Mesh-00 Requirements

What does the Mesh try to do?

Although the Mathematical Mesh was originally conceived as a means of managing cryptographic credentials for existing applications such as email and SSH, it was quickly realized that an infrastucture that could address these problems could be used to address many others.

The use of the Goedel Code Metasynthesizer as the basis for implementing the Mesh protocols allowed specifications and reference code to be developed for some of these applications. This in turn led to a series of changes to the architecture to make it more capable and widely applicable.


One of the biggest problems in designing any end-to-end messaging application for modern use is the fact that most users have multiple devices. A messaging application that they can only use from their phone and not their laptop, desktop or tablet doesn't meet their needs.

Once an architecture was developed that solved the problem of securely provisioning private keys to every device a user may care to use, it was quickly realized that this could be applied to provision any form of credential with end-to-end security and in particular passwords.

Passwords are an inherently insecure technology because any password that is short enough to be memorable is too short to be secure. Nor does XKCD 936 have a solution either, modern password crackers can brute force a 2^44 key space in a minute.

Bookmarks and other collections.

Once an end-to-end secure protocol had been developed that could synchronize passwords between devices, it was realized that the same protocol could be used to synchronize bookmarks, contacts and calendar information. This in turn would prove useful if the Unify project was to be realized.

Confidential Document Control

The key co-generation technology developed during the development of the Mesh is closely related to proxy re-encryption 'recryption', a form of public key encryption in which the decryption key is split.

Applying recryption business docuements such as wordprocessing, spreadsheet and presentation files provides end-to-end data level security that matches business needs. Collections of documents can be made available to the employees that need them for precisely the length of time that they are needed.

Traditional 'Content Rights Management' (CRM) schemes have been adaptations of technology originally designed for copyright enforcement. The results have imposed onerous hardware requirements (trusted hardware) while failing to meet actual business needs.

Confidential Data Control is the name given to the subset of the CRM problem which is only concerned with limiting the initial distribution of confidential data and not what the parties who have access to the data can do with it.

Unified Messaging

Having established the utility of applying recryption to the problem of protecting document confidentiality, the same principles may be applied to any other communication or messaging format. If Alice wants Bob to have access to the documents from the 'accounting' group, isn't it natural to give him access to the related mailing group messages, chats and conference calls?

While adding recryption support to one existing protocol such as XMPP or S/MIME is clearly easier than designing a whole new client communication protocol, retrofitting recryption support to five existing protocols is not. Unify currently exists only as a set of requirements and an architecture for a communications protocol that provides all the capabilities of mail, mailing groups, messaging, voice and video.