IETF Logo Mail Archive

[Drip] DIME Apex Allocation

Adam Wiethuechter <adam.wiethuechter@axenterprize.com> Wed, 27 March 2024 17:17 UTC

Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 817C2C14F6A9 for <tm-rid@ietfa.amsl.com>; Wed, 27 Mar 2024 10:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6l8wJtInpuHM for <tm-rid@ietfa.amsl.com>; Wed, 27 Mar 2024 10:17:19 -0700 (PDT)
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2110.outbound.protection.outlook.com [40.107.220.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7155AC14F6E8 for <tm-rid@ietf.org>; Wed, 27 Mar 2024 10:17:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QtFACONPjkrmP7lX60U+S9Ysa1CbzCOf7JocHR2P+lUAgXBd39cHpDiTBY6HLK5XlHQvag38fKCpm7qqdqpp5hfDKvf4iC7GKVTEa++oTVOwgPbWQtXCjhP+Rn2lmDugNwy1Yg6KdVFjP40MZ+EN7yVxP4uNxDnY1rWx76CHWgr/+zJnPqAQi/jQiLMQ6cliUvgVTcysOWvzDJD9nC3g4wmxSAZlgZnodcybpcLoP5DTiNgA8EeMmKeFvJUv5lrr1KEvuHIXfjQ0Cw8aM4DHJSdAp9hvcZY5G+G1doAN/9OD3/xmnBOToJbak9Y+Pw235ef3pwQFD2TL20or5Y1qZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LUl8gw3viSFfeN1/9v6ITjsk0uKX6+zq5nU4+Efnbqs=; b=fx0dWm2KdJAk//WMEF9rBNCvW72BPSe49AZhZlmbwEmdE2Arb3hvmgtJ0O0gXN3IxYq0YliGDifr/LvG9OBFjQC8ylaRiQU6+eFkMwQf4fkTZjxC2WVAPny+3aMESLszWAZWc8gjs9Vwk8TC469isPBUA4KvILNdaC56p+WTohvNHJv+uIl518ZeCSPZ0jfhGlqgkilg34IEcFxpm4Z0uWdMiwGa6a6ytIUrqiPYW5XG0rfoHpHbGoMbsQtWPCgB8Wm9DiRAtwq/tYz9X9lm8dQHO/fzgop3sQod/jLtlFXLMC8VrJc3tCPsrbxhEbZ9zQTgMiF+XbXK2kVvGBQpRw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=axenterprize.com; dmarc=pass action=none header.from=axenterprize.com; dkim=pass header.d=axenterprize.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LUl8gw3viSFfeN1/9v6ITjsk0uKX6+zq5nU4+Efnbqs=; b=LmtThhBIrWCJF9AsKNGwBiuoXxGjuI9zBI6VuuCGfMLGCyi6pa0bYGbBdxR6nxSHfIO3N58rYStS7UQaSxlsjWHtBrLUgvDIDUTGDl+Te/8kTCXKFWH+wES+Z3U6YLbaYg7upD2vpUgmbRvDbNsvl+yFVSpUFzpKUUTkBKSD/ts=
Received: from SA3PR13MB6515.namprd13.prod.outlook.com (2603:10b6:806:398::14) by BN0PR13MB5151.namprd13.prod.outlook.com (2603:10b6:408:152::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.32; Wed, 27 Mar 2024 17:17:16 +0000
Received: from SA3PR13MB6515.namprd13.prod.outlook.com ([fe80::c1ee:1f27:3ee2:b38a]) by SA3PR13MB6515.namprd13.prod.outlook.com ([fe80::c1ee:1f27:3ee2:b38a%3]) with mapi id 15.20.7409.031; Wed, 27 Mar 2024 17:17:16 +0000
From: Adam Wiethuechter <adam.wiethuechter@axenterprize.com>
To: "tm-rid@ietf.org" <tm-rid@ietf.org>
Thread-Topic: DIME Apex Allocation
Thread-Index: AQHagGRbwlPtKvQfnUaGmBWBJ7QCSw==
Date: Wed, 27 Mar 2024 17:17:16 +0000
Message-ID: <SA3PR13MB651581117E8CBCF288892CE988342@SA3PR13MB6515.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA3PR13MB6515:EE_|BN0PR13MB5151:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Qn0YNFfRaUq1wR23dK1BDQRSCDPQdK6ulX/++H4D3YOug2MhtdcwjyWaxYp2kvflX9/UHgt3quLVeAr8C8HRA518h/S1XcZ4aFqarLhjVAaikRcZHIkm2855LcqLnLfiGoLcBHhy90fS069x0kYmkhHNVXndCeG9C9/iuXFZPgXkrLvyOHMNQdzJE/BQx7KAXAFc/hdOTICDXoGtecBDUd/jn9ek9foM439OeRndKtPndO7y/VGJXKmbTUva8Vgmvpd8J9lOvmGzA9u9cnUEAylQbfC14dcg0MeBAzaziNPARSLMi+T+mjIRMJ/zioekv4jpnZBTOk8898f6wWaYg/QWLtJ5Z0iNtVAo5jt0ooUtTDQzrBi31xa8OzBYOJGmX4lt9ZzLU4r3Evau6l248jSpc4p2fise/Zjx7O6d23+k147zoOm8iRqBpD5PImJbM6IMFbN7xXnQ9uS0P962AgI2SnfnoFwR8nZPQU93LVFk+oMYwN5fLNgtTwz2eA3Nq2lctzSmiFoiVruaaaexvUPW+iu77GFZgev4CkntzEf4R4HhXov+vq4H0DJ+kWKIb6cat0AbsObxW0tm/Mw74OB5TpyMkkZz6R9w2H+miR7pAy0g3erOzlHocwzZLdf8seASgrxPpD71Za55EoKhCRrKaAeD0lEPIkeTJ4lC5ZQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA3PR13MB6515.