| blob | 56caf142d2a25b2699d5584897a7120a6320b3f4 |
2 <html>
3 <head>
8 </head>
9 <body>
17 </section>
19 <section>
21 <p>
22 We would like to create a simple, open, but complete format to describe
23 multiple network configurations for WiFi, Ethernet, Cellular,
24 Bluetooth/WiFi-Direct, and VPN connections in a single file format, in order
25 to simplify and automate network configuration for users.
26 </p>
27 </section>
29 <section>
31 <p>
32 Configuring networks is a painful and error-prone experience for users. It
33 is a problem shared across desktop, laptop, tablet, and phone users of all
34 operating system types. It is exacerbated in business and schools which
35 often have complex network configurations (VPNs and 802.1X networking) that
36 change often and have many connected devices. Configuration of WiFi is
37 still done manually, often by administrators physically standing next to
38 users working on devices. Certificate distribution is particularly painful
39 which often results in admins instead using passphrases to protect networks
40 or using protocols without client certificates that instead use LDAP
41 passwords for authentication. Even after networks are configured, updates to
42 the network configuration require another round of manual changes, and
43 accidental changes by a user or malicious changes by an attacker can break
44 connectivity or make connections less private or secure.
45 </p>
47 <section>
49 <p>
50 We propose a single-file format for network configuration that is
51 human-readable, can describe all of the common kinds of network
52 configurations, supports integrity checking, certificate and key
53 provisioning, and updating. The file can be encrypted with a single
54 passphrase so that upon entering the passphrase the entire configuration is
55 loaded. The format can be described as an open format to enable multiple OS
56 vendors to interoperate and share configuration editors.
57 </p>
59 <p>
60 This format neither supports configuring browser settings nor allows setting
61 other types of system policies.
62 </p>
63 </section>
65 <section>
67 <p>
68 A standalone configuration editor will be created, downloadable as a Chrome
69 app. This editor will allow creating, modifying, and encrypting an open
70 network configuration file in a way that is intuitive for a system
71 administrator.
72 </p>
74 <p>
75 This file format may be delivered to a user and manually imported into a
76 device.
77 </p>
79 <p>
80 This file format may be created by an administrator, stored in a policy
81 repository, and automatically pushed to a device.
82 </p>
83 </section>
85 </section>
87 <section>
89 <p>
90 We use JSON format for the files. The fields in a JSON file are always
91 case-sensitive, so the exact case of the fields in this section must be
92 matched. In addition, the values that are called out as explicit constants
93 must also match the case specified (e.g. WiFi must not be written as wifi,
94 etc.). This document describes a minimum set of required fields and optional
95 fields. Other fields may be created, however, see the
96 implementation-specific fields for guidelines for these fields.
97 </p>
99 <p>
100 The JSON consists of a top level dictionary containing
104 </p>
106 <p>
108 type, see the section on Encrypted Configuration
110 an unencrypted JSON object.
111 </p>
113 <section>
115 <p>
116 This format allows for importing updated network configurations and
117 certificates by providing GUIDs to each network configuration and
118 certificate so they can be modified or even removed in future updates.
119 </p>
121 <p>
122 GUIDs are non-empty strings that are meant to be stable and unique. When
123 they refer to the same entity, they should be the same between ONC files. No
124 two different networks or certificates should have the same GUID, similarly
125 a network and certificate should not have the same GUID. A single ONC file
126 should not contain the same entity twice (with the same GUID). Failing any
127 of these tests indicates the ONC file is not valid.
128 </p>
130 <p>
131 Any GUID referred to in an ONC file must be present in the same ONC file. In
132 particular, it is an error to create a certificate in one ONC file and refer
133 to it in a NetworkConfiguration in another ONC file and not define it there,
134 even if the previous ONC file has been imported.
135 </p>
136 </section>
138 <section>
140 <p>
141 As there are many different kinds of connections and some that are not yet
142 anticipated may require new fields. This format allows arbitrary other
143 fields to be added.
144 </p>
146 <p>
147 Fields and values should follow these general guidelines:
148 </p>
150 <ul>
151 <li>
152 Certificates (with and without keys) should always be placed in the
153 certificate section - specifically certificate contents should not be
154 placed in fields directly. Referring to certificates should be done using
155 a field whose name ends in Ref and whose value is the GUID of the
156 certificate, or if the certificate is not contained in this file, its
157 pattern can be described using a field ending in Pattern of
159 </li>
160 <li>
161 Fields should exist in the most-specific object in the hierarchy and
162 should be named CamelCase style.
163 </li>
164 <li>
165 Booleans and integers should be used directly instead of using a
166 stringified version of the type.
167 </li>
168 </ul>
170 <p>
171 Any editor of network configuration information should allows the user to
172 modify any fields that are implementation-specific. It may not be present
173 directly in the UI but it should be able to import files with such settings
174 and leave preserve these settings on export.
175 </p>
176 </section>
178 <section>
180 <p>
185 following:
186 </p>
190 <dd>
193 </span>)
195 </span>
197 </dd>
200 <dd>
202 (optional)
204 </span>
205 Describes WiFi, Ethernet, VPN, and wireless connections.
206 </dd>
209 <dd>
211 (optional)
213 </span>
215 </dd>
216 </dl>
218 At least one actual configuration field
221 not be considered an error if no such field is present.
223 <section>
225 <p>
229 the following:
230 </p>
234 <dd>
239 </span>
240 Ethernet settings.
241 </dd>
244 <dd>
246 (required)
248 </span>
249 A unique identifier for this network connection, which exists to make it
250 possible to update previously imported configurations. Must be a non-empty
251 string.
252 </dd>
255 <dd>
262 </span>
267 </span>
268 Determines whether the IP Address configuration is statically configured,
270 using DHCP.
271 </dd>
274 <dd>
281 </span>
286 </span>
287 Determines whether the NameServers configuration is statically configured,
289 using DHCP.
290 </dd>
293 <dd>
295 (optional for connected networks, read-only)
297 </span>
298 Array of IPConfig properties associated with this connection.
299 </dd>
302 <dd>
308 </span>
309 Each property set in this IPConfig object overrides the respective
310 parameter received over DHCP.
316 is required.
317 </dd>
320 <dd>
322 (optional for connected networks, read-only)
324 </span>
325 IPConfig property containing the configuration that was received from the
326 DHCP server prior to applying any StaticIPConfig parameters.
327 </dd>
330 <dd>
335 </span>
336 A user-friendly description of this connection. This name will not be used
337 for referencing and may not be unique. Instead it may be used for
338 describing the network to the user.
