Re: [Drip] Roman Danyliw's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT)
Adam Wiethuechter <adam.wiethuechter@axenterprize.com> Mon, 12 February 2024 17:28 UTC
Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BEC4C15154E; Mon, 12 Feb 2024 09:28:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mf8Uy_0pTiHJ; Mon, 12 Feb 2024 09:28:47 -0800 (PST)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2121.outbound.protection.outlook.com [40.107.237.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FB5CC15155E; Mon, 12 Feb 2024 09:28:40 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=frmu9cLmhtl77ds80CKLWH2G+BPktEfxf3uBWaghk9XyI8szSoGeFjIZErcRNsgRYDNLoQPtIBvSbS4RLIt01QDXKFS+UkDl/fclIzA4Z8FuYLuOXgDT3Rp0urSH6pvIL+EJHv6UdoG+J/OEZmamyTwlnQYhs3k1MH1zivR18vzFALYFNyiPBAAUXFdXIlJXLF7ddiWFEWKA01Vz1E6nmU1Uzjt2L32+2aPaewiw8PcXy9xGvsGgqPl9q2OOrVP0PxX9qQGkoUU6Hr2oPVMbZSsQWYsX6JH/QBUZdbDVAAMRZtlJ6scVONqewMIDfUARmEREYpa56qBejuoD5x/Fnw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iBC0JRV0MdT+Z6mOjgJ918ZLHeH48SAv8gVaBkuV22E=; b=Xgepf4vxIFtadWORdz2LcHeGc2pCQ4GOt60GrXEftZtbrHdO1QgezKA1C/rdPBI5B6MPLS+e+HYjZWdz81N/JT3MU0it1RKZ8G9sBk8l2e/t+YKc6zZ6e98ADem9iDKJb0qzqR8Ydvl30cGST3mF2UjAU5PuDCYZ1Wf/rnhURoKCu7talITF53KTbNStPKDGrTJOOe0Ir+2Qe2/iMIGzAj+ktdY4eg1fIdKbrZzP4RwYy0hJVgDFLp9V8TNH3a0iNWG28h8EXgmoczOSVaw+YgHu/0K2+LVjSwpQ3NFRC06k/vdoggDBVDo9xNmWU+1wWWVk/6tioxILrF/huxyczQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=axenterprize.com; dmarc=pass action=none header.from=axenterprize.com; dkim=pass header.d=axenterprize.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iBC0JRV0MdT+Z6mOjgJ918ZLHeH48SAv8gVaBkuV22E=; b=Qp1pZrjYQDnOSP1cEwysbIUHRoqks7etuEDfWrUX2Qthph+VNNHnG+HPM4xigAm9cX270JbFDLi1IIqSd7Jg2Ckp1A0cpaegQy74mvbgw5sxIUpjZetOiXfpsO8E+iOPIxFXv9Queyy43j9MU2h07kxkHy/cjaqwhdn9hEgb5Dc=
Received: from SA3PR13MB6515.namprd13.prod.outlook.com (2603:10b6:806:398::14) by MN2PR13MB3806.namprd13.prod.outlook.com (2603:10b6:208:19e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.38; Mon, 12 Feb 2024 17:28:35 +0000
Received: from SA3PR13MB6515.namprd13.prod.outlook.com ([fe80::f7a1:2341:828e:57c4]) by SA3PR13MB6515.namprd13.prod.outlook.com ([fe80::f7a1:2341:828e:57c4%7]) with mapi id 15.20.7270.033; Mon, 12 Feb 2024 17:28:35 +0000
From: Adam Wiethuechter <adam.wiethuechter@axenterprize.com>
To: The IESG <iesg@ietf.org>, Roman Danyliw <rdd@cert.org>
CC: "draft-ietf-drip-auth@ietf.org" <draft-ietf-drip-auth@ietf.org>, "drip-chairs@ietf.org" <drip-chairs@ietf.org>, "tm-rid@ietf.org" <tm-rid@ietf.org>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT)
Thread-Index: AQHaU9MOynDBf8LwOkGwS4/uKm2zJbEHBvbt
Date: Mon, 12 Feb 2024 17:28:35 +0000
Message-ID: <SA3PR13MB6515C6647BE1CBF60F65C31D88482@SA3PR13MB6515.namprd13.prod.outlook.com>
References: <170665688667.23845.5919803555617020353@ietfa.amsl.com>
In-Reply-To: <170665688667.23845.5919803555617020353@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=axenterprize.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA3PR13MB6515:EE_|MN2PR13MB3806:EE_
x-ms-office365-filtering-correlation-id: 18b09466-2273-40f4-b011-08dc2bf00adc
