Requirements Analysis

What the Mesh is designed to solve

In scope

The first step in developing any new technology platform is to define the set of problems that it is intended to solve.

The current state of Internet insecurity does not have a single cause and will certainly not have a single solution. The design for the Mesh emerged from the observation that most security developers seemed to be far too easily satisfied with their efforts. It was enough that the application be capable of being used securely, if the user could not or would not use it securely, that was the user's fault.

Usability

The standard for usability applied in the Mesh is simple: It must be at least as easy to do perform any task securely as to do so without security. Once this principle was adopted, it was realized that the Mesh has to do more than just configure the use of S/MIME and OpenPGP when a user acquires a new device, it should configure the SMTP, POP3 and IMAP services as well.

The purpose of the Mesh is to make computers easier to use. Making usability the first concern has the paradoxical effect of delivering better security. Security applications can only provide security when users use them. Shelfware has never protected anyone's data.

Disaster

Strong cryptography provides compelling solutions to the problems of protecting data confidentiality and integrity but this comes at the cost of a new availability risk: If a user loses their decryption keys, they lose their data completely!

For this reason, the Mesh has disaster recovery planning built into its core. Every user always has personal key escrow capabilities available to them. These are a mandatory part of the specifications, not a premium feature sold at extra cost.

Out of scope

An equally important step is to decide which problems will be left for others to address.

The Mesh is not an end point security solution. Some of the features provided by the Mesh are designed to mitigate the consequences of end-point compromise but the task of preventing end-point compromise is left to others.

Deployment

No security application, however secure can protect anything unless it is used. It is no longer enough to provide a compelling feature, the down side of the network effect is that until critical mass is reached, the network effect presents itself as a chicken and egg problem.

The Mesh has been designed for deployment adopting many of the strategies that were used to make the World Wide Web successful. When the Web was first shown to a public audience in 1992, the concept of networked hypertext was 27 years old. It was not the use of hypertext that made the Web successful, it was the deployment strategy that made ubiquitous use of hypertext compelling.

The Mesh attempts to apply the same principles to public key cryptography, a technology which has seen widespread commercial succes but has yet to achieve anything like its full potential.