339 </dd>
342 <dd>
346 </span>
347 If set, remove this network configuration (only GUID should be set).
348 </dd>
351 <dd>
356 </span>
357 Proxy settings for this network
358 </dd>
361 <dd>
366 </span>
367 VPN settings.
368 </dd>
371 <dd>
376 </span>
377 WiFi settings.
378 </dd>
381 <dd>
386 </span>
387 WiMAX settings.
388 </dd>
391 <dd>
396 </span>
397 Cellular settings.
398 </dd>
401 <dd>
406 </span>
412 </span>
413 Indicates which kind of connection this is.
414 </dd>
417 <dd>
419 (optional, read-only)
421 </span>
422 The current connection state for this network, provided by the system.
425 Allowed values are:
429 </span>
430 </dd>
433 <dd>
437 </span>
438 True if a connnected network has limited connectivity to the Internet,
439 e.g. a connection is behind a portal or a cellular network is not
440 activated or requires payment.
441 </dd>
444 <dd>
446 (optional, read-only)
448 </span>
449 True if the system indicates that the network can be connected to without
450 any additional configuration.
451 </dd>
454 <dd>
456 (optional, read-only)
458 </span>
459 The current error state for this network, if any. Error states are
460 provided by the system and are not explicitly defined here. They may or
461 may not be human-readable. This field will be empty or absent if the
462 network is not in an error state.
463 </dd>
466 <dd>
468 (optional, read-only)
470 </span>
471 The MAC address for the network. Only applies to connected non-virtual
473 </dd>
476 <dd>
478 (optional, read-only)
480 </span>
481 Indicates whether the network is configured and how it is configured:
482 <ul>
484 user only, i.e. an unshared configuration.</li>
486 device (e.g laptop), i.e. a shared configuration.</li>
488 policy for the active user.</li>
490 policy for the device.</li>
492 but unconfigured WiFi network.</li>
493 </ul>
496 Allowed values are:
502 </span>
503 </dd>
506 <dd>
508 (optional)
510 </span>
511 Provides a suggested priority value for this network. May be used by the
512 system to determine which network to connect to when multiple configured
513 networks are available (or may be ignored).
514 </dd>
516 </dl>
518 <section>
520 <p>
525 </p>
529 <dd>
531 (optional)
533 </span>
538 </span>
539 </dd>
542 <dd>
547 </span>
548 EAP settings.
549 </dd>
550 </dl>
551 </section>
553 <section>
555 <p>
557 actual IP configuration of a connected network (see
561 </p>
565 <dd>
567 (required)
569 </span>
574 </span>
575 Describes the type of configuration this is.
576 </dd>
579 <dd>
581 (optional)
583 </span>
584 Describes the IPv4 or IPv6 address of a connection, depending on the value
586 routing prefix (i.e. should not end in something like /64).
587 </dd>
590 <dd>
593 ignored.)
595 </span>
599 addresses.
600 </span>
601 Describes the routing prefix.
602 </dd>
605 <dd>
608 ignored.)
610 </span>
611 Describes the gateway address to use for the configuration. Must match
613 specified, DHCP values will be used.
614 </dd>
617 <dd>
619 (optional)
621 </span>
622 Array of addresses to use for name servers. Address format must match that
624 DHCP values will be used.
625 </dd>
628 <dd>
630 (optional)
632 </span>
633 Array of strings to append to names for resolution. Items in this array
636 be used.
637 </dd>
640 <dd>
644 </span>
645 The Web Proxy Auto-Discovery URL for this network as reported over DHCP.
646 </dd>
648 </dl>
649 </section>
651 <section>
653 <p>
658 </p>
662 <dd>
666 </span>
667 Indicaties if ARP polling of default gateway is allowed.
668 When it is allowed, periodic ARP messages will be sent to
669 the default gateway. This is used for monitoring the status
670 of the current connection.
671 </dd>
674 <dd>
678 </span>
679 Indicating that the network should be connected to automatically when in
680 range.
681 </dd>
684 <dd>
690 </span>
691 EAP settings.
692 </dd>
695 <dd>
700 </span>
701 Hex representation of the network's SSID.
702 </dd>
705 <dd>
709 </span>
710 Indicating if the SSID will be broadcast.
711 </dd>
714 <dd>
720 </span>
721 Describes the passphrase for WEP/WPA/WPA2
725 </dd>
728 <dd>
730 (optional)
732 </span>
733 The roam threshold for this network, which is the signal-to-noise value
734 (in dB) below which we will attempt to roam to a new network. If this
735 value is not set, the default value will be used.
736 </dd>
739 <dd>
741 (required)
743 </span>
751 </span>
752 </dd>
755 <dd>
758 ignored)
760 </span>
761 Property to access the decoded SSID of a network.<br/>
763 its value will be UTF-8 encoded and the hex representation will be
766 When reading the configuration of a network, both this field and
769 decoded using UTF-8, otherwise an encoding is guessed on a best effort
770 basis.
771 </dd>
774 <dd>
776 (optional, read-only)
778 </span>
780 provided by the system. If the network is not in range this field will
781 be set to '0' or not present.
782 </dd>
783 </dl>
789 are set, the values must be consistent.
790 </span>
791 </span>
792 </section>
794 <section>
796 <p>
797 There are many kinds of VPNs with widely varying configuration options. We
798 offer standard configuration options for a few common configurations at this
799 time, and may add more later. For all others, implementation specific fields
800 should be used.
801 </p>
803 <p>
808 </p>
812 <dd>
816 </span>
817 Indicating that the network should be connected to automatically.
818 </dd>
821 <dd>
823 (optional)
825 </span>
826 Host name or IP address of server to connect to. The only scenario that
827 does not require a host is a VPN that encrypts but does not tunnel
828 traffic. Standalone IPsec (v1 or v2, cert or PSK based -- this is not the
829 same as L2TP over IPsec) is one such setup. For all other types of VPN,
831 </dd>
834 <dd>
840 </span>
841 IPsec layer settings.
842 </dd>
845 <dd>
850 </span>
851 L2TP layer settings.
852 </dd>
855 <dd>
860 </span>
861 OpenVPN settings.
862 </dd>
865 <dd>
870 </span>
871 Third-party VPN provider settings.
872 </dd>
875 <dd>
877 (required)
879 </span>
886 </span>
887 Type of the VPN.
888 </dd>
889 </dl>
891 <section>
893 <p>
895 </p>
899 <dd>
901 (required)
903 </span>
907 <span class="value">Cert</span>. If <span class="value">Cert</span> is used, <span class="field">ClientCertType</span> and <span class="field">ServerCARefs</span> (or the deprecated <span class="field">ServerCARef</span>) must be set.
908 </span>
909 </dd>
912 <dd>
917 </span>
918 Pattern describing the client certificate.
919 </dd>
922 <dd>
927 </span>
928 Reference to client certificate stored in certificate section.
929 </dd>
932 <dd>
937 </span>
942 </span>
943 </dd>
946 <dd>
949 ignored)
951 </span>
952 Indicating that EAP authentication should be used with the provided
953 parameters.
