IETF Logo Mail Archive

Re: [Tm-rid] Proposed WG Charter v2

"Card, Stu" <stu.card@axenterprize.com> Fri, 10 January 2020 13:44 UTC

Return-Path: <stu.card@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5CCB8120090 for <tm-rid@ietfa.amsl.com>; Fri, 10 Jan 2020 05:44:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18m77TQ2XTkN for <tm-rid@ietfa.amsl.com>; Fri, 10 Jan 2020 05:44:06 -0800 (PST)
Received: from mail-io1-xd30.google.com (mail-io1-xd30.google.com [IPv6:2607:f8b0:4864:20::d30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFC6412007A for <tm-rid@ietf.org>; Fri, 10 Jan 2020 05:44:05 -0800 (PST)
Received: by mail-io1-xd30.google.com with SMTP id k24so2122440ioc.4 for <tm-rid@ietf.org>; Fri, 10 Jan 2020 05:44:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EZMG9GuDJNrlSeViuBWSOtuQ5x84zaXBTOaI33YvWt0=; b=ALZAcKMqrMQz/PoTUU7kjX6rEilhgXbNfwGUS40kCBusSv6tUuyYqZ4w05QSj3kDXY 4VkLA7wdHiAylBp+i1iyCBgTZ5TbrDAzQZ+4I9wGYwrpB1/x5MTmepkTRpPTtNXlSP+7 IQRJZe8Vpdc1kd12nvcQJaQWqRUvj7BJaeGLA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EZMG9GuDJNrlSeViuBWSOtuQ5x84zaXBTOaI33YvWt0=; b=IQh3V9ATIhIMP8GWBij9kJpXICO0B0OKRDhaJSUTvI/kXAofXRXzbGeRUEncrviRAD GCpszuUpI6byE0ySTe//OVNavEKCIp4cGPf0V0iyPBQ8ncKheefoAR0XZ1qyYFFtJ5jG /S+zGrnd4w3Ib1/80qC/qke+5oWdG4JAfmjnVfWZ+Yo96jBeZfHVotKTjANXsgwZFDgm OsAP2g8DCDEtGpE/ph95zcgnQP3XLn4Tikjn97x3ZtsOiaoFAOSzfGTQ8HRe7OpE/qbP 5lwWvzP1+kWur9tiL8iyi6yI1WBz1zRgW+tTae+IIksVLl1rC9JeXAQPyQQpYc8XsOWD KQHg==
X-Gm-Message-State: APjAAAXJ9u2PJfVbzuQCvBsut73bQX5mGJf6N0mZBIxV6LcUU3hn5Gff 9VXz0U9czPgpM+dCuyREbcYpNp2R0S8732SS72kQqQ==
X-Google-Smtp-Source: APXvYqw6m/2rh9ttOsQ3tyzh1JQFqSTQYZQ8lZOMgdPIZvV4bGqA5HJbGgCr5D+UlWG7RgsufvR9A+TF+vdYFqelgd0=
X-Received: by 2002:a6b:f617:: with SMTP id n23mr2397691ioh.155.1578663843138; Fri, 10 Jan 2020 05:44:03 -0800 (PST)
MIME-Version: 1.0
References: <579d29aa-e3d7-9886-91b6-46641eb1f944@labs.htt-consult.com> <5feb3288-b366-3580-0b1d-1134769bb305@labs.htt-consult.com> <22730.1575295477@localhost> <CAKM0pYPm0avmt3ULQX4j2PJC2d-f7GtjLgezQO1WB6L3uF4OgA@mail.gmail.com> <CAKM0pYM+_hxGK19Fc2NA0jFgVEiyzJfB46iWUsP7ciod=0XQNQ@mail.gmail.com> <391A6A9E-8A53-487D-AC0C-6739599EC9EE@cisco.com> <C88A276C-9973-4E7B-9264-C9EFC27DA3A8@cisco.com>
In-Reply-To: <C88A276C-9973-4E7B-9264-C9EFC27DA3A8@cisco.com>
From: "Card, Stu" <stu.card@axenterprize.com>
Date: Fri, 10 Jan 2020 08:43:50 -0500
Message-ID: <CAKM0pYMUvG6U064gxoOYKfLMpokoQjWyaRZCTaog+9yQoZLW8A@mail.gmail.com>
To: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
Cc: tm-rid@ietf.org, ryoung <ryoung@one-atm.net>
Content-Type: multipart/alternative; boundary="000000000000972ca4059bc95175"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/eZFAAUEc7YNq8YQO502goOgIASg>
Subject: Re: [Tm-rid] Proposed WG Charter v2
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jan 2020 13:44:15 -0000

