| < draft-ietf-drip-rid-22.txt | draft-ietf-drip-rid-23.txt > | |||
|---|---|---|---|---|
| DRIP R. Moskowitz | DRIP R. Moskowitz | |||
| Internet-Draft HTT Consulting | Internet-Draft HTT Consulting | |||
| Updates: 7401, 7343 (if approved) S. Card | Updates: 7401, 7343 (if approved) S. Card | |||
| Intended status: Standards Track A. Wiethuechter | Intended status: Standards Track A. Wiethuechter | |||
| Expires: 15 October 2022 AX Enterprize, LLC | Expires: 23 October 2022 AX Enterprize, LLC | |||
| A. Gurtov | A. Gurtov | |||
| Linköping University | Linköping University | |||
| 13 April 2022 | 21 April 2022 | |||
| DRIP Entity Tag (DET) for Unmanned Aircraft System Remote ID (UAS RID) | DRIP Entity Tag (DET) for Unmanned Aircraft System Remote ID (UAS RID) | |||
| draft-ietf-drip-rid-22 | draft-ietf-drip-rid-23 | |||
| Abstract | Abstract | |||
| This document describes the use of Hierarchical Host Identity Tags | This document describes the use of Hierarchical Host Identity Tags | |||
| (HHITs) as self-asserting IPv6 addresses and thereby a trustable | (HHITs) as self-asserting IPv6 addresses and thereby a trustable | |||
| identifier for use as the Unmanned Aircraft System Remote | identifier for use as the Unmanned Aircraft System Remote | |||
| Identification and tracking (UAS RID). | Identification and tracking (UAS RID). | |||
| This document updates RFC7401 and RFC7343. | This document updates RFC7401 and RFC7343. | |||
| skipping to change at page 1, line 44 ¶ | skipping to change at page 1, line 44 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 15 October 2022. | This Internet-Draft will expire on 23 October 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 3, line 13 ¶ | skipping to change at page 3, line 13 ¶ | |||
| 8.4. IANA HIP Registry Updates . . . . . . . . . . . . . . . . 22 | 8.4. IANA HIP Registry Updates . . . . . . . . . . . . . . . . 22 | |||
| 8.5. IANA IPSECKEY Registry Update . . . . . . . . . . . . . . 22 | 8.5. IANA IPSECKEY Registry Update . . . . . . . . . . . . . . 22 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 23 | |||
| 9.1. DET Trust in ASTM messaging . . . . . . . . . . . . . . . 24 | 9.1. DET Trust in ASTM messaging . . . . . . . . . . . . . . . 24 | |||
| 9.2. Privacy Considerations . . . . . . . . . . . . . . . . . 25 | 9.2. Privacy Considerations . . . . . . . . . . . . . . . . . 25 | |||
| 9.3. Collision Risks with DETs . . . . . . . . . . . . . . . . 26 | 9.3. Collision Risks with DETs . . . . . . . . . . . . . . . . 26 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 26 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 26 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 27 | 10.2. Informative References . . . . . . . . . . . . . . . . . 27 | |||
| Appendix A. EU U-Space RID Privacy Considerations . . . . . . . 30 | Appendix A. EU U-Space RID Privacy Considerations . . . . . . . 30 | |||
| Appendix B. The 14/14 HID split . . . . . . . . . . . . . . . . 30 | Appendix B. The 14/14 HID split . . . . . . . . . . . . . . . . 31 | |||
| Appendix C. Calculating Collision Probabilities . . . . . . . . 32 | Appendix C. Calculating Collision Probabilities . . . . . . . . 32 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 32 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 32 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 33 | |||
| 1. Introduction | 1. Introduction | |||
| DRIP Requirements [RFC9153] describe an Unmanned Aircraft System | DRIP Requirements [RFC9153] describe an Unmanned Aircraft System | |||
| Remote ID (UAS ID) as unique (ID-4), non-spoofable (ID-5), and | Remote ID (UAS ID) as unique (ID-4), non-spoofable (ID-5), and | |||
| identify a registry where the ID is listed (ID-2); all within a | identify a registry where the ID is listed (ID-2); all within a | |||
| 20-character identifier (ID-1). | 20-character identifier (ID-1). | |||
