Mathematical Mesh: Developer's Guide

The Mesh Reference library was developed using Visual Studio 2015 Community Edition using PHB's Build Tools extensions. The reference code itself is currently limited to C# libraries. The code should in theory run under other operating systems but this is not currently tested. Development under different development environments is also possible but would require re-engineering to make use of the line mode versions of the build tools.

Visual Studio 2015 Community Edition is currently available at no cost for a wide range of non-commercial development including personal use and development of Open Source software. For full details, please consult the license published by Microsoft.

Over half the code in the reference code library is generated using code generators. These are used to ensure that the specification, examples and reference code are always kept in synchronization. The build tools are published under an MIT License and are available in two forms: As stand-alone tools to be run from the command line. As a VSIX package that integrates into the Visual Studio environment. The source distribution is configured to use the tools integrated into the Visual Studio environment. If development on other platforms is desired, the simplest approach is likely to be to write a tool that reads the Visual Studio configuration files and generates the corresponding files for use with make. The VSIX package is available from the Visual Studio extensions gallery:

The source code for the build tools is available from:

The Mesh reference library source code is published under an MIT license and is available from:

The reference code examples are designed to illustrate how the Mesh might be used in an application rather than be standalone tools in their own right. The Mesh is designed to make it each for developers to add security to their own applications rather than providing the applications themselves.

On the Windows platform, the server runs in the context of the platform Web server and must be granted permission to bind to the range of server addresses used using the netsh command. From a command prompt with administrator privileges, run the following command:

/.well-known/mmm/ \user=\]]> Where is the DNS domain name under which the service is run, is the Windows domain name of the machine and the account name. To start the service from the command line type:

]]> The server does not require administration privileges.

The profile manager wizard demonstrates functions that are performed on an administration device. These include creating a completely new profile and initial configuration of applications, connecting a device to the profile and recovery of the profile from escrow data. To run the client from the command line, place the executable image in a location that it will be found in the PATH variable and type:

The Profile connection wizard demonstrates the much more restricted functionality that would be required in a Mesh connected application and/or a profile manager for a non-administration device. To run the client from the command line, place the executable image in a location that it will be found in the PATH variable and type:

All private key data is stored using the Windows public key store. At minimum, this ensures that private keys are obfuscated and encrypted under the account password to protect the data against casual extraction attacks. On a machine with cryptographic hardware support such as a TPM or HSM, extraction of the private key may be infeasible without physical access to the machine and possibly require sophisticated diagnostic equipment.

Separate settings are used for production and test code. Test Code should use the Registry Hive: HKEY_CURRENT_USER\SOFTWARE\CryptoMesh Production code should use the hive HKEY_CURRENT_USER\SOFTWARE\MathematicalMesh In either case the sub structure is: Contains the set of Mesh Portal Accounts for the user. The default value is the account name of the default account. The Name of the each key is a portal account name and the value a REG_SZ entry containing the UDF of the profile master key. Contains the set of Mesh Profiles for the user. The default value is the UDF of the default profile master key. The Name of each key is the UDF of the master key and the value a REG_SZ entry containing the file location of the cached copy of the personal profile. Contains the set of Device profiles in the same format as the PersonalProfiles.

The profile data itself is stored in data files at the location specified in the registry. The files are standard XML files in UTF8 encoding.

[[Not yet implemented, subject to change.] All configuration information is stored in the user directory ~/.mmm Keys are stored in SSH key file format [RFC4716] using the customary name and extension conventions for that application.

The application ExampleGenerator shows the use of the Mesh in an application using the convenience API. It is the application program used to generate the examples in the reference document. ExampleGenerator implements a client that connects to a remote WebService, creates new personal profile with an escrow entry with offline recovery codes, attaches applications and other devices, updates an application profile, deletes all the profile data from the local machine and then restores them using the recovery codes and escrow entry.

The normal method of creating a Portal Client connection is? Since the purpose of the ExampleGenerator is to create examples for the documentation, it is not necessary for the JSON Remote Procedure Calls to actually be 'Remote'. Instead the 'Local' Procedure Call mode is used in which the client and server both run in the same process with the client API invoking the server dispatch methods through an interface that performs JSON serialization and deserialization but does not invoke the network transport. ?. For purposes of testing and initial development of a Web Service it is frequently desirable to further simplify the implementation by dispensing with the serialization layer and the client calling the server dispatch methods directly. ?.

If you are building Mesh applications in another language, the least effort approach may be to rewrite the PROTOGEN build tool to target your language. Protogen does support generation of C header files that may be used to drive a parser. If however you are adding Mesh support for an application that already uses JSON based protocols, you might want to edit the generator scripting files to generate code for your existing libraries.

Security Considerations are addressed in the companion document [draft-hallambaker-mesh-architecture-01]

IANA Considerations are addressed in the companion document [draft-hallambaker-mesh-architecture-01]

Comodo Group: Egemen Tas, Melhi Abdulhayo?lu, Rob Stradling, Robin Alden.