Video Presentations

The Mathematical Mesh

Mesh Video Channel

  • Overviews
  • Meta-Cryptography
  • UDF
  • DARE
  • Mesh Services
  • Mesh Messaging
  • Using the Mesh


Mesh 01: The Challenge

PHB sets out the challenges that the Mathematical Mesh is designed to meet. In particular the three core challenges that make up the 'minimum viable product': managing private keys, exchanging public keys and securing data at rest.

Mesh 02: The Devil's in the Deployment

Changing the Internet with 5 billion users and 50 billion connected hosts is hard. In this video, PHB describes the Mesh strategy to overcome that inertia, a strategy he learned working with Sir Tim Berners-Lee who developed the deployment strategy for the World Wide Web.

Mesh 03: The Mesh at 10,000 ft

PHB describes the features the Mesh provides and a high-evel overview of the three principal technologies used to build it. These are described in detail in the following presentations.


Mesh 04: Meta-Cryptography I: Key Splitting

PHB describes the key splitting approach used in the Mesh and how it is used to create true end to-end-secure cloud services that can control the decryption of data but cannot decrypt any of it. [Note advanced content]

Mesh 05: Meta-Cryptography, Combining Keys

PHB describes the use of meta-cryptography to combine keys. A technique used in device provisioning and to enable separation of administrative duties in the Mesh.


Mesh 06: Uniform Data Fingerprint 1

PHB describes how UDF fingerprints improve upon traditional OpenPGP fingerprints and expand their scope to support encoding of nonces, private keys and key shares. Consistent use of UDF identifiers as the only means of identifying keys in the Mesh allows for 'cryptography on rails'.

Mesh 07: Uniform Data Fingerprint II

PHB shows how UDFs are used to create QR codes that can retrieve and decrypt an encrypted document and Strong Internet Names that bind a security policy to any Internet address with a DNS name.


Mesh 08: Data At Rest Envelope (DARE) I

PHB describes Data At Rest Envelope, the cryptographic syntax used as a container for signed and encrypted data in the Mesh. DARE builds on a profile of JSON Signature and Encryption to provide the same efficiency and capabilities as traditional PCKS#7/CMS encoding and provides support for the DARE Sequence capabilities described in the next video.

Mesh 09: Data At Rest Envelope II

PHB describes DARE sequence, an append only log that provides incremental encryption and incremental authentication capabilities. DARE Sequence is used to encode the Catalog and Spool persistence stores used in the Mesh.

Mesh 10: Dare Archive

PHB describes the use of DARE Sequence to support a ZIP Archive type capability. Although this is not a feature required by the Mesh itself, it is useful to have an archive format in which the encryption and authentication capabilities are implemented using a state of the art approach.

Mesh Services

Mesh 11: Mesh Services

PHB Describes the role and implementation of the Mesh Service. How services are discovered, how communication between the client and service is secured and the features they provide.

Mesh 12: Mesh Services II

PHB continues his description of Mesh Services with a look at the additional features future Mesh services might support. These include trusted time, trusted DNS and a timestamp service.

Mesh Messaging

Mesh 13: Mesh Messaging Connect

PHB describes the mechanism used to connect devices to a personal Mesh with strong mutual authentication.

Mesh 14: Mesh Messaging Contact

PHB describes the use of the Mesh to store and exchange contact information. These mechanisms enable even A-list celebrities to make their contact information public without being spammed off the net.

Mesh 15: Mesh Message Confirm

PHB describes the Mesh confirmation protocol which provides an improved form of 'second factor authentication'. All 2nd factor authentication systems are in fact a combination of authentication and authorization. The user is not merely authenticating themselves, they are authenticating to authorize a specific action (e.g. access to a VPN). But this authorization is only weakly bound to the action itself and so a second factor token used for multiple purposes is subject to downgrade attack.

Mesh 16: Mesh Messaging Group

Traditional public key encryption allows data to be shared between a fixed group of recipients. Granting access to existing encrypted files to additional users requires every file to be updated. Removing access is not typically possible.

In this video, PHB shows the use of meta-cryptography to enable files to be shared between groups of users whose membership can be changed at any time.

Using the Mesh

Mesh 17: Using the Mesh to Secure the Web

PHB begins by describing the application of the Mesh bookmark and credentials catalogs to provide a seamless and secure user experience across multiple different browsers on multiple devices.

Traditional Web security only secures the connection between the user's client and the Web server holding the content. While this is called 'end-to-end' secure, the true end points of the communication are the user and the original content creator. The meta-cryptography supported by the Mesh allows this true end-to-end secure communication for both static (Web 1.0) and dynamic (Web 2.0) content.

Mesh 18: Using the Mesh to Secure SSH

PHB describes the use of the Mesh to manage SSH keys for clients and servers.

Mesh 19: Using the Mesh to Secure Email

PHB describes the application of the Mesh to SMTP email. The Mesh provides a secure means provisioning OpenPGP and S/MIME keys and managing them across devices. The Mesh Contact exchange protocol and contact catalog provide a secure means of acquiring contact information for other users and making them available to devices used to send and receive email.

Mesh 20: Mesh Service Management In this final video on the Mesh 3.0 architecture, PHB describes the use of Mesh technologies to deploy and manage Mesh services at scale.