| Internet-Draft | MyClerk Protocol | December 2025 |
| Arcan | Expires 13 June 2026 | [Page] |
This document specifies the MyClerk Protocol, a tiered-security communication protocol designed for distributed family orchestration systems. The protocol provides six security tiers ranging from 1-byte minimal overhead for tunneled messages to 144-byte full security for critical operations. It supports multiple transport mechanisms including NATS, Matrix, WebSocket, and direct TCP, while maintaining end-to-end encryption using ChaCha20-Poly1305 and X25519 key exchange.¶
The protocol is transport-agnostic, federation-capable, and optimized for environments ranging from resource-constrained IoT devices to full-featured desktop clients.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 4 June 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
Modern families operate across multiple locations and devices: a primary home with network-attached storage, a vacation house with a mini-PC, grandparents with a Raspberry Pi, and mobile devices requiring access while traveling. The MyClerk Protocol addresses the communication requirements of such distributed family systems.¶
Traditional protocols impose significant overhead that becomes problematic for constrained channels. The MyClerk Protocol introduces tiered security levels, allowing applications to select appropriate overhead based on the security requirements of each operation.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The MyClerk Protocol is a binary protocol using MessagePack [RFC8949] for payload encoding. It defines six security tiers with increasing header sizes and cryptographic protections.¶
| Tier | Header Size | Encryption | Authentication | Use Case |
|---|---|---|---|---|
| 0 | 1 byte | None (tunneled) | None | Inside secure session |
| 1 | 4 bytes | None | None | Fire-and-forget commands |
| 2 | 6 bytes | Optional | CRC-16 | Home automation |
| 3 | 12 bytes | ChaCha20-Poly1305 | HMAC-32 | Conversational |
| 4 | 42 bytes | ChaCha20-Poly1305 | HMAC-64 | Key exchange |
| 5 | 58+ bytes | ChaCha20-Poly1305 | HMAC-256 + Poly1305 | Maximum security |
All messages consist of a header, optional payload, and optional trailer. The header format varies by security tier.¶
The first byte (Flags) is present in all tiers and has the following structure:¶
0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |V V|T T T|C|F|E| +-+-+-+-+-+-+-+-+ V: Protocol Version (2 bits) - Currently 0 T: Security Tier (3 bits) - Values 0-5 C: Compressed (1 bit) - Payload is compressed F: Fragmented (1 bit) - Message is fragmented E: Encrypted (1 bit) - Payload is encrypted¶
Tier 0 is used for messages tunneled inside an already-secure session. It provides minimal overhead.¶
0 0 1 2 3 4 5 6 7 +-+-+-+-+-+-+-+-+ |0 0|0 0 0|C|F|E| +-+-+-+-+-+-+-+-+¶
Tier 0 messages MUST only be sent within an established Tier 3+ session. Implementations receiving a Tier 0 message outside of a secure session MUST discard it.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V V|0 0 1|C|F|E| Operation Code | Sequence | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V V|0 1 0|C|F|E| Operation Code | Sequence | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
Tier 2 messages SHOULD include a CRC-16 trailer for error detection.¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V V|0 1 1|C|F|E| Operation Code | Sequence | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp (cont.) | Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
Tier 3 messages with the E flag set MUST be encrypted using ChaCha20-Poly1305 as specified in [RFC8439].¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |V V|1 0 0|C|F|E| Operation Code | Sequence | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Session ID | Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp (cont.) | Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Key ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | ECDH Public Key (X25519) | | (32 bytes) | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
Tier 5 extends Tier 4 with a full Poly1305 authentication tag in the header:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | [Tier 4 Header - 42 bytes] | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | | Poly1305 Tag (16 bytes) | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
Tier 5 messages MUST include a full HMAC-SHA256 (32 bytes) in the trailer, providing dual authentication: Poly1305 for AEAD integrity and HMAC-SHA256 for post-quantum resistance.¶
ChaCha20-Poly1305 requires a 96-bit (12-byte) nonce that MUST NOT be reused with the same key. The MyClerk Protocol constructs nonces as follows:¶
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Timestamp (32 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Random (32 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Counter (32 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+¶
All fields are encoded in big-endian byte order.¶
This construction provides a collision probability of less than 2^-80 per year at 1 million operations per second, assuming proper CSPRNG implementation.¶
