Re: [Drip] -auth issues/comments
Stu Card <stu.card@axenterprize.com> Tue, 01 August 2023 03:31 UTC
Return-Path: <stu.card@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B143BC1519B3; Mon, 31 Jul 2023 20:31:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aZmH_1Y6NyDc; Mon, 31 Jul 2023 20:31:32 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2118.outbound.protection.outlook.com [40.107.243.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A73A6C1519AC; Mon, 31 Jul 2023 20:31:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Yn6BBEUrE9LQhotyT8XUCQkE41t+yL/SgGV9yAJrMtpFVWJMV5EkwoXGNK7BE512su/D0GfMLemUcXsF4agH0cJltqjpomLOM0TbMGPByKqo0DI1H7xy0UhHmO+vufifSxfHW89lqdpR/ukN3Y83970LqMjbWPWGAhQlyS1xtuNFHuob004nw8lRTnwQfeyeZHXIovV4wDnkFaA4poKWhlhjaFv7myMQoY9FrPRTrZ1GKXB+NUSrORC8ry6tf4DVSMdHcA2YF3gXOWC/NN7PZJkfB1u8DKSMnkzQ9rARJG6CESXEpj1wq9+raY7GANDLlWWNHbO6sPC63saVB4hRdw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ed8chHQA6keTkhVkSO6cWo5xLDDeo9dGWssDaGTzoXM=; b=k9DdBW+zpCDhhFIAwvzxlKQlGE/H/mDg1MSbEKL31e1XAuyMPRUsFpK2/R7R3r7toc30o7FXva0XWp+qclxKsJQH4wuqr7rGGbRGcaadzjN9v0WFNweT6N8OAcsvQa55z0NFyVhKuG1KHt4GVsiyH9iXnHFLiptVTsINeMMVuIY8Y6SiLXrddRQ1bON04flTCX/ef8bdDhdrcLlf7dFVf2ew+A7g3m++BGrEiGtW3t1avdnXoATa+VKh6CPZPZDOjDJSWRimq/5PAtm+/4w2WeVP+XjFugJ55OigCetqwrDROuHVMHbSeyNppmiNeeAcwZ+GLGKTkMRprZD9OUAtmw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=axenterprize.com; dmarc=pass action=none header.from=axenterprize.com; dkim=pass header.d=axenterprize.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.onmicrosoft.com; s=selector1-axenterprize-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ed8chHQA6keTkhVkSO6cWo5xLDDeo9dGWssDaGTzoXM=; b=HVhC770hGuMUexs1gEGptHhP+/lmFuGCSwaoqSNylcID0wDQgolwJr9ATsTQCMOiueLMHpcVjO8o1GoeFz59O0OcCwuQsl+DVpCZXQFLh7zKLIiYV/GLtZ+vEr143zNtyRFUIWan7as2w2Uw32vaQNUYh6idx5RrSNUYmb5780o=
Received: from MN2PR13MB4207.namprd13.prod.outlook.com (2603:10b6:208:39::22) by PH0PR13MB5519.namprd13.prod.outlook.com (2603:10b6:510:12a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.44; Tue, 1 Aug 2023 03:31:28 +0000
Received: from MN2PR13MB4207.namprd13.prod.outlook.com ([fe80::3ecb:3b9f:c899:924]) by MN2PR13MB4207.namprd13.prod.outlook.com ([fe80::3ecb:3b9f:c899:924%5]) with mapi id 15.20.6631.040; Tue, 1 Aug 2023 03:31:28 +0000
From: Stu Card <stu.card@axenterprize.com>
To: Adam Wiethuechter <adam.wiethuechter@axenterprize.com>, "draft-ietf-drip-auth@ietf.org" <draft-ietf-drip-auth@ietf.org>
CC: "tm-rid@ietf.org" <tm-rid@ietf.org>, "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Thread-Topic: -auth issues/comments
Thread-Index: AdnDsKqoXxuKJcNySfaq2EULn+5EywAW9T0mAAbwU5Y=
Date: Tue, 01 Aug 2023 03:31:27 +0000
Message-ID: <MN2PR13MB4207623077B02BD69F999041F80AA@MN2PR13MB4207.namprd13.prod.outlook.com>