954 </dd>
957 <dd>
960 ignored)
962 </span>
963 Group name used for machine authentication.
964 </dd>
967 <dd>
969 (required)
971 </span>
972 Version of IKE protocol to use.
973 </dd>
976 <dd>
981 </span>
982 Pre-Shared Key. If not specified, user is prompted at time of
983 connection.
984 </dd>
987 <dd>
993 </span>
995 (PSK) each time they connect.
996 </dd>
999 <dd>
1004 </span>
1005 Non-empty list of references to CA certificates in <span class="field">Certificates</span> to be used for verifying the host's certificate chain. At least one of the CA certificates must match. If this field is set, <span class="field">ServerCARef</span> must be unset.
1006 </dd>
1009 <dd>
1014 </span>
1016 Reference to a CA certificate in <span class="field">Certificates</span>. Certificate authority to use for verifying connection. If this field is set, <span class="field">ServerCARefs</span> must be unset.
1017 </dd>
1020 <dd>
1023 ignored)
1025 </span>
1026 Describing XAUTH credentials. XAUTH is not used if this object is not
1027 present.
1028 </dd>
1029 </dl>
1033 If <span class="field">AuthenticationType</span> is set to <span class="value">Cert</span>, <span class="field">ServerCARefs</span> or <span class="field">ServerCARef</span> must be set.
1034 </p>
1038 At most one of <span class="field">ServerCARefs</span> and <span class="field">ServerCARef</span> can be set.
1039 </p>
1041 <p>
1043 </p>
1047 <dd>
1051 </span>
1052 Disable L2TP connection monitoring via PPP LCP frames. This
1053 allows the VPN client to work around server implementations
1054 that do not support the LCP echo feature.
1055 </dd>
1058 <dd>
1060 (optional)
1062 </span>
1063 User authentication password. If not specified, user is prompted at time
1064 of connection.
1065 </dd>
1068 <dd>
1072 </span>
1074 each time they connect.
1075 </dd>
1078 <dd>
1080 (optional)
1082 </span>
1083 User identity. This value is subject to string expansions. If not
1084 specified, user is prompted at time of connection.
1085 </dd>
1086 </dl>
1088 <p>
1090 </p>
1094 <dd>
1096 (optional)
1098 </span>
1099 XAUTH password. If not specified, user is prompted at time of
1100 connection.
1101 </dd>
1104 <dd>
1108 </span>
1110 each time they connect.
1111 </dd>
1114 <dd>
1116 (optional)
1118 </span>
1119 XAUTH user name. This value is subject to string expansions. If not
1120 specified, user is prompted at time of connection.
1121 </dd>
1122 </dl>
1124 <section>
1126 <p>
1129 must be 1. Do not use this for L2TP over IPsec. This may be used for
1130 machine-authentication-only IKEv1 or for IKEv1 with XAUTH. See
1132 </p>
1133 </section>
1135 <section>
1137 <p>
1140 must be 2. This may be used with EAP-based user authentication.
1141 </p>
1142 </section>
1144 <section>
1146 <p>
1147 There are two major configurations L2TP over IPsec which depend on how IPsec
1150 </p>
1152 <p>
1153 L2TP over IPsec with pre-shared key:
1154 </p>
1156 <ul>
1158 following settings:
1159 <ul>
1163 </ul>
1164 </li>
1166 </ul>
1167 </section>
1169 </section>
1171 <section>
1173 <p>
1176 </p>
1178 <p>
1180 </p>
1184 <dd>
1188 </span>
1189 </dd>
1192 <dd>
1196 </span>
1202 </span>
1203 Controls how OpenVPN responds to username/password verification
1204 errors:<br> Either fail with error on retry
1208 </dd>
1211 <dd>
1215 </span>
1216 Disable caching of credentials in memory.
1217 </dd>
1220 <dd>
1224 </span>
1225 Cipher to use.
1226 </dd>
1229 <dd>
1234 </span>
1235 Reference to client certificate stored in certificate section.
1236 </dd>
1239 <dd>
1244 </span>
1245 Pattern to use to find the client certificate.
1246 </dd>
1249 <dd>
1251 (required)
1253 </span>
1258 </span>
1260 not require client certificates.
1261 </dd>
1264 <dd>
1268 </span>
1271 </dd>
1274 <dd>
1278 </span>
1279 Disables adaptive compression.
1280 </dd>
1283 <dd>
1287 </span>
1288 Omits a default route to the VPN gateway while the connection is active.
1289 By default, the client creates a default route to the gateway address
1290 advertised by the VPN server. Setting this value to
1292 configurations where the VPN server omits explicit default routes.
1293 This is roughly equivalent to omitting "redirect-gateway" OpenVPN client
1294 configuration option. If the server pushes a "redirect-gateway"
1295 configuration flag to the client, this option is ignored.
1296 </dd>
1299 <dd>
1301 (optional)
1303 </span>
1304 Passed as --key-direction.
1305 </dd>
1308 <dd>
1310 (optional)
1312 </span>
1313 If set, checks peer certificate type. Should only be set
1315 </dd>
1318 <dd>
1323 defaults to empty string)
1325 </span>
1328 and this field is not set, the user will be asked for an OTP.
1329 The OTP is never persisted and must be provided on every connection
1330 attempt.
1331 </dd>
1334 <dd>
1339 defaults to empty string)
1341 </span>
1345 will be asked for a password.
1348 connection attempts. Otherwise it is not persisted but might still be
1349 reused for consecutive connection attempts (opposed to an OTP, which will
1350 never be reused).
1351 </dd>
1354 <dd>
1358 </span>
1359 Port for connecting to server.
1360 </dd>
1363 <dd>
1367 </span>
1368 Protocol for communicating with server.
1369 </dd>
1372 <dd>
1376 </span>
1377 </dd>
1380 <dd>
1382 (optional)
1384 </span>
1385 Require that the peer certificate was signed with this explicit extended
1386 key usage in oid notation.
1387 </dd>
1390 <dd>
1392 (optional, defaults to [])
1394 </span>
1395 Require the given array of key usage numbers. These are strings that are
1396 hex encoded numbers.
1397 </dd>
1400 <dd>
1404 </span>
1409 </span>
1410 Require peer certificate signing based on RFC3280 TLS rules.
1411 </dd>
1414 <dd>
1418 </span>
1419 Renegotiate data channel key after this number of seconds.
1420 </dd>
1423 <dd>
1427 </span>
1429 each time they connect.
1430 </dd>
1433 <dd>
1435 (optional)
1437 </span>
1438 Non-empty list of references to CA certificates in <span class="field">Certificates</span> to be used for verifying the host's certificate chain. At least one of the CA certificates must match. See also OpenVPN's command line option "--ca". If this field is set, <span class="field">ServerCARef</span> must be unset.