I will have a V4 draft charter out today, addressing all comments received.

On Fri, Jan 10, 2020, 05:01 Eric Vyncke (evyncke) <evyncke@cisco.com> wrote:

> Stu, Adam, Bob and other,
>
>
>
> The clock is starting to click towards IETF-107 and it takes several weeks
> to create a WG. In short, it becomes really important that the TM-RID
> community rally around a draft charter that can be reviewed by the IESG as
> a first step. IMHO, the v2 will have difficulties to go through the
> evaluation if my comments below are not taken into account.
>
>
>
> Regards
>
>
>
> -éric
>
>
>
> *From: *Eric Vyncke <evyncke@cisco.com>
> *Date: *Friday, 3 January 2020 at 17:34
> *To: *"Card, Stu" <stu.card@axenterprize.com>, "tm-rid@ietf.org" <
> tm-rid@ietf.org>
> *Cc: *ryoung <ryoung@one-atm.net>
> *Subject: *Re: [Tm-rid] Proposed WG Charter v2
>
>
>
> Happy New Year all
>
>
>
> Stu, exactly one month ;-)
>
>
>
> This TM-RID community needs to work more and faster around this
> chartering. A liaison statement from FAA or other CAA or ICAO or ASTM (not
> exclusive) on this work could also help a lot.
>
>
>
> About the charter itself, it is difficult to parse as there are many
> acronyms + their expansion. Unsure how to solve this issue though (except
> like this trick[1]).
>
>
>
> The charter flow does not follow the usual one. E.g., it would benefit a
> lot of clearly identifying the work items (or at least clearly the WG
> scope). Having milestones (i.e. dates) is also helpful for chartering a WG,
> milestones are outside of the charter itself but can be enumerated, for
> now, as bullets after the charter.
>
>
>
> Citing the existing Internet drafts is also typical in a charter.
>
>
>
> To be direct, I am afraid that statement like “HIP HIT is uniquely ideally
> suited to serving as an UAS ID Type” will NOT attract consensus in a
> charter. I would suggest to have a work item to check the adequacy of HIP
> to the problem statement than trying to defend this assumption in the
> charter itself.
>
>
>
> Please continue this good work and let’s try to have more interactivity
> around this topic
>
>
>
> -eric
>
>
>
> [1] I believe that footnotes can be added to charters ;-)
>
>
>
> *From: *Tm-rid <tm-rid-bounces@ietf.org> on behalf of "Card, Stu" <
> stu.card@axenterprize.com>
> *Date: *Thursday, 2 January 2020 at 23:01
> *To: *"tm-rid@ietf.org" <tm-rid@ietf.org>
> *Cc: *ryoung <ryoung@one-atm.net>
> *Subject: *Re: [Tm-rid] Proposed WG Charter v2
>
>
>
> Week turned into month but here's my attempt. All please review and
> comment.
>
>
>
> Trustworthy Multipurpose Remote Identification (TM-RID) Proposed WG
> Charter v3
>
>
>
> Civil Aviation Authorities (CAAs) worldwide (e.g. United States Federal
> Aviation Administration, FAA), have initiated rule making for Unmanned
> Aircraft Systems (UAS) Remote Identification (RID).  CAAs currently
> promulgate performance-based regulations that do not mandate specific
> techniques, but rather cite industry consensus technical standards as
> acceptable means of compliance. One key standard here is ASTM International
> F38 Committee Work Item WK65041, “Standard Specification for UAS Remote ID
> and Tracking”.  ASTM Network RID defines a set of information for UAS to
> make available globally indirectly via the Internet. ASTM Broadcast RID
> defines a set of messages for Unmanned Aircraft (UA) to send locally
> directly one-way over Bluetooth or IEEE 802.11. WK65041 addresses neither
> how to ensure trustworthiness of RID information nor how to make it
> instantly useful.
>
>
>
> TM-RID’s goal is to make RID *immediately actionable*, in both Internet
> and local-only connected scenarios, especially emergencies, in severely
> constrained UAS environments, balancing legitimate (e.g. public safety)
> authorities’ Need To Know *trustworthy* information with UAS operators’
