Re: [Tm-rid] charter draft v4

<ryoung@one-atm.net> Sun, 12 January 2020 18:40 UTC

From: ryoung@one-atm.net
To: "'Card, Stu'" <stu.card@axenterprize.com>, tm-rid@ietf.org
Cc: 'Seth Rao' <seth@secreliant.com>, 'Monica Pearson' <Monica.pearson@secreliant.com>, 'Andy Thurling' <athurling@nuair.org>
References: <CAKM0pYNzuouXg0V=2dT3DoVrDAuvvdNNvecjz8Vi=XRjST2GMA@mail.gmail.com>
In-Reply-To: <CAKM0pYNzuouXg0V=2dT3DoVrDAuvvdNNvecjz8Vi=XRjST2GMA@mail.gmail.com>
Date: Sun, 12 Jan 2020 13:40:27 -0500
Message-ID: <006001d5c977$c5c63490$51529db0$@one-atm.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0061_01D5C94D.DCF869F0"
Content-Language: en-us
Thread-Index: AQKCVtiijJ+0Jqa9lWk9iiKtgvMqs6aOMA7w
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/tu4x-NZO2qWQgfuSElqhOSx8guk>
Subject: Re: [Tm-rid] charter draft v4
Precedence: list

Keep in mind that the International Civil Aviation Organization (ICAO) is the United Nations Organization coordinating body for global aviation standards and recommended practices. 

ICAO has begun to tackle the issue of incorporating unmanned aircraft into a global inter-connected registry network.

ICAO intends to be the responsible authority for assigning a unique MFR Code to UAS manufacturers, based on ANSI/CTA Standard 2063-A: Small Unmanned Aerial Systems Serial Numbers 

“All UAS shall be assigned SN = [4 Character MFR CODE] [1 Character LENGTH CODE] [15 Character MANUFACTURER’S SERIAL NUMBER] “

Note that the original intent of both the ANSI/CTA 2063-A standard and the ASTM UAS Remote ID WK65041/F3411 standard were each to apply to small UAS (sUAS) operating below 500 ft./150 meters.

The seeming intent of both the FAA UAS Remote ID Notice of Proposed Rulemaking (NPRM) issued in December 2019 and the ICAO registry network is to extend application to all unmanned aircraft regardless of size and operating altitude.

All the more reason for the IETF TM-RID charter to get this right!

==

The following links have background on ICAO proposals briefed at an ICAO conference in November 2019:

Presentation on ICAO Aircraft Registry Network

1.02.3 - David Scorer

PDF Presentation

https://www.icao.int/Meetings/DRONEENABLE3/Presentations/1.02.3%20-%20David%20Scorer.pdf
Video Capture 31:59 to 59:37

https://www.youtube.com/watch?v=EXfxqLrbydI <https://www.youtube.com/watch?v=EXfxqLrbydI&list=PLOoOa5RwilZLuA8D5m1WDJPs_amK-mZLZ&index=3&t=0s> &list=PLOoOa5RwilZLuA8D5m1WDJPs_amK-mZLZ&index=3&t=0s

Ray Young, Ph.D. 

New York UAS Test Site

+1.702.525.1562

ryoung@one-atm.net <mailto:ryoung@one-atm.net> 

 

From: Card, Stu <stu.card@axenterprize.com> 
Sent: Friday, January 10, 2020 13:50
To: tm-rid@ietf.org
Cc: Seth Rao <seth@secreliant.com>; Monica Pearson <Monica.pearson@secreliant.com>; ryoung <ryoung@one-atm.net>; Andy Thurling <athurling@nuair.org>
Subject: charter draft v4

 

all --

I have attempted to address all comments received; see revised charter draft v4 below.

Unfortunately, the lists of milestones, drafts, acronyms and references made it still longer (although the body text of the charter itself is now clearer and more succinct). I generally have not listed all the potentially relevant RFCs as there could be many and presumably anyone reading an IETF Working Group charter knows how to use the datatracker.

