IETF Logo Mail Archive

Re: [Drip] HHIT field order

"Card, Stu" <stu.card@axenterprize.com> Wed, 07 October 2020 13:55 UTC

Return-Path: <stu.card@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C7063A0E96 for <tm-rid@ietfa.amsl.com>; Wed, 7 Oct 2020 06:55:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id loU7kPM8b0yf for <tm-rid@ietfa.amsl.com>; Wed, 7 Oct 2020 06:55:44 -0700 (PDT)
Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CE5D3A0E87 for <tm-rid@ietf.org>; Wed, 7 Oct 2020 06:55:27 -0700 (PDT)
Received: by mail-ej1-x635.google.com with SMTP id u8so3116307ejg.1 for <tm-rid@ietf.org>; Wed, 07 Oct 2020 06:55:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=inSx1Nim70ReebgfHctBa4QHiWC2DnB8KWbFtYwzhzs=; b=l2+p0cfJhig2H+Bd5VOVtkTA0BCUwXhaPM156MNGxQ787lWg4aAno7Cs7iupW0mGrh QLoMD6UQFXjq/CZUn/omxA6GnrD2sJBovAFarNPGDfrE2muEdtgtL0o6ZCEVv5l5ryqf Q6i881KVhKam7xpHIPOX27akonaQJZxLLWT0U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=inSx1Nim70ReebgfHctBa4QHiWC2DnB8KWbFtYwzhzs=; b=J8elaEISxNDEE3Mk6B8yGHiTdxXt8uldtSesnt0TgW/t6Y/MdszIxjp5lRr4U1Aghm qU5wcxNjjIF3ixr0Vb/lKHYRIfD3E4IYyeRWWxANNgyRR/YBpQ75QyiMSa5I95JpUUPJ lRqKBsLJDKSpAfZujs6cd2VKkLcwZe4sv+H0qduqNjQbUoevMD+vxzAOrrJ2v/FemIqf CX8Yr0s1fH1BQs2HcQBf+Usr0ISFROyDQjtEVPqqY3LrXi3/Eu5PU2Ld3gV7Z4eg8x9P j1hZPU0qCaj6kauQvmxiCiX56lTjg8dk/O3y3SsX8PLYs4WIf6GWqQ8gElZJvf+krNoi PxhA==
X-Gm-Message-State: AOAM533MehE2ewcZBVq2if+Kcubhl8r/YKtUY2uj8Lu5POJdrLMHWmcv 94HudM5I855PTyvv5hmwWVncP6XCc4hkOU60RYzbOnE8/EQ=
X-Google-Smtp-Source: ABdhPJzEBhCQXGhVILJemtiLg9H9/eVdVUoSv7E/iQpIYtGvl6lAFokTHd/dYgg6NWTLpUuSIT4uf+nvL73FTFETXW4=
X-Received: by 2002:a17:906:158f:: with SMTP id k15mr3344029ejd.310.1602078926255; Wed, 07 Oct 2020 06:55:26 -0700 (PDT)
MIME-Version: 1.0
References: <52fb8065-628f-0177-a34b-8456ca796197@labs.htt-consult.com> <55f70481-b3f3-6566-bb9c-dbe20afdeb51@gmail.com> <6344743e-8559-cf25-8f44-1df15206d18b@labs.htt-consult.com>
In-Reply-To: <6344743e-8559-cf25-8f44-1df15206d18b@labs.htt-consult.com>
From: "Card, Stu" <stu.card@axenterprize.com>
Date: Wed, 07 Oct 2020 09:55:15 -0400
Message-ID: <CAKM0pYOsLiscNgSp2hxpAw_Fd9Ajiv5yLm77t0CJPbaxpRFWSQ@mail.gmail.com>
To: Robert Moskowitz <rgm@labs.htt-consult.com>, Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: tm-rid@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004d5a2005b115115c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/xcoiH-0glwb8CJloGVR5j789zpE>
Subject: Re: [Drip] HHIT field order
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Drone Remote Identification Protocol <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2020 13:55:53 -0000