| This document describes the use of Hierarchical Host Identity Tags | This document describes (per Section 3 of [drip-architecture]) the | |||
| (HHITs) (Section 3) as self-asserting IPv6 addresses and thereby a | use of Hierarchical Host Identity Tags (HHITs) (Section 3) as self- | |||
| trustable identifier for use as the UAS Remote ID. HHITs include | asserting IPv6 addresses and thereby a trustable identifier for use | |||
| explicit hierarchy to enable DNS HHIT queries (Host ID for | as the UAS Remote ID. HHITs include explicit hierarchy to enable DNS | |||
| authentication, e.g., [drip-authentication]) and for Extensible | HHIT queries (Host ID for authentication, e.g., | |||
| Provisioning Protocol (EPP) Registrar discovery [RFC9224] for 3rd- | [drip-authentication]) and for Extensible Provisioning Protocol (EPP) | |||
| party identification attestation (e.g., [drip-authentication]). | Registrar discovery [RFC9224] for 3rd-party identification | |||
| attestation (e.g., [drip-authentication]). | ||||
| This addition of hierarchy to HITs is an extension to [RFC7401] and | This addition of hierarchy to HITs is an extension to [RFC7401] and | |||
| requires an update to [RFC7343]. As this document also adds EdDSA | requires an update to [RFC7343]. As this document also adds EdDSA | |||
| (Section 3.4) for Host Identities (HIs), a number of Host Identity | (Section 3.4) for Host Identities (HIs), a number of Host Identity | |||
| Protocol (HIP) parameters in [RFC7401] are updated, these should not | Protocol (HIP) parameters in [RFC7401] are updated, these should not | |||
| be needed in a DRIP implementation that does not use HIP. | be needed in a DRIP implementation that does not use HIP. | |||
| HHITs as used within the context of Unmanned Aircraft System (UAS) | HHITs as used within the context of Unmanned Aircraft System (UAS) | |||
| are labeled as DRIP Entity Tags (DETs). Throughout this document | are labeled as DRIP Entity Tags (DETs). Throughout this document | |||
| HHIT and DET will be used appropriately. HHIT will be used when | HHIT and DET will be used appropriately. HHIT will be used when | |||
| skipping to change at page 18, line 20 ¶ | skipping to change at page 18, line 20 ¶ | |||
| In practice, the Wrapper and Manifest authentication formats | In practice, the Wrapper and Manifest authentication formats | |||
| (Sections 6.3.3 and 6.3.4 of [drip-authentication]) implicitly | (Sections 6.3.3 and 6.3.4 of [drip-authentication]) implicitly | |||
| provide this self-attestation. A lookup service like DNS can provide | provide this self-attestation. A lookup service like DNS can provide | |||
| the HI and registration proof (GEN-3 in [RFC9153]). | the HI and registration proof (GEN-3 in [RFC9153]). | |||
| Similarly, for Observers without Internet access, a 200-byte offline | Similarly, for Observers without Internet access, a 200-byte offline | |||
| self-attestation could provide the same Remote ID ownership proof. | self-attestation could provide the same Remote ID ownership proof. | |||
| This attestation would contain the HDA's signing of the UA's HHIT, | This attestation would contain the HDA's signing of the UA's HHIT, | |||
| itself signed by the UA's HI. Only a small cache that contains the | itself signed by the UA's HI. Only a small cache that contains the | |||
| HDA's HI/HHIT and HDA meta-data is needed by the Observer. However, | HDA's HI/HHIT and HDA meta-data is needed by the Observer. However, | |||
| such an object would just fit in the ASTM Authentication Message with | such an object would just fit in the ASTM Authentication Message | |||
| no room for growth. In practice, [drip-authentication] provides this | (Section 2.2 of [RFC9153]) with no room for growth. In practice, | |||
| offline self-attestation in two authentication messages: the HDA's | [drip-authentication] provides this offline self-attestation in two | |||
