idnits 2.17.1 draft-ietf-drip-reqs-03.txt: -(8): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 3 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (13 July 2020) is 1383 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-06) exists of draft-maeurer-raw-ldacs-04 Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 DRIP S. Card, Ed. 3 Internet-Draft A. Wiethuechter 4 Intended status: Informational AX Enterprize 5 Expires: 14 January 2021 R. Moskowitz 6 HTT Consulting 7 A. Gurtov 8 Linköping University 9 13 July 2020 11 Drone Remote Identification Protocol (DRIP) Requirements 12 draft-ietf-drip-reqs-03 14 Abstract 16 This document defines the requirements for Drone Remote 17 Identification Protocol (DRIP) Working Group protocols to support 18 Unmanned Aircraft System Remote Identification and tracking (UAS RID) 19 for security, safety and other purposes. Complementing external 20 technical standards as regulator-accepted means of compliance with 21 UAS RID regulations, DRIP will: 23 facilitate use of existing Internet resources to support UAS RID 24 and to enable enhanced related services; 26 enable online and offline verification that UAS RID information is 27 trustworthy. 29 Status of This Memo 31 This Internet-Draft is submitted in full conformance with the 32 provisions of BCP 78 and BCP 79. 34 Internet-Drafts are working documents of the Internet Engineering 35 Task Force (IETF). Note that other groups may also distribute 36 working documents as Internet-Drafts. The list of current Internet- 37 Drafts is at https://datatracker.ietf.org/drafts/current/. 39 Internet-Drafts are draft documents valid for a maximum of six months 40 and may be updated, replaced, or obsoleted by other documents at any 41 time. It is inappropriate to use Internet-Drafts as reference 42 material or to cite them other than as "work in progress." 44 This Internet-Draft will expire on 14 January 2021. 46 Copyright Notice 48 Copyright (c) 2020 IETF Trust and the persons identified as the 49 document authors. All rights reserved. 51 This document is subject to BCP 78 and the IETF Trust's Legal 52 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 53 license-info) in effect on the date of publication of this document. 54 Please review these documents carefully, as they describe your rights 55 and restrictions with respect to this document. Code Components 56 extracted from this document must include Simplified BSD License text 57 as described in Section 4.e of the Trust Legal Provisions and are 58 provided without warranty as described in the Simplified BSD License. 60 Table of Contents 62 1. Introduction (Informative) . . . . . . . . . . . . . . . . . 2 63 1.1. Overall Context . . . . . . . . . . . . . . . . . . . . . 3 64 1.2. Intended Use . . . . . . . . . . . . . . . . . . . . . . 5 65 1.3. DRIP Scope . . . . . . . . . . . . . . . . . . . . . . . 7 66 2. Terms and Definitions . . . . . . . . . . . . . . . . . . . . 7 67 2.1. Requirements Terminology . . . . . . . . . . . . . . . . 7 68 2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 8 69 3. UAS RID Problem Space . . . . . . . . . . . . . . . . . . . . 15 70 3.1. Network RID . . . . . . . . . . . . . . . . . . . . . . . 16 71 3.2. Broadcast RID . . . . . . . . . . . . . . . . . . . . . . 17 72 3.3. DRIP Focus . . . . . . . . . . . . . . . . . . . . . . . 17 73 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 18 74 4.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 18 75 4.2. Identifier . . . . . . . . . . . . . . . . . . . . . . . 20 76 4.3. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 20 77 4.4. Registries . . . . . . . . . . . . . . . . . . . . . . . 21 78 5. Discussion and Limitations . . . . . . . . . . . . . . . . . 22 79 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 80 7. Security Considerations . . . . . . . . . . . . . . . . . . . 23 81 8. Privacy and Transparency Considerations . . . . . . . . . . . 24 82 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 83 9.1. Normative References . . . . . . . . . . . . . . . . . . 24 84 9.2. Informative References . . . . . . . . . . . . . . . . . 24 85 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 28 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 28 88 1. Introduction (Informative) 89 1.1. Overall Context 91 Many considerations (especially safety and security) dictate that UAS 92 be remotely identifiable. Any Observer with responsibilities 93 involving aircraft inherently must classify Unmanned Aircraft (UA) 94 situationally according to basic considerations, as illustrated 95 notionally in Figure 1 below. An Observer who classifies an UAS: as 96 Taskable, can ask it to do something useful; as Low Concern, can 97 reasonably assume it is not malicious, and would cooperate with 98 requests to modify its flight plans for safety reasons; as High 99 Concern or Unidentified, is worth focused surveillance. 101 xxxxxxx +--------------+ 102 x x No | | 103 x ID? x+---->| UNIDENTIFIED | 104 x x | | 105 xxxxxxx +--------------+ 106 + 107 | Yes 108 v 109 xxxxxxx 110 x x 111 +---------+x TYPE? x+----------+ 112 | x x | 113 | xxxxxxx | 114 | + | 115 v v v 116 +--------------+ +--------------+ +--------------+ 117 | | | | | | 118 | TASKABLE | | LOW CONCERN | | HIGH CONCERN | 119 | | | | | | 120 +--------------+ +--------------+ +--------------+ 122 Figure 1: "Notional UAS Classification"> 124 Civil Aviation Authorities (CAAs) worldwide are mandating Unmanned 125 Aircraft System Remote Identification and tracking (UAS RID). The 126 European Union Aviation Safety Agency (EASA) has published 127 [Delegated] and [Implementing] Regulations. The United States (US) 128 Federal Aviation Administration (FAA) has published a Notice of 129 Proposed Rule Making [NPRM] and has described the key role that UAS 130 RID plays in UAS Traffic Management (UTM [FAACONOPS] especially 131 Section 2.6). CAAs currently (2020) promulgate performance-based 132 regulations that do not specify techniques, but rather cite industry 133 consensus technical standards as acceptable means of compliance. 135 ASTM International, Technical Committee F38 (UAS), Subcommittee 136 F38.02 (Aircraft Operations), Work Item WK65041, developed ASTM 137 F3411-19 [F3411-19] Standard Specification for Remote ID and 138 Tracking. It defines two means of UAS RID: 140 Network RID defines a set of information for UAS to make available 141 globally indirectly via the Internet, through servers that can be 142 queried by Observers. 144 Broadcast RID defines a set of messages for Unmanned Aircraft (UA) 145 to transmit locally directly one-way over Bluetooth or Wi-Fi, to 146 be received in real time by local Observers. 148 The same information must be provided via both means. The 149 presentation may differ, as Network RID defines a data dictionary, 150 whereas Broadcast RID defines message formats (which carry items from 151 that same data dictionary). The frequency with which it is sent may 152 differ, as Network RID can accomodate Observer queries asynchronous 153 to UAS updates (which generally need be sent only when information, 154 such as GCS location, changes), whereas Broadcast RID depends upon 155 Observers receiving UA messages at the time they are transmitted. 