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4lY8H8HJS94k5wx/5HfVrHTwKW5iML0UCYwNHVIb+0maB5gDP6WzkTY6OeTkPBvrlKBnV1C1EvFywqq9hPT2p4/e312x3vw0Mppr6vH3WAZ+Vcqv/JI151auZhs4ZWWTOwRw/qZuEQ7QQNyJd0MciyleBXsXQFYdE7r4OTygPSE7CXgbdPqdhJsl4m1WHkRhe282lBd1j9DW/aFkI9pQEQ5Lq+W/1Er/4W6j6vemZvUmzFmU+KP2r2YM3d3G3fE3LW67JQ4PtYlkEoAn1mvo3yDXFL2Is+pN3BlE4UpL0SOhf7lveb0cqAqyWqIHZGhRZ4VlDwBV+6uVI57gDD0Q7A62QDxWSzs7c/RGne1nhAhUtfJALuJaCln6Kt6ar6+XeYToWZlsN3RKc/Dls4H1np8CKYXIe7BxDYiLfe0xOFS8JBV8VScf8C+4TYQ+Br9s97bF8DzHohFYl5Tzt04rAVatcO0ZkLnE7f+oN//5j43h8/7Dfn9VfNdSeJBES3XPbtCO7tvJd8NFJ8ZOsEo4Ncx8J3bPIZ7d7O7dWdpQrUICPja36pDPKQBU8iA3pQnX8daDsQmsQZeEPKopsaMZwYku/IXy/OhflqnctLLQZS0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA3PR13MB6515.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39830400003)(346002)(396003)(136003)(376002)(366004)(230922051799003)(64100799003)(451199024)(1800799012)(186009)(44832011)(19627405001)(2906002)(55016003)(26005)(41300700001)(478600001)(30864003)(4326008)(966005)(110136005)(91956017)(5660300002)(9686003)(71200400001)(7696005)(53546011)(54906003)(76116006)(66446008)(52536014)(8936002)(66946007)(64756008)(66476007)(66556008)(8676002)(83380400001)(33656002)(38070700009)(86362001)(316002)(1015004)(6506007)(38100700002)(122000001)(166002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: xmDgHG5/bUYCAy1nnFpFwnR4W33wfyjvEmZeHsE59s3frdysb5s7LnhvAZLySUiwt7HTT50b4O6lB8bsOwhi/P4b/YediVxcK2x3E3d9LMEsWhdDBruaK3/+slGXsDCJtY5gtWhI+reV/E6ssZbTX05SaP4KJo1tJJPgxVbXJlumBatvd9tP6yRn6db53ZFHyZKFn/DCBZpyBNurI75UvMH015WiHubIIUfhjwEHst0SxlYnKpLGHmWZwtD3jgL1ADjgsVPIHb+h9zwjp6zwR2FW/20fZlVo35uR+sWDYUIWA1unhKuuuBt02SOnwLDEnGYBmiH25mFLM8W1YQsIKwRPCayxWRWd5MihGgtJA6wFT2nPKCctBsFcb3sjEa8HRliAEGWOfsxqEvyKpXtgvsjU9ofyo+mr5qS5v5hRSyapTvdqQjMtUMI6/k5z5lBwdH+THZ067YOSdrSn0nXACSzRP9PWAjk5hDzGFM5EMrGraqpee3lAV2Wz/49udcdm4s3NinKA/W9TZ2UZLVm2vupp3JFdxDzoLdUpT6NeNfG3x12P8NXII+z5YgPSbS1TJSe7NPwhr+gktsh7ryE1m1ZbiQcze9bpGlpaB/n18qdyYE1+PKWKnJDvvk9DwPtwHfTe4icL1uetSv/uVTpWqXy9cYSoNawd3agc9yuJjIPwcKJ4QNuzpj/dG/MGv75r7sKEPjLl+7vKHIqzgupqoU7f41mKXHkt0wSkDrUoxlgnvDFjUXzjUY4NgOzANSCHYO8aVu8WpsLW0R5fEUHCbDfA2KpZk0atWUGzlQCQVHNht7XTCTDQv/Q4J1B1LDvp75ZA2eAOl5h7DJwSXA7pUf/OKWvzJOfGcxIJa7alVBsWGCwjsTTpG2fWtMKXyAn7HNvjDn+IMx9cYWA8W/IL6AjXG2NUe0AqRKQa6uvX5zSRMTNy3toUiAlXE9LULKT/DTNUAp4J1y4v3OssVuI8UH78vx8UfOnaYFAGrhwrlsrLPZxi+BwuwH2AVWL/ICG4rPeFTxEnkFtAHUmahV9KNvWs4H3SOKak5hNQJFy8Jttro7yAeZqXZKHL1yMMHCPPA5Y6SErNaPe6iJWyDoxDxpSeXS5pGVbyOqaTxdac4OjOVkxVQRg/Bzqv+JRWKlqD2vqTMEujl44ricQ4/J5F0WCiUEiRl+jUIlcwnoAvVIPU2TCFYKfSRq7Z9buzUrIbSb+/+fsYm3OP2wWxMi9+wiMNJwt7H+Cb4Os0E1uAhH0RWyAJiXGE+oa4XR3jfYCK6AImj9sLLz4f+BevGkRavbEfoN1IFV2HBOoezuybhJ8wiNgAlCCfYUwqNzlzFdWOdUiMgs5mt/8i8I/fWfOtqtY4Xq/tZbnEhFMht/C8bfrj3AZx1O0cfJKKyaFlw90+gOS/rsttrIWelBhz7IkfNQxFMVdsbyvH11fE95ozZbe++ewmL0dFPUIpUkUR5QnHHdBZRGFsrOazWcoNQgrIeOqLvw9c3/SLPazV8D8PV/9CioWqfZbxh35jv/57VInZOsYz6AluKTyG2wOVLorsbjkmfpHNbRz5bFXu1vMlbA2r2p5mrcqsCKzKxGOgtVAr/wUcGH6fldTlGad/X3R0jA==
Content-Type: multipart/alternative; boundary="_000_SA3PR13MB6515C6647BE1CBF60F65C31D88482SA3PR13MB6515namp_"
MIME-Version: 1.0
X-OriginatorOrg: axenterprize.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA3PR13MB6515.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 18b09466-2273-40f4-b011-08dc2bf00adc
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2024 17:28:35.3444 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 00ad0178-ead0-441e-96ff-0c72baf3a6fa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tYTFTBtI1NA5Wfo/AN2On7yZjKpbs3Pkzz928yTlJAmnB7t4+v7l0uL3Ri0MigCa22JScUJv/v0S6nK6cqRZEJPKwIIr2v16XKBAEF9OoOgt/MfZSgBwGeICrnFSPMQ0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB3806
