Re: [Drip] Paul Wouters' No Objection on draft-ietf-drip-auth-47: (with COMMENT)

[Adam Wiethuechter <adam.wiethuechter@axenterprize.com>]

Paul,

See inline.

--------
73,
Adam T. Wiethuechter
Software Engineer; AX Enterprize, LLC

________________________________
From: Paul Wouters via Datatracker <noreply@ietf.org>
Sent: Wednesday, February 14, 2024 10:06 PM
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-drip-auth@ietf.org <draft-ietf-drip-auth@ietf.org>; drip-chairs@ietf.org <drip-chairs@ietf.org>; tm-rid@ietf.org <tm-rid@ietf.org>; mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>; mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>
Subject: Paul Wouters' No Objection on draft-ietf-drip-auth-47: (with COMMENT)

Paul Wouters has entered the following ballot position for
draft-ietf-drip-auth-47: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-drip-auth/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I'm a little puzzled why this is an IETF document. It feels more like a [F3411]
extension ?

       Therefore specification of particular DNS security options,
        transports, etc. is outside the scope of this document

I understand transports being out of scope but not DNS security options? If
pulling key material from DNS, I think one should call out DNSSEC, or even
mandate it.

<atw>I believe the back and forth with Med has answered this for you.</atw>

Regarding 3.1.2.2. UA Signed Evidence

I don't understand why unpredictable means evidence? If I observe someone elses
unpredictable sends, can't I just retransmit those? Unless the signature
contains "live data", I can't tell it is a not a replay. I understand the two
timestamps and location/vector data are supposed to limit replays, but if those
parts are successful for that, I don't understand why an unpredictable
component is still needed. Also, what is unpredictable? I think a KDF with
initial seed of "Paul is crazy" produces a seemingly unpredictable stream, but
to those knowing the seed, it is totally predictable.

        signing data that is guaranteed to be unique, unpredictable and easily
        cross checked

How does an IoT device do this? These famously do not have strong random
sources? If they do, would they need to use a construct similar to GCM where
part is a counter and part is pseudorandom to ensure the uniqueness without
needing to store all previous "unpredictable" (aka random/unique) data?

<atw>
Under F3411 there are no spoofing protections. You get a MAC Address and a block of data, that is unsigned (when not Authentication) and unencrypted. If someone chooses to retransmit your Location Message and switch your location, Observers are none the wiser, especially if the change is still in the Observers RF range.

Part of DRIP Authentication is this protection against spoofing (or at least the detection part of it). Wrapper directly protects the data signed over (changing the data in the Authentication would break signature). Manifest is a detached signature on the data being protected. The Observers collection of hashes would start to reveal that some aren't in a Manifest (since changing the data in them would change the hash).

Under F3411 Observers can see that data might look suspicious but has no means of determining which set is the real one in an interspersed data stream. It forces the Observer to mark everything from a given MAC Address as suspicious and leaves it to external systems (like humans) to figure out which one is the fake.

DRIP provides, directly in the Broadcast RID stream itself, the deconfliction of the suspicious data from the real [trustworthy] data. The Observer should still consult an external system to confirm, but the initial classification is far more obvious.

At least for the UAS case, using the existing F3411 messages with live data is enough to satisfy the requirement to be unique, unpredictable and easily cross-checked. Unique in the combination of latitude, longitude, altitude and timestamp; unpredictable in the exact precision of the combination of these values in the 4D space (especially if the UA is moving), and easily cross-checked with other data sources (such as visual observation).
</atw>

        If an attacker (who is smart and spoofs more than just the UAS
        ID/data payloads) willingly replays a DRIP Link message, they
        have in principle actually helped by ensuring the DRIP Link is
        sent more frequently and be received by potential Observers.

But it would have spoofed its time and location of another device? I would
not all that "actually helping" ? This paragraph confuses me.

<atw>
This particular paragraph is explicitly about the retransmission of DRIP Link, not any other messages.
The DRIP Link carries a static payload. A retransmission of this message is advantageous to the actual UA and the Observer as the data is sent more frequently.
</atw>

Why are there colour codes? Is that an aviation thing?

<atw>
This is taken more from a general symbology perspective. We adapted some common colors for "hostile", "friendly", etc.
See this as a point of reference we found later: https://spatialillusions.com/milsymbol/docs/milsymbol-2525d.html<https://spatialillusions.com/milsymbol/docs/milsymbol-2525d.html>
</atw>