IETF Logo Mail Archive

Re: [Drip] Paul Wouters' No Objection on draft-ietf-drip-auth-47: (with COMMENT)

Robert Moskowitz <rgm@labs.htt-consult.com> Fri, 16 February 2024 15:02 UTC

Return-Path: <rgm@labs.htt-consult.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F937C14F6A6; Fri, 16 Feb 2024 07:02:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.209
X-Spam-Level:
X-Spam-Status: No, score=-4.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CeHlVAoEaXUH; Fri, 16 Feb 2024 07:02:41 -0800 (PST)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECA12C14F5E5; Fri, 16 Feb 2024 07:02:40 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id 7B1B962574; Fri, 16 Feb 2024 10:02:04 -0500 (EST)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id e4ujfb1zXYYT; Fri, 16 Feb 2024 10:01:57 -0500 (EST)
Received: from [192.168.160.29] (unknown [192.168.160.29]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id B556C62434; Fri, 16 Feb 2024 10:01:56 -0500 (EST)
Message-ID: <44cf8907-7cd6-4922-8493-66416289d730@labs.htt-consult.com>
Date: Fri, 16 Feb 2024 10:02:26 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Paul Wouters <paul.wouters=40aiven.io@dmarc.ietf.org>, mohamed.boucadair@orange.com
Cc: The IESG <iesg@ietf.org>, draft-ietf-drip-auth@ietf.org, drip-chairs@ietf.org, tm-rid@ietf.org
References: <DU2PR02MB101609FA44EA95A22D144DE72884D2@DU2PR02MB10160.eurprd02.prod.outlook.com> <090F3466-02A5-4D44-AE4C-EE333B9ECD90@aiven.io>
From: Robert Moskowitz <rgm@labs.htt-consult.com>
In-Reply-To: <090F3466-02A5-4D44-AE4C-EE333B9ECD90@aiven.io>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/_lGEQR7bsH-OYOTsq6kV6kjF3eU>
Subject: Re: [Drip] Paul Wouters' No Objection on draft-ietf-drip-auth-47: (with COMMENT)
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Feb 2024 15:02:42 -0000

ASTM F3411 defined the Authentication messages but punted the actual 
content to others.  They did not / do not have the expertise to do 
this.  They DO show how an Internet-based validation service could work; 
but it has holes.

So Yes, it "fell" to the IETF to do the heavy lifting to make this 
available to the aviation community.

ASTM F3411-22a actually references the DRIP work (and Qualcomm's IEEE 
1609.2) as registered Authentication methods.  A year ago, I was 
consulting one EU cellular company on how they could get their approach 
approved by the F3411 experts.  Nothing has come from this.  I got the 
drift that senior management felt they would have to expose too much of 
their "secret sauce" to get approvals.  And no way to make billions on 
the effort.

With all due regard to others that have worked on trust for the UA 
Broadcast Remote ID, only the DRIP works is complete and open.  Here we 
have that open, peer review, that keeps us focused on all the nits.

Bob


On 2/16/24 09:03, Paul Wouters wrote:
> On Feb 15, 2024, at 06:09, mohamed.boucadair@orange.com wrote:
>> 
>>> I'm a little puzzled why this is an IETF document. It feels more like
>>> a [F3411]
>>> extension ?
>> [Med] The WG discussed that issues in "Explain why it makes sense to define an IETF extension to a scheme that is defined in an external body (ASTM)" (https://github.com/ietf-wg-drip/draft-ietf-drip-auth/issues/2) and the justification is recorded in the draft:
> It justifies why a standard and registry is needed. It does not really say why the IETF should be that body. I just noticed that the entire document is basically about non-ietf protocols.
>
>
>>> I understand transports being out of scope but not DNS security
>>> options? If
>>> pulling key material from DNS, I think one should call out DNSSEC, or
>>> even
>>> mandate it.
>>>
>> [Med] DNSSEC is called out in the sentence right after the one you quoted:
>>
>>    [drip-registries] is the main specification for DNS operations in
>>    DRIP and as such will specify DRIP usage of best common practices for
>>    security (such as [RFC9364]).
>>
>> Do you think mentioning of RFCs 4033, 4034, and 4035 is better than BCP 237?
> No, BCP237 is the right quote. But perhaps remove or reduce the sentence so it doesn’t exclude dns security options and then references something about dns security options ?
>
> Note that these were non-blocking comments. The authors are free to choose to take no further action on this.
>
> Paul
>

v2.23.0 | Report a Bug | By Email