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/dbQxprFfLt6n8xPdpMlX8r4hTXg>
Subject: Re: [Drip] Roman Danyliw's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT)
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2024 17:28:51 -0000
Hello Roman, v47 is now out with changes directly related to your DISCUSS and COMMENTs. I have responded inline, once again, with the explicit changes made. Thank you again for your thorough review. -------- 73, Adam T. Wiethuechter Software Engineer; AX Enterprize, LLC ________________________________ From: Roman Danyliw via Datatracker <noreply@ietf.org> Sent: Tuesday, January 30, 2024 6:21 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-drip-auth@ietf.org <draft-ietf-drip-auth@ietf.org>; drip-chairs@ietf.org <drip-chairs@ietf.org>; tm-rid@ietf.org <tm-rid@ietf.org>; mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>; mohamed.boucadair@orange.com <mohamed.boucadair@orange.com> Subject: Roman Danyliw's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT) Roman Danyliw has entered the following ballot position for draft-ietf-drip-auth-46: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-drip-auth/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- ** Section 4.1. I missed something very basic. Where is the signature algorithm that computes the value of “UA Signature” defined? <atw> Added the following line to the UA Signature definition: "The signature algorithm is specified by the HHIT Suite ID of the DET." </atw> ** Section 4.4. (a) An Observer who has been listening for any length of time MUST hash received messages and cross-check them against the Manifest hashes. (b) A receiver SHOULD use the Manifest to verify each ASTM Message hashed therein that it has previously received. -- Per (a), Can “any length of time” please be qualified in some way since there is normative behavior specified? -- These appear to be similar statements, but one is stronger than the other. Doesn’t (a) require a check, but (b) is only strongly recommending it? They should be consistent. <atw> Issue B is resolved as they are both now MUST. Issue A is resolved with the following text change: OLD: An Observer who has been listening for any length of time MUST hash received messages and cross-check them against the Manifest hashes. NEW: Observers MUST hash all received ASTM Messages and cross-check them against hashes in received Manifests. </atw> ** Section 4.4.3 For OGAs other than "5" [RFC9374], use the construct appropriate for the associated hash. For example, for "2" which is ECDSA/SHA-384: My understanding is that cSHAKE128 must be used as the hash for manifest hashes. However, this text is introducing the possibility of other OGAs and associate hash algorithms. When would they be used in a DRIP manifest and how would one know they are in use instead of cSHAKE128? <atw> OLD: The hash algorithm used for the Manifest is the same hash algorithm used in creation of the DET [RFC9374] that is signing the Manifest. NEW: The hash algorithm used for the Manifest is the same hash algorithm used in creation of the DET [RFC9374] that is signing the Manifest. This is encoded as part of the DET using the HHIT Suite ID. </atw> ** Section 4.5. What should an observer do if such a