[Pearg] Review of Privacy section in draft-ietf-drip-rid

Robert Moskowitz <rgm-sec@htt-consult.com> Tue, 02 November 2021 13:22 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id E585E3A119E for <pearg@ietfa.amsl.com>; Tue, 2 Nov 2021 06:22:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id XSuy-Znmpu3C for <pearg@ietfa.amsl.com>; Tue, 2 Nov 2021 06:22:50 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 533283A1193 for <pearg@irtf.org>; Tue, 2 Nov 2021 06:22:50 -0700 (PDT)
Received: from localhost (localhost []) by z9m9z.htt-consult.com (Postfix) with ESMTP id 4669E624FD for <pearg@irtf.org>; Tue, 2 Nov 2021 09:21:49 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([]) by localhost (z9m9z.htt-consult.com []) (amavisd-new, port 10024) with LMTP id ByN6rUz66x0l for <pearg@irtf.org>; Tue, 2 Nov 2021 09:21:44 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown []) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 66525624C0 for <pearg@irtf.org>; Tue, 2 Nov 2021 09:21:42 -0400 (EDT)
To: pearg@irtf.org
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <7b33eddc-06c9-1f84-e91e-d7a620a1c201@htt-consult.com>
Date: Tue, 2 Nov 2021 09:22:38 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/IHz3XmVsdv75eKWw97VbiQsVhE0>
Subject: [Pearg] Review of Privacy section in draft-ietf-drip-rid
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Nov 2021 13:22:56 -0000

To pearg list members:

I have been advised to submit here draft-ietf-drip-rid for comments.

DRIP is Drone (Unmanned Aircraft) Remote ID Protocols.

The 1st phase of DRIP is adding trustworthiness to the Remote ID 
mandated in recent FAA (and EASA) regulations and technically defined in 
ASTM F3411.

This is Broadcasting information about the UA over Bluetooth and WiFi to 
all observers within radio range (up to 1KM).

Sec 8 in the draft is on Privacy or the challenge to even provide any 

There is an opinion, since the National Airspace (NAS) is the 
responsiblity of the local Civil Aviation Administration (CAA, e.g. 
FAA), that sorry, you play, you say who you are and what you are doing.

Note that legally, any self-sustained device (excludes ground effect 
like hovercraft) one inch (though some argue 1 foot) above ground up to 
50,000' is controled by the FAA in the US (though FAA, USAF and NASA 
argue the ceiling).

In other words, you have no rights to fly even in your backyard or over 
your roof other than what the FAA grants you.   None.  It is the law, 
poorly enforced unless they want to.

But what degree of information visiblity SHOULD be allowed to maintain 
safe use of the NAS?  FAA (admittedly acting as proxy for other 
agencies) require information about the UA Operator as well (and EASA 
also has this requirement).

So take a look at the draft.  Look at sec 8, Privacy.

I cannot participate in the pearg session.  It is the same time as 
DRIP.  And the previous session I am presenting in CFRG about my use of 
small hashes and KMAC.

I do hope to hear back from others.

Robert Moskowitz