Design for Deployment

Under the covers

As everyone knows, deployment of network applications is 'viral'. The more people use a system, the more people a message sent to that system will reach and the greater the value of using the system. Once critical mass is reached, network applications grow exponentially. At one point, the growth of the World Wide Web was measured at over 1000% a week.

There is a catch however. And it is a very big one. Until critical mass is reached, the value of using the network isn't large enough to attract new users. Before the 'viral marketing' point is reached we must first face the problem of the chicken and the egg:

Until our network has users, there isn't an incentive to use it. And until there is an incentive to use it, there won't be any users.

Deployment Strategy

The deployment strategy of the Mesh follows the example laid out by Sir Tim Berners-Lee and Dan Connoly in the World Wide Web:

  1. Provide a new system that solves the problems existing systems can't

Berners-Lee developed the HTTP protocol and HTML document format that are the core of the network hypertext system that we know today as the Web. But it was Dan Connoly who made the proposal that made it possible for the Web to become the dominant information retrieval system in less than three years.

At the time, the Web had about fifty users and virtually no content. Connoly's idea was to make it possible to use a Web browser to access the existing network information systems which already had content. Instead of having different clients to access WAIS, Gopher, FTP and USENet, one tool would do the lot.

Once the Web had reached critical mass, use of the existing legacy protocols stopped growing and eventually declined. The only protocol that was not replaced by the Web is FTP and that was replaced by a feature of SSH which replaced telnet.

A variation of this strategy led to the success of the Web within CERN campus. At the time the Web was developed, the principle means of communication within CERN was the telephone. But the only way to access the telephone directory was to hunt down a paper copy that was liable to be out of date or log in to the central campus mainframe which was probably the least user friendly computer system on the planet.

The CERN-VM operating system was based on an operating system that had originally been written for batch computing twenty years earlier that was subsequently customized by a group of physicists. It was never clear if the developers of this system had been entirely ignorant of any developments in computer science since the Fortran77 standard was written or merely contemptuous of them. At any rate, it was a machine where the task of logging in to look up a phone number was liable to take quarter of an hour and quite possibly a call to user support.

As with many other computer usability disasters, there was no point in complaining about the unnecessary complications. Such complaints were dismissed with assertions that those who took the trouble to understand how the machine really worked would be rewarded by its inscrutable power. Whether these assertions were made in good faith or were simply bald faced lies was never known. Those making them certainly never troubled themselves to provide evidence to back their claims.

Using the Web allowed physicists to access the CERN phone book without having to use the mainframe. And once they learned they could use the Web to read the phone book, they started to find other uses for it.

Early adopter incentive

The ability to send end-to-end encrypted mail to any other Internet user would be enormously powerful and valuable. The ability to send encrypted mail to the initial users of the Mesh is not likely to be very valuable at all because the numbers will be small at first.

To provide value to early adopters, the Mesh must solve problems that do not require a network of Mesh users to be established first. To avoid this deployment trap, the Mesh is designed to be useful to early adopters even if nobody else ever used it.

Web password manager with end-to-end encryption
The difficulty of remembering Web site usernames and passwords is one of the biggest irritations for todays Web users. If users had a password manager that was supported by every browser they used, there would be no need to choose passwords that are short enough to be memorable. People could use cryptographically strong passwords with a work factor of 128 bits or more.
There are many cloud based Web password managers but several of the proprietary password managers have been breached and there is no guarantee that the security of the others is any better. The Mesh password manager offers end to end encryption using open source code and open standards.
Managing SSH Credentials
Configuring SSH is easy if you are not too bothered about the security of the result. Using SSH in a locked down configuration with different authentication keys for every client turns out to be rather harder. The basic problem is that you are trying to use SSH to connect to the remote machine to configure access credentials for that machine. Making that work without using passwords to bootstrap the process is tedious and error prone.
Using the Mesh to configure SSH credentials makes SSH configuration as easy as connecting a device to a user's personal profile. Making management of user keys simple makes administration tasks such as client and server key rollover practical at last.

Support for legacy protocols

The Mesh makes use of S/MIME encrypted email as simple and straightforward as using regular email. The result is so easy to use that the users might not even notice.

Building on existing email security standards such as OpenPGP and S/MIME gives Mesh users access to the largest community of users of encrypted messaging that exists today.

Support for innovation.

When Phil Zimmerman launched PGP in 1992, the name stood for 'Pretty Good Privacy'. PGP was supposed to be the first word in email security, not the last.

The Mesh solves the problem of client side key management that has stalled the deployment of end-to-end messaging for so long. In doing so, the Mesh provides a platform for developing next generation messaging platforms.

One of these platforms, Mesh/Recrypt uses a technique called Proxy Re-Encryption to support end-to-end encryption in multi-party communications. Mesh/Recrypt provides a unified messaging platform allowing users to communicate via chat, VOIP, email or shared files stores.