frame is seen in the wild? <atw> >From Section 4.5: OLD: The content of Frame Evidence Data is not defined in this document. Other specifications MUST define the contents and register for a Frame Type. NEW: The content format of Frame Evidence Data is not defined in this document. Other specifications MUST define the contents and register for a Frame Type. At the time of publication there are no defined Frame Types other than an Experimental range. Observers MUST check the signature of the structure (Section 4.1) per Section 3.1.2.2 and MAY, if the specification of Frame Type is known, parse the content in Frame Evidence Data. </atw> ** Section 6.3 4. MUST: send any other DRIP Authentication Format (RECOMMENDED: DRIP Manifest (Section 4.4) or DRIP Wrapper (Section 4.3)) where the UA is dynamically signing data that is guaranteed to be unique, unpredictable and easily cross checked by the receiving device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5 seconds Thank you for the clarity of the UA behavior provided in this section. This bullet needs to be refined. It starts by saying “any other DRIP Authentication Formats”, which I took to mean all those in Table 2 other than Link (to include future ones registered in the corresponding IANA registry) need to do something (be sent once per 5/sec). However, there is a “RECOMMENDED” parenthetical which is a smaller number of messages. Which is it, all non-Link messages, or only those in the recommended list? <atw> Section 3., paragraph 1: OLD: 4. MUST: send any other DRIP Authentication Format (RECOMMENDED: DRIP Manifest (Section 4.4) or DRIP Wrapper (Section 4.3)) where the UA is dynamically signing data that is guaranteed to be unique, unpredictable and easily cross checked by the receiving device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5 seconds NEW: 4. MUST: send any other DRIP Authentication Format (non-DRIP Link) where the UA is dynamically signing data that is guaranteed to be unique, unpredictable and easily cross checked by the receiving device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5 seconds </atw> ** Appendix A. If this appendix is informative, normative language should not be used here. <atw> A singular MUST was removed. </atw> ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Rich Salz for the early SECDIR review. I lacked access to [F3411] which is a critical normative reference for this document. In particular, I am unable to evaluate Section 4.3.2. Some of the above DISCUSS may be related to this lack of access. ** Editorial. “Sanity check” is used throughout the document to describe some validation activity. Please consider replacing this phrase with a more precise expression. <atw> Throughout the document the term "sanity check" has been replaced with "validation" as appropriate. </atw> ** Section 3.1.1. Editorial. An Observer SHOULD query DNS for the UA's HI. If not available it may have been revoked. Note that accurate revocation status is a DIME inquiry; DNS non-response is a hint that a DET is expired or revoked -- My initial read of the “If not available text” text was that if “DNS was not available”, not that the HIT wasn’t found in DNS. -- what’s a “DIME inquiry”? what’s makes a revocation status “accurate”; are there other kinds? <atw> The entirety of Section 3.1 has been reorganized to hopefully