Re: [Drip] Martin Duke's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT)
Adam Wiethuechter <adam.wiethuechter@axenterprize.com> Wed, 31 January 2024 22:48 UTC
Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 903CBC14F60A; Wed, 31 Jan 2024 14:48:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KIx79_PoDwgM; Wed, 31 Jan 2024 14:48:47 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2111.outbound.protection.outlook.com [40.107.223.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 00B7FC14F602; Wed, 31 Jan 2024 14:48:46 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=A6z7DgUKx5X4tTcML1xxQU0LIlz1nqJvKQYANfRH0S+eB/npU9qV8hhxVbMxeFYafIZXOwN+QroYN/gpw8WIBeMaWm/Acm4qjJSDuuI2W5jqVNLdijDrua4pI+LV3o/C0V/wPsdspGx3tXR5njw2t/zBVJP9VW68IUZKaKY0MTdHBwlJZANpQoS2EIt1+udYJICJwlbAll7Hrm6pqEi27mijjYUdsbZFDKnR5q3aKlvT3ulY2cHAWPUswaBs4c+PypC4Wr306Fpe393Yrt5jpqvTe23BJKzblRaCjBe/+HuEaIGtTcPm/ONx8lEu8TZjZGddltg9QyeZNlGjX4cQ0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GSclP0eynql7rw1qmp9LEHHpOdQ/GWxBjO6XsY45z7I=; b=Z4pdCCzi24twM044fyHHETRtQhE4PwMzJZ0QedlblbQA7BhFFZ5RhI3GGr2YQnQ67sxpAXo5aSegj/yF5dlO647qAjguGOaLbI/mPtkTaOwsz0sKtJywktoBlb1mbHDC/AeWKgNxICGz/vE+QpPjXSgYJlTshqiERTBmzvXcTv6NQW1r0xEx8OrEfJBqlp0F8/kKt/n9uZF8s+lE51/VEQgT9qrdG7WKuPu+1Fi8WM5FYCFItAudCFKZdg9PsAxb4Td06BQV7ChJ+n8MwSLnRDEwgVTl3Ld4mbZf+GVHMpZUKHoanzSbN4By4FQhL3x6d2V5fw4pLV+jP78IO+6SSA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=axenterprize.com; dmarc=pass action=none header.from=axenterprize.com; dkim=pass header.d=axenterprize.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GSclP0eynql7rw1qmp9LEHHpOdQ/GWxBjO6XsY45z7I=; b=u+AYICeM8dmy1Zm3v6dGgxyLXUoqVMRiqxoQnQSDhA2iBjVt99pxSoiEncbCsK1rBR52kCGJj5LC6N8Sd3y9Fs7O6tJP4/kqLYWGIG9nvy/JFezqJS4H+Uckz24EDwd9NIRtZes5Srkebh10tIxKo0CL4iaRhkY8IYTl0L4gMoA=
Received: from SA3PR13MB6515.namprd13.prod.outlook.com (2603:10b6:806:398::14) by BN0PR13MB4664.namprd13.prod.outlook.com (2603:10b6:408:120::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.24; Wed, 31 Jan 2024 22:48:41 +0000
Received: from SA3PR13MB6515.namprd13.prod.outlook.com ([fe80::f7a1:2341:828e:57c4]) by SA3PR13MB6515.namprd13.prod.outlook.com ([fe80::f7a1:2341:828e:57c4%7]) with mapi id 15.20.7228.035; Wed, 31 Jan 2024 22:48:41 +0000
From: Adam Wiethuechter <adam.wiethuechter@axenterprize.com>
To: The IESG <iesg@ietf.org>, Martin Duke <martin.h.duke@gmail.com>
CC: "draft-ietf-drip-auth@ietf.org" <draft-ietf-drip-auth@ietf.org>, "drip-chairs@ietf.org" <drip-chairs@ietf.org>, "tm-rid@ietf.org" <tm-rid@ietf.org>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>
Thread-Topic: Martin Duke's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT)
Thread-Index: AQHaVJHEPYHFxVbR706dFiPeoxK+lbD0eqMO
Date: Wed, 31 Jan 2024 22:48:41 +0000
Message-ID: <SA3PR13MB6515EE66F915B0F262D5CEEC887C2@SA3PR13MB6515.namprd13.prod.outlook.com>
References: <170673879574.10409.13499779948010627675@ietfa.amsl.com>
In-Reply-To: <170673879574.10409.13499779948010627675@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=axenterprize.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SA3PR13MB6515:EE_|BN0PR13MB4664:EE_
