Re: [Secdispatch] The Mathematical Mesh

Richard Barnes <> Mon, 22 April 2019 17:34 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3FE87120044 for <>; Mon, 22 Apr 2019 10:34:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LYmQZcH3QOaD for <>; Mon, 22 Apr 2019 10:34:28 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F3D6D1200DF for <>; Mon, 22 Apr 2019 10:34:27 -0700 (PDT)
Received: by with SMTP id i21so9036551oib.11 for <>; Mon, 22 Apr 2019 10:34:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=saXjQWBHFGZpWyT6o8DxU6FtSo4gVf1HfChXtt8kFso=; b=U1arV25jaYod9kYEXSplA78hY0meV/akF5wY5Ar1fYCcurBzdqoqgUb5dJ7EmkSQQ3 t4ddMKys8KePWiyA2xOE1Lpkb6fwz5dsrQa/M8cM2vW2l03nrbiKT29KOjB3ZiquYIjm K3KecIp0IQpsC8XZw9R4bm98dIrtyYpop1Z2iwwvAMZASECIZMAZy9LpfGF3KTIcLHWM cY03ai0vo0CgsCagZ6O0I2CVSygcubqxoL+rzbUrP/lQ6elMOYRYR5rq2LPN+v/d6Hsm tW2WVq9e2SKPZi0Ll1hwKvcuXYk+xXzZ15WZM6ySxS55oFg+lFKbxuair7qgneTAzMuR gDCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=saXjQWBHFGZpWyT6o8DxU6FtSo4gVf1HfChXtt8kFso=; b=iDOVN1BDQrxD6GormHx1HLb/qqOzaHnpDU23DwZ09Q7KhHpB25/CEePBYNJHsi0FVC B20WvzssPuXH2q8Kuy121bD/Bwrm8vEpgFFJw1wlXbaaDcKs3kKo0wDcJq0cedOjbEz5 H8/d2mqxi+EUbnV73c1bj8/huL3PaYBzOecnMtcpsTazO9/CLIGlvukJnl6I4GuZy6Yt Gi6dWKhyjG78P+WGOsAc/PiiJ+6depilnXlSkslD6Dp+0dP9m3OOizbx14XBIGPeNonu HL+nw2gT0EkILtu0T92YTVTdy7ZtCAFR+tReNnZjSfdY6RA/s+DiN9fyPumqOKt19qF+ kRxQ==
X-Gm-Message-State: APjAAAVpGoYdSxiqnjuI8BF2wpkicn3wo9b/+18eoxG83ObHh3HCie/N fCNU7vSsGAXmr7D2pgq77eUr3SqL+N6sLXh7ySyTUw==
X-Google-Smtp-Source: APXvYqwRSyH6CosoZ7P9o3/1GVzxOSF3jUSPg3GhcNgI8Bt8ODl8P7qSnm0+FDK76aze2ePrKKf0Iv2L3tSkPawdgUI=
X-Received: by 2002:aca:544b:: with SMTP id i72mr10114079oib.51.1555954466947; Mon, 22 Apr 2019 10:34:26 -0700 (PDT)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Richard Barnes <>
Date: Mon, 22 Apr 2019 13:34:06 -0400
Message-ID: <>
To: Phillip Hallam-Baker <>
Content-Type: multipart/alternative; boundary="0000000000004a1e74058721e19e"
Archived-At: <>
Subject: Re: [Secdispatch] The Mathematical Mesh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 22 Apr 2019 17:34:32 -0000

Hi Phil,

Thanks for the note.  The IETF typically works on specifications for
interoperability between multiple implementations.  Is there more than one
party involved / interested in implementing?


On Mon, Apr 22, 2019 at 12:58 PM Phillip Hallam-Baker <>

> Five years ago I started to look at the reasons that Internet users do not
> use end-to-end secure mail despite the fact that almost every email client
> in use supported S/MIME and OpenPGP had been available for decades.
> In answering that question, I quickly realized that we were trying to
> solve the problems we were interested in rather than the ones that the user
> actually cared about. And yes, users do really care about security but
> their security concerns are much broader than the ones raised on the
> cypherpunks mailing lists. They are concerned about the control that
> corporations might have over them much more than governments. They are
> concerned with the risk of losing the pictures of their kids at 5 years old
> to ransomware.
> Carl Ellison says that the user base of any security protocol halves for
> each click required to use it. This led me to ask, 'how can we reduce total
> user effort' and not just effort required for security. Today we ask the
> user to configure their email client twice, first to make use of email and
> again to make email secure (and then we require them to redo the second
> annually for S/MIME).
> The result of this approach is an infrastructure I call the Mathematical
> Mesh which I would like IETF participants to consider as a standards track
> effort, either in part or in whole.
> The goal of the Mesh is to make computers easier to use by making them
> more secure. This is easier than people might imagine. The key here is that
> every set of instructions that you write down and give to a human can be
> written as code and given to a suitably authorized computer system.
> The phrase suitably authorized is key here, often the reason manual
> intervention is required to configure systems requires is that certain
> system privileges are needed.
> Like BitCoin, the Mesh extends the traditional cryptographic repertoire.
> While all of the cryptographic techniques used in the Mesh are well
> established in the academic field, this is the first time anyone has (to my
> knowledge) proposed making use of them in an open standard.
> The Mesh is designed to make full use of the capabilities of modern
> computer systems: It is assumed that every user has access to a machine
> with at least the capability of a Raspberry Pi Zero for purposes of
> configuring an managing devices. Connection and use of constrained devices
> of Arduino Mega class and above is also supported by offloading certain
> security functions to a trusted gateway.
> I am posting this here to solicit opinions as to whether I should bring
> some or all of this work to the IETF or if I should take it to other forums.
> The drafts are available in plaintext or HTML format. Since some of the
> drafts make extensive use of mathematical notations, I recommend reading
> them in the HTML format.
> <>
> <>
> Plaintext:
> These drafts are not yet complete as the example material and schema
> documentation is still being revised. This will be addressed as the
> reference code passes the remaining unit tests for each functional unit.
> The principle adopted being that it is better to have no examples than
> incorrect ones.
> The following drafts are planned but not yet written:
> The reference code is open source and runs in C# under .net Core. It is
> currently tested only on the Windows platform but previous versions have
> run on OSX and Linux.
> The code system is also open source. These tools allowed me to design,
> implement and document a code base that is capable of performing
> significant portions of the functions of PKIX, S/MIME, Blockchain, SMTP,
> IMAP and TLS on my own in a little less than three years.
> _______________________________________________
> Secdispatch mailing list