 1121 Account: String (Optional) Account identifier to be deleted. 1123 3.8.2. Message: DeleteResponse 1125 Inherits: MeshResponse 1127 Reports the success or failure of a Delete transaction. 1129 [No fields] 1131 3.9. Transaction: Get 1133 Request: GetRequest 1135 Response: GetResponse 1137 Search for data in the mesh that matches a set of properties 1138 described by a sequence of key/value pairs. 1140 3.9.1. Message: GetRequest 1142 Describes the Portal or Mesh data to be retreived. 1144 Inherits: MeshRequest 1146 Identifier: String (Optional) Lookup by profile ID 1148 Account: String (Optional) Lookup by Account ID 1150 KeyValues: KeyValue [0..Many] List of KeyValue pairs specifying the 1151 conditions to be met 1153 SearchConstraints: SearchConstraints (Optional) Constrain the search 1154 to a specific time interval and/or limit the number and/or total 1155 size of data records returned. 1157 Multiple: Boolean (Optional) If true return multiple responses if 1158 available 1160 Full: Boolean (Optional) If true, the client requests that the full 1161 Mesh data record be returned containing both the Mesh entry itself 1162 and the Mesh metadata that allows the date and time of the 1163 publication of the Mesh entry to be verified. 1165 3.9.2. Message: GetResponse 1167 Reports the success or failure of a Get transaction. If a Mesh entry 1168 matching the specified profile is found, containsthe list of entries 1169 matching the request. 1171 Inherits: MeshResponse 1173 DataItems: DataItem [0..Many] List of mesh data records matching the 1174 request. 1176 PageKey: String (Optional) If non-null, indicates that the number 1177 and/or size of the data records returned exceeds either the 1178 SearchConstraints specified in the request or internal server 1179 limits. 1181 3.10. Transaction: Publish 1183 Request: PublishRequest 1185 Response: PublishResponse 1187 Publish a profile or key escrow entry to the mesh. 1189 3.10.1. Message: PublishRequest 1191 Requests publication of the specified Mesh entry. 1193 Inherits: MeshRequest 1195 [No fields] 1197 3.10.2. Message: PublishResponse 1199 Reports the success or failure of a Publish transaction. 1201 Inherits: MeshResponse 1203 [No fields] 1205 3.11. Transaction: Status 1207 Request: StatusRequest 1209 Response: StatusResponse 1211 Request the current status of the mesh as seen by the portal to which 1212 it is directed. 1214 The response to the status request contains the last signed 1215 checkpoint and proof chains for each of the peer portals that have 1216 been checkpointed. 1218 [Not currently implemented] 1220 3.11.1. Message: StatusRequest 1222 Inherits: MeshRequest 1224 Initiates a status transaction. 1226 [No fields] 1228 3.11.2. Message: StatusResponse 1230 Reports the success or failure of a Status transaction. 1232 Inherits: MeshResponse 1234 LastWriteTime: DateTime (Optional) Time that the last write update 1235 was made to the Mesh 1237 LastCheckpointTime: DateTime (Optional) Time that the last Mesh 1238 checkpoint was calculated. 1240 NextCheckpointTime: DateTime (Optional) Time at which the next Mesh 1241 checkpoint should be calculated. 1243 CheckpointValue: String (Optional) Last checkpoint value. 1245 3.12. Transaction: ConnectStart 1247 Request: ConnectStartRequest 1249 Response: ConnectStartResponse 1251 Request connection of a new device to a mesh profile 1253 3.12.1. Message: ConnectStartRequest 1255 Inherits: MeshRequest 1257 Initial device connection request. 1259 SignedRequest: SignedConnectionRequest (Optional) Device connection 1260 request signed by thesignature key of the device requesting 1261 connection. 1263 AccountID: String (Optional) Account identifier of account to which 1264 the device is requesting connection. 1266 3.12.2. Message: ConnectStartResponse 1268 Reports the success or failure of a ConnectStart transaction. 1270 Inherits: MeshRequest 1272 [No fields] 1274 3.13. Transaction: ConnectStatus 1276 Request: ConnectStatusRequest 1278 Response: ConnectStatusResponse 1280 Request status of pending connection request of a new device to a 1281 mesh profile 1283 3.13.1. Message: ConnectStatusRequest 1284 Inherits: MeshRequest 1286 Request status information for a pending request posted previously. 