156 Network RID depends upon Internet connectivity in several segments 157 from the UAS to each Observer. Broadcast RID should need Internet 158 (or other Wide Area Network) connectivity only for UAS registry 159 information lookup using the directly locally received UAS Identifier 160 (UAS ID) as a key. Broadcast RID does not assume IP connectivity of 161 UAS; messages are encapsulated by the UA without IP, directly in 162 Bluetooth or WiFi link layer frames. 164 [F3411-19] specifies three UAS ID types: 166 TYPE-1 A static, manufacturer assigned, hardware serial number per 167 ANSI/CTA-2063-A "Small Unmanned Aerial System Serial Numbers" 168 [CTA2063A]. 170 TYPE-2 A CAA assigned (presumably static) ID. 172 TYPE-3 A UTM system assigned UUID [RFC4122], which can but need not 173 be dynamic. 175 The EU allows only Type 1; the US allows Types 1 and 3, but requires 176 Type 3 IDs (if used) each to be used only once (for a single UAS 177 flight, which in the context of UTM is called an "operation"). The 178 EU also requires an operator registration number (an additional 179 identifier distinct from the UAS ID) that can be carried in an 180 [F3411-19] optional Operator ID message. 182 [F3411-19] Broadcast RID transmits all information as cleartext 183 (ASCII or binary), so static IDs enable trivial correlation of 184 patterns of use, unacceptable in many applications, e.g., package 185 delivery routes of competitors. 187 [WG105] addreses a "different scope than Direct Remote 188 Identification... latter being primarily meant for security 189 purposes... rather than for safety purposes (e.g. hazards 190 deconfliction..." Aviation community standards set a higher bar for 191 safety than for security. It "leaves the opportunity for those 192 manufacturers who would prefer to merge both functions to do so... 193 The purpose of the e-Identification function is to transmit, towards 194 the U-space infrastructure and/or other UA, a set of information for 195 safety (traffic management) purposes..." In addition to RID's 196 Broadcast and Network one-way to Observers), it will use V2V to other 197 UA (also perhaps to and/or from some manned aircraft). 199 1.2. Intended Use 201 An ID is not an end in itself; it exists to enable lookups and 202 provision of services complementing mere identification. 204 Minimal specified information must be made available to the public; 205 access to other data, e.g., UAS operator Personally Identifiable 206 Information (PII), must be limited to strongly authenticated 207 personnel, properly authorized per policy. The balance between 208 privacy and transparency remains a subject for public debate and 209 regulatory action; DRIP can only offer tools to expand the achievable 210 trade space and enable trade-offs within that space. [F3411-19] 211 specifies only how to get the UAS ID to the Observer; how the 212 Observer can perform these lookups, and how the registries first can 213 be populated with information, is unspecified. 215 Using UAS RID to facilitate vehicular (V2X) communications and 216 applications such as Detect And Avoid (DAA, which would impose 217 tighter latency bounds than RID itself) is an obvious possibility, 218 explicitly contemplated in the FAA NPRM. However, applications of 219 RID beyond RID itself have been omitted from [F3411-19]; DAA has been 220 explicitly declared out of scope in ASTM working group discussions, 221 based on a distinction between RID as a security standard vs DAA as a 222 safety application. Although dynamic establishment of secure 223 communications between the Observer and the UAS pilot seems to have 224 been contemplated by the FAA UAS ID and Tracking Aviation Rulemaking 225 Committee (ARC) in their [Recommendations], it is not addressed in 226 any of the subsequent proposed regulations or technical 227 specifications. 229 The need for near-universal deployment of UAS RID is pressing. This 230 implies the need to support use by Observers of already ubiquitous 231 mobile devices (typically smartphones and tablets). Anticipating 232 likely CAA requirements to support legacy devices, especially in 233 light of [Recommendations], [F3411-19] specifies that any UAS sending 234 Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless 235 of whether it also does so over newer versions; as UAS sender devices 236 and Observer receiver devices are unpaired, this implies extremely 237 short "advertisement" (beacon) frames. 239 UA onboard RID devices are severely constrained in Cost, Size, Weight 240 and Power ($SWaP). Cost is a significant impediment to the necessary 241 near-universal adoption of UAS send and Observer receive RID 242 capabilities. $SWaP is a burden not only on the designers of new UA 243 for production and sale, but also on owners of existing UA that must 244 be retrofit. Radio Controlled (RC) aircraft modelers, "hams" who use 245 licensed amateur radio frequencies to control UAS, drone hobbyists 246 and others who custom build UAS all need means of participating in 247 UAS RID sensitive to both generic $SWaP and application-specific 248 considerations. 250 To accommodate the most severely constrained cases, all these 251 conspire to motivate system design decisions, especially for the 252 Broadcast RID data link, which complicate the protocol design 253 problem: one-way links; extremely short packets; and Internet- 254 disconnected operation of UA onboard devices. Internet-disconnected 255 operation of Observer devices has been deemed by ASTM F38.02 too 256 infrequent to address, but for some users is important and presents 257 further challenges. 259 Despite work by regulators and Standards Development Organizations 260 (SDOs), there are substantial gaps in UAS standards generally and UAS 261 RID specifically. [Roadmap] catalogs UAS related standards, ongoing 262 standardization activities and gaps (as of early 2020); Section 7.8 263 catalogs those related specifically to UAS RID. 265 Given not only packet payload length and bandwidth, but also 266 processing and storage within the $SWaP constraints of very small 267 (e.g. consumer toy) UA, heavyweight cryptographic security protocols 268 are infeasible, yet trustworthiness of UAS RID information is 269 essential. Under [F3411-19], even the most basic datum, the UAS ID 270 string (typically number) itself can be merely an unsubstantiated 271 claim. Observer devices being ubiquitous, thus popular targets for 272 malware or other compromise, cannot be generally trusted (although 273 the user of each device is compelled to trust that device, to some 274 extent); a "fair witness" functionality (inspired by [Stranger]) is 275 desirable. 277 1.3. DRIP Scope 279 DRIP's initial goal is to make RID immediately actionable, in both 280 Internet and local-only connected scenarios (especially emergencies), 281 in severely constrained UAS environments, balancing legitimate (e.g., 282 public safety) authorities' Need To Know trustworthy information with 283 UAS operators' privacy. By "immediately actionable" is meant 284 information of sufficient precision, accuracy, timeliness, etc. for 285 an Observer to use it as the basis for immediate decisive action, 286 whether that be to trigger a defensive counter-UAS system, to attempt 287 to initiate communications with the UAS operator, to accept the 288 presence of the UAS in the airspace where/when observed as not 289 requiring further action, or whatever, with potentially severe 290 consequences of any action or inaction chosen based on that 291 information. For further explanation of the concept of immediate 292 actionability, see [ENISACSIRT]. Potential follow-on goals may 293 extend beyond providing timely and trustworthy identification data, 294 to using it to enable identity-oriented networking of UAS. 296 DRIP (originally Trustworthy Multipurpose Remote Identification, TM- 297 RID) potentially could be applied to verifiably identify other types 298 of registered things reported to be in specified physical locations, 299 but the urgent motivation and clear initial focus is UAS. Existing 300 Internet resources (protocol standards, services, infrastructure, and 301 business models) should be leveraged. A natural Internet based 302 architecture for UAS RID conforming to proposed regulations and 303 external technical standards is described in a companion architecture 304 document [drip-architecture] and elaborated in other DRIP documents; 305 this document describes only relevant requirements and defines 306 terminology for the set of DRIP documents. 