Re: [Secdispatch] [saag] The Mathematical Mesh

Phillip Hallam-Baker <> Thu, 25 April 2019 21:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 02A5312004C; Thu, 25 Apr 2019 14:12:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id wd-TNiiIo_GE; Thu, 25 Apr 2019 14:12:13 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 283FE120044; Thu, 25 Apr 2019 14:12:13 -0700 (PDT)
Received: by with SMTP id e5so784985otk.12; Thu, 25 Apr 2019 14:12:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VHX+0lPDmVg+sXjWF/BgwByYc3WQw+RO3k6xAS5I99c=; b=B/lP7a7ppVZO7nfLsnuobQvEme5xSvXQuEC1H+Yyb3+SicACOML0ACB45ZuwAEZfN8 AZGVA2kWT0LNJ6HroUMu8g2OkV66PavEKgYCmBBSrBlt3d+CpUMj5EWVvgfohXRfS/08 PxA5lDfBFYTf97Qilmrq4cstNcf1qLHiz4HUtydeB7MnU6b/yb11wrftxHVxgdnIkI0W 4vf1uNopUCJiavlHDYNGmaurpMt0m6g9G1LCndKEJSLNmRZPljpLkX4VrclfSKjJTI0C Cut7QdmvE8eSHgXFCP/1G/aSeh1KNfxtBCZflcb3bBn1QQ46c1FXcfHUdE+aY6b4Um4Z PBXA==
X-Gm-Message-State: APjAAAWCj2zvqMkdI6j/f6IKUf5AwKIlFc+S3FlgjpNGNFZobC6Q+TSo mqulbHuIsRG6gViuFHxZ8lEcdRGwDuqFDOAO3f8=
X-Google-Smtp-Source: APXvYqxxoZmOUQYNwBeLaSt9onH3N1Q75Ois4SwMzob+G5NtKV9EjUMDnnU5fxH0W7rsa50UkGQNi2FeXG/3eHhxrkg=
X-Received: by 2002:a05:6830:1017:: with SMTP id a23mr26225817otp.120.1556226732382; Thu, 25 Apr 2019 14:12:12 -0700 (PDT)
MIME-Version: 1.0
References: <> <20190425161404.GS3137@localhost>
In-Reply-To: <20190425161404.GS3137@localhost>
From: Phillip Hallam-Baker <>
Date: Thu, 25 Apr 2019 17:12:00 -0400
Message-ID: <>
To: Nico Williams <>
Content-Type: multipart/alternative; boundary="00000000000092de5e058761454c"
Archived-At: <>
Subject: Re: [Secdispatch] [saag] The Mathematical Mesh
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Apr 2019 21:12:15 -0000

On Thu, Apr 25, 2019 at 12:14 PM Nico Williams <>

> Now that I understand what the proposal is, I have to say that I like
> it.
> There are some important new things in it, mostly the use of a
> blockchain for PGP-style web-of-trust, and an Internet protocol for
> device key management (which is separable but doesn't need to be
> separated).  The first is a new application of existing ideas, but it
> is critical to facilitating the use of web-of-trust.

Just to be clear: It is a similar approach to blockchain. The encoding used
is entirely separate.

The DARE Container allows append only logs to be created with individual
entries of up to 2^63 bytes in length. So we could use the same format as a
file archiving format or even a software distribution format.

The encoding allows the container sequence to be read with equal efficiency
in the forward or the reverse direction and while every entry can have a
separate key exchange and signature, the entire container can be
authenticated and encrypted at the entry level using a single key exchange
in the first entry and a single signature entry on the last entry.

So we could use this as a ZIP file for distributing Web pages. But unlike
ZIP, the signatures are based on a Merkle tree so we can validate
individual entries.

So we could use this as a software distribution format. Put all the files
for all the distributions on all platforms into one big file. Then the
distribution system can extract the specific set of files needed for
specific platforms weeding out the ones that aren't needed.

The same approach can be used for software updates. since the containers
are append only. All you need to do to push out updates is to synchronize
the containers across devices.

The reason I was able to simplify the Mesh code was that I realized that
all my application protocols could be implemented as instances of
synchronizing containers between devices.

> The most important thing about the proposal is that it's a synthesis of
> the above and an all-of-the-above approach to communication security for
> average users, and that it's a proposal for Standards-Track Internet
> protocols.  As such it has better chance of success than the disparate
> piecemeal efforts of the industry as a whole until now.
> Count on me as a reviewer,

Thanks, that is greatly appreciated. The status of the current drafts is
that the text is more or less complete, there are some missing images and
multiple missing examples.

The reason for that is that I alternate between writing the documentation
and implementing it. I began by writing the documentation, wrote the code,
went back and wrote new documentation describing the code and so on.

The last set of changes was motivated my my leaving Comodo. Originally, the
DARE work was an application that built on the Mesh capabilities. I rewrote
the code so that the Mesh is now built on top of DARE. That allowed me to
eliminate two thirds of it.