1439 </dd>
1442 <dd>
1444 (optional)
1446 </span>
1448 Reference to a CA certificate in <span class="field">Certificates</span>. Certificate authority to use for verifying connection. If this field is set, <span class="field">ServerCARefs</span> must be unset.
1449 </dd>
1452 <dd>
1454 (optional)
1456 </span>
1457 Reference to a certificate. Peer's signed certificate.
1458 </dd>
1461 <dd>
1463 (optional)
1465 </span>
1466 Spend no more than this number of seconds before trying the next server.
1467 </dd>
1470 <dd>
1472 (optional)
1474 </span>
1475 If not specified no bandwidth limiting, otherwise limit bandwidth of
1476 outgoing tunnel data to this number of bytes per second.
1477 </dd>
1480 <dd>
1482 (optional)
1484 </span>
1485 String is used in static challenge response. Note that echoing is always
1486 done.
1487 </dd>
1490 <dd>
1492 (optional)
1494 </span>
1495 If not set, tls auth is not used. If set, this is the TLS Auth key
1496 contents (usually starts with "-----BEGIN OpenVPN Static Key..."
1497 </dd>
1500 <dd>
1502 (optional)
1504 </span>
1505 If set, only allow connections to server hosts with X509 name or common
1506 name equal to this string.
1507 </dd>
1510 <dd>
1514 </span>
1521 </span>
1522 Determines the required form of user authentication:
1523 <ul><li>
1525 and an OTP (possibly empty). Both will be send to the server in the
1526 'password' response using the SCRv1 encoding.
1527 </li><li>
1529 which will be send without modification to the server in the 'password'
1530 response (no CRv1 or SCRv1 encoding).
1531 </li><li>
1533 will be send without modification to the server in the 'password'
1534 response (no CRv1 or SCRv1 encoding).
1535 </li><li>
1537 No password request from the server is expected.
1538 </li></ul>
1539 If not set, the user can provide a password and an OTP (both not
1540 mandatory) and the network manager will send both in the SCRv1 encoding,
1541 when the server sends a static-challenge. If the server does not send a
1542 static-challenge, the client will reply with only the password (without
1543 any encoding). This behavior is deprecated and new configurations should
1544 explicitly set one of the above values.
1548 </dd>
1551 <dd>
1553 (optional)
1555 </span>
1556 OpenVPN user name. This value is subject to string expansions. If not
1557 specified, user is prompted at time of connection.
1558 </dd>
1561 <dd>
1563 (optional)
1565 </span>
1566 Verbosity level, defaults to OpenVpn's default if not specified.
1567 </dd>
1570 <dd>
1572 (optional)
1574 </span>
1575 If set, this value is passed as the "--verify-hash" argument to OpenVPN,
1576 which specifies the SHA1 fingerprint for the level-1 certificate.
1577 </dd>
1580 <dd>
1582 (optional)
1584 </span>
1585 If set, the "--verify-x509-name" argument is passed to OpenVPN with the values of this object and only connections will be accepted if a host's X.509 name is equal to the given name.
1586 </dd>
1587 </dl>
1591 At most one of <span class="field">ServerCARefs</span> and <span class="field">ServerCARef</span> can be set.
1592 </p>
1594 <p>
1596 </p>
1599 <dd>
1601 (required)
1603 </span>
1604 The name that the host's X.509 name is compared to. Which host name is compared depends on the value of <span class="field">Type</span>.
1605 </dd>
1608 <dd>
1610 (optional)
1612 </span>
1613 Determines which of the host's X.509 names will be verified. Allowed values are <span class="value">name</span>, <span class="value">name-prefix</span> and <span class="value">subject</span>. See OpenVPN's documentation for "--verify-x509-name" for the meaning of each value. Defaults to OpenVPN's default if not specified.
1614 </dd>
1615 </dl>
1616 </section>
1618 <section>
1620 <p>
1623 </p>
1625 <p>
1627 </p>
1631 <dd>
1633 (required)
1635 </span>
1636 The extension ID of the third-party VPN provider used by this network.
1637 </dd>
1638 </dl>
1639 </section>
1641 </section>
1643 <section>
1645 <p>
1646 In order to allow clients to securely key their private keys and request
1647 certificates through PKCS#10 format or through a web flow, we provide
1648 alternative CertificatePattern types. The
1650 </p>
1654 <dd>
1656 (optional)
1658 </span>
1659 Array of references to certificates. At least one must have signed the
1660 client certificate.
1661 </dd>
1664 <dd>
1666 (optional)
1668 </span>
1669 Pattern to match the issuer X.509 settings against. If not specified, the
1670 only checks done will be a signature check against
1672 certificate must match this field exactly to match the pattern.
1673 </dd>
1676 <dd>
1678 (optional)
1680 </span>
1681 Pattern to match the subject X.509 settings against. If not specified, the
1682 subject settings are not checked and any certificate matches. Subject of
1683 the certificate must match this field exactly to match the pattern.
1684 </dd>
1687 <dd>
1689 (optional)
1691 </span>
1692 If no certificate matches this CertificatePattern, the first URI from this
1693 array with a recognized scheme is navigated to, with the intention this
1694 informs the user how to either get the certificate or gets the certificate
1695 for the user. For instance, the array may be [
1696 "chrome-extension://asakgksjssjwwkeielsjs/fetch-client-cert.html",
1697 "http://intra/connecting-to-wireless.html" ] so that for Chrome browsers a
1698 Chrome app or extension is shown to the user, but for other browsers, a
1699 web URL is shown.
1700 </dd>
1701 </dl>
1703 <p>
1705 following:
1706 </p>
1710 <dd>
1712 (optional)
1714 </span>
1715 Certificate subject's commonName must match this string if present.
1716 </dd>
1719 <dd>
1721 (optional)
1723 </span>
1724 Certificate subject's location must match this string if present.
1725 </dd>
1728 <dd>
1730 (optional)
1732 </span>
1733 At least one of certificate subject's organizations must match this string
1734 if present.
1735 </dd>
1738 <dd>
1740 (optional)
1742 </span>
1743 At least one of certificate subject's organizational units must match this
1744 string if present.
1745 </dd>
1746 </dl>
1753 to be valid.
1754 </p>
1756 <p>
1757 For a certificate to be considered matching, it must match all
1758 the fields in the certificate pattern. If multiple certificates match, the
1759 certificate with the latest issue date that is still in the past, and hence
1760 valid, will be used.
1761 </p>
1763 <p>
1765 found to this pattern, the importing tool may show an error to the user.