308 2. Terms and Definitions 310 2.1. Requirements Terminology 312 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 313 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 314 "OPTIONAL" in this document are to be interpreted as described in BCP 315 14 [RFC2119] [RFC8174] when, and only when, they appear in all 316 capitals, as shown here. 318 2.2. Definitions 320 This section defines a set of terms expected to be used in DRIP 321 documents. This list is meant to be the DRIP terminology reference. 322 Some of the terms listed below are not used in this document. 323 [RFC4949] provides a glossary of Internet security terms that should 324 be used where applicable. In the UAS community, the plural form of 325 acronyms generally is the same as the singular form, e.g. Unmanned 326 Aircraft System (singular) and Unmanned Aircraft Systems (plural) are 327 both represented as UAS. On this and other terminological issues, to 328 encourage comprehension necessary for adoption of DRIP by the 329 intended user community, that community's norms are respected herein, 330 and definitions are quoted in cases where they have been found in 331 that community's documents. 333 $SWaP 334 Cost, Size, Weight and Power. 336 AAA 337 Attestation, Authentication, Authorization, Access Control, 338 Accounting, Attribution, Audit, or any subset thereof (uses differ 339 by application, author and context). 341 ABDAA 342 AirBorne DAA. Accomplished using systems onboard the aircraft 343 involved. Also known as "self-separation". 345 ADS-B 346 Automatic Dependent Surveillance - Broadcast. "ADS-B Out" 347 equipment obtains aircraft position from other on-board systems 348 (typically GNSS) and periodically broadcasts it to "ADS-B In" 349 equipped entities, including other aircraft, ground stations and 350 satellite based monitoring systems. 352 AGL 353 Above Ground Level. Relative altitude, above the variously 354 defined local ground level, typically of an UA, measured in feet 355 or meters. 357 ATC 358 Air Traffic Control. Explicit flight direction to pilots from 359 ground controllers. Contrast with ATM. 361 ATM 362 Air Traffic Management. A broader functional and geographic scope 363 and/or a higher layer of abstraction than ATC. "The dynamic, 364 integrated management of air traffic and airspace including air 365 traffic services, airspace management and air traffic flow 366 management - safely, economically and efficiently - through the 367 provision of facilities and seamless services in collaboration 368 with all parties and involving airborne and ground-based 369 functions." [ICAOATM] 371 Authentication Message 372 F3411 Message Type 2. Provides framing for authentication data, 373 only. 375 Basic ID Message 376 F3411 Message Type 0. Provides UA Type, UAS ID Type and UAS ID, 377 only. 379 B-LOS 380 Beyond Line Of Sight (LOS). Term to be avoided due to ambiguity. 381 See LOS. 383 BV-LOS 384 Beyond Visual Line Of Sight (V-LOS). See V-LOS. 386 CAA 387 Civil Aviation Authority. Two examples are the United States 388 Federal Aviation Administration (FAA) and the European Union 389 Aviation Safety Agency (EASA). 391 C2 392 Command and Control. A set of organizational and technical 393 attributes and processes that employs human, physical, and 394 information resources to solve problems and accomplish missions. 395 Previously primarily used in military contexts. In the UAS 396 context, typically refers to the link between GCS and UA over 397 which the former controls the latter. 399 DAA 400 Detect And Avoid, formerly Sense And Avoid (SAA). A means of 401 keeping aircraft "well clear" of each other for safety. 403 Direct RID 404 Direct Remote Identification. Per [Delegated], "a system that 405 ensures the local broadcast of information about a UA in 406 operation, including the marking of the UA, so that this 407 information can be obtained without physical access to the UA". 408 Requirement could be met with ASTM Broadcast RID: Basic ID message 409 with UAS ID Type 1; Location/Vector message; Operator ID message; 410 System Message. Corresponds roughly to the Broadcast RID portion 411 of FAA NPRM Standard RID. 413 E2E 414 End to End. 416 EUROCAE 417 European Organisation for Civil Aviation Equipment. Aviation SDO, 418 originally European, now with broader membership. Cooperates 419 extensively with RTCA. 421 GBDAA 422 Ground Based DAA. Accomplished with the aid of ground based 423 functions. 425 GCS 426 Ground Control Station. The part of the UAS that the remote pilot 427 uses to exercise C2 over the UA, whether by remotely exercising UA 428 flight controls to fly the UA, by setting GPS waypoints, or 429 otherwise directing its flight. 431 GNSS 432 Global Navigation Satellite System. Satellite based timing and/or 433 positioning with global coverage, often used to support 434 navigation. 436 GPS 437 Global Positioning System. A specific GNSS, but in this context, 438 the term is typically misused in place of the more generic term 439 GNSS. 441 GRAIN 442 Global Resilient Aviation Interoperable Network. Putative ICAO 443 managed IPv6 overlay internetwork per IATF. 445 IATF 446 International Aviation Trust Framework. ICAO effort to develop a 447 resilient and secure by design framework for networking in support 448 of all aspects of aviation. 450 ICAO 451 International Civil Aviation Organization. A United Nations 452 specialized agency that develops and harmonizes international 453 standards relating to aviation. 455 LAANC 456 Low Altitude Authorization and Notification Capability. Supports 457 ATC authorization requirements for UAS operations: remote pilots 458 can apply to receive a near real-time authorization for operations 459 under 400 feet in controlled airspace near airports. US partial 460 stopgap until UTM comes. 462 Limited RID 463 Per the FAA NPRM, a mode of operation that must use Network RID, 464 must not use Broadcast RID, and must provide pilot/GCS location 465 only (not UA location). This mode is only allowed for UA that 466 neither require (due to e.g. size) nor are equipped for Standard 467 RID, operated within V-LOS and within 400 feet of the pilot, below 468 400 feet AGL, etc. 470 Location/Vector Message 471 F3411 Message Type 1. Provides UA location, altitude, heading and 472 speed, only. 474 LOS 475 Line Of Sight. An adjectival phrase describing any information 476 transfer that travels in a nearly straight line (e.g. 477 electromagnetic energy, whether in the visual light, RF or other 478 frequency range) and is subject to blockage. A term to be avoided 479 due to ambiguity, in this context, between RF-LOS and V-LOS. 481 MSL 482 Mean Sea Level. Relative altitude, above the variously defined 483 mean sea level, typically of an UA (but in FAA NPRM also for a 484 GCS), measured in or meters. 