Session keys are derived using HKDF as specified in [RFC5869] with SHA-256 as the hash function.¶
For Tier 4+ sessions:¶
shared_secret = X25519(local_private_key, remote_public_key)
session_key = HKDF-SHA256(
IKM = shared_secret,
salt = nonce_initiator || nonce_responder,
info = "myclerk-session-v0",
L = 32
)
¶
Keys MUST be rotated after any of the following conditions:¶
Rotated keys are derived as:¶
new_key = HKDF-SHA256(
IKM = current_key,
salt = "rotate",
info = rotation_counter (4 bytes, big-endian),
L = 32
)
¶
Operations are identified by a 16-bit operation code. The operation space is divided into ranges:¶
| Range | Category |
|---|---|
| 0x0000-0x00FF | Core Operations (Session, Key Management) |
| 0x0100-0x01FF | Standard Operations (Device, Identity, Messaging) |
| 0x0200-0x02FF | Resource Sharing |
| 0x0300-0x03FF | Federation |
| 0x0400-0x04FF | Billing and Economics |
| 0x0500-0x05FF | Virtual File System (VFS) |
| 0xF000-0xFFFE | Vendor Extensions |
| 0xFFFF | Reserved |
| Code | Name | Description |
|---|---|---|
| 0x0000 | NOP | No operation |
| 0x0001 | KEEPALIVE | Session keepalive |
| 0x0002 | KEEPALIVE_ACK | Keepalive acknowledgment |
| 0x0003 | SESSION_INIT | Initialize session |
| 0x0004 | SESSION_ACK | Session acknowledgment |
| 0x0005 | SESSION_CLOSE | Close session |
| 0x0006 | SESSION_CLOSE_ACK | Close acknowledgment |
| 0x0007 | SESSION_RESUME | Resume session with ticket |
| 0x0008 | SESSION_RESUMED | Session resumed |
| Code | Name | Description |
|---|---|---|
| 0x0010 | KEY_EXCHANGE_INIT | Initiate key exchange |
| 0x0011 | KEY_EXCHANGE_RESPONSE | Key exchange response |
| 0x0012 | KEY_EXCHANGE_COMPLETE | Key exchange complete |
| 0x0016 | SESSION_ROTATE | Rotate session key |
| 0x0017 | SESSION_REVOKE | Revoke session key |
Payloads are encoded using MessagePack (a subset of CBOR). This section defines payload structures using CDDL [RFC8610].¶
session-init = {
nonce: bstr .size 8,
timestamp: uint,
? capabilities: [* capability],
? device-id: bstr .size 16,
}
capability = &(
compression-lz4: 0,
compression-zstd: 1,
encryption-chacha20: 2,
encryption-aes256gcm: 3,
fragmentation: 4,
streaming: 5,
federation: 6,
vfs: 8,
)
¶
session-ack = {
session-id: uint .size 2,
nonce: bstr .size 8,
selected-tier: uint .le 5,
? selected-capabilities: [* capability],
}
¶
session-resume = {
old-session-id: uint .size 2,
ticket: bstr .size 64,
}
; Ticket structure (encrypted with server key, AES-256-GCM):
; - session-key: 32 bytes
; - device-id: 16 bytes
; - issued-at: 4 bytes (Unix timestamp)
; - expires-at: 4 bytes (Unix timestamp)
; - ticket-nonce: 8 bytes
¶
When endpoints support different maximum tiers, they MUST negotiate to the highest common tier. The server MUST respond with the minimum of its supported tier and the client's requested tier.¶
Servers MAY enforce minimum tier requirements for specific operations. If a client requests an operation at an insufficient tier, the server MUST respond with error code 0x12 (FORBIDDEN) and include the required tier in the error payload.¶
The following operations have minimum tier requirements:¶
| Operation Category | Minimum Tier |
|---|---|
| Lock/Unlock (physical access) | 3 |
| Key Exchange | 4 |
| Federation Operations | 4 |
| Emergency Operations | 3 |
Error codes are 8-bit values organized into ranges:¶
| Range | Category |
|---|---|
| 0x00-0x0F | Success |
| 0x10-0x1F | Client Errors |
| 0x20-0x2F | Server Errors |
| 0x30-0x3F | Federation Errors |
| 0xF0-0xFF | Reserved |
Reusing a nonce with the same key in ChaCha20-Poly1305 completely compromises the confidentiality and authenticity of all messages encrypted with that key-nonce pair. Implementations MUST ensure nonces are never reused by:¶
Tier 3+ messages include timestamps for replay protection. Implementations SHOULD reject messages with timestamps more than 5 minutes in the past or future. Session resumption tickets include a nonce that MUST be tracked to prevent replay attacks.¶
An attacker might attempt to force communication at a lower tier. Servers MUST enforce minimum tier requirements for sensitive operations. Clients SHOULD warn users when connecting at a lower tier than expected.¶
If a session key is compromised, an attacker can decrypt all messages in that session. The 24-hour automatic key rotation limits the window of exposure. For forward secrecy, implementations SHOULD use ephemeral ECDH keys for each session.¶
The X25519 key exchange is not quantum-resistant. Tier 5 includes an additional HMAC-SHA256 trailer that provides some protection against future quantum attacks on Poly1305. Implementations concerned about long-term confidentiality SHOULD use Tier 5 for sensitive data.¶
This document has no IANA actions.¶
If this protocol were to be standardized, IANA would be requested to create a registry for MyClerk Protocol operation codes with the ranges defined in Section 6.¶
This specification is part of the MyClerk project, a privacy-first family orchestration platform currently in development. For more information, visit https://myclerk.eu.¶