1288 AccountID: String (Optional) Account identifier for which pending 1289 connection information is requested. 1291 DeviceID: String (Optional) Device identifier of device requesting 1292 status information. 1294 3.13.2. Message: ConnectStatusResponse 1296 Reports the success or failure of a ConnectStatus transaction. 1298 Inherits: MeshRequest 1300 Result: SignedConnectionResult (Optional) The signed 1301 ConnectionResult object. 1303 3.14. Transaction: ConnectPending 1305 Request: ConnectPendingRequest 1307 Response: ConnectPendingResponse 1309 Request a list of pending requests for an administration profile. 1311 3.14.1. Message: ConnectPendingRequest 1313 Inherits: MeshRequest 1315 Specify the criteria for pending requests. 1317 AccountID: String (Optional) The account identifier of the account 1318 for which pending connection requests are requested. 1320 SearchConstraints: SearchConstraints (Optional) Constrain the search 1321 to a specific time interval and/or limit the number and/or total 1322 size of data records returned. 1324 3.14.2. Message: ConnectPendingResponse 1326 Reports the success or failure of a ConnectPending transaction. 1328 Inherits: MeshRequest 1330 Pending: SignedConnectionRequest [0..Many] A list of pending 1331 requests satisfying the criteria set out in the request. 1333 PageKey: String (Optional) If non-null, indicates that the number 1334 and/or size of the data records returned exceeds either the 1335 SearchConstraints specified in the request or internal server 1336 limits. 1338 3.15. Transaction: ConnectComplete 1340 Request: ConnectCompleteRequest 1342 Response: ConnectCompleteResponse 1344 Post response to a pending connection request. 1346 3.15.1. Message: ConnectCompleteRequest 1348 Reports the success or failure of a ConnectComplete transaction. 1350 Inherits: MeshRequest 1352 Result: SignedConnectionResult (Optional) The connection result to 1353 be posted to the portal. The result MUST be signed by a valid 1354 administration key for the Mesh profile. 1356 AccountID: String (Optional) The account identifier to which the 1357 connection result is posted. 1359 3.15.2. Message: ConnectCompleteResponse 1361 Inherits: MeshRequest 1363 Reports the success or failure of a ConnectComplete transaction. 1365 [No fields] 1367 3.16. Transaction: Transfer 1369 Request: TransferRequest 1371 Response: TransferResponse 1373 Perform a bulk transfer of the log between the specified transaction 1374 identifiers. Requires appropriate authorization 1376 [Not currently implemented] 1378 3.16.1. Message: TransferRequest 1380 Request a bulk transfer of the log between the specified transaction 1381 identifiers. Requires appropriate authorization 1383 Inherits: MeshRequest 1385 SearchConstraints: SearchConstraints (Optional) Constrain the search 1386 to a specific time interval and/or limit the number and/or total 1387 size of data records returned. 1389 3.16.2. Message: TransferResponse 1391 Inherits: MeshResponse 1393 Reports the success or failure of a Transfer transaction. If 1394 successful, contains the list of Mesh records to be transferred. 1396 DataItems: DataItem [0..Many] List of mesh data records matching the 1397 request. 1399 PageKey: String (Optional) If non-null, indicates that the number 1400 and/or size of the data records returned exceeds either the 1401 SearchConstraints specified in the request or internal server 1402 limits. 1404 4. Assets 1406 4.1. Data 1408 4.2. Credentials 1410 4.3. Reputation 1412 4.3.1. Outbound Messaging Abuse () 1414 5. Risks 1416 5.1. Confidentiality 1418 Is a regulatory requirement GDPR/HIPPA 1420 5.1.1. Privacy 1422 Stronger requirement, given data but with restrictions on use 1424 Unintended use within an organization may put it in default 1425 GDPR 1427 HIPPA 1429 5.2. Integrity 1431 Modification of data enables control breaches 1433 5.3. Availability 1435 5.3.1. Data loss 1437 Loss of the pictures of the kids at 5 1439 5.3.2. Partial data survivability 1441 Where they buried Aunt Agatha's jewelry but not where they buried 1442 Aunt Agatha. 