AFAIK the sole motivation for putting the HIT Suite / OGA ID to the right
of the RAA & HDA is to facilitate firewall filtering, which is assumed more
likely to care about RAA & HDA than about HIT Suite? If so... I argue that,
as cryptosystems are broken, deprecated & replaced with new ones, firewall
admins would be wiser to filter on HIT Suite, and we would be wiser to give
it 8 bits, thus --

PPPP : TtSS : RRRR : HHHH : <64 bit hash>

P: 16 bit IANA prefix for GRAIN
T: 4 bit GRAIN "platform" type for IPv6 compatible provable identifier
t: 4 bit subtype indicating HHIT
SS: 8 bit HIT Suite
RRRR: 16 bit RAA
HHHH: 16 bit HDA

16+4+4=24 would be effectively the prefix of GRAIN HHITs, 4 bits shorter
than the current /28 for generic (non-GRAIN) non-hierarchical HITs.

This also avoids the need for a long integer library just to handle the
hash. That may or may not be important, as treating the hash value as such
(rather than as just an arbitrary bit sequence) probably implies treating
part of what was hashed as a public key, probably further implying that we
will check signatures, requiring long integer ops.

Again, I think 64 bits is plenty for the hash, as HDAs should reject
attempts to register colliding proposed HHITs in their scope.

This suggestion is also partly political, with the subtype intended to
enlist aid rather than opposition from the promoters of IPv6 compatible
provable identifiers other than HHITs. ;-)

Of course, parameterizing the structure -- at least the field lengths &
possibly also their order -- is more general, but would require an embedded
format specifier, presumably implemented as an index, presumably in the
last few bits of the extended prefix.


On Wed, Oct 7, 2020, 9:11 AM Robert Moskowitz <rgm@labs.htt-consult.com>
wrote:

