[Drip] Comments on draft-ietf-drip-registries-10
Robert Moskowitz <rgm@labs.htt-consult.com> Fri, 07 July 2023 13:38 UTC
Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46E21C14F75F for <tm-rid@ietfa.amsl.com>; Fri, 7 Jul 2023 06:38:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ruBQlZu2VU-c for <tm-rid@ietfa.amsl.com>; Fri, 7 Jul 2023 06:38:56 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF42C14CF13 for <tm-rid@ietf.org>; Fri, 7 Jul 2023 06:38:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 4C99062745 for <tm-rid@ietf.org>; Fri, 7 Jul 2023 09:38:33 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iTwWo+2Q+nYr for <tm-rid@ietf.org>; Fri, 7 Jul 2023 09:38:27 -0400 (EDT)
Received: from [192.168.160.29] (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 51CF8623C1 for <tm-rid@ietf.org>; Fri, 7 Jul 2023 09:38:27 -0400 (EDT)
Message-ID: <14d5c08e-21fc-b746-bed9-47bb4a4b88cf@labs.htt-consult.com>
Date: Fri, 07 Jul 2023 09:38:46 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0
From: Robert Moskowitz <rgm@labs.htt-consult.com>
To: "tm-rid@ietf.org" <tm-rid@ietf.org>
References: <207be6fa-4df0-c0c0-b67d-12d2f7a13220@labs.htt-consult.com>
Content-Language: en-US
In-Reply-To: <207be6fa-4df0-c0c0-b67d-12d2f7a13220@labs.htt-consult.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/OiYqPk0FXndm_J31b4E9NtvX2jY>
Subject: [Drip] Comments on draft-ietf-drip-registries-10
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2023 13:38:57 -0000
Here is my review of the changes in -10 4.3. Hierarchial HIT Domain Authority (HDA) r/parties to obtain./parties to obtain it./ The Serial Number SHOULD be encrypted in a way only the authorized party can decrypt. replace with The Serial Number MUST be protected in a way only the authorized party can gain access. this is talking to USS store of SN; out of scope to tell them how to protect their store. 4.3.1. Manufacturer Unmanned Aircraft Authority (MAA) The Manufacturer Code character set is defined in [CTA2063A] with the values (0-9, A-Z in that order) being set as integers from 0 to 33. This is confusing. It does not add up. You need to be explicit on the alpha set. Perhaps use regexp format [0-9,A-H,J-N,P-Z] Or state exclude alpha I and O. 6.1. Serial Number recommended DNS RR. Include some text at the beginning about which RR is the recommendation DeJour (or what ever the term is). State that DET RR is recommended, but others may be needed for specific application support. For example, TLSA RR for D/TLS and HIP RR for HIP. 10.1. Certificate Policy and Certificate Stores It has been pointed out to me, that at least in the US, "general aviation" is private crewed aircraft only, whereas "civil aviation" is for commercial carrier crewed aircraft. I am not sure how to fix: Finally there is a profile to directly add DET support into the general aviation certificates as discussed below. perhaps expand "general" to "civil/general". Got to love this stuff. Would not give it the time of day otherwise.... 10.2. Certificate Management actually a X.509 registration "an X.509" Check for any other occurrences of "a X.509", as I believe proper style is "an X.509". And if this was a direct copy of what I sent, I erred! Add a 2nd para: Note that CSRs do not include the certificate validityDate; adding that is done by the CA. If in the registration process, the EE is the source of notBefore and notAfter dates, they need to be sent along with the CSR. Or maybe not as this is "common knowledge" by PKIX developers/users. I just forgot about it at the time. Maybe that is why to include it, as one does tend to forget these sorts of details. 10.3. Examples [drip-dki] is full of examples. Pages of them. Point the reader there. I am not reviewing Appendix C at this time. Rather I will try and make DNS examples and see how things line up. So this completes ver -10 review. Bob
- [Drip] Comments on draft-ietf-drip-registries-09 Robert Moskowitz
- Re: [Drip] Comments on draft-ietf-drip-registries… Robert Moskowitz
- Re: [Drip] Comments on draft-ietf-drip-registries… Robert Moskowitz
- Re: [Drip] Comments on draft-ietf-drip-registries… Robert Moskowitz
- Re: [Drip] Comments on draft-ietf-drip-registries… Stu Card
- Re: [Drip] Comments on draft-ietf-drip-registries… Stu Card
- Re: [Drip] Comments on draft-ietf-drip-registries… Robert Moskowitz
- [Drip] Comments on draft-ietf-drip-registries-10 Robert Moskowitz