x-ms-office365-filtering-correlation-id: f9de2817-d684-45f1-38b5-08dc22aec572
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xnNwXNqcgOD3Qnto0wDU+Hy0ekap6lxvlRyHLGG8BZZBjatC8k2TqkaTsTrOl/3XHV8NcscMa9b+IxjAykOb++VDM3si4LBmSDms8ZmIWSWMnQTtoOo1aMzE+t5MnU7Sud5uxldvLlUMd52xUetX3uuraWN8XKMQQ0jxf+pKVcyeBI7UoXTdl7ROiqEFUOfOFF3Vw3vlsgWyY2EM1e1DAu2RzvP6+nvjPfb1mq08aazNZrG5GyZ1DAOiwe4zHDMJSh89+NWcrvGk4115Dq4TD98PAxfZOwAk80vHs8k9xFgqQjOhN+lrzW3BZ+VAUyaWBw8dKn0YuYJI+VT+XZLG3z9vLVHlllyPH8f2zKGbUQRTXbcpOx/WBhFeWBryuF62W3cesEOSApD1thYrgVP4l/LK3geH3UTt1gii4fqftnwizXV+fe4na21+yxVO1CSWKScJ0W99LQHsx8wtJhpv0nPdeAhn6/206w7xfqG7OmCIwn6Dqtzm++g1xQOK7bq47LxaaCip8o+ZNvYeIicq1EgdrzPw0Bx7+A2yBwCJkMhbd9BwAgEAw/5i1sWAYZVUU04exUDA2iSlR4ufXYNk9IWNl07SubsZXqGZHnNTkp0=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SA3PR13MB6515.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(136003)(396003)(366004)(39830400003)(376002)(230922051799003)(186009)(64100799003)(451199024)(1800799012)(19627405001)(55016003)(66899024)(41300700001)(83380400001)(33656002)(86362001)(38070700009)(166002)(122000001)(8936002)(38100700002)(26005)(9686003)(76116006)(7696005)(91956017)(6506007)(53546011)(71200400001)(2906002)(966005)(316002)(66946007)(52536014)(66476007)(54906003)(66556008)(66446008)(4326008)(44832011)(8676002)(110136005)(5660300002)(64756008)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: UiAN+5CLaj34Or0uoRpL9EzcFmlkhFB2Mwpc9uPnYvNtbKFZSV68gdDGBQTGEda+ByVkCUVxsvK5GhD3XpLJN/DU/UE330o7OF6XKMtGLUQr6JGJzLcH39IoTl0dxyf35FMzpBQMzlkVKGs4y6HlGOsK0E9AFoZ7vhEiRZ2aT6V8t0UToEcdjEEulKZG7CC8Ys79hVPD1pxtYMHXYErcqD0FUZHwt+IRZqEC15xxV/aVbm3sKf7ioNJMznmJ3KSAsty6suZXR6JZt+xtpcSVqLHK0OtO1+jI/yGOwswnbMEdAz0pYGgvwvL9J72nKX5UaY2DwpQ5d27rL1Uwn1oggvMbXqjohl9RLeOocGZW9SErzWG41R8hOm7KSmvsWSammJYwoFSfYYBkSZdSIcOSK4xAhhs4TikLuu3DchBrVXmQf6g0TI5Bp+a5zRC9f7PSeAGuo9E45Q14XK6SzW9gXHeVM5KMwUQ09Eu+GSuz6FM39RpPxulZgEjqQHKN289qvhe8XIqUSYd8SUSDYntFmyJj5jwYUjmwXOduh6UlONZLy1TGSXWRmRPjJ5gBCYLqYhrbd/b3KJWNlu8Xl93UgJ9LfQZYsb3AwRZOYpmUPr3YzwkU47hS1EzsvWLqhCM+eqpJybOmx4TNoVc62kJK/t55DtOJb4+FXyzuHjO8rWS2tuqS2eVK3BrgauUvtp2Pa7W40rDSGTvAQMwsGPegYKNha/jXwumSOEZg/pBRnXoYUNA9K8tpha0KlDRtob8ahteUe7IewEb49XoumTl4Up3OftbxB+MqbiuzsIcSpNAF+U7OlhGaH95jFm8QfwujwZrITS3GXEgyFLO2l1u1mPL+VZUaaBDt0b2T7BwJPQzBWw+SbzTMNhlaSGSnmhXcvJe6wTPA6alFCZepeGVj0udvhaDfld206+HTntxtDLhP05UvYG23aDWN+kBbsrrzNZ0u/GLuzxkGbGDo5xWK7P2LReUwh47HxgzlwsmRy3huO1xQt8/A7mFPlXPL2HTDA0PCxSrB0hlg6UcKmmRuwHQUQOSWSmflBwLWDTziC5Tr1w1OoXDgmzQ6VJQLJ/DPVRkIfwYAVamE2SH89TGXgdcrmI6NNnJDXwXYrlkVl+27Ddxr4pJj7nrn/VL6B71YfRkHPU3rB9WXLnkTuhY3NWZNvOA1irnIstHUO0GeLnAKq+yUbpN+9FsM5lCE8Bk+fc8bvbQkY2oKxLHvgUzR+6Zba7BrPS1h1lVTuCBlJXhKCqMBh75iUzNbcbBig+WyjD0TWkatQW3jXVUDb98Q688bFvpklnFuMryvJ6EeCSJImbtmY1aJ93SJbk6xgoMkY494t0ZCJuPkCco4cS9KhEe8VoL4ZtCUCyf5TqgsJHt3qu9MYVO3VKdZ5yo1j+x8M9lVM9bMuO+iABajhBaMRzotoZaJcdoQaPXBnnlatR3RYz9nLQDeNwA4PEFBNQ12zbku85r37CWXpLVy6V7iwm4Hu/EMPFaUd73zZBV3HoA5XlnWgrPHqrB2bcch1yUn2k/GgcJ0AsoLxqblePlMU+Vd4QyO+W+8v+X5KOnwcjJROjgn4h61szJlLjX+DagaERUe+tbujIA7xV5G1ck0Wg==
