IETF Logo Mail Archive

[Drip] Comments on draft-ietf-drip-registries-10

Robert Moskowitz <rgm@labs.htt-consult.com> Fri, 07 July 2023 13:38 UTC

Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46E21C14F75F for <tm-rid@ietfa.amsl.com>; Fri, 7 Jul 2023 06:38:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ruBQlZu2VU-c for <tm-rid@ietfa.amsl.com>; Fri, 7 Jul 2023 06:38:56 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF42C14CF13 for <tm-rid@ietf.org>; Fri, 7 Jul 2023 06:38:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 4C99062745 for <tm-rid@ietf.org>; Fri, 7 Jul 2023 09:38:33 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iTwWo+2Q+nYr for <tm-rid@ietf.org>; Fri, 7 Jul 2023 09:38:27 -0400 (EDT)
Received: from [192.168.160.29] (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 51CF8623C1 for <tm-rid@ietf.org>; Fri, 7 Jul 2023 09:38:27 -0400 (EDT)
Message-ID: <14d5c08e-21fc-b746-bed9-47bb4a4b88cf@labs.htt-consult.com>
Date: Fri, 07 Jul 2023 09:38:46 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0
From: Robert Moskowitz <rgm@labs.htt-consult.com>
To: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <207be6fa-4df0-c0c0-b67d-12d2f7a13220@labs.htt-consult.com>
Content-Language: en-US
In-Reply-To: <207be6fa-4df0-c0c0-b67d-12d2f7a13220@labs.htt-consult.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/OiYqPk0FXndm_J31b4E9NtvX2jY>
Subject: [Drip] Comments on draft-ietf-drip-registries-10
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2023 13:38:57 -0000

Here is my review of the changes in -10

     4.3.  Hierarchial HIT Domain Authority (HDA)

r/parties to obtain./parties to obtain it./

The Serial Number SHOULD be  encrypted in a way only the authorized 
party can decrypt.

replace with

The Serial Number MUST be  protected in a way only the authorized party 
can gain access.

this is talking to USS store of SN; out of scope to tell them how to 
protect their store.

     4.3.1.  Manufacturer Unmanned Aircraft Authority (MAA)

The Manufacturer Code character set is defined in [CTA2063A] with the   
values (0-9, A-Z in that order) being set as integers from 0 to 33.

This is confusing.  It does not add up.  You need to be explicit on the 
alpha set.  Perhaps use regexp format

[0-9,A-H,J-N,P-Z]

Or state exclude alpha I and O.

6.1.  Serial Number

recommended DNS RR.

Include some text at the beginning about which RR is the recommendation 
DeJour (or what ever the term is).

State that DET RR is recommended, but others may be needed for specific 
application support.  For example, TLSA RR for D/TLS and HIP RR for HIP.

10.1.  Certificate Policy and Certificate Stores

It has been pointed out to me, that at least in the US, "general 
aviation" is private crewed aircraft only, whereas "civil aviation" is 
for commercial carrier crewed aircraft.

I am not sure how to fix:

Finally  there is a profile to directly add DET support into the 
general  aviation certificates as discussed below.

perhaps expand "general" to "civil/general".

Got to love this stuff.  Would not give it the time of day otherwise....

10.2.  Certificate Management

actually a X.509 registration

"an X.509"

Check for any other occurrences of "a X.509", as I believe proper style 
is "an X.509".

And if this was a direct copy of what I sent, I erred!

Add a 2nd para:

Note that CSRs do not include the certificate validityDate; adding that 
is done by the CA.  If in the registration process, the EE is the source 
of notBefore and notAfter dates, they need to be sent along with the CSR.

Or maybe not as this is "common knowledge" by PKIX developers/users.  I 
just forgot about it at the time.  Maybe that is why to include it, as 
one does tend to forget these sorts of details.

10.3.  Examples

[drip-dki] is full of examples.  Pages of them.  Point the reader there.

I am not reviewing Appendix C at this time.  Rather I will try and make 
DNS examples and see how things line up.

So this completes ver -10 review.

Bob

v2.23.0 | Report a Bug | By Email