| certification of the UA's HHIT registration in a Link authentication | authentication messages: the HDA's certification of the UA's HHIT | |||
| message whose hash is sent in a Manifest authentication message. | registration in a Link authentication message whose hash is sent in a | |||
| Manifest authentication message. | ||||
| Hashes of any previously sent ASTM messages can be placed in a | Hashes of any previously sent ASTM messages can be placed in a | |||
| Manifest authentication message (GEN-2 in [RFC9153]). When a | Manifest authentication message (GEN-2 in [RFC9153]). When a | |||
| Location/Vector Message (i.e., a message that provides UA location, | Location/Vector Message (i.e., a message that provides UA location, | |||
| altitude, heading, speed, and status) hash along with the hash of the | altitude, heading, speed, and status) hash along with the hash of the | |||
| HDA's UA HHIT attestation are sent in a Manifest authentication | HDA's UA HHIT attestation are sent in a Manifest authentication | |||
| message and the Observer can visually see a UA at the claimed | message and the Observer can visually see a UA at the claimed | |||
| location, the Observer has a very strong proof of the UA's Remote ID. | location, the Observer has a very strong proof of the UA's Remote ID. | |||
| All this behavior and how to mix these authentication messages into | All this behavior and how to mix these authentication messages into | |||
| skipping to change at page 19, line 46 ¶ | skipping to change at page 19, line 46 ¶ | |||
| $ORIGIN 5.0.4.1.0.8.2.0.0.3.0.0.1.0.0.2.ip6.arpa. | $ORIGIN 5.0.4.1.0.8.2.0.0.3.0.0.1.0.0.2.ip6.arpa. | |||
| e.9.6.a.0.d.a.0.2.5.9.1.d.a.3.a IN PTR | e.9.6.a.0.d.a.0.2.5.9.1.d.a.3.a IN PTR | |||
| a3ad1952ad0a69e.20.10.det.rid.icao.int. | a3ad1952ad0a69e.20.10.det.rid.icao.int. | |||
| 6. Other UTM Uses of HHITs Beyond DET | 6. Other UTM Uses of HHITs Beyond DET | |||
| HHITs will be used within the UTM architecture beyond DET (and USS in | HHITs will be used within the UTM architecture beyond DET (and USS in | |||
| UA ID registration and authentication), for example, as a Ground | UA ID registration and authentication), for example, as a Ground | |||
| Control Station (GCS) HHIT ID. Some GCS will use its HHIT for | Control Station (GCS) HHIT ID. Some GCS will use its HHIT for | |||
| securing its Network Remote ID (to USS HHIT) and C2 transports. | securing its Network Remote ID (to USS HHIT) and Command and Control | |||
| (C2, Section 2.2.2 of [RFC9153]) transports. | ||||
| Observers may have their own HHITs to facilitate UAS information | Observers may have their own HHITs to facilitate UAS information | |||
| retrieval (e.g., for authorization to private UAS data). They could | retrieval (e.g., for authorization to private UAS data). They could | |||
| also use their HHIT for establishing a HIP connection with the UA | also use their HHIT for establishing a HIP connection with the UA | |||
| Pilot for direct communications per authorization. Details about | Pilot for direct communications per authorization. Details about | |||
| such issues are out of the scope of this document). | such issues are out of the scope of this document). | |||
| 7. Summary of Addressed DRIP Requirements | 7. Summary of Addressed DRIP Requirements | |||
| This document provides the details to solutions for GEN 1 - 3, ID 1 - | This document provides the details to solutions for GEN 1 - 3, ID 1 - | |||
| skipping to change at page 21, line 40 ¶ | skipping to change at page 21, line 43 ¶ | |||
| RSA,DSA/SHA-256 1 [RFC7401] | RSA,DSA/SHA-256 1 [RFC7401] | |||
| ECDSA/SHA-384 2 [RFC7401] | ECDSA/SHA-384 2 [RFC7401] | |||
| ECDSA_LOW/SHA-1 3 [RFC7401] | ECDSA_LOW/SHA-1 3 [RFC7401] | |||
| EdDSA/cSHAKE128 TBD3 (suggested value 5) (RECOMMENDED) | EdDSA/cSHAKE128 TBD3 (suggested value 5) (RECOMMENDED) | |||