Content-Type: multipart/alternative; boundary="_000_SA3PR13MB6515EE66F915B0F262D5CEEC887C2SA3PR13MB6515namp_"
MIME-Version: 1.0
X-OriginatorOrg: axenterprize.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SA3PR13MB6515.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f9de2817-d684-45f1-38b5-08dc22aec572
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2024 22:48:41.1948 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 00ad0178-ead0-441e-96ff-0c72baf3a6fa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6kAhLNH7U1FO3EC0UkKLM5cNK308p0KtYT/7kyl7RS+i7sFxrvlJ4FZdHLEY5pTfWYYPiCQN9+3jMesRWUXi9lvrllxfXysuC1HTqeQSfE0blG5msuFixuVPIhPOGaIp
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0PR13MB4664
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/nVa4Muu2jh0nORAxPGXvY8o5Z6M>
Subject: Re: [Drip] Martin Duke's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT)
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jan 2024 22:48:52 -0000
Hi Martin, It is unfortunate that F3411 is not free. We are sorry that this makes doing a full review of the specification difficult. Section 3.2 is our attempt to fill in as much as possible for background on the framing for the Authentication Message. The thing to remember is that for Broadcast RID is a one-way RF broadcast and no two-way communication occurs between the Observer and the UA. The message rate is at a minimum of one message set [1] per second. The idea, foolish or otherwise, is to blast out as much as possible and quickly as possible. If you miss the Location message (giving latitude/longitude of UA) in one second, the hope is that you get it in the next second or two. Data from one second in the past over Broadcast RID is considered "out of date" anyways so if you missed it no big deal. F3411 makes no explicit mention of congestion control, thus leaving it to lower layers. IMO Broadcast RID itself (excluding the use of Authentication) can easily overwhelm the spectrum once a dozen UA are in the same area. We are sadly no matter what we do in a RF congested regime. All the selected transports are in the 2.4GHz shared spectrum. The only exception is if Wi-Fi and Beacon are selected to go over 5GHz, I believe no jurisdiction allows this at this time, which reduces range anyway. As we show in Appendix B.2 there is a schedule that in one second can transmit two full sets of messages, a Manifest authenticating all of them and single page of either a Wrapper or Link (which bleeds out of the course of 8 seconds). If you lose more than 1 page in a Manifest in that schedule there is no "loss"; just wait for the next second to come around and hopefully get at least N-1 pages for that set. For Wrapper and Link you must wait for the next Link/Wrapper running over the 8 second window, which itself is cycling in a pattern shown in the appendix below Figure 13. You will notice in that pattern that the most important Link message (BE: HDA on UA) is sent a total