486 Net-RID DP 487 Network RID Display Provider. Logical entity that aggregates data 488 from Net-RID SPs as needed in response to user queries regarding 489 UAS operating within specified airspace volumes, to enable display 490 by a user application on a user device. Potentially could provide 491 not only information sent via UAS RID but also information 492 retrieved from UAS RID registries, or information beyond UAS RID, 493 regarding subscribed USS. Under the FAA NPRM, not recognized as a 494 distinct entity, but a service provided by USS, including Public 495 Safety USS that may exist primarily for this purpose rather than 496 to manage any subscribed UAS. 498 Net-RID SP 499 Network RID Service Provider. Logical entity that collects RID 500 messages from UAS and responds to NetRID-DP queries for 501 information on UAS of which it is aware. Under the FAA NPRM, the 502 USS to which the UAS is subscribed ("Remote ID USS"). 504 Network Identification Service 505 EU regulatory requirement for Network RID. Requirement could be 506 met with ASTM Network RID: Basic ID message with UAS ID Type 1; 507 Location/Vector message; Operator ID message; System Message. 508 Corresponds roughly to the Network RID portion of FAA NPRM 509 Standard RID. 511 Observer 512 An entity (typically but not necessarily an individual human) who 513 has directly or indirectly observed an UA and wishes to know 514 something about it, starting with its ID. An observer typically 515 is on the ground and local (within V-LOS of an observed UA), but 516 could be remote (observing via Network RID or other surveillance), 517 operating another UA, aboard another aircraft , etc. 519 Operation 520 A flight, or series of flights of the same mission, by the same 521 UAS, in the same airspace volume, separated by at most brief 522 ground intervals. 524 Operator 525 "A person, organization or enterprise engaged in or offering to 526 engage in an aircraft operation." [ICAOUTM] 528 Operator ID Message 529 F3411 Message Type 5. Provides CAA issued Operator ID, only. 530 Operator ID is distinct from UAS ID. 532 PIC 533 Pilot In Command. "The pilot designated by the operator, or in 534 the case of general aviation, the owner, as being in command and 535 charged with the safe conduct of a flight." [ICAOATM] 537 PII 538 Personally Identifiable Information. In this context, typically 539 of the UAS operator, Pilot In Command (PIC) or remote pilot, but 540 possibly of an observer or other party. 542 Remote Pilot 543 A pilot using a GCS to exercise proximate control of an UA. 544 Either the PIC or under the supervision of the PIC. 546 RF-LOS 547 RF LOS. Typically used in describing operation of a direct radio 548 link between a GCS and the UA under its control, potentially 549 subject to blockage by foliage, structures, terrain or other 550 vehicles, but less so than V-LOS. 552 RTCA 553 Radio Technical Commission for Aeronautics. US aviation SDO. 554 Cooperates extensively with EUROCAE. 556 Self-ID Message 557 F3411 Message Type 3. Provides a 1 byte descriptor and 23 byte 558 ASCII free text field, only. Expected to be used to provide 559 context on the operation, e.g. mission intent. 561 Standard RID 562 Per the FAA NPRM, a mode of operation that must use both Network 563 RID (if Internet connectivity is available at the time in the 564 operating area) and Broadcast RID (always and everywhere), and 565 must provide both pilot/GCS location and UA location. This mode 566 is required for UAS that exceed the allowed envelope (e.g. size, 567 range) of Limited RID and for all UAS equipped for Standard RID 568 (even if operated within parameters that would otherwise permit 569 Limited RID). The Broadcast RID portion corresponds roughly to EU 570 Direct RID; the Network RID portion corresponds roughly to EU 571 Network Identification Service. 573 SDO 574 Standards Development Organization. ASTM, IETF, et al. 576 SDSP 577 Supplemental Data Service Provider. An entity that participates 578 in the UTM system, but provides services beyond those specified as 579 basic UTM system functions. E.g., provides weather data. 581 System Message 582 F3411 Message Type 4. Provides general UAS information, including 583 remote pilot location, multiple UA group operational area, etc. 585 U-space 586 EU concept and emerging framework for integration of UAS into all 587 classes of airspace, specifically including high density urban 588 areas, sharing airspace with manned aircraft. 590 UA 591 Unmanned Aircraft. An aircraft which is intended to operate with 592 no pilot on board. In popular parlance, "drone". 594 UAS 595 Unmanned Aircraft System. Composed of UA, all required on-board 596 subsystems, payload, control station, other required off-board 597 subsystems, any required launch and recovery equipment, all 598 required crew members, and C2 links between UA and control 599 station. 601 UAS ID 602 UAS identifier. Although called "UAS ID", unique to the UA: 603 neither to the operator (as previous registration numbers have 604 been assigned), nor to the combination of GCS and UA that comprise 605 the UAS. Per [F3411-19]: maximum length of 20 bytes; see 606 Section 1.1, Paragraph 7 for currently defined values. 608 UAS ID Type 609 Identifier type index. Per [F3411-19], 4 bits, values 0-3 already 610 specified. 612 UAS RID 613 UAS Remote Identification. System for identifying UA during 614 flight by other parties. 616 UAS RID Verification Service 617 System component designed to handle the authentication 618 requirements of RID by offloading verification to a web hosted 619 service. 621 USS 622 UAS Service Supplier. "A USS is an entity that assists UAS 623 Operators with meeting UTM operational requirements that enable 624 safe and efficient use of airspace" and "... provide services to 625 support the UAS community, to connect Operators and other entities 626 to enable information flow across the USS Network, and to promote 627 shared situational awareness among UTM participants" per 628 [FAACONOPS]. 630 UTM 631 UAS Traffic Management. Per ICAO, "A specific aspect of air 632 traffic management which manages UAS operations safely, 633 economically and efficiently through the provision of facilities 634 and a seamless set of services in collaboration with all parties 635 and involving airborne and ground-based functions." In the US, 636 per FAA, a "traffic management" ecosystem for "uncontrolled" low 637 altitude UAS operations, separate from, but complementary to, the 638 FAA's ATC system for "controlled" operations of manned aircraft. 640 V-LOS 641 Visual LOS. Typically used in describing operation of an UA by a 642 "remote" pilot who can clearly directly (without video cameras or 643 any other aids other than glasses or under some rules binoculars) 644 see the UA and its immediate flight environment. Potentially 645 subject to blockage by foliage, structures, terrain or other 646 vehicles, more so than RF-LOS. 648 3. UAS RID Problem Space 650 UA may be fixed wing Short Take-Off and Landing (STOL), rotary wing 651 (e.g., helicopter) Vertical Take-Off and Landing (VTOL), or hybrid. 