Re: [Dance] DANCE use for DRIP Network Remote ID
Robert Moskowitz <rgm-sec@htt-consult.com> Fri, 24 June 2022 16:40 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: dance@ietfa.amsl.com
Delivered-To: dance@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698F2C15D481 for <dance@ietfa.amsl.com>; Fri, 24 Jun 2022 09:40:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.785
X-Spam-Level:
X-Spam-Status: No, score=-3.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-1.876, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17G8zaJdNrk6 for <dance@ietfa.amsl.com>; Fri, 24 Jun 2022 09:40:29 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9492CC157B45 for <dance@ietf.org>; Fri, 24 Jun 2022 09:40:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id B4A3A624D4; Fri, 24 Jun 2022 12:39:43 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ToRau1pN1Hjz; Fri, 24 Jun 2022 12:39:36 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 5188C6250B; Fri, 24 Jun 2022 12:39:35 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------eOs05WKemGxhhIIKygANJU1s"
Message-ID: <f9872e2b-d9b4-b089-be1b-54ff55dc4615@htt-consult.com>
Date: Fri, 24 Jun 2022 12:40:19 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: Joey Salazar <joeygsal@gmail.com>
Cc: dance@ietf.org
References: <43933f77-6abf-7750-f5e9-e3d0e20135d5@htt-consult.com> <CAEhLraisaddstCUOJkuMrSN+1WRKYAoj+xSkOU+JGDp-ebH7eA@mail.gmail.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <CAEhLraisaddstCUOJkuMrSN+1WRKYAoj+xSkOU+JGDp-ebH7eA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dance/07qKUGPSDPLWmvyjGM3GXusxpoE>
Subject: Re: [Dance] DANCE use for DRIP Network Remote ID
X-BeenThere: dance@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: DANE Authentication for Network Clients Everywhere <dance.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dance>, <mailto:dance-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dance/>
List-Post: <mailto:dance@ietf.org>
List-Help: <mailto:dance-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dance>, <mailto:dance-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Jun 2022 16:40:30 -0000
On 6/24/22 12:28, Joey Salazar wrote: > On Fri, Jun 24, 2022 at 4:27 PM Robert Moskowitz > <rgm-sec@htt-consult.com> wrote: > Hi Bob, > > Sec 3.2.1.2 in draft-moskowitz-drip-secure-nrid-c2 > > for DANCE (and DANE) usage. Any improvement in this section is > really > appreciated. > > > Is this referring to HIP-DNS-EXT? If not, could you perhaps explain a > bit more? oops that is suppose to be sec 3.2.1.3 ... No. Although HIP-DNS-EXT (rfc 8005) MAY be used for those UAS using HIP for Network Remote ID, DTLS is also usable for this comm, as the Net-RID Service Provider will have a fixed address. So how, given drip-rid DETs (HHITs) can DTLS authentication best be supported. Well through DANCE and client TLSA RR. HIP is covered, very easily in sec 3.2.1.2 3.2.1.3 is for those implementations using DTLS. I should point out that for Command and Control (C2), DTLS is problematic IF the Ground Control Station (GCS) is mobile in the network. For those GCS fixed (like in a major operations center), DTLS COULD be used for C2. HIP with the RVS works very well for IP mobility on both ends. Particularly managing the double jump problem (both nodes move at the same time). > > In Sec 5.6 of draft-ietf-drip-registries > > We get where the TLSA RR is created as part of the UAS registration. > Text here needs lots of help, I have already sent off one set of > changes > to the editor. > > > Thank you for bringing these 2 drafts to the WG's attention, is there > a preferred platform for folks to share their thoughts? > I see there's a github repo for the draft-ietf-drip-registries I-D but > none listed for draft-moskowitz-drip-secure-nrid-c2. No for secure-nrid-c2, as it is not yet adopted by the wg. I keep all copies local. Best to comment for both in the DRIP mailing list. I will also follow comments here. > > So this COULD be a major use case for DANCE. I have a meeting > next week > at ICAO in Montreal where we will be defining the parts of the ICAO > International Aviation Trust Framework (IATF) as part of the Global > Resilient Aviation Interoperable Network (GRAIN) for a 6 month PoC. > > I want to ensure that DANCE/DANE is included beyond their grand PKI > model.... > > If my DRIP, IPSECME, TLS, LPWAN, CFRG participation does not > conflict I > can add to the DANCE discussion and adding this use case to the > architecture. :) > > > It would be great to have discussion on this : ) > > DANCErs feel free to speak up! And I am listening. Bob
- Re: [Dance] DANCE use for DRIP Network Remote ID Joey Salazar
- [Dance] DANCE use for DRIP Network Remote ID Robert Moskowitz
- Re: [Dance] DANCE use for DRIP Network Remote ID Robert Moskowitz
- Re: [Dance] DANCE use for DRIP Network Remote ID Robert Moskowitz
- [Dance] New draft-ietf-drip-registries-04 Robert Moskowitz
- Re: [Dance] DANCE use for DRIP Network Remote ID Michael Richardson