[Drip] review of -arch-22
"Card, Stu" <stu.card@axenterprize.com> Tue, 22 March 2022 21:55 UTC
Return-Path: <stu.card@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 570E63A0DE5
for <tm-rid@ietfa.amsl.com>; Tue, 22 Mar 2022 14:55:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 1yV2S87ZNUXk for <tm-rid@ietfa.amsl.com>;
Tue, 22 Mar 2022 14:55:51 -0700 (PDT)
Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com
[IPv6:2a00:1450:4864:20::52d])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 10DA93A0DEF
for <tm-rid@ietf.org>; Tue, 22 Mar 2022 14:55:50 -0700 (PDT)
Received: by mail-ed1-x52d.google.com with SMTP id c62so3832072edf.5
for <tm-rid@ietf.org>; Tue, 22 Mar 2022 14:55:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=axenterprize.com; s=google;
h=mime-version:from:date:message-id:subject:to;
bh=gealPbF4ECLKIP2xCIgJOv75ZjAVOyLC2IEUqXi5qGk=;
b=Zz4qOK4mZkbKyJDw/OzDB6/Pez+4oNDMR232tnhs1B/0uHeJUPyshel6PO0Gx+NZde
sab9y4UEECHjrewfmQA/oy1IbsF1Kx1cFtOofpdneo08hsDCVs9KULRIw6V+/7TeMMks
4u1EwWxx882R2LeGEtDoEU2KVj+wl6r+faoic=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=gealPbF4ECLKIP2xCIgJOv75ZjAVOyLC2IEUqXi5qGk=;
b=MRK5chMFPC/BhI82jo5HyT2TWgrx/EoRkwJMVuimJcPH5NFJdvINwgPRF099SuBrYz
458Li2KUX4fu/UFxYaN+Xi360DFFgcV2Mb/M+k9PD3JkxEvU7+HXyDJXKtKXyMbwB1zJ
Te42YFJCTO3nRD8CuAn3DDKCqGmXGZkF2uWV0UI2OCzOnyVIqZko4kJYV28buqa3sdjv
g6dLdzWhh1inFhH3wYjtJbnkSXMC+L0eSxaragIKYMRMYQkmtbvqFXQkuwn75iYu4H5S
m+nDZvaQ1r7OQVDTwFoQOpC0yElcd0kQ1nZr/VjC+pTRBuebcO24rE9a/MZdE4BibDzY
Ra7Q==
X-Gm-Message-State: AOAM531WpnZPZVmPF9xgRB88OOflGylX1PlbgfW5Oyi0wsqpPezLglKQ
2Iq5GyM6fAz/4uO6Ivzvjir/nz0hGa8TRbtaAyC+VK1jrpLY+Q==
X-Google-Smtp-Source: ABdhPJzFJCVuqMIC+Z4LCkjp2r+et6Dew2nBK13RS8Gl4ItNJpiDdtceTiBumpEjyS/SG7w6I6c71/LHytk4P0kdkVc=
X-Received: by 2002:aa7:d309:0:b0:419:128f:7178 with SMTP id
p9-20020aa7d309000000b00419128f7178mr23574745edq.109.1647986148964; Tue, 22
Mar 2022 14:55:48 -0700 (PDT)
MIME-Version: 1.0
From: "Card, Stu" <stu.card@axenterprize.com>
Date: Tue, 22 Mar 2022 17:55:34 -0400
Message-ID: <CAKM0pYMsyiVHKG0a8JqEAPAH3LAHN4ikZNORkCym+xv+F10pfw@mail.gmail.com>
To: tm-rid@ietf.org
Content-Type: multipart/alternative; boundary="000000000000011b9005dad5add3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/MkN0UTDdtfAWGbMwa99siP4uVoY>
Subject: [Drip] review of -arch-22
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>,
<mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>,
<mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2022 21:55:57 -0000
While recent edits of -arch have improved it overall (thanks all!), they have also introduced a few errors. 1.1 last paragraph "UAS RID discussed in Section 3" refers to the identifier, so should appear as "UAS ID"; "UAS RID" refers to the need, process and system, not the identifier. 4.2 "(more details in Section 9)" is no longer accurate as security considerations have been reworded so specific vulnerabilities are stated more generally and seem less dangerous. 9. "Thus an adversary could impersonate a validly registered UA. This attack would only be exposed when the HI in DRIP authentication message is checked back to the USS and found not to " is incorrect as this attack is defeated by broadcasting registry attestations on UA etc. as described in -auth, which unfortunately still lacks, in -arch, the introduction provided therein for -rid (actually -dets) and -registries. 9. "Finally..." states one vulnerability, then 3 more unrelated to the first. Throughout, may/MAY/should/SHOULD/must/MUST need review, IMO they have been excessively weakened.
- [Drip] review of -arch-22 Card, Stu