While I have identified all the other SDOs of which I am aware with whom we may need liaison, actually getting a liaison agreement is both above my pay grade and difficult before we have a charter (i.e. why would ASTM take us seriously until we have a WG).

I appreciate your reviews of earlier drafts. Your comments made this much better!

Please review this latest draft at your earliest convenience as the need for trustworthy, immediately actionable UAS RID is urgent, the FAA NPRM comment period expires at the end of February, ASTM is resuming work to revise their standard accordingly, and IETF 107 in Vancouver is in March. :-)

Other than updating and substantially expanding my proposed Applicability Statement (draft-card-tmrid-uas-00), what is next to get this moving, specifically through IESG chartering and generally forward?

Thanks all!

==

Trustworthy Multipurpose Remote Identification (TM-RID) Proposed WG Charter v4

 

CAAs [1] worldwide have initiated rule making for UAS [2] RID [3]. The US FAA [4] has published a NPRM [5].  CAAs currently promulgate performance-based regulations that do not mandate specific techniques, but rather cite industry consensus technical standards as acceptable means of compliance. One key standard is ASTM WK65041 [6].  Network RID defines a set of information for UAS to make available globally indirectly via the Internet. Broadcast RID defines a set of messages for UA [7] to send locally directly one-way over Bluetooth or Wi-Fi. WK65041 addresses how to neither populate/query registries, ensure trustworthiness of information nor make it instantly useful.

 

TM-RID’s goal is to make RID immediately actionable, in both Internet and local-only connected scenarios, especially emergencies, in severely constrained UAS environments [8], balancing legitimate (e.g. public safety) authorities’ Need To Know trustworthy information with UAS operators’ privacy. To accomplish this, TM-RID will liaise with SDOs [9] and complement their standards with IETF work to meet this urgent need. An Applicability Statement RFC for UAS RID, showing how to use IETF standardized technologies for this purpose, will be a central work product. Technical Specification RFCs will address any necessary enhancements of specific supporting protocols. TM-RID potentially could be applied to verifiably identify other types of registered things reported to be in specified physical locations, but the urgent motivation and clear initial focus is UAS.

 

One possible approach leverages Internet domain name registration business models, infrastructure and standards, including EPP [10], RDAP [11] and DNS [12], plus the HIP [13] HIT [14], with UTM [15] system USS [16] as registries. This provides stronger privacy and authenticity than other FAA NPRM / ASTM standard UAS ID Types (static manufacturer assigned hardware serial number per [17] or dynamic single-use USS assigned UUID [18]), but would necessitate several HIP enhancements (all with applicability beyond UAS RID); prototypes using DNS to reverse lookup UAS RID information from a broadcast HIT have been successfully flown. Any comprehensive approach should –

 

- Verifiably identify all entities in the UTM ecosystem – UA, GCS [19], observer devices, registries, USS, et al – presumably using public key operations to:

= prove ownership of the claimed ID;

= authenticate other claims made via RID (e.g. location) as signed by the owner of that ID; and

= provide observers [w/o Internet connectivity] locally verifiable proof that ID is in a known registry.

 

- Enable all observers to use a received ID to look up minimal public information.

 

- Enable only strongly authenticated, policy authorized observers to look up more extensive private information (including operator PII [20]) needed for legitimate (e.g. public safety or security) purposes in access controlled registries (e.g. as with Internet domain names [21]).

 

Proposed milestones, accelerated to meet urgent UAS RID safety/security need –

 

2020 MAR: Present contemplated technical approach and solicit alternative approaches.

 <https://datatracker.ietf.org/doc/draft-wiethuechter-tmrid-auth/> draft-wiethuechter-tmrid-auth-04 <https://datatracker.ietf.org/doc/draft-card-tmrid-uas/> 
draft-card-tmrid-uas-00

2020 JUL: Select technical approach from those proposed in sufficient detail to enable assessment.

2020 NOV: Drafts initially essential for UAS RID to IESG (within one year of the FAA NPRM).

 

Potential milestones in collaboration with the HIP WG, supporting UAS RID and other applications –

 

2020 MAR new cryptographic algorithms: Extremely compact keys and signatures (such as are enabled by EdDSA and Keccak functions) are needed for severely constrained [UAS] environments.