References: <MN2PR13MB420702588612743231D8BFD6F805A@MN2PR13MB4207.namprd13.prod.outlook.com> <DM6PR13MB24449FCA18999BF6BC76F2C3880AA@DM6PR13MB2444.namprd13.prod.outlook.com>
In-Reply-To: <DM6PR13MB24449FCA18999BF6BC76F2C3880AA@DM6PR13MB2444.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=axenterprize.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR13MB4207:EE_|PH0PR13MB5519:EE_
x-ms-office365-filtering-correlation-id: 28085ebd-14a9-4a56-edf0-08db923fca43
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: t9sGQvNmGJ/jo+hKC79XjSdixP/aguDlUy01k0lFPgSbIDxKdudStj0k4NIdCEmTPji2kpge0Eqlt6d9W0XmlTql6zFAMAp7H1qhQRxEgN2FvG5iUavaRvZsZWh3cJP+DCsJyDa1a2IW9jneZCjrhcFWvFEhyLAUtl6mFHveSHHIgLplEEr4OedFmIr3IV5BN5Eo+9Y+st1RE6E0KzyE7cnxq1PjHW1SBdf5+e8NOB8f1j83lJKH8wPVuHFWD3N7UprDxFYOMv6qbCUH8RuwQ5tohO2VCv3O3BIl0alxpRIOGSFGmWSi3XGkVH3cNtPsEuNugu3006syrX+QopqQhlrTQUyvJFlpkM5qwmKYdqvO9H7CAUOPGHN1vQkMGAtilni7ZMLVxpmssKovFCX3RWO5UGCXOZjJng7nMPNKVIrOT5nJxNhcMyB44ZkhKdkJZFMRiaLoOpOEDALNx/HrYAADf5zVnbSkNA3q9F1+cTLPMWBHB0unM4oF71vn14D6TLagTbahEsxPdj4Y0wdk0n2xW7cCcDFbJb5AOzuLFGZUgZq/aD4EDi2oR3z9UYaUGLdzYx49gohpxtDOZufsOf+AGaIvCcDLanRcebdO0Og3G37t50XneJPnElZvV31IHhABaIc7GrfUyCqb7Nw7cA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB4207.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(346002)(136003)(376002)(39830400003)(366004)(396003)(451199021)(38100700002)(71200400001)(186003)(26005)(2906002)(86362001)(83380400001)(55016003)(53546011)(6506007)(33656002)(316002)(4326008)(19627405001)(76116006)(66946007)(64756008)(66446008)(66476007)(66556008)(38070700005)(966005)(9686003)(7696005)(41300700001)(19627235002)(110136005)(54906003)(478600001)(45080400002)(166002)(122000001)(8936002)(8676002)(5660300002)(44832011)(52536014); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ckcs3qFAbR01UZCSipD1eTwbm9JosvDGc7VPliU5Wyozl89VcMUwmclrtUTrLluVP2iQHKralZZj/G1iz8mEQ7/F74xdHOkUROXM8Khv/DFTXbvj35xCV76VkAw7BgbRPPkldO++/qY2r/wHGi8UoqULtA8j9aJwChVeaIzmGsMJbtQ0nVrrst441mViPntPif6nesmVDwUJyU0C87ys3KMayFCCGXFnTSvGVKpUnEUFj5BCf5pPrOwTkkeKUg5lsV2YY18sUUtRtkadYhIZlJqsx4BmDE3lDJeQLKt1RrNpfQy5+ni2UGKrWtg7qvaUmV7w7JwqekjSNESPHAiPc/RKLsNTTNR19BP5a5tc7Os2YVQI9cD0o0hf9/tvvrTOrDBG4DmCEhgul63TZCRA7UnJCI3wYkbunxMlyGE7df8go4u0QV0PoTsZxB63yT8K3lZ4la/lkhWzxKtkPF6adfVyjKGI9d7rDdToznxbCcX2oOxcnZyRSY0pkRHxoOm4jjMESvXtw73xf89ypA+dFJytdBlgohmWydjXiQU+c0faucURgV860vBQVR2flIW8VdO/ARCljA8vhznEkBLug+OcuHguA3tNpJLlf7HlcKxV+0+LjQRyM8nlvCE3lTlcN1uaCf4SxRmO0aO1BNIKRy8sZP2fwp1P5t/4j/oWecc0lcESiLi+lrooEQ/3ICtBls2Sd6OE+YlXB0jbyeBC+4qrkiZS/YDmPl0B4j+66oT9Un3ME/JCt1axsHLLPRdhMSMgESVTkt3xbjh33DCuAVBbes74kDmPodtQPecIlYQE1ECDAyBbXYtZ7i9fUMw7DnmVHO2jVfdWUQH0WSc6zL+CwhoU3As8jtFKBnFOsznjED+UFvdMDX3q9bZbppRjH2UGvvSWpkmu+eiJQtNN6msL7snUnHT0eVrgx5RjX5pCR6zlfOQacKXBBEVQ/0GjdA7KCmWQrVAZxCy6yb1wvJMgpjAS7InuMeZxgx+C6cIb5JcyZokFmqWnCQSx32OikBbTySwjssVofy/P+rpz6MqwMvi7BGkY9lJcWXFM0KIGdaP3FSXqG7wy3oGztcMMaTJ/PuZyHrvGDO0yP/PMLcS8vQBTfE6ChPbgFpfbrGubA8wrMhc3j3/bpd1eMwlxWlxuMutmm6A7G9UpUdoToqog7ZGxACeQpXnj2zoMp94Xe5ThR6jNTiEhRyRXMK1p7viGjq39/F+ARj+L7DYwpOPRFb0oHRaJkr17a3/sBv0s3OAhK7CA8FiadpvrkQdRpgfPh8/gjvDEQFXLuokNMcw2k+CyucA2DW96zYEp8l9SuGAfUZDQC9I637GplDIDLsGQsBzVzuzdgJMpMQ/OK1CtNnGQjYsFzvRIbR2BDtaRZDtUNBY104Ehv+jg31FgoZcpjZTv6K0HNZ7k7QNLmXKifU1Lay1KYZ53up9Sz1cTRXdlt/C2UYaZF1i/fRkiJnj7gwcBEAhMAM1QLA7WpQhV/trGjPQsaOLT2JBUyxILh+Z1D51MOzFFlmEKL80EPZA65/AMSPAERjhfH0KI5XB+lGT+f5Qar5MGTWf1pl18u9Y99J2oqIR27cPLl6AdeuzKDPegA9NTnLK5cjV0wpCK3cb/OCfXwaWKsgUdD5o=
Content-Type: multipart/alternative; boundary="_000_MN2PR13MB4207623077B02BD69F999041F80AAMN2PR13MB4207namp_"
MIME-Version: 1.0
X-OriginatorOrg: axenterprize.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB4207.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 28085ebd-14a9-4a56-edf0-08db923fca43
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Aug 2023 03:31:27.7005 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 00ad0178-ead0-441e-96ff-0c72baf3a6fa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TEZTmwv0t9xnn6lZL3CRJ9WtWhsBpw1TpOcbguotHO0hNfLF1+Yyrx3B8eLWFQU1KXenzR/uPFAqBcqOmzcDbgCLEefUlvBw/XMfWYVT0dA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR13MB5519
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/czEUaFn1OSkJ7dMs0Wbvj6AtZWQ>
Subject: Re: [Drip] -auth issues/comments
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Aug 2023 03:31:33 -0000
The response from ODID on #38 was merely that repetition, within latency limits, is not _prohibited_. That does not make it a good idea. Specifically, the ODID response does not consider potential impact on tracking algorithms. Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Adam Wiethuechter <adam.wiethuechter@axenterprize.com> Sent: Monday, July 31, 2023 8:47:36 PM To: Stu Card <stu.card@axenterprize.com>; draft-ietf-drip-auth@ietf.org <draft-ietf-drip-auth@ietf.org> Cc: tm-rid@ietf.org <tm-rid@ietf.org>; Eric Vyncke (evyncke) <evyncke@cisco.com> Subject: Re: -auth issues/comments I already posted the 5 issues to the list for comments [1] with only a single response from Stu. Thanks for bring this back up to the top of the stack. Bob has commented on Issue #35 (on GitHub itself) saying what is there is fine, perhaps a bit string or hex representation can be added to avoid any errors. Also, a comment from Bob on the informational note to be clearer. I got a response for Issue #38 [2] from ODID. [1] https://mailarchive.ietf.org/arch/msg/tm-rid/ct1i7y0RxMg2axhsCMXkxMMOh_0/ [2] https://github.com/opendroneid/opendroneid-core-c/issues/71 -------- 