1766 </p>
1767 </section>
1769 <section>
1771 <p>
1772 Every network can be configured to use a
1774 following:
1775 </p>
1779 <dd>
1781 (required)
1783 </span>
1789 </span>
1792 </dd>
1795 <dd>
1800 </span>
1801 Manual proxy settings.
1802 </dd>
1805 <dd>
1810 </span>
1811 Domains and hosts for which to exclude proxy settings.
1812 </dd>
1815 <dd>
1820 </span>
1821 URL of proxy auto-config file.
1822 </dd>
1823 </dl>
1825 <p>
1827 following:
1828 </p>
1832 <dd>
1834 (optional)
1836 </span>
1837 settings for HTTP proxy.
1838 </dd>
1841 <dd>
1843 (optional)
1845 </span>
1846 settings for secure HTTP proxy.
1847 </dd>
1850 <dd>
1852 (optional)
1854 </span>
1855 settings for FTP proxy
1856 </dd>
1859 <dd>
1861 (optional)
1863 </span>
1864 settings for SOCKS proxy.
1865 </dd>
1866 </dl>
1868 <p>
1870 </p>
1874 <dd>
1876 (required)
1878 </span>
1879 Host (or IP address) to use for proxy
1880 </dd>
1883 <dd>
1885 (required)
1887 </span>
1888 Port to use for proxy
1889 </dd>
1890 </dl>
1891 </section>
1893 <section>
1895 <p>
1897 type exists to configure the
1899 following:
1900 </p>
1904 <dd>
1908 otherwise ignored)
1910 </span>
1911 For tunnelling protocols only, this indicates the identity of the user
1912 presented to the outer protocol. This value is subject to string
1913 expansions. If not specified, use empty string.
1914 </dd>
1917 <dd>
1922 </span>
1923 Pattern to use to find the client certificate.
1924 </dd>
1927 <dd>
1932 </span>
1933 Reference to client certificate stored in certificate section.
1934 </dd>
1937 <dd>
1940 </span>
1945 </span>
1946 </dd>
1949 <dd>
1951 (optional)
1953 </span>
1954 Identity of user. For tunneling outer protocols
1958 the EAP identity outside the tunnel. For non-tunneling outer protocols,
1959 this is used for the EAP identity. This value is subject to string
1960 expansions.
1961 </dd>
1964 <dd>
1971 </span>
1978 </span>
1979 For tunneling outer protocols.
1980 </dd>
1983 <dd>
1985 (required)
1987 </span>
1994 </span>
1995 </dd>
1998 <dd>
2000 (optional)
2002 </span>
2003 Password of user. If not specified, defaults to prompting the user.
2004 </dd>
2007 <dd>
2011 </span>
2017 </dd>
2020 <dd>
2022 (optional)
2024 </span>
2025 Non-empty list of references to CA certificates in <span class="field">Certificates</span> to be used for verifying the host's certificate chain. At least one of the CA certificates must match. If this field is set, <span class="field">ServerCARef</span> must be unset. If neither <span class="field">ServerCARefs</span> nor <span class="field">ServerCARef</span> is set, the client does not check that the server certificate is signed by a specific CA. A verification using the system's CA certificates may still apply. See <span class="field">UseSystemCAs</span> for this.
2026 </dd>
2029 <dd>
2031 (optional)
2033 </span>
2035 Reference to a CA certificate in <span class="field">Certificates</span>. If this field is set, <span class="field">ServerCARefs</span> must be unset. If neither <span class="field">ServerCARefs</span> nor <span class="field">ServerCARef</span> is set, the client does not check that the server certificate is signed by a specific CA. A verification using the system's CA certificates may still apply. See <span class="field">UseSystemCAs</span> for this.
2036 </dd>
2039 <dd>
2043 </span>
2044 Required server certificate to be signed by "system default certificate
2045 authorities". If both <span class="field">ServerCARefs</span> (or <span class="field">ServerCARef</span>)
2047 certificate will be allowed if it either has a chain of trust to a system
2049 is <span class="value">false</span>, and no <span class="field">ServerCARef</span> is set, the certificate
2050 must be a self signed certificate, and no CA signature is required.
2051 </dd>
2054 <dd>
2058 </span>
2059 Indicates whether Proactive Key Caching (also known as Opportunistic
2060 Key Caching) should be used on a per-service basis.
2061 </dd>
2062 </dl>
2066 At most one of <span class="field">ServerCARefs</span> and <span class="field">ServerCARef</span> can be set.
2067 </p>
2068 </section>
2070 <section>
2072 <p>
2077 representing an existing configuration; ONC configuration of
2079 Contains the following fields:
2080 </p>
2084 <dd>
2088 </span>
2089 Indicating that the network should be connected to automatically when
2090 possible.
2091 </dd>
2094 <dd>
2096 (required)
2098 </span>
2099 EAP settings.
2100 </dd>
2103 <dd>
2105 (optional, read-only)
2107 </span>
2109 provided by the system. If the network is not in range this field will
2110 be set to '0' or not present.
2111 </dd>
2112 </dl>
2114 </section>
2116 <section>
2118 <p>
2123 representing an existing configuration; ONC configuration of
2125 Contains the following fields:
2126 </p>
2130 <dd>
2134 </span>
2135 Indicating that the network should be connected to automatically when
2137 takes precedence over autoconnect.
2138 </dd>
2141 <dd>
2144 </span>
2146 GSM carrier for making data connections.
2147 </dd>
2150 <dd>
2153 </span>
2154 List of available APN configurations.
2155 </dd>
2158 <dd>
2161 </span>
2162 Activation type.
2163 </dd>
2166 <dd>
2169 </span>
2170 Carrier account activation state.
2177 </span>
2178 </dd>
2181 <dd>
2184 </span>
2185 Whether cellular data connections are allowed when the device is roaming.
2186 </dd>
2189 <dd>
2192 </span>
2193 The name of the carrier for which the device is configured.
2194 </dd>
2197 <dd>
2200 </span>
2201 The Electronic Serial Number of the cellular modem.
2202 </dd>
2205 <dd>
2208 </span>
2209 Technology family.
2211 Allowed values are
2214 </span>
2215 </dd>
2218 <dd>
2221 </span>
2222 The revision of firmware that is loaded in the modem.
2223 </dd>
2226 <dd>
2230 </span>
2231 The list of cellular netwoks found in the most recent scan operation.
2232 </dd>
2235 <dd>
2238 </span>
2239 The hardware revision of the cellular modem.
2240 </dd>
2243 <dd>
2246 </span>
2247 Description of the operator that issued the SIM card currently installed
2248 in the modem.
2249 </dd>
2252 <dd>
2258 </span>
2259 For GSM / LTE modems, the Integrated Circuit Card Identifer of the SIM
2260 card installed in the device.
2261 </dd>
2264 <dd>
2267 </span>
2268 The International Mobile Equipment Identity of the cellular modem.
2269 </dd>
2272 <dd>
2276 </span>
2277 For GSM modems, the International Mobile Subscriber Identity of the SIM
2278 card installed in the device.
