Re: [Drip] I-D Action: draft-ietf-drip-rid-11.txt

[Robert Moskowitz <rgm@labs.htt-consult.com>]

On 10/21/21 9:25 AM, mohamed.boucadair@orange.com wrote:
> Standard
>
> Re-,
>
> That’s better. Thank you.
>
> As we are in that section, there is also this nit:
>
>    Thus, although the PROBABILITY of a collision or pre-image attack is
>
>    low Section 11.2 
> <https://datatracker.ietf.org/doc/html/draft-ietf-drip-rid-11.txt#section-11.2>in 
> a collection of 1,024 HHITs out of a total
>
>    ^^^^^^^^^^^^^^^^^^^^
>

Oops...

    Thus, although the PROBABILITY of a collision or pre-image attack is
    low in a collection of 1,024 HHITs out of a total population of 2^64,
    per Section 11.2, it is computationally and economically feasible.
    Thus the HHIT registration and HHIT/HI registration validation is
    STRONGLY recommended.




> Cheers,
>
> Med
>
> *De :* Robert Moskowitz <rgm@labs.htt-consult.com>
> *Envoyé :* jeudi 21 octobre 2021 14:33
> *À :* BOUCADAIR Mohamed INNOV/NET <mohamed.boucadair@orange.com>; 
> tm-rid@ietf.org
> *Objet :* Re: [Drip] I-D Action: draft-ietf-drip-rid-11.txt
>
> On 10/21/21 2:40 AM, mohamed.boucadair@orange.com 
> <mailto:mohamed.boucadair@orange.com> wrote:
>
>     Hi Robert,
>
>     Thank you for addressing the comment from the cfrg, particularly this one:https://mailarchive.ietf.org/arch/msg/cfrg/tAJJq60W6TlUv7_pde5cw5TDTCU/  <https://mailarchive.ietf.org/arch/msg/cfrg/tAJJq60W6TlUv7_pde5cw5TDTCU/>  
>
>     BTW, please check the 2nd line of the third paragraph of the new text about pre-image attack as I'm not sure to parse it.
>
>
> Is the following an improvement?
>
> Now it should be noted that the 2^64 attempts is for stealing a
>     *specific* HHIT.  Consider a scenario of a street photography
>     company with 1,024 UAs (each with its own HHIT); you'd
>     be happy stealing any one of them.  Then rather than needing to 
> satisfy a
>     64-bit condition on the cSHAKE128 output, you need only satisfy
>     what is equivalent to a 54-bit condition (since you have 2^10 more
>     opportunities for success).
>
>
>
>
>     Also, it could be great if you can motivate the change in the normative language in Section 4.2. Thank you.
>
>     All: please review and share your comments. This is highly appreciated.
>
>     Cheers,
>
>     Med
>
>         -----Message d'origine-----
>
>         De : Tm-rid<tm-rid-bounces@ietf.org>  <mailto:tm-rid-bounces@ietf.org>  De la part de Robert Moskowitz
>
>         Envoyé : mercredi 20 octobre 2021 22:19
>
>         À :tm-rid@ietf.org  <mailto:tm-rid@ietf.org>
>
>         Objet : Re: [Drip] I-D Action: draft-ietf-drip-rid-11.txt
>
>         Changes in sec 4.2 and 11.  Please review.
>
>         Adam and I are discussing sec 5, as he actually has done some
>
>         implementation demos and I may make adjusts along what he has done.
>
>         Also Adam and I need to work out App B and drip-auth.
>
>         So there may be yet an update before the cutoff.  Of course comments are
>
>         welcome and I will make adjusts as needed.
>
>         On 10/20/21 4:13 PM,internet-drafts@ietf.org  <mailto:internet-drafts@ietf.org>  wrote:
>
>             A New Internet-Draft is available from the on-line Internet-Drafts
>
>         directories.
>
>             This draft is a work item of the Drone Remote ID Protocol WG of the
>
>         IETF.
>
>                       Title           : DRIP Entity Tag (DET) for Unmanned Aircraft
>
>         System Remote Identification (UAS RID)
>
>                       Authors         : Robert Moskowitz
>
>                                         Stuart W. Card
>
>                                         Adam Wiethuechter
>
>                                         Andrei Gurtov
>
>                  Filename        : draft-ietf-drip-rid-11.txt
>
>                  Pages           : 29
>
>                  Date            : 2021-10-20
>
>             Abstract:
>
>                  This document describes the use of Hierarchical Host Identity Tags
>
>                  (HHITs) as self-asserting IPv6 addresses and thereby a trustable
>
>                  identifier for use as the Unmanned Aircraft System Remote
>
>                  Identification and tracking (UAS RID).  Within the context of RID,
>
>                  HHITs will be called DRIP Entity Tags (DET).  HHITs self-attest to
>
>                  the included explicit hierarchy that provides Registrar discovery
>
>         for
>
>                  3rd-party identifier attestation.
>
>             The IETF datatracker status page for this draft is:
>
>             https://datatracker.ietf.org/doc/draft-ietf-drip-rid/  <https://datatracker.ietf.org/doc/draft-ietf-drip-rid/>
>
>             There is also an HTML version available at:
>
>             https://www.ietf.org/archive/id/draft-ietf-drip-rid-11.html  <https://www.ietf.org/archive/id/draft-ietf-drip-rid-11.html>
>
>             A diff from the previous version is available at:
>
>             https://www.ietf.org/rfcdiff?url2=draft-ietf-drip-rid-11  <https://www.ietf.org/rfcdiff?url2=draft-ietf-drip-rid-11>
>
>             Internet-Drafts are also available by anonymous FTP at:
>
>             ftp://ftp.ietf.org/internet-drafts/  <ftp://ftp.ietf.org/internet-drafts/>
>
>         --
>
>         Tm-rid mailing list
>
>         Tm-rid@ietf.org  <mailto:Tm-rid@ietf.org>
>
>         https://www.ietf.org/mailman/listinfo/tm-rid  <https://www.ietf.org/mailman/listinfo/tm-rid>
>
>     _________________________________________________________________________________________________________________________
>
>     Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
>
>     pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
>
>     a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
>
>     Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
>     This message and its attachments may contain confidential or privileged information that may be protected by law;
>
>     they should not be distributed, used or copied without authorisation.
>
>     If you have received this email in error, please notify the sender and delete this message and its attachments.
>
>     As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
>
>     Thank you.
>
> -- 
> Robert Moskowitz
> Owner
> HTT Consulting
> C: 248-219-2059
> F: 248-968-2824
> E: rgm@labs.htt-consult.com <mailto:rgm@labs.htt-consult.com>
>
> There's no limit to what can be accomplished if it doesn't matter who 
> gets the credit
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>