652 They may be single- or multi-engine. The most common today are 653 multicopters: rotary wing, multi engine. The explosion in UAS was 654 enabled by hobbyist development, for multicopters, of advanced flight 655 stability algorithms, enabling even inexperienced pilots to take off, 656 fly to a location of interest, hover, and return to the take-off 657 location or land at a distance. UAS can be remotely piloted by a 658 human (e.g., with a joystick) or programmed to proceed from Global 659 Positioning System (GPS) waypoint to waypoint in a weak form of 660 autonomy; stronger autonomy is coming. UA are "low observable": they 661 typically have a small radar cross section; they make noise quite 662 noticeable at short range but difficult to detect at distances they 663 can quickly close (500 meters in under 17 seconds at 60 knots); they 664 typically fly at low altitudes (for the small UAS to which RID 665 applies in the US, under 400 feet AGL); they are highly maneuverable 666 so can fly under trees and between buildings. 668 UA can carry payloads including sensors, cyber and kinetic weapons, 669 or can be used themselves as weapons by flying them into targets. 670 They can be flown by clueless, careless or criminal operators. Thus 671 the most basic function of UAS RID is "Identification Friend or Foe" 672 (IFF) to mitigate the significant threat they present. Numerous 673 other applications can be enabled or facilitated by RID: consider the 674 importance of identifiers in many Internet protocols and services. 676 Network RID from the UA itself (rather than from its GCS) and 677 Broadcast RID require one or more wireless data links from the UA, 678 but such communications are challenging due to $SWaP constraints and 679 low altitude flight amidst structures and foliage over terrain. 681 Disambiguation of multiple UA flying in close proximity may be very 682 challenging, even if each is reporting its identity, position and 683 velocity as accurately as it can. 685 3.1. Network RID 687 Network RID has several variants. The UA may have persistent onboard 688 Internet connectivity, in which case it can consistently source RID 689 information directly over the Internet. The UA may have intermittent 690 onboard Internet connectivity, in which case the GCS must source RID 691 information whenever the UA itself is offline. The UA may not have 692 Internet connectivity of its own, but have instead some other form of 693 communications to another node that can relay RID information to the 694 Internet; this would typically be the GCS (which to perform its 695 function must know where the UA is, although C2 link outages do 696 occur). 698 The UA may have no means of sourcing RID information, in which case 699 the GCS must source it; this is typical under FAA NPRM Limited RID 700 proposed rules, which require providing the location of the GCS (not 701 that of the UA). In the extreme case, this could be the pilot using 702 a web browser/application to designate, to an UAS Service Supplier 703 (USS) or other UTM entity, a time-bounded airspace volume in which an 704 operation will be conducted; this may impede disambiguation of ID if 705 multiple UAS operate in the same or overlapping spatio-temporal 706 volumes. 708 In most cases in the near term, if the RID information is fed to the 709 Internet directly by the UA or GCS, the first hop data links will be 710 cellular Long Term Evolution (LTE) or Wi-Fi, but provided the data 711 link can support at least UDP/IP and ideally also TCP/IP, its type is 712 generally immaterial to the higher layer protocols. An UAS as the 713 ultimate source of Network RID information feeds an USS acting as a 714 Network RID Service Provider (Net-RID SP), which essentially proxies 715 for that and other sources; an observer or other ultimate consumer of 716 Network RID information obtains it from a Network RID Display 717 Provider (Net-RID DP), which aggregates information from multiple 718 Net-RID SPs to offer coverage of an airspace volume of interest. 719 Network RID Service and Display providers are expected to be 720 implemented as servers in well-connected infrastructure, accessible 721 via typical means such as web APIs/browsers. 723 Network RID is the more flexible and less constrained of the defined 724 UAS RID means, but is only partially specified in [F3411-19]. It is 725 presumed that IETF efforts supporting Broadcast RID (see next 726 section) can be easily generalized for Network RID. 728 3.2. Broadcast RID 730 [F3411-19] specifies three Broadcast RID data links: Bluetooth 4.X; 731 Bluetooth 5.X Long Range; and Wi-Fi with Neighbor Awareness 732 Networking (NAN). For compliance with [F3411-19], an UA must 733 broadcast (using advertisement mechanisms where no other option 734 supports broadcast) on at least one of these; if broadcasting on 735 Bluetooth 5.x, it is also required concurrently to do so on 4.x 736 (referred to in [F3411-19] as Bluetooth Legacy). 738 The selection of the Broadcast media was driven by research into what 739 is commonly available on 'ground' units (smartphones and tablets) and 740 what was found as prevalent or 'affordable' in UA. Further, there 741 must be an Application Programming Interface (API) for the observer's 742 receiving application to have access to these messages. As yet only 743 Bluetooth 4.X support is readily available, thus the current focus is 744 on working within the 26 byte limit of the Bluetooth 4.X "Broadcast 745 Frame" transmitted on beacon channels. After nominal overheads, this 746 limits the UAS ID string to a maximum length of 20 bytes, and 747 precludes the same frame carrying position, velocity and other 748 information that should be bound to the UAS ID, much less strong 749 authentication data. This requires segmentation ("paging") of longer 750 messages or message bundles ("Message Pack"), and/or correlation of 751 short messages (anticipated by ASTM to be done on the basis of 752 Bluetooth 4 MAC address, which is weak and unverifiable). 754 3.3. DRIP Focus 756 DRIP will focus on making information obtained via UAS RID 757 immediately usable: 759 1. by making it trustworthy (despite the severe constraints of 760 Broadcast RID); 762 2. by enabling verification that an UAS is registered, and if so, in 763 which registry (for classification of trusted operators on the 764 basis of known registry vetting, even by observers lacking 765 Internet connectivity at observation time); 767 3. by facilitating independent reports of UA's aeronautical data 768 (location, velocity, etc.) to confirm or refute the operator 769 self-reports upon which UAS RID and UTM tracking are based; 771 4. by enabling instant establishment, by authorized parties, of 772 secure communications with the remote pilot. 774 Any UA can assert any ID using the [F3411-19] required Basic ID 775 message, which lacks any provisions for verification. The Position/ 776 Vector message likewise lacks provisions for verification, and does 777 not contain the ID, so must be correlated somehow with a Basic ID 778 message: the developers of [F3411-19] have suggested using the MAC 779 addresses, but these may be randomized by the operating system stack 780 to avoid the adversarial correlation problems of static identifiers. 