 <https://datatracker.ietf.org/doc/draft-moskowitz-hip-new-crypto/> draft-moskowitz-hip-new-crypto-03 <https://datatracker.ietf.org/doc/draft-moskowitz-orchid-cshake/> 
draft-moskowitz-orchid-cshake-00

 

2020 MAR HHIT [22]: Enable scalable trustable [UA] registration and information retrieval (e.g. RDAP, DNS) by adding optional structure to the currently flat space of HITs / ORCHIDs [23] derived from and compactly (as IPv6 addresses) representing HIs [24] ([self-generated] public keys).

 <https://datatracker.ietf.org/doc/draft-moskowitz-hip-hierarchical-hit/> draft-moskowitz-hip-hierarchical-hit-03

 

2020 JUL registration extensions:  Prevent registration of duplicate HHITs, populate registries with IDs and associated data, update DNS and provide proof of authenticity. <https://datatracker.ietf.org/doc/draft-moskowitz-hip-hhit-registries/> 
draft-moskowitz-hip-hhit-registries-01

 

2020 JUL OAuth investigation: Explore and if feasible document, HIP as an OAuth method [for UTM].

 

2021 MAR proxies: Enable any observer of a [UA] “thing” to contact an intermediary that will either deny or facilitate secure communications with the operator of the thing, while maintaining the privacy of the operator’s location and PII to all but authorized parties, per policy.

 

2021 JUL multicast: To securely and efficiently communicate with a group, multicast to their ephemeral (and likely multiple per host) IP addresses, starting from individual and/or group HITs.

 

Acronyms and references:

 

[1] Civil Aviation Authority

[2] Unmanned Aircraft System[s]

[3] Remote Identification

[4] United States Federal Aviation Administration

[5] Notice of Proposed Rule-Making https://www.federalregister.gov/documents/2019/12/31/2019-28100/remote-identification-of-unmanned-aircraft-systems

[6] ASTM International F38 Committee Work Item WK65041 “Standard Specification for UAS Remote ID and Tracking” https://www.astm.org/DATABASE.CART/WORKITEMS/WK65041.htm

[7] Unmanned Aircraft

[8] UAS Identification and Tracking Aviation Rulemaking Committee Recommendations Final Report 2017 SEP 30 https://www.faa.gov/regulations_policies/rulemaking/committees/documents/media/UAS%20ID%20ARC%20Final%20Report%20with%20Appendices.pdf

[9] Standards Development Organizations including American National Standards Institute (ANSI), ASTM International (formerly American Society for Testing and Materials), Consumer Technology Association (CTA), International Civil Aviation Organization (ICAO), RTCA (formerly Radio Technical Commission for Aeronautics), et al

[10] Extensible Provisioning Protocol

[11] Registry Data Access Protocol

[12] Domain Name System

[13] Host Identity Protocol

[14] Host Identity Tag

[15] UAS Traffic Management

[16] UAS Service Supplier[s]

[17] ANSI/CTA-2063-A https://standards.cta.tech/apps/group_public/project/details.php?project_id=587

[18] Universally Unique Identifier, e.g. RFC 4122

[19] Ground Control Station[s]

[20] Personally Identifiable Information

[21] https://www.arin.net/resources/registry/whois/rdap/

[22] Hierarchical HIT

[23] Overlay Routable Cryptographic Hash Identifier

[24] Host Identity

[Tm-rid] charter draft v4 Card, Stu
Re: [Tm-rid] charter draft v4 Michael Richardson
Re: [Tm-rid] charter draft v4 ryoung
Re: [Tm-rid] charter draft v4 Card, Stu
Re: [Tm-rid] charter draft v4 Card, Stu
Re: [Tm-rid] charter draft v4 Seth Rao
Re: [Tm-rid] charter draft v4 Eric Vyncke (evyncke)