1444 5.4. Inbound Messaging Abuse (Spam) 1446 6. Threats 1448 6.1. End point Compromise 1450 7. Controls 1452 7.1. Cryptographic 1454 7.1.1. Triple lock 1456 7.1.1.1. Transport Security 1458 Traffic analysis protection 1460 7.1.1.2. Message Security 1462 Access control 1464 Authentication / Integrity 1466 7.1.1.3. Data Level Security 1468 Data Confidentiality 1470 Non-Repudiation 1472 7.1.2. Key Protection 1474 Use of platform provided facilities to bind private keys in the 1475 Device profile to the device is highly desirable. Ideally, private 1476 keys should be protected against extraction by hardware techniques 1477 presenting a high degree of resistance. 1479 7.1.2.1. Windows 1481 Use encrypted key store 1483 Preferably use BitLocker 1485 7.1.2.2. OSX 1487 Use Key Ring 1489 7.1.2.3. iOS 1491 Use ??? 1493 7.1.2.4. Linux 1495 Use the DBUS mechanism 1497 7.1.2.5. Android 1499 Hope and prayers. 1501 7.1.3. Key and Nonce Generation 1503 Use strong mechanisms as described in RFC??? 1505 Use of key co-generation as described in part 8 is advised 1507 7.1.4. Key Escrow and Recovery 1509 Master profile keys should be escrowed 1511 Escrow strategies for DARE should take account of the fact that users 1512 may want some but not all their data assets to survive them. 1514 7.1.5. Profile Verification 1516 Check that the device credential has been signed by an administration 1517 device and that the administration device was properly authorized by 1518 the master profile. 1520 Device catalog MUST be signed by the admin device. 1522 Future ? provide protection against rollback attacks. 1524 7.1.6. Identity Validation 1526 See the separate document on the trust model 1528 7.1.7. Trust Broker Accountability 1530 Cert transparency type techniques 1532 7.2. Mesh Messaging 1534 7.2.1. Ingress Control 1536 Every message is subject to access control 1538 Mesh Services should perform abuse filtering on inbound mail 1540 Mesh Services MUST apply user specified ingress control as specified 1541 in their contacts catalog. 1543 7.2.2. Egress Control 1545 Some applications may require egress control 1547 For example, classified environments 1549 Mail too stupid to send 1551 7.2.3. Security Signal 1553 Confirmation messages requiring payments 1555 Need Accountability 1557 Need to know the source of the accountability assertions 1559 Should be distinguished from sender controlled part of a message 1561 7.2.3.1. Brand 1563 If messages are being sent on behalf of a corporate entity, this 1564 should be signaled to both sender and receiver 1566 Sender ? remind them that they are speaking on behalf of another 1567 party 1568 Receiver ? establish who is speaking by the familiar technique. 1570 7.2.4. Accountability 1572 Authentication and consequences 1574 8. Security Considerations 1576 This document comprises the security considerations for the use and 1577 implementation of the Mathematical Mesh. 1579 8.1. Integrity 1581 8.1.1. DNS Spoofing 1583 8.1.2. TLS Downgrade 1585 8.1.3. TLS Service Impersonation 1587 8.1.4. Request Replay Attack 1589 8.1.5. Response Replay Attack 1591 8.2. Confidentiality 1593 8.2.1. Side Channel Attack 1595 8.2.2. Session Key Leakage 1597 9. IANA Considerations 1599 All the IANA considerations for the Mesh documents are specified in 1600 this document 1602 10. Acknowledgements 1604 A list of people who have contributed to the design of the Mesh is 1605 presented in [draft-hallambaker-mesh-architecture]. 1607 11. Normative References 1609 [draft-hallambaker-mesh-architecture] 1610 Hallam-Baker, P., "Mathematical Mesh 3.0 Part I: 1611 Architecture Guide", Work in Progress, Internet-Draft, 1612 draft-hallambaker-mesh-architecture-12, 16 January 2020, 1613 . 1616 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1617 Requirement Levels", BCP 14, RFC 2119, 1618 DOI 10.17487/RFC2119, March 1997, 1619 . 1621 12. Informative References 1623 [draft-hallambaker-mesh-developer] 1624 Hallam-Baker, P., "Mathematical Mesh: Reference 1625 Implementation", Work in Progress, Internet-Draft, draft- 1626 hallambaker-mesh-developer-09, 23 October 2019, 1627 .