782 The [F3411-19] optional Authentication Message specifies framing for 783 authentication data, but does not specify any authentication method, 784 and the maximum length of the specified framing is too short for 785 conventional digital signatures and far too short for conventional 786 certificates. The one-way nature of Broadcast RID precludes 787 challenge-response security protocols (e.g., observers sending nonces 788 to UA, to be returned in signed messages). An observer would be 789 seriously challenged to validate the asserted UAS ID or any other 790 information about the UAS or its operator looked up therefrom. 792 Further, [F3411-19] provides very limited choices for an observer to 793 communicate with the pilot, e.g., to request further information on 794 the UAS operation or exit from an airspace volume in an emergency. 795 The System Message provides the location of the pilot/GCS, so an 796 observer could physically go to the asserted GCS location to look for 797 the remote pilot. An observer with Internet connectivity could look 798 up operator PII in a registry, then call a phone number in hopes 799 someone who can immediately influence the UAS operation will answer 800 promptly during that operation. 802 Thus complementing [F3411-19] with protocols enabling strong 803 authentication, preserving operator privacy while enabling immediate 804 use of information by authorized parties, is critical to achieve 805 widespread adoption of a RID system supporting safe and secure 806 operation of UAS. 808 4. Requirements 810 4.1. General 812 GEN-1 Provable Ownership: DRIP MUST enable verification that the 813 UAS ID asserted in the Basic ID message is that of the actual 814 current sender of the message (i.e. the message is not a 815 replay attack or other spoof, authenticating e.g. by 816 verifying an asymmetric cryptographic signature using a 817 sender provided public key from which the asserted ID can be 818 at least partially derived), even on an observer device 819 lacking Internet connectivity at the time of observation. 821 GEN-2 Provable Binding: DRIP MUST enable binding all other F3411 822 messages from the same actual current sender to the UAS ID 823 asserted in the Basic ID message. 825 GEN-3 Provable Registration: DRIP MUST enable verification that the 826 UAS ID is in a registry and identification of which one, even 827 on an observer device lacking Internet connectivity at the 828 time of observation; with UAS ID Type 3, the same sender may 829 have multiple IDs, potentially in different registries, but 830 each ID must clearly indicate in which registry it can be 831 found. 833 GEN-4 Readability: DRIP MUST enable information (regulation 834 required elements, whether sent via UAS RID or looked up in 835 registries) to be read and utilized by both humans and 836 software. 838 GEN-5 Gateway: DRIP MUST enable Broadcast RID -> Network RID 839 application layer gateways to stamp messages with precise 840 date/time received and receiver location, then relay them to 841 a network service (e.g. SDSP or distributed ledger), to 842 support three objectives: mark up a RID message with where 843 and when it was actually received (which may agree or 844 disagree with the self-report in the set of messages); defend 845 against reply attacks; and support optional SDSP services 846 such as multilateration (to complement UAS position self- 847 reports with independent measurements). 849 GEN-6 Finger (placeholder name): DRIP MUST enable dynamically 850 establishing, with AAA, per policy, E2E strongly encrypted 851 communications with the UAS RID sender and entities looked up 852 from the UAS ID, including at least the remote pilot and USS. 854 GEN-7 QoS: DRIP MUST enable policy based specification of 855 performance and reliability parameters, such as maximum 856 message transmission intervals and delivery latencies. 858 GEN-8 Mobility: DRIP MUST support physical and logical mobility of 859 UA, GCS and Observers. DRIP SHOULD support mobility of 860 essentially all participating nodes (UA, GCS, Observers, Net- 861 RID SP, Net-RID DP, Private Registry, SDSP). 863 GEN-9 Multihoming: DRIP MUST support multihoming of UA and GCS, for 864 make-before-break smooth handoff and resiliency against path/ 865 link failure. DRIP SHOULD support multihoming of essentially 866 all participating nodes. 868 GEN-10 Multicast: DRIP SHOULD support multicast for efficient and 869 flexible publish-subscribe notifications, e.g., of UAS 870 reporting positions in designated sensitive airspace volumes. 872 GEN-11 Management: DRIP SHOULD support monitoring of the health and 873 coverage of Broadcast and Network RID services. 875 4.2. Identifier 877 ID-1 Length: The DRIP (UAS) entity [remote] identifier must be no 878 longer than 20 bytes (per [F3411-19] to fit in a Bluetooth 4 879 advertisement payload). 881 ID-2 Registry ID: The DRIP identifier MUST be sufficient to identify 882 a registry in which the (UAS) entity identified therewith is 883 listed. 885 ID-3 Entity ID: The DRIP identifier MUST be sufficient to enable 886 lookup of other data associated with the (UAS) entity 887 identified therewith in that registry. 889 ID-4 Uniqueness: The DRIP identifier MUST be unique within a to-be- 890 defined scope. 892 ID-5 Non-spoofability: The DRIP identifier MUST be non-spoofable 893 within the context of Remote ID broadcast messages (some 894 collection of messages provides proof of UA ownership of ID). 896 ID-6 Unlinkability: A DRIP UAS ID MUST NOT facilitate adversarial 897 correlation over multiple UAS operations; this may be 898 accomplished e.g. by limiting each identifier to a single use, 899 but if so, the UAS ID MUST support well-defined scalable timely 900 registration methods. 902 Note that Registry ID and Entity ID are requirements on a single DRIP 903 entity Identifier, not separate (types of) ID. In the most common 904 use case, the Entity will be the UA, and the DRIP Identifier will be 905 the UAS ID; however, other entities may also benefit from having DRIP 906 identifiers, so the Entity type is not prescribed here. 908 Whether a UAS ID is generated by the operator, GCS, UA, USS or 909 registry, or some collaboration thereamong, is unspecified; however, 910 there must be agreement on the UAS ID among these entities. 912 4.3. Privacy 913 PRIV-1 Confidential Handling: DRIP MUST enable confidential handling 914 of private information (i.e., any and all information 915 designated by neither cognizant authority nor the information 916 owner as public, e.g., personal data). 918 PRIV-2 Encrypted Transport: DRIP MUST enable selective strong 919 encryption of private data in motion in such a manner that 920 only authorized actors can recover it. If transport is via 921 IP, then encryption MUST be end-to-end, at or above the IP 922 layer. DRIP MUST NOT encrypt safety critical data to be 923 transmitted over Broadcast RID unless also concurrently 924 sending that data via Network RID and obtaining frequent 925 confirmations of receipt. 927 PRIV-3 Encrypted Storage: DRIP SHOULD facilitate selective strong 928 encryption of private data at rest in such a manner that only 929 authorized actors can recover it. 931 How information is stored on end systems is out of scope for DRIP. 932 Encouraging privacy best practices, including end system storage 933 encryption, by facilitating it with protocol design reflecting such 934 considerations, is in scope. 936 4.4. Registries 938 REG-1 Public Lookup: DRIP MUST enable lookup, from the UAS ID, of 939 information designated by cognizant authority as public, and 940 MUST NOT restrict access to this information based on identity 941 of the party submitting the query. 