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(366007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: mSMRklDujbnjRiq5Ex6o93YI+2opL14eZL2VZ8YNSp1ggme2st/XAyQvQ7bUFrfEl09zofvmCKg4vC2BIBSEufu8KLp6bY2IBUQZBCTquXyYnb9O/CE73DP/1nw+ZtJE6vI6E0AF0GQk/k8pWyvvdQyh4hMzApOKT07534G8+p6D+T6nK2b40SXGhawTP/RYeUShFtyIsu76Mn2WhFI0eejE+mt21YwOwKY+4zOeVCLue8AvJeR0SwNEy60EHqZushEJXWJjJWFa7iWwBZjfjgHIjjSr+H7zJuzQeDoywrzqpSKibs+hyIEBjjZauufg87uO7IOa8dNkGg6AEUmSFA+BsJp6f6PMDHdx11WSAiWxDtdK45owiKVanyDbKKOfgrzfHnT+YzjVhctSCFGU9NY3nBksUCRlvSIQwhqAjEP66zs3NRUlGKloQfn0vyNeN+HZMRW7WtbyGar6IMkRyBHeRo7Zrb4HjXgNLEEPa+XGqxqeYZzdVT+SQXYPlLc+4R34Dx4ULX44klUq9DNsQGEziVd80FRI814caHpzYpzb70rm61T3l7K2mEuF/jDqit3NrwheKsiJCPUJMbLe3Do7te29MrbwUdvqyaXAIWbzOKMCHHkcsZZSILGLo3Ebw1kSgbmo+a5GK4QrACk/tTfPBkjC9AB/D8478Qg/mVGqJy9025oqwm8dkpmbaGwy5NwnhuST+bY8bz6TXfaQmSGLE4JGCm0FcznY78bvymhP278oyGVmJYAIKO6LBytDCsMFkNAJtHDNiPsAv+gUpFp6KqwwmS9UDVeszJZ9yw9Tj/qCMrf4/J3Ea8PiuoA1vt8597vchDORJMEFjyC4Cjm4hWtu7Yghy4IDE6raAEFsNcTYbNdLeTlerBpAfIgxtFA0O0dc4kAU1jenJi4/WB2kIgyOIF+/pJCmwZh2EFepSpr/1gLlc/QgNdQl8C/MfuvQlInoPomUPwNPDkDsQ92z5wFPr9r3CcZ96OuQu/e5d3Mei+Bb4HqljZ+j4u2molSI3SJeqjNsaPyOxHDya7Kv/y9dN8LsXNQwUIWBLMoK3ity7k1xAiMhd9D/Zbfz9t4/VWwrFeLygldZxViqQwqA1DH3LH5uC5cRXAOkaMRzbYWzr+CUJkE7Yn6pjCnHX/282s5vleTlntIxh50xUTX1t5dQfpwRQ/CHT1MtWFkTVv2p2MmYhd7SooP9xnup05Yk4K68qngBmS7DhI15TF0hzBn5bht6SMuc9Zrvi54lMyh7e61qR+p4F8Pjdh3re6n4dz/MZbqu/Szb1qNBtYmXzAaap0BVWGJrjaO0Y2Q8APsoNMZxejlng14LNImrHRcje/BcEM38UtMJNyPTk29618OFysXop5o6v/I9hrofx3LU8REekl2VMGlYumy8lnyZ/r0fAT/EHrlrPHlH7P4XN16fTRKLqU2H4FjTdqDeRF6JfZ0ec5MdVBybhGRBS9HbWrb+b62IdqultivDC5CV/MnqIaBr7ECtG+b6OuG8t56Ljk0cX/yXwiZ+ezZLfyEPtdVyufcKCYLDT/bf1krt8U2aWXJtRLl1XzjCBKbSMvv4J9MA8QIQZHF0MzsvlxMd4VTEZRgLK9oKkZy4rg==
Content-Type: multipart/alternative; boundary="_000_SA3PR13MB651581117E8CBCF288892CE988342SA3PR13MB6515namp_"
MIME-Version: 1.0
X-OriginatorOrg: axenterprize.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA3PR13MB6515.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b2af6f07-162e-4f21-cbfd-08dc4e81c046
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Mar 2024 17:17:16.3089 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 00ad0178-ead0-441e-96ff-0c72baf3a6fa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: sWwL7AIpGdMRKFgZcoiIlg+/i57GS3xJTTBvczORFpbTr/22lFZxI/W4IHacfDK1BX9/Tn14l+oh03NbaR3aU8ruhaeyETqHdTR87Cl2SzuJBR8NrSHSZ88aWQXRBaNC
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR13MB5151
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/GFbY1iEeLRWLBKsk_DxVQg75jXU>
Subject: [Drip] DIME Apex Allocation
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2024 17:17:23 -0000