| RESERVED 16 | RESERVED 16 | |||
| HDA Private Use 1 TBD4 (suggested value 254) | HDA Private Use 1 TBD4 (suggested value 254) | |||
| HDA Private Use 2 TBD5 (suggested value 255) | HDA Private Use 2 TBD5 (suggested value 255) | |||
| 8.3. IANA CGA Registry Update | 8.3. IANA CGA Registry Update | |||
| This document requests IANA to make the following change to the IANA | This document requests that this document be added to the reference | |||
| "CGA Extension Type Tags registry [IANA-CGA] registry: | field for the "CGA Extension Type Tags" registry [IANA-CGA], where | |||
| IANA registers the following Context ID: | ||||
| Context ID: | Context ID: | |||
| The Context ID (Section 3) shares the namespace introduced for CGA | The Context ID (Section 3) shares the namespace introduced for CGA | |||
| Type Tags. Defining new Context IDs follow the rules in Section 8 | Type Tags. Defining new Context IDs follow the rules in Section 8 | |||
| of [RFC3972]: | of [RFC3972]: | |||
| Context ID := 0x00B5 A69C 795D F5D5 F008 7F56 843F 2C40 | Context ID := 0x00B5 A69C 795D F5D5 F008 7F56 843F 2C40 | |||
| 8.4. IANA HIP Registry Updates | 8.4. IANA HIP Registry Updates | |||
| skipping to change at page 28, line 9 ¶ | skipping to change at page 28, line 9 ¶ | |||
| <https://mailarchive.ietf.org/arch/msg/cfrg/ | <https://mailarchive.ietf.org/arch/msg/cfrg/ | |||
| tAJJq60W6TlUv7_pde5cw5TDTCU/>. | tAJJq60W6TlUv7_pde5cw5TDTCU/>. | |||
| [corus] CORUS, "U-space Concept of Operations", September 2019, | [corus] CORUS, "U-space Concept of Operations", September 2019, | |||
| <https://www.sesarju.eu/node/3411>. | <https://www.sesarju.eu/node/3411>. | |||
| [CTA2063A] ANSI/CTA, "Small Unmanned Aerial Systems Serial Numbers", | [CTA2063A] ANSI/CTA, "Small Unmanned Aerial Systems Serial Numbers", | |||
| September 2019, <https://shop.cta.tech/products/small- | September 2019, <https://shop.cta.tech/products/small- | |||
| unmanned-aerial-systems-serial-numbers>. | unmanned-aerial-systems-serial-numbers>. | |||
| [drip-architecture] | ||||
| Card, S. W., Wiethuechter, A., Moskowitz, R., Zhao, S., | ||||
| and A. Gurtov, "Drone Remote Identification Protocol | ||||
| (DRIP) Architecture", Work in Progress, Internet-Draft, | ||||
| draft-ietf-drip-arch-22, 21 March 2022, | ||||
| <https://datatracker.ietf.org/doc/html/draft-ietf-drip- | ||||
| arch-22>. | ||||
| [drip-authentication] | [drip-authentication] | |||
| Wiethuechter, A., Card, S., and R. Moskowitz, "DRIP | Wiethuechter, A., Card, S., and R. Moskowitz, "DRIP | |||
| Authentication Formats & Protocols for Broadcast Remote | Authentication Formats & Protocols for Broadcast Remote | |||
| ID", Work in Progress, Internet-Draft, draft-ietf-drip- | ID", Work in Progress, Internet-Draft, draft-ietf-drip- | |||
| auth-05, 7 March 2022, | auth-07, 19 April 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-drip- | <https://datatracker.ietf.org/doc/html/draft-ietf-drip- | |||
| auth-05>. | auth-07>. | |||
| [drip-registries] | [drip-registries] | |||
| Wiethuechter, A., Card, S., Moskowitz, R., and J. Reid, | Wiethuechter, A., Card, S., Moskowitz, R., and J. Reid, | |||
| "DRIP Registries", Work in Progress, Internet-Draft, | "DRIP Registries", Work in Progress, Internet-Draft, | |||
| draft-ietf-drip-registries-01, 7 March 2022, | draft-ietf-drip-registries-01, 7 March 2022, | |||
| <https://datatracker.ietf.org/doc/html/draft-ietf-drip- | <https://datatracker.ietf.org/doc/html/draft-ietf-drip- | |||
| registries-01>. | registries-01>. | |||
| [F3411] ASTM International, "Standard Specification for Remote ID | [F3411] ASTM International, "Standard Specification for Remote ID | |||
| and Tracking", | and Tracking", | |||
| End of changes. 13 change blocks. | ||||
| 23 lines changed or deleted | 35 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||