943 REG-2 Private Lookup: DRIP MUST enable lookup of private information 944 (i.e., any and all information in a registry, associated with 945 the UAS ID, that is designated by neither cognizant authority 946 nor the information owner as public), and MUST, per policy, 947 enforce AAA, including restriction of access to this 948 information based on identity of the party submitting the 949 query. 951 REG-3 Provisioning: DRIP MUST enable provisioning registries with 952 static information on the UAS and its operator, dynamic 953 information on its current operation within the UTM (including 954 means by which the USS under which the UAS is operating may be 955 contacted for further, typically even more dynamic, 956 information), and Internet direct contact information for 957 services related to the foregoing. 959 REG-4 AAA Policy: DRIP MUST enable closing the AAA-policy registry 960 loop by governing AAA per registered policies and 961 administering policies only via AAA. 963 5. Discussion and Limitations 965 This document is largely based on the process of one SDO, ASTM. 966 Therefore, it is tailored to specific needs and data formats of this 967 standard. Other organizations, for example in EU, do not necessary 968 follow the same architecture. IETF traditionally operates assuming 969 the source material for the standardization process is publicly 970 available. However, ASTM standards require a fee for download. 971 Therefore a double-liaison program at IETF might need to be 972 activated, providing free access to ASTM specifications for 973 contributors to IETF documents. 975 The need for drone ID and operator privacy is an open discussion 976 topic. For instance, in the ground vehicular domain each car carries 977 a publicly visible plate number. In some countries, for nominal cost 978 or even for free, anyone can resolve the identity and contact 979 information of the owner. Civil commercial aviation and maritime 980 industries also have a tradition of broadcasting plane or ship ID, 981 coordinates and even flight plans in plain text. Community networks 982 such as OpenSky and Flightradar use this open information through 983 ADS-B to deploy public services of flight tracking. Many researchers 984 also use these data to perform optimization of routes and airport 985 operations. Such ID information should be integrity protected, but 986 not necessarily confidential. 988 In civil aviation, aircraft identity is broadcast by a device known 989 as transponder. It transmits a four-digit squawk code, which is 990 assigned by a traffic controller to an airplane after approving a 991 flight plan. There are several reserved codes such as 7600 which 992 indicate radio communication failure. The codes are unique in each 993 traffic area and can be re-assigned when entering another control 994 area. The code is transmitted in plain text by the transponder and 995 also used for collision avoidance by a system known as Traffic alert 996 and Collision Avoidance System (TCAS). The system could be used for 997 UAS as well initially, but the code space is quite limited and likely 998 to be exhausted soon. The number of UAS far exceeds the number of 999 civil airplanes in operation. 1001 The ADS-B system is utilized in civil aviation for each "ADS-B Out" 1002 equipped airplane to broadcast its ID, coordinates and altitude for 1003 other airplanes and ground control stations. If this system is 1004 adopted for drone IDs, it has additional benefit with backward 1005 compatibility with civil aviation infrastructure; then, pilots and 1006 dispatchers will be able to see UA on their control screens and take 1007 those into account. If not, a gateway translation system between the 1008 proposed drone ID and civil aviation system should be implemented. 1009 Again, system saturation due to large numbers of UAS is a concern. 1011 Wi-Fi and Bluetooth are two wireless technologies currently 1012 recommended by ASTM specifications due to their widespread use and 1013 broadcast nature. However, those have limited range (max 100s of 1014 meters) and may not reliably deliver UAS ID at high altitude or 1015 distance. Therefore, a study should be made of alternative 1016 technologies from the telecom domain (WiMax, 5G) or sensor networks 1017 (Sigfox, LORA). Such transmission technologies can impose additional 1018 restrictions on packet sizes and frequency of transmissions, but 1019 could provide better energy efficiency and range. In civil aviation, 1020 Controller-Pilot Data Link Communications (CPDLC) is used to transmit 1021 command and control between the pilots and ATC. It could be 1022 considered for UAS as well due to long range and proven use despite 1023 its lack of security [cpdlc]. 1025 L-band Digital Aeronautical Communications System (LDACS) is being 1026 standardized by ICAO and IETF for use in future civil aviation 1027 [I-D.maeurer-raw-ldacs]. It provides secure communication, 1028 positioning and control for aircraft using a dedicated radio band. 1029 It should be analyzed as a potential provider for UAS RID as well. 1030 This will bring the benefit of a global integrated system creating a 1031 global airspace use awareness. 1033 6. IANA Considerations 1035 This document does not make any IANA request. 1037 7. Security Considerations 1039 DRIP is all about safety and security, so content pertaining to such 1040 is not limited to this section. Potential vulnerabilities of DRIP 1041 include but are not limited to: 1043 * Sybil attacks 1045 * Confusion created by many spoofed unsigned messages 1047 * Processing overload induced by attempting to verify many spoofed 1048 signed messages (where verification will fail but still consume 1049 cycles) 1051 * Malicious or malfunctioning registries 1053 * Interception of (e.g. Man In The Middle attacks on) registration 1054 messages 1056 8. Privacy and Transparency Considerations 1058 Privacy is closely related to but not synonomous with security, and 1059 conflicts with transparency. Privacy and transparency are important 1060 for legal reasons including regulatory consistency. [EU2018] 1061 [EU2018]states "harmonised and interoperable national registration 1062 systems... should comply with the applicable Union and national law 1063 on privacy and processing of personal data, and the information 1064 stored in those registration systems should be easily accessible." 1066 Privacy and transparency (where essential to security or safety) are 1067 also ethical and moral imperatives. Even in cases where old 1068 practices (e.g. automobile registration plates) could be imitated, 1069 when new applications involving PII (such as UAS RID) are addressed 1070 and newer technologies could enable improving privacy, such 1071 opportunities should not be squandered. Thus is is recommended that 1072 all DRIP documents give due regard to [RFC6973] and more broadly 1073 [RFC8280]. 1075 DRIP information falls into two classes: that which, to achieve the 1076 purpose, must be published openly as cleartext, for the benefit of 1077 any Observer (e.g. the basic UAS ID itself); and that which must be 1078 protected (e.g., PII of pilots) but made available to properly 1079 authorized parties (e.g., public safety personnel who urgently need 1080 to contact pilots in emergencies). This classification must be made 1081 explicit and reflected with markings, design, etc. Classifying the 1082 information will be addressed primarily in external standards; herein 1083 it will be regarded as a matter for CAA, registry and operator 1084 policies, for which enforcement mechanisms will be defined within the 1085 scope of DRIP WG and offered. Details of the protection mechanisms 1086 will be provided in other DRIP documents. Mitigation of adversarial 1087 correlation will also be addressed. 