> *privacy*. To accomplish this, TM-RID will liaise with ASTM, CTA, ICAO,
> RTCA, *et al* and complement their standards with IETF work to meet this
> urgent need. An Applicability Statement RFC for UAS RID, showing how to use
> IETF standardized technologies for this purpose, will be a central work
> product. Other Technical Specification RFCs will address enhancements of
> specific supporting protocols. Prototypes using the contemplated technical
> approach have already been successfully flown.
>
>
>
> The Host Identity Protocol (HIP) Host Identity Tag (HIT) is uniquely
> ideally suited to serving as an UAS ID Type. A  HIT, an Overlay Routable
> Cryptographic Hash Identifier (ORCHID), is derived from and compactly (as
> an IPv6 address) represents a Host Identity (HI), a [self-generated] public
> key. HITs can verifiably identify all entities in the UAS Traffic
> Management (UTM) ecosystem: UA, Ground Control Stations (GCS), observer
> devices, registries, etc. TM-RID will specify how to leverage HITs –
>
>
>
> - Provide strong RID authentication by using the HI in public key
> operations to:
>
> = prove ownership of the claimed ID (HIT);
>
> = authenticate other claims made via RID (e.g. location) as signed by the
> owner of that ID; and
>
> = provide observers [w/o Internet connectivity] locally verifiable proof
> that ID is in a known registry.
>
>
>
> - Use DNS to enable observers to use a received HIT to look up minimal
> public ID information.
>
>
>
> - Use access controlled RDAP to enable authorized observers to look up
> more extensive private information (including operator Personally
> Identifiable Information, PII) needed for legitimate (e.g. public safety or
> security) purposes from an Internet domain name (Whois) or similar registry.
>
>
>
> This provides stronger privacy than other FAA Notice of Proposed
> Rulemaking (NPRM) / ASTM standard UAS ID Types, while providing greater
> assurance of authenticity to authorized observers, but necessitates several
> HIP enhancements –
>
>
>
> - Hierarchical HIT (HHIT): Enable scalable and trustable UA registration
> and information retrieval (e.g. with DNS and RDAP) by adding optional
> structure to the (currently flat) HIT/ORCHID space.
>
>
>
> - registration extensions:  Prevent registration of duplicate HHITs,
> populate registries with IDs and associated data, update DNS, support
> Rendez-Vous Servers (RVS) and provide proof of authenticity.
>
>
>
> - proxies: Enable any party observing an UA to contact a RVS or other
> intermediary that will either deny or facilitate secure communications with
> the party controlling the UA, while maintaining the privacy of the latter’s
> identity, location and other information to all but authorized parties, per
> policy.
>
>
>
> - multicast: To securely and efficiently communicate with a group,
> multicast to their ephemeral (and likely multiple per host) IP addresses,
> starting from individual and/or group HITs.
>
>
>
> - new cryptographic algorithms: Extremely compact keys and signatures
> (such as are enabled by EdDSA and Keccak functions) are needed for severely
> constrained [UAS] environments.
>
>
>
> TM-RID potentially could be applied to verifiably identify other types of
> registered things reported to be in specified physical locations, but the
> urgent motivation and clear initial focus is UAS. TM-RID enhancements to
> HIP will be generic: of these, only HHITs with their associated
> registration procedures and compact crypto are vital to support UAS RID;
> HIP proxies and HIP multicast are stretch goals. Some UTM concepts envision
> using OAuth for GCS and personnel; HIP as an OAuth method also will be
> investigated. The Applicability Statement and the Technical Specifications
> initially essential for UAS RID will be published within one year of the