of 8 times followed by 4x for BE: RAA on HDA, 2x for BE: Apex on RAA and Wrapper and a single BE: IANA on UAS RID Apex. The loss of a page can only occur over Bluetooth 4 (Legacy Transport). Bluetooth 5, Wi-Fi NAN and 802.11 Beacon (Extended Transport) all have some form of Error Correction built into their transport layers protecting them. And the way those are sent over F3411 (via Message Pack) means that there can be no lost page in Authentication. Per F3411 (and at least FAA via F3586) when performing Bluetooth 5 you MUST also send Bluetooth 4 concurrently. This is due to Apple devices not supporting the required Bluetooth 5 extensions or any of the Wi-Fi options. Most UA either do only Wi-Fi/Beacon (most common) or only Bluetooth. There are a few that can support all but usually have configuration for user to select which to run. As such, most Observer devices will typically see an Extended Transport over a Legacy one anyways. If an Observer can see multiple transports, they will most likely take the latest complete data from whatever transport it came from and use that. I hope this answers your questions, it felt like rambling a little bit at the end. [1] One set varies between different Civil Aviation Authority (CAA) jurisdiction. In the US a set consists of 1x Basic ID, 1x Location and 1x System message. In the EU the set is identical with the inclusion of 1x Operator ID. Japan is 2x Basic ID, 1x Location, 1x Authentication, 1x System. -------- 73, Adam T. Wiethuechter Software Engineer; AX Enterprize, LLC ________________________________ From: Martin Duke via Datatracker <noreply@ietf.org> Sent: Wednesday, January 31, 2024 5:06 PM To: The IESG <iesg@ietf.org> Cc: draft-ietf-drip-auth@ietf.org <draft-ietf-drip-auth@ietf.org>; drip-chairs@ietf.org <drip-chairs@ietf.org>; tm-rid@ietf.org <tm-rid@ietf.org>; mohamed.boucadair@orange.com <mohamed.boucadair@orange.com>; mohamed.boucadair@orange.com <mohamed.boucadair@orange.com> Subject: Martin Duke's Discuss on draft-ietf-drip-auth-46: (with DISCUSS and COMMENT) Martin Duke has entered the following ballot position for draft-ietf-drip-auth-46: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-drip-auth/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I'm not able to access [F3411] and therefore am unable to assess if this design creates excessive load on the network. In particular, I'm somewhat concerned about two pages being lost, overpowering the FEC and resulting in loss of the entire authentication message (and the other message types it is wrapping!) and retransmission of the whole suite, depending on how sophisticated the loss recovery is. In some edge cases, this might never converge. No doubt the authors can provide a high-level view of how congestion control and loss recovery work? ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thanks to Gorry for the TSVART review.
- [Drip] Martin Duke's Discuss on draft-ietf-drip-a… Martin Duke via Datatracker
- Re: [Drip] Martin Duke's Discuss on draft-ietf-dr… Adam Wiethuechter