1089 9. References 1091 9.1. Normative References 1093 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1094 Requirement Levels", BCP 14, RFC 2119, 1095 DOI 10.17487/RFC2119, March 1997, 1096 . 1098 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1099 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1100 May 2017, . 1102 9.2. Informative References 1104 [cpdlc] Gurtov, A., Polishchuk, T., and M. Wernberg, "Controller- 1105 Pilot Data Link Communication Security", MDPI 1106 Sensors 18(5), 1636, 2018, 1107 . 1109 [crowd-sourced-rid] 1110 Moskowitz, R., Card, S., Wiethuechter, A., Zhao, S., and 1111 H. Birkholz, "Crowd Sourced Remote ID", Work in Progress, 1112 Internet-Draft, draft-moskowitz-drip-crowd-sourced-rid-04, 1113 20 May 2020, . 1116 [CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers", 1117 September 2019. 1119 [Delegated] 1120 European Union Aviation Safety Agency (EASA), "Commission 1121 Delegated Regulation (EU) 2019/945 of 12 March 2019 on 1122 unmanned aircraft systems and on third-country operators 1123 of unmanned aircraft systems", March 2019. 1125 [drip-architecture] 1126 Card, S., Wiethuechter, A., Moskowitz, R., Zhao, S., and 1127 A. Gurtov, "Drone Remote Identification Protocol (DRIP) 1128 Architecture", Work in Progress, Internet-Draft, draft- 1129 ietf-drip-arch-02, 23 June 2020, 1130 . 1132 [drip-auth] 1133 Wiethuechter, A., Card, S., and R. Moskowitz, "DRIP 1134 Authentication Formats", Work in Progress, Internet-Draft, 1135 draft-wiethuechter-drip-auth-01, 10 July 2020, 1136 . 1139 [drip-identity-claims] 1140 Wiethuechter, A., Card, S., and R. Moskowitz, "DRIP 1141 Identity Claims", Work in Progress, Internet-Draft, draft- 1142 wiethuechter-drip-identity-claims-00, 23 March 2020, 1143 . 1146 [drip-secure-nrid-c2] 1147 Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov, 1148 "Secure UAS Network RID and C2 Transport", Work in 1149 Progress, Internet-Draft, draft-moskowitz-drip-secure- 1150 nrid-c2-00, 6 April 2020, . 1153 [drip-uas-rid] 1154 Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov, 1155 "UAS Remote ID", Work in Progress, Internet-Draft, draft- 1156 moskowitz-drip-uas-rid-02, 28 May 2020, 1157 . 1160 [ENISACSIRT] 1161 European Union Agency for Cybersecurity (ENISA), 1162 "Actionable information for Security Incident Response", 1163 November 2014, . 1167 [EU2018] European Parliament and Council, "2015/0277 (COD) PE-CONS 1168 2/18", February 2018. 1170 [F3411-19] ASTM International, "Standard Specification for Remote ID 1171 and Tracking", February 2020, 1172 . 1174 [FAACONOPS] 1175 FAA Office of NextGen, "UTM Concept of Operations v2.0", 1176 March 2020. 1178 [hhit-registries] 1179 Moskowitz, R., Card, S., and A. Wiethuechter, 1180 "Hierarchical HIT Registries", Work in Progress, Internet- 1181 Draft, draft-moskowitz-hip-hhit-registries-02, 9 March 1182 2020, . 1185 [hierarchical-hit] 1186 Moskowitz, R., Card, S., and A. Wiethuechter, 1187 "Hierarchical HITs for HIPv2", Work in Progress, Internet- 1188 Draft, draft-moskowitz-hip-hierarchical-hit-05, 13 May 1189 2020, . 1192 [I-D.maeurer-raw-ldacs] 1193 Maeurer, N., Graeupl, T., and C. Schmitt, "L-band Digital 1194 Aeronautical Communications System (LDACS)", Work in 1195 Progress, Internet-Draft, draft-maeurer-raw-ldacs-04, 2 1196 July 2020, 1197 . 1199 [ICAOATM] International Civil Aviation Organization, "Doc 4444: 1200 Procedures for Air Navigation Services: Air Traffic 1201 Management", November 2016. 1203 [ICAOUTM] International Civil Aviation Organization, "Unmanned 1204 Aircraft Systems Traffic Management (UTM) - A Common 1205 Framework with Core Principles for Global Harmonization, 1206 Edition 2", November 2019. 1208 [Implementing] 1209 European Union Aviation Safety Agency (EASA), "Commission 1210 Implementing Regulation (EU) 2019/947 of 24 May 2019 on 1211 the rules and procedures for the operation of unmanned 1212 aircraft", May 2019. 1214 [new-hip-crypto] 1215 Moskowitz, R., Card, S., and A. Wiethuechter, "New 1216 Cryptographic Algorithms for HIP", Work in Progress, 1217 Internet-Draft, draft-moskowitz-hip-new-crypto-04, 23 1218 January 2020, . 1221 [new-orchid] 1222 Moskowitz, R., Card, S., and A. Wiethuechter, "Using 1223 cSHAKE in ORCHIDs", Work in Progress, Internet-Draft, 1224 draft-moskowitz-orchid-cshake-01, 21 May 2020, 1225 . 1228 [NPRM] United States Federal Aviation Administration (FAA), 1229 "Notice of Proposed Rule Making on Remote Identification 1230 of Unmanned Aircraft Systems", December 2019. 1232 [Recommendations] 1233 FAA UAS Identification and Tracking Aviation Rulemaking 1234 Committee, "UAS ID and Tracking ARC Recommendations Final 1235 Report", September 2017. 1237 [RFC4122] Leach, P., Mealling, M., and R. Salz, "A Universally 1238 Unique IDentifier (UUID) URN Namespace", RFC 4122, 1239 DOI 10.17487/RFC4122, July 2005, 1240 . 1242 [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", 1243 FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007, 1244 . 1246 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 1247 Morris, J., Hansen, M., and R. Smith, "Privacy 1248 Considerations for Internet Protocols", RFC 6973, 1249 DOI 10.17487/RFC6973, July 2013, 1250 . 1252 [RFC8280] ten Oever, N. and C. Cath, "Research into Human Rights 1253 Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280, 1254 October 2017, . 1256 [Roadmap] American National Standards Institute (ANSI) Unmanned 1257 Aircraft Systems Standardization Collaborative (UASSC), 1258 "Standardization Roadmap for Unmanned Aircraft Systems 1259 draft v2.0", April 2020, . 1263 [Stranger] Heinlein, R.A., "Stranger in a Strange Land", June 1961. 1265 [WG105] European Parliament and Council, "EUROCAE WG-105 draft 1266 Minimum Operational Performance Standards (MOPS) for 1267 Unmanned Aircraft System (UAS) Electronic 1268 Identification"", June 2020. 1270 Acknowledgments 1272 The work of the FAA's UAS Identification and Tracking (UAS ID) 1273 Aviation Rulemaking Committee (ARC) is the foundation of later ASTM 1274 [F3411-19] and IETF DRIP efforts. The work of ASTM F38.02 in 1275 balancing the interests of diverse stakeholders is essential to the 1276 necessary rapid and widespread deployment of UAS RID. IETF 1277 volunteers who have contributed to this draft include Amelia 1278 Andersdotter, Mohamed Boucadair, Toerless Eckert, Susan Hares, Mika 1279 Järvenpää, Daniel Migault, Saulo Da Silva and Shuai 1280 Zhao. 1282 Authors' Addresses 1284 Stuart W. Card (editor) 1285 AX Enterprize 1286 4947 Commercial Drive 1287 Yorkville, NY 13495 1288 United States of America 1290 Email: stu.card@axenterprize.com 1291 Adam Wiethuechter 1292 AX Enterprize 1293 4947 Commercial Drive 1294 Yorkville, NY 13495 1295 United States of America 1297 Email: adam.wiethuechter@axenterprize.com 1299 Robert Moskowitz 1300 HTT Consulting 1301 Oak Park, MI 48237 1302 United States of America 1304 Email: rgm@labs.htt-consult.com 1306 Andrei Gurtov 1307 Linköping University 1308 IDA 1309 SE-58183 Linköping 1310 Sweden 1312 Email: gurtov@acm.org