rectify your comment here (along with others who shared similar views). Please see v47. </atw> ** Section 3.2.1. Authentication Type (4 bits) and Page Number (4 bits) Which one is first? Does this come from [F3411]? ** Section 3.2.2. Additional Data: (255 octets max) Isn’t there more nuance to this than up to “255 octets max”. Doesn’t the size of the Signature determine how much Additional data can be present? Something like (368 – sizeof(Signature) – 7) <= Sizeof(Additional Data) <= 255 octets. <atw> This has been fixed by explaining in the definition of ADL how to calculate its value and then used directly as the size for Additional Data in its definition. Section 3.2.2., paragraph 9: OLD: Length in octets of Additional Data. NEW: Length in octets of Additional Data. The value of ADL is calculated as the minimum of 361 - Authentication Data / Signature Length and 255. Only present with Additional Data. </atw> ** Section 3.2.4.2 Under Broadcast RID, the Extended Transport that can hold the least amount of authentication data is Bluetooth 5.x at 9 pages. Didn’t the section prior indicate that Bluetooth 4.x was the most constrained? ** Section 4.2. A hash of the final link (BE: HDA on UA) in the Broadcast Endorsement chain MUST be included in each DRIP Manifest Section 4.4. It would have been helpful to provide more prose on computing and using a “Broadcast Endorsement chain”. ** Section 4.3.1. Given that Figure 6 must be implemented but it is described in pseudo-code, further clarity is needed. Specifically, this algorithm appears to be a validation check. There appears to be two “return” statement indicating failure. I’m assuming that the two comments (“//”) are to be read as validation success. If that’s accurate, please say so. ** Section 4.4 Judicious use of a Manifest enables an entire Broadcast RID message stream to be strongly authenticated with less than 100% overhead relative to a completely unauthenticated message stream Recommend pointing to Section 6.3 to quantify what "judicious use" means. ** Section 4.4.3 For the first built Manifest this value is filled with a random nonce. How does the observer get this nonce to validate the observed message? ** Section 6.4 UAS operation may impact the frequency of sending DRIP Authentication messages. When a UA dwells at an approximate location, and the channel is heavily used by other devices, less frequent message authentication may be effective (to minimize RF packet collisions) for an Observer. Contrast this with a UA transiting an area, where authenticated messages SHOULD be sufficiently frequent for an Observer to have a high probability of receiving an adequate number for validation during the transit. Would these “less frequent” or “sufficiently frequent” broadcasts qualitatively described above alter the quantitate, mandatory transmission rates in Section 6.3? ** Section 11.1. Can [F3411] provide more identifying information. For example, can the name of the SDO be provided. ** Section 11.1. I believe that [drip-registries] needs to be a normative reference given the importance of this reference for Section 4.1 and 9.2
- [Drip] Roman Danyliw's Discuss on draft-ietf-drip… Roman Danyliw via Datatracker
- Re: [Drip] Roman Danyliw's Discuss on draft-ietf-… Adam Wiethuechter
- Re: [Drip] Roman Danyliw's Discuss on draft-ietf-… Adam Wiethuechter