2279 </dd>
2282 <dd>
2285 </span>
2286 The APN information used in the last successful connection attempt.
2287 </dd>
2290 <dd>
2293 </span>
2294 The manufacturer of the cellular modem.
2295 </dd>
2298 <dd>
2301 </span>
2302 The Mobile Directory Number (i.e., phone number) of the device.
2303 </dd>
2306 <dd>
2310 </span>
2311 For CDMA modems, the Mobile Equipment Identifer of the cellular modem.
2312 </dd>
2315 <dd>
2318 </span>
2319 The Mobile Identification Number of the device.
2320 </dd>
2323 <dd>
2326 </span>
2327 The hardware model of the cellular modem.
2328 </dd>
2331 <dd>
2334 </span>
2335 If the modem is registered on a network, then this is set to the
2336 network technology currently in use.
2338 Allowed values are
2349 </span>
2350 </dd>
2353 <dd>
2356 </span>
2357 Properties describing the online payment portal (OLP) at which a user can
2358 sign up for or modify a mobile data plan.
2359 </dd>
2362 <dd>
2365 </span>
2366 The revision of the Preferred Roaming List that is loaded in the modem.
2367 </dd>
2370 <dd>
2373 </span>
2374 The roaming status of the cellular modem on the current network.
2379 </span>
2380 </dd>
2383 <dd>
2387 </span>
2388 Description of the operator on whose network the modem is currently
2389 registered
2390 </dd>
2393 <dd>
2397 </span>
2398 For GSM modems, a dictionary containing two properties describing the
2399 state of the SIM card lock.
2400 </dd>
2403 <dd>
2409 </span>
2410 For GSM or LTE modems, indicates whether a SIM card is present or not.
2411 </dd>
2414 <dd>
2417 </span>
2418 True if the cellular network supports scanning.
2419 </dd>
2422 <dd>
2425 </span>
2426 A list of supported carriers.
2427 </dd>
2429 </dl>
2434 <dd>
2437 </span>
2438 The access point name used when making connections.
2439 </dd>
2442 <dd>
2445 </span>
2446 Description of the APN.
2447 </dd>
2450 <dd>
2453 </span>
2454 Localized description of the APN.
2455 </dd>
2458 <dd>
2461 </span>
2462 Username for making connections if required.
2463 </dd>
2466 <dd>
2469 </span>
2470 Password for making connections if required.
2471 </dd>
2474 <dd>
2476 LocalizedName</span> is provided)
2478 </span>
2479 Two letter language code for Localizedname if provided.
2480 </dd>
2481 </dl>
2486 <dd>
2489 </span>
2490 The availability of the network.
2491 </dd>
2494 <dd>
2497 </span>
2498 The network id in the form MCC/MNC (without the '/').
2499 </dd>
2502 <dd>
2505 </span>
2506 Access technology used by the network,
2508 </dd>
2511 <dd>
2514 </span>
2515 Short-format name of the network operator.
2516 </dd>
2519 <dd>
2522 </span>
2523 Long-format name of the network operator.
2524 </dd>
2525 </dl>
2530 <dd>
2533 </span>
2535 </dd>
2538 <dd>
2543 </span>
2544 The postdata to send.
2545 </dd>
2548 <dd>
2551 </span>
2552 The URL for the portal.
2553 </dd>
2554 </dl>
2559 <dd>
2562 </span>
2563 The operator name.
2564 </dd>
2567 <dd>
2570 </span>
2571 The network id in the form MCC/MNC (without the '/').
2572 </dd>
2575 <dd>
2578 </span>
2579 The two-letter country code.
2580 </dd>
2581 </dl>
2586 <dd>
2589 </span>
2590 Specifies the type of lock in effect, or an empty string if unlocked.
2592 Allowed values are
2595 </span>
2596 </dd>
2599 <dd>
2602 </span>
2603 Indicates whether SIM locking is enabled
2604 </dd>
2607 <dd>
2610 </span>
2613 the number of attempts remaining to supply a correct PIN before the
2614 PIN becomes blocked, at which point a PUK provided by the carrier would
2617 </dd>
2618 </dl>
2620 </section>
2622 <section>
2624 <p>
2625 This format will eventually also cover configuration of Bluetooth and WiFi
2626 Direct network technologies, however they are currently not supported.
2627 </p>
2628 </section>
2630 </section>
2632 <section>
2634 <p>
2635 Certificate data is stored in a separate section. Each certificate may be
2636 referenced from within the NetworkConfigurations array using a certificate
2637 reference. A certificate reference is its GUID.
2638 </p>
2640 <p>
2643 </p>
2645 <p>
2647 </p>
2651 <dd>
2653 (required)
2655 </span>
2656 A unique identifier for this certificate. Must be a non-empty string.
2657 </dd>
2660 <dd>
2665 </span> For certificates with
2666 private keys, this is the base64 encoding of the a PKCS#12 file.
2667 </dd>
2670 <dd>
2674 </span>
2676 should be set).
2677 </dd>
2680 <dd>
2685 [])
2687 </span>
2688 An array of trust flags. Clients should ignore unknown flags. For
2689 backwards compatibility, each flag should only increase the trust and
2691 the certificate is to be trusted for HTTPS SSL identification. A typical
2696 </dd>
2699 <dd>
2704 </span>
2710 </span>
2712 identifying the user or device over HTTPS or for
2714 identifies an HTTPS or VPN/802.1X peer.
2716 certificate authority and any certificates it issues should be
2718 x509 v3 basic constraints or key usage attributes, the
2720 </dd>
2723 <dd>
2729 </span> For certificate
2730 without private keys, this is the X509 certificate in PEM format.
2731 </dd>
2732 </dl>
2734 <p>
2735 The passphrase of the PKCS#12 encoding must be empty. Encryption of key data
2736 should be handled at the level of the entire file, or the transport of the
2737 file.
2738 </p>
2740 <p>
2741 If a global-scoped network connection refers to a user-scoped certificate,
2742 results are undefined, so this configuration should be prohibited by the
2743 configuration editor.
2744 </p>
2745 </section>
2747 </section>
2749 <section>
2751 <p>
2752 We assume that when this format is imported as part of policy that
2753 file-level encryption will not be necessary because the policy transport is
2754 already encrypted, but when it is imported as a standalone file, it is
2755 desirable to encrypt it. Since this file has private information (user
2756 names) and secrets (passphrases and private keys) in it, and we want it to
2757 be usable as a manual way to distribute network configuration, we must
2758 support encryption.
2759 </p>
2761 <p>
2762 For this standalone export, the entire file will be encrypted in a symmetric
2763 fashion with a passphrase stretched using salted PBKDF2 using at least 20000
2765 HMAC on the ciphertext.
2766 </p>
2768 <p>
2769 An encrypted ONC file's top level object will have the
2772 following:
2773 </p>
2777 <dd>
2779 (required)
2781 </span>
2783 is supported.