> 2019 DEC 31 FAA NPRM.
>
>
>
>
>
> On Mon, Dec 2, 2019 at 12:31 PM Card, Stu <stu.card@axenterprize.com>
> wrote:
>
> I will try wordsmithing this week.
>
>
>
> On Mon, Dec 2, 2019, 09:04 Michael Richardson <mcr+ietf@sandelman.ca>
> wrote:
>
>
> I am enthusiatic about this work, although I don't anticipate being able to
> be more than a bystandard on this.
>
> Robert Moskowitz <rgm@labs.htt-consult.com> wrote:
>     > TM-RID will build upon the Host Identity Tag (HIT) from the Host
> Identity
>     > Protocol (HIP) as an RID and augment it and supporting HIP and other
> IETF
>     > technologies to add trustworthiness to the ASTM messaging suite.
>
> I think that this sentence needs editing.  Too many ".. and"
>
>     > The goal is
>     > to provide trustworthiness both in an Internet connected environment
> and
>     > emergency, unconnected situations within the highly constrained
> environment
>     > of UAS.
>
> I think that a reference for the nature of the constrained environment
> might
> be in order.
>
>     > The Host Identity Tag (HIT) is ideally, in fact uniquely, suited to
> work
>     > within this RID effort.  The Host Identity (HI) behind the HIT can
> be used to
>     > sign Broadcast Authentication Messages, thus proving ownership of
> the RID
>     > (HIT) and signed messages.  HITs provide significantly superior
> privacy
>     > compared to other allowed RID types while providing greater
> assurance to
>     > authorized observers that they are accessing the proper PII for the
> UA.
>
> This wanders into solution space, and I think it would be better to omit
> this.
>
>     > TM-RID will create specifications for HIP-augmented ASTM RID
> messages..
>     > Initially this will consist of additional RID Authentication
> Messages that
>     > use the HI in public key signing operations: to prove UAS ownership
> of a
>     > Hierarchical HIT (HHIT); to authenticate other claims made via RID,
> such as
>     > position and velocity, as having been made by the owner of that
> HHIT; and to
>     > provide observers lacking current Internet connectivity with locally
>     > verifiable UAS proof-of-registration objects.
>
> removing some of the solutions, leaving the requirements:
>
> TM-RID will create specifications to prove UAS ownership of a
> Hierarchical HIT (HHIT); providing a framework to authenticate other
> claims, such as
> position and velocity, as having been made by the owner of that HHIT; and
> to
> provide observers lacking current Internet connectivity with locally
> verifiable UAS proof-of-registration objects.
>
> I would have written this as numbered points.
>
>     > For this, HIP would be amended to be used effectively in this
> environment:
>
> I think you could put a period instead of : and omit the next three
> paragraphs.
>
>     > HHITs are envisioned to identify all components in the UAS/UTM (UAS
> Traffic
>     > Management) environment: UA, Command Consoles, Observer devices, and
>     > Registries.  This will entail further work as experience is gained
> in using
>     > HIP for UAS RID.  For example, some (UTM) systems envision using
> OAuth for
>     > Ground Control Systems (GCS) and authorized safety personnel.  HIP
> as an
>     > OAuth method may help in merging HIP into these systems.
>
>     > The workgroup will need to liaison with the various SDOs working in
> the UAS
>     > regulation space.
>
> Please if you could list those SDOs?
> Do we need to do liason agreements with them?  I would be happier if that
> was
> part of the plan.
>
> How will we engage with implementers?  I.e. how are we going to get
> running-code?
>
>
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
> --
> Tm-rid mailing list
> Tm-rid@ietf.org
> https://www.ietf.org/mailman/listinfo/tm-rid
>
>

v2.23.0 | Report a Bug | By Email