All,

I am currently working through Daniels comments, thanks Dan!

I have run across this specific set of comments (spanning Section 4 and Section 4.1) and wish to engage in a discussion of the WG to see what other people think.

<mglt>
I think it would be good to clarify the meaning of the acronyms.
We should also explain what RAA/HDA differs from the generic RAAs/HDAs.
DET defines RAA and HDA as some bits, and it seems that some sort of delegation exists between RAA and HDAs. However, there are no bits for Apex and as such Figure 1 does not seem to represent that delegation induced by the DET fields but instead as a specific "administrative entity" that uses special bits values for RAA and HDA. Maybe that is clarified after, but the current description is missing to specify that it represents business entities or administrations. All of them will be encoded on the RAA and HDA bits.
</mglt>

4.1.  Apex

   The Apex is a special DIME role that holds the values of RAA=0-3 and
   HDA=0.
 It serves as the branch point from the larger DNS system in
   which DETs are defined.  The Apex is the owner of the IPv6 prefix
   portion of the DET associated with it (2001:30/28) which is assigned
   by IANA from the special IPv6 address space for ORCHIDs.

<mglt>
I think I am missing the text that explains briefly why we need to have an Apex. If that is the administrative contact of the prefix why do we need to assign a specific RAA/HDA code point.
</mglt>

The primary discussion is I wish to raise is around if the Apex needs allocations in RAA/HDA space.

The Apex is to be run by some entity. At the moment it is agreed to be IANA until ICAO can fill its place. There will obviously be X.509 certificates that we will need to shadow as mentioned in -dki.

Technically if the Apex is not given a DET out of this space there cannot be a Broadcast Endorsement for the Apex. Currently it is defined that the Broadcast Endorsement for the Apex is self-signed. If this is removed a few things happen:


  1.
drip-auth has one whole Broadcast Endorsement removed from its chain. This is good as then less is needed to be sent over the air. This is bad as the Apex is written into the document in Section 6.
  2.
RAA level Broadcast Endorsement's become self-signed, and clients must jump into the shadow X.509 PKI to confirm if the RAA is legitimate and continue up the chain to the Apex.

I think we have two options to move forward with this comment:


  1.
Remove the allocation of a DET for the Apex (i.e. RAA=0-3, HDA=0) and have it solely be in the X.509 (as the Root CA?) chain. Text would need to be added explaining that X.509s would be required between the Apex and RAAs to confirm legitimate registration.
  2.
Add text justifying the DET for the Apex.

On a technical level I believe it should stay the same, however on a conceptual level legitimacy ends, at least to most end users, at their CAA (which would be the RAA).

Thoughts?

--------
73,
Adam T. Wiethuechter
Software Engineer; AX Enterprize, LLC

v2.23.0 | Report a Bug | By Email