2784 </dd>
2787 <dd>
2789 (required)
2791 </span>
2792 The raw ciphertext of the encrypted ONC file, base64 encoded.
2793 </dd>
2796 <dd>
2798 (required)
2800 </span>
2801 The HMAC for the ciphertext, base64 encoded.
2802 </dd>
2805 <dd>
2807 (required)
2809 </span>
2810 The method used to compute the Hash-based Message Authentication Code
2812 </dd>
2815 <dd>
2817 (required)
2819 </span>
2820 The salt value used during key stretching.
2821 </dd>
2824 <dd>
2826 (required)
2828 </span>
2829 The key stretching algorithm used. Currently
2831 </dd>
2834 <dd>
2836 (required)
2838 </span>
2839 The number of iterations to use during key stretching.
2840 </dd>
2843 <dd>
2845 (required)
2847 </span>
2848 The initial vector (IV) used for Cyclic Block Cipher (CBC) mode, base64
2849 encoded.
2850 </dd>
2853 <dd>
2855 (required)
2857 </span>
2858 The type of the ONC file, which must be set
2860 </dd>
2861 </dl>
2865 When decrypted, the ciphertext must contain a JSON object of
2867 </p>
2868 </section>
2870 <section>
2872 <p>
2873 The values of some fields, such
2876 expansions. These allow one ONC to have basic user-specific variations.
2877 </p>
2879 <p>
2880 The expansions are:
2881 </p>
2883 <ul>
2884 <li>
2885 ${LOGIN_ID} - expands to the email address of the user, but before the
2886 '@'.
2887 </li>
2888 <li>
2889 ${LOGIN_EMAIL} - expands to the email address of the user.
2890 </li>
2891 </ul>
2893 <p>
2894 The following SED would properly handle resolution.
2895 </p>
2897 <ul>
2898 <li>
2899 s/\$\{LOGIN_ID\}/bobquail$1/g
2900 </li>
2901 <li>
2902 s/\$\{LOGIN_EMAIL\}/bobquail@example.com$1/g
2903 </li>
2904 </ul>
2906 <p>
2907 Example expansions, assuming the user was bobquail@example.com:
2908 </p>
2910 <ul>
2911 <li>
2913 </li>
2914 <li>
2916 </li>
2917 <li>
2919 </li>
2920 <li>
2922 </li>
2923 <li>
2925 </li>
2926 <li>
2928 </li>
2929 </ul>
2930 </section>
2932 <section>
2934 <p>
2935 This format should be sent in files ending in the .onc extension. When
2936 transmitted with a MIME type, the MIME type should be
2937 application/x-onc. These two methods make detection of data to be handled in
2938 this format, especially when encryption is used and the payload itself is
2939 not detectable.
2940 </p>
2941 </section>
2943 </section>
2945 <section>
2947 <p>
2948 For the overall format, we considered XML, ASN.1, and protobufs. JSON and
2949 ASN.1 seem more widely known than protobufs. Since administrators are
2950 likely to want to tweak settings that will not exist in common UIs, we
2951 should provide a format that is well known and human modifiable. ASN.1 is
2952 not human modifiable. Protobufs formats are known by open source developers
2953 but seem less likely to be known by administrators. JSON serialization
2954 seems to have good support across languages.
2955 </p>
2957 <p>
2958 We considered sending the exact connection manager configuration format of
2959 an open source connection manager like connman. There are a few issues
2960 here, for instance, referencing certificates by identifiers not tied to a
2961 particular PKCS#11 token, and tying to one OS's connection manager.
2962 </p>
2963 </section>
2965 <section>
2967 <p>
2968 This format should be sent in files ending in the .onc extension. When
2969 transmitted with a MIME type, the MIME type should be
2970 application/x-onc. These two methods make detection of data to be handled in
2971 this format, especially when encryption is used and the payload itself is
2972 not detectable.
2973 </p>
2974 </section>
2976 <section>
2979 <section>
2982 <pre>
2983 {
2985 "NetworkConfigurations": [
2986 {
2990 "WiFi": {
2991 "AutoConnect": true,
2992 "EAP": {
2994 "UseSystemCAs": true
2995 },
2996 "HiddenSSID": false,
2999 }
3000 }
3001 ],
3002 "Certificates": []
3003 }
3004 </pre>
3006 <p>
3007 Notice that in this case, we do not provide a username and password - we set
3009 time. We could have passed in username and password - but such a file should
3010 be encrypted.
3011 </p>
3012 </section>
3014 <section>
3017 <pre>
3018 {
3020 "NetworkConfigurations": [
3021 {
3025 "WiFi": {
3026 "AutoConnect": false,
3027 "EAP": {
3028 "ClientCertPattern": {
3029 "EnrollmentURI": [
3030 "http://fetch-my-certificate.com"
3031 ],
3032 "IssuerCARef": [
3033 "{6ed8dce9-64c8-d568-d225d7e467e37828}"
3034 ]
3035 },
3039 "UseSystemCAs": true
3040 },
3041 "HiddenSSID": false,
3044 }
3045 }
3046 ],
3047 "Certificates": [
3048 {
3051 "X509": "MIIEpzCCA4+gAwIBAgIJAMueiWq5WEIAMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDEyODA2MjA0MFoXDTEyMDEyODA2MjA0MFowgZMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZSYWRpdXMxEjAQBgNVBAcTCVNvbWV3aGVyZTEVMBMGA1UEChMMRXhhbXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQGA1UEAxMdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EDplhyrVNJIoy1OsVqvD/K67B5PW2bDKKxGznodrzCu8jHsP1Ne3mgrK20vbzQUUBdmxTCWO6x3a3//r4ZuPOuZd1ViycWjt6mRfRbBzNrHzP7NiyFuXjdlz74beHQQLcHwvZ3qFAWZK37uweiLiDPaMaEQlka2Bztqx4PsogmSdoVPSCxi5Cl1XlJmITA03LlKpO79+0rEPRamWO/DMCwvffn2/UUjJLog4/lYe16HQ6iq/6bjhffm2rLXDFKOGZmBVbLNMCfANRMtdFWHYdBXERoUo2zpM9tduOOUNLy7E7kRKVm/wy38s51ChFPlpORrhimN2j1caar+KAv2tAgMBAAGjgfswgfgwHQYDVR0OBBYEFBTIImiXp+57jjgn2N5wq93GgAAtMIHIBgNVHSMEgcAwgb2AFBTIImiXp+57jjgn2N5wq93GgAAtoYGZpIGWMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkAy56JarlYQgAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAnNd0YY7s2YVYPsgEgDS+rBNjcQloTFWgc9Hv4RWBjwcdJdSPIrpBp7LSjC96wH5U4eWpQjlWbOYQ9RBq9Z/RpuAPEjzRV78rIrQrCWQ3lxwywWEb5Th1EVJSN68eNv7Ke5BlZ2l9kfLRKFm5MEBXX9YoHMX0U8I8dPIXfTyevmKOT1PuEta5cQOM6/zH86XWn6WYx3EXkyjpeIbVOw49AqaEY8u70yBmut4MO03zz/pwLjV1BWyIkXhsrtuJyA+ZImvgLK2oAMZtGGFo7b0GW/sWY/P3R6Un3RFy35k6U3kXCDYYhgZEcS36lIqcj5y6vYUUVM732/etCsuOLz6ppw=="
3052 }
3053 ]
3054 }
3055 </pre>
3057 <p>
3058 In this example, the client certificate is not sent in the ONC format, but
3059 rather we send a certificate authority which we know will have signed the
3060 client certificate that is needed, along with an enrollment URI to navigate
3061 to if the required certificate is not yet available on the client.