>
>
> On 10/7/20 5:35 AM, Alexandre Petrescu wrote:
>
>
>
> Le 05/10/2020 à 14:56, Robert Moskowitz a écrit :
>
> This note is going to ask for thoughts on the order of the fields in a
> HHIT.  Either
>
> Prefix | Suite ID | RAA | HDA | HI Hash
>
> or
>
> Prefix | RAA | HDA | Suite ID | HI Hash
>
> =================
>
> In drip-uas-rid, I define the HHIT fields, as I did in
> draft-moskowitz-hip-arch-02 in '01, as follows:
>
>     A HHIT is built from the following fields:
>
>     *  28 bit IANA prefix
>
>     *  4 bit HIT Suite ID
>
>     *  16 bit Registered Assigning Authority (RAA)
>
>     *  16 bit Hierarchical HIT Domain Authority (HDA)
>
>     *  64 bit ORCHID hash
>
>
> I do not understand why we need to fix in stones these limits.
>
> In particular, the 64bit ORCHID hash could be as well 66 or 63.
>
> A more flexible stone-setting would be:
>
> - 3 bits from IANA
> - m bits for prefix
> - n bits for interface ID
> - 3+m+n must equal 128; m and n at the discretion of deployer.
>
>
> In the next version of the draft, there will be an IANA discuss on the
> prefix size.
>
> First, I believe IANA and RIRs do allocations on nibbles.  So the likely
> IANA prefix will be /28 - /16.
>
> For a prefix there has to be an agreement on the RAA size.  The Suite ID
> is currently set at 4 bits.
>
> For each RAA for a given prefix to do its own HDA size and thus HI Hash
> size could be chaos for developers.
>
> In theory anything adding to 128 should work.  In practice...
>
>
> Alex
>
> Alex
>
>
>
> But I am proposing a different arrangement in the ICAO/GRAIN IPv6 scheme.
> First a bit about GRAIN.
>
> The GRAIN network is for Commercial-Civil aviation:
>
> "1.2    The network enabling the IATF, the Global Resilient Aviation
> Interoperable Network"
> (GRAIN), is envisioned as an aviation only (dedicated) IPv6 overlay
> network on a series of underlying
> networks and supporting network services."
>
> In some doc that I can't find right now this is limited to
> commercial/civil aviation.  Further we have:
>
> "[Please note that all recreational drone operation within Line Of Sight
> (LOS), Class G airspace are not included in this schema. Recreational
> drones using point-to-point LOS Command and Control (C2) are outside the
> scope]"
>
> So there is a potential and almost for sure bifurcating split in UAS
> networking.  This does not impact Broadcast Remote ID, but it does impact
> Network Remote ID.  The actual Remote ID SHOULD be the same for each mode.
> (Stu does the reqs say this?)
>
> The regulators are going to have to figure out the demark.  Are
> Police/Fire and Small Business like photographers and realtors in GRAIN or
> out of GRAIN.  It will be interesting, as I suspect it will be a higher
> cost to be in GRAIN, but there are some advantages to participants.
>
> I should provide an aside here that the GRAIN prefix plus "platform type"
> could be /20 so the following reflects this.
>
> I added HHITs into the GRAIN addressing scheme, minimally for
> commercial/civil UAS usage.  It could be used for more than UAS within
> GRAIN.  In doing this I came to thinking two reasons for altering the field
> order.
>
> I put the Suite ID after the HID:
>
> "ICAO DELEGATED NETWORKS /16 FOR PLATFORM TYPE 13 – Hierarchical Host
> Identifier Tags (HHITs)
> /16 IANA Prefix Addressing Scheme
>
> Bit #        Field Length        Purpose
> 1 – 16        16            ICAO IPv6 prefix
> 17 – 20        4            Platform type = 13
> 21 – 36       16            GRAIN HHIT RAA
> 37 – 52       16            GRAIN HHIT HDA
> 53 – 56        4            HHIT Crypto Suite
> 57 – 128      72            HHIT HI Hash
>
> A HHIT Registered Assigning Authority (RAA) will apply for GRAIN
> membership and be allocated a /36 prefix from this type with their RAA
> GRAIN number being used in the 16 bits after the platform type. The RAAs
> will then accept HHIT Hierarchical HIT Domain Authorities (HDA) as
> sub-members and allocate to them /52 prefixes.
>
> These HDAs will accept registration from UAS of HHIT Crypto Suite/HI Hash
> per the IETF DRIP UAS-RID documents using a 72 bit hash. GRAIN HHIT
> addresses may be for the life of the UAS or may be registered for only some
> operational period."
>
> Note, I do NOT envision different Crypto Suites by HDA.  And:
>
> "A .01% hash collision probability occurs after ~1 Billion HHITs
> registered (based on the 72 bit hash size) with an HDA. This increases to
> 1% with ~10 Billion HHITs registered. If an HDA’s business model is to
> provide a per operation HHIT for delivery UA, and supports a clientele of 1
> Million UA making 10 deliveries per day, then the HDA will reach the .01%
> level in 100 days of operation.  Thus an HDA provider in this type of
> business may request a block of 128 HDAs from its RAA."
>
> ========================
>
> The importance here is putting the Crypto Suite and HI Hash together and
> the Prefix and aggregation information at the front.  This is good for
> filtering policy.  It also makes sense in grouping the HIT specific parts
> and the prefix parts.
>
> But does it cause any coding or other challenges.  Adam seems to think so
> and so far he is the only coder active...
>
> I look forward to a lively debate on this!
>
> Bob
>
>
>
> --
> Robert Moskowitz
> Owner
> HTT Consulting
> C:      248-219-2059
> F:      248-968-2824
> E:      rgm@labs.htt-consult.com
>
> There's no limit to what can be accomplished if it doesn't matter who gets
> the credit
> --
> Tm-rid mailing list
> Tm-rid@ietf.org
> https://www.ietf.org/mailman/listinfo/tm-rid
>

v2.23.0 | Report a Bug | By Email