73, Adam T. Wiethuechter Software Engineer; AX Enterprize, LLC ________________________________ From: Stu Card <stu.card@axenterprize.com> Sent: Monday, July 31, 2023 11:19 AM To: draft-ietf-drip-auth@ietf.org <draft-ietf-drip-auth@ietf.org> Cc: tm-rid@ietf.org <tm-rid@ietf.org>; Eric Vyncke (evyncke) <evyncke@cisco.com> Subject: -auth issues/comments There are 5 GitHub issues still open. Most don’t even have any comments from anyone other than primary author Adam. Issue #35 is the cSHAKE string. Bob? Issue #36 is 1st manifest’s “previous” hash value. Choice 5, random nonce, makes the start of the sequence unpredictable, giving attackers less time to brute force a forged signature on a bogus manifest forking the chain. Bob? Issue #38 is duplicating or updating messages when transmitting at a higher rate than required by the rules. My preference is to avoid duplicate transmissions of the same data, as such would require filtering on the receive end to avoid confusing tracking algorithms: just processing dots would make it look like a moving aircraft was hovering for a second, then teleporting to the next location, then hovering for a second, then teleporting. Of course, the filtering would be trivial, as Location/Vector messages have time stamps. Tracking would still be improved by more frequently updated data. I don’t remember what the implementation difficulties might be. Adam? Issue #39 is the SAM code points. We believe we are getting 1 through 4 inclusive, but do not have official confirmation. Bob says Eric says he is hopeful for August. Issue #41, Adam has reported as fixed in a commit to -auth-31, which will not be uploaded to the Datatracker until more (hopefully all) of the above are resolved. We should ensure that this draft is otherwise 100% ready to go now, before we receive official confirmation of our SAM codes, so… I strongly encourage everyone to review the 2 area director reviews in the Datatracker (which were of a much earlier version) and current version -30. Thanks! -- Stu
- [Drip] -auth issues/comments Stu Card
- Re: [Drip] -auth issues/comments Stu Card
- Re: [Drip] -auth issues/comments Adam Wiethuechter
- Re: [Drip] -auth issues/comments Stu Card
- Re: [Drip] -auth issues/comments Robert Moskowitz
- Re: [Drip] -auth issues/comments Robert Moskowitz
- Re: [Drip] -auth issues/comments Stu Card
- Re: [Drip] -auth issues/comments Robert Moskowitz
- Re: [Drip] -auth issues/comments Eric Vyncke (evyncke)
- Re: [Drip] -auth issues/comments Robert Moskowitz
- Re: [Drip] -auth issues/comments Stu Card
- Re: [Drip] -auth issues/comments Robert Moskowitz
- Re: [Drip] -auth issues/comments Adam Wiethuechter
- Re: [Drip] -auth issues/comments Eric Vyncke (evyncke)
- Re: [Drip] -auth issues/comments Stu Card