3062 </p>
3063 </section>
3065 <section>
3068 <p>
3069 In this example a new certificate authority is added to be trusted for HTTPS
3070 server authentication.
3071 </p>
3073 <pre>
3074 {
3076 "NetworkConfigurations": [],
3077 "Certificates": [
3078 {
3082 "X509": "MIIEpzCCA4+gAwIBAgIJAMueiWq5WEIAMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDEyODA2MjA0MFoXDTEyMDEyODA2MjA0MFowgZMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZSYWRpdXMxEjAQBgNVBAcTCVNvbWV3aGVyZTEVMBMGA1UEChMMRXhhbXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQGA1UEAxMdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EDplhyrVNJIoy1OsVqvD/K67B5PW2bDKKxGznodrzCu8jHsP1Ne3mgrK20vbzQUUBdmxTCWO6x3a3//r4ZuPOuZd1ViycWjt6mRfRbBzNrHzP7NiyFuXjdlz74beHQQLcHwvZ3qFAWZK37uweiLiDPaMaEQlka2Bztqx4PsogmSdoVPSCxi5Cl1XlJmITA03LlKpO79+0rEPRamWO/DMCwvffn2/UUjJLog4/lYe16HQ6iq/6bjhffm2rLXDFKOGZmBVbLNMCfANRMtdFWHYdBXERoUo2zpM9tduOOUNLy7E7kRKVm/wy38s51ChFPlpORrhimN2j1caar+KAv2tAgMBAAGjgfswgfgwHQYDVR0OBBYEFBTIImiXp+57jjgn2N5wq93GgAAtMIHIBgNVHSMEgcAwgb2AFBTIImiXp+57jjgn2N5wq93GgAAtoYGZpIGWMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkAy56JarlYQgAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAnNd0YY7s2YVYPsgEgDS+rBNjcQloTFWgc9Hv4RWBjwcdJdSPIrpBp7LSjC96wH5U4eWpQjlWbOYQ9RBq9Z/RpuAPEjzRV78rIrQrCWQ3lxwywWEb5Th1EVJSN68eNv7Ke5BlZ2l9kfLRKFm5MEBXX9YoHMX0U8I8dPIXfTyevmKOT1PuEta5cQOM6/zH86XWn6WYx3EXkyjpeIbVOw49AqaEY8u70yBmut4MO03zz/pwLjV1BWyIkXhsrtuJyA+ZImvgLK2oAMZtGGFo7b0GW/sWY/P3R6Un3RFy35k6U3kXCDYYhgZEcS36lIqcj5y6vYUUVM732/etCsuOLz6ppw=="
3083 }
3084 ]
3085 }
3086 </pre>
3087 </section>
3089 <section>
3092 <p>
3093 In this example a simple wireless network is added, but the file is encrypted
3094 with the passphrase "test0000".
3095 </p>
3097 <pre>
3098 {
3100 "Ciphertext": "eQ9/r6v29/83M745aa0JllEj4lklt3Nfy4kPPvXgjBt1eTByxXB+FnsdvL6Uca5JBU5aROxfiol2+ZZOkxPmUNNIFZj70pkdqOGVe09ncf0aVBDsAa27veGIG8rG/VQTTbAo7d8QaxdNNbZvwQVkdsAXawzPCu7zSh4NF/hDnDbYjbN/JEm1NzvWgEjeOfqnnw3PnGUYCArIaRsKq9uD0a1NccU+16ZSzyDhX724JNrJjsuxohotk5YXsCK0lP7ZXuXj+nSR0aRIETSQ+eqGhrew2octLXq8cXK05s6ZuVAc0mFKPkntSI/fzBACuPi4ZaGd3YEYiKzNOgKJ+qEwgoE39xp0EXMZOZyjMOAtA6e1ZZDQGWG7vKdTLmLKNztHGrXvlZkyEf1RDs10YgkwwLgUhm0yBJ+eqbxO/RiBXz7O2/UVOkkkVcmeI6yh3BdL6HIYsMMygnZa5WRkd/2/EudoqEnjcqUyGsL+YUqV6KRTC0PH+z7zSwvFs2KygrSM7SIAZM2yiQHTQACkA/YCJDwACkkQOBFnRWTWiX0xmN55WMbgrs/wqJ4zGC9LgdAInOBlc3P+76+i7QLaNjMovQ==",
3108 }
3109 </pre>
3110 </section>
3112 </section>
3114 <section>
3117 <p>
3118 The source code for a Chrome packaged app to generate ONC configuration can
3119 be found here:
3120 <a href="https://gerrit.chromium.org/gitweb/?p=chromiumos/platform/spigots.git;a=tree">"https://gerrit.chromium.org/gitweb/?p=chromiumos/platform/spigots.git;a=tree"</a>
3121 </p>
3122 </section>
3124 <section>
3127 <p>
3128 UIs will need to have internationalization and localizations - the file
3129 format will remain in English.
3130 </p>
3131 </section>
3133 <section>
3136 <p>
3137 Data stored inside of open network configuration files is highly sensitive
3138 to users and enterprises. The file format itself provides adequate
3139 encryption options to allow standalone use-cases to be secure. For automatic
3140 updates sent by policy, the policy transport should be made secure. The file
3141 should not be stored unencrypted on disk as part of policy fetching and
3142 should be cleared from memory after use.
3143 </p>
3144 </section>
3146 <section>
3149 <p>
3150 Similarly to the security considerations, user names will be present in
3151 these files for certain kinds of connections, so any places where the file
3152 is transmitted or saved to disk should be secure. On client device, when
3153 user names for connections that are user-specific are persisted to disk,
3154 they should be stored in a location that is encrypted. Users can also opt in
3155 these cases to not save their user credentials in the config file and will
3156 instead be prompted when they are needed.
3157 </p>
3158 </section>
3159 </section>
3160 </body>
3161 </html>