rfc9575v5.txt   rfc9575.txt 
skipping to change at line 212 skipping to change at line 212
802.11 Beacons with the vendor-specific information element as 802.11 Beacons with the vendor-specific information element as
specified in [F3411]. Must use ASTM Message Pack (Message Type specified in [F3411]. Must use ASTM Message Pack (Message Type
0xF). 0xF).
Legacy Transports: Use of broadcast frames (Bluetooth 4.x) as Legacy Transports: Use of broadcast frames (Bluetooth 4.x) as
specified in [F3411]. specified in [F3411].
Manifest: An immutable list of items being transported (in this Manifest: An immutable list of items being transported (in this
specific case over wireless communication). specific case over wireless communication).
Observation Session: The period of time during which a given
Observer's receiver is processing (even if only intermittently) a
series of UAS RID messages, at least some of which use DRIP
extensions to [F3411], all nominally from the same UA executing a
single flight operation.
Note: For the remainder of this document, _Broadcast Endorsement: Note: For the remainder of this document, _Broadcast Endorsement:
Parent, Child_ will be abbreviated as _BE: Parent, Child_. For Parent, Child_ will be abbreviated as _BE: Parent, Child_. For
example, _Broadcast Endorsement: RAA, HDA_ will be abbreviated as example, _Broadcast Endorsement: RAA, HDA_ will be abbreviated as
_BE: RAA, HDA_. _BE: RAA, HDA_.
3. UAS RID Authentication Background and Procedures 3. UAS RID Authentication Background and Procedures
3.1. DRIP Authentication Protocol Description 3.1. DRIP Authentication Protocol Description
[F3411] defines Authentication Message framing only. It does not [F3411] defines Authentication Message framing only. It does not
skipping to change at line 307 skipping to change at line 313
Owner all the way to an individual UA DET registration. Owner all the way to an individual UA DET registration.
3.1.2.2. UA-Signed Evidence 3.1.2.2. UA-Signed Evidence
To prove possession of the private key associated with the DET, the To prove possession of the private key associated with the DET, the
UA MUST sign and send data that is unique and unpredictable but UA MUST sign and send data that is unique and unpredictable but
easily validated by the Observer. The data can be an ASTM Message easily validated by the Observer. The data can be an ASTM Message
that fulfills the requirements to be unpredictable but easily that fulfills the requirements to be unpredictable but easily
validated. An Observer receives this UA-signed Evidence from DRIP- validated. An Observer receives this UA-signed Evidence from DRIP-
based Authentication Messages (Sections 4.3 or 4.4). The Observer based Authentication Messages (Sections 4.3 or 4.4). The Observer
MUST verify the signature (cryptographically) and validate the signed must verify the signature (cryptographically, as specified in
content (via non-cryptographic means). Section 3.1.1) and validate the signed content (via non-cryptographic
means, as specified in Section 6.3).
Whether the content is true is a separate question that DRIP cannot Whether the content is true is a separate question that DRIP cannot
address, but validation performed using observable and/or out-of-band address, but validation performed using observable and/or out-of-band
data (Section 6) is possible and encouraged. data (Section 6) is possible and encouraged.
3.2. ASTM Authentication Message Framing 3.2. ASTM Authentication Message Framing
The Authentication Message (Message Type 0x2) is unique in the ASTM The Authentication Message (Message Type 0x2) is unique in the ASTM
[F3411] Broadcast standard, as it is the only message that can be [F3411] Broadcast standard, as it is the only message that can be
larger than the Legacy Transport size. To address this limitation larger than the Legacy Transport size. To address this limitation
skipping to change at line 989 skipping to change at line 996
were within Broadcast RID wireless range of each other for an were within Broadcast RID wireless range of each other for an
extended period of time. extended period of time.
The _DRIP Link (BE: HDA, UA)_ is included so there is a direct The _DRIP Link (BE: HDA, UA)_ is included so there is a direct
signature by the UA over the Broadcast Endorsement (see Section 4.2). signature by the UA over the Broadcast Endorsement (see Section 4.2).
Typical operation would expect that the list of _ASTM Message Hashes_ Typical operation would expect that the list of _ASTM Message Hashes_
contain nonce-like data. To enforce a binding between the BE: HDA, contain nonce-like data. To enforce a binding between the BE: HDA,
UA and avoid trivial replay attack vectors (see Section 9.1), at UA and avoid trivial replay attack vectors (see Section 9.1), at
least one _ASTM Message Hash_ MUST be from an [F3411] message that least one _ASTM Message Hash_ MUST be from an [F3411] message that
satisfies the fourth requirement in Section 6.3. At least once per satisfies the fourth requirement in Section 6.3. At least once per
session (of a given Observer processing messages nominally from a Observation Session, the Observer must process that message as
given UA), the Observer MUST process that message as specified in specified in Section 6.3.
Section 6.3.
4.4.3. Hash Algorithms and Operation 4.4.3. Hash Algorithms and Operation
The hash algorithm used for the Manifest is the same hash algorithm The hash algorithm used for the Manifest is the same hash algorithm
used in creation of the DET [RFC9374] that is signing the Manifest. used in creation of the DET [RFC9374] that is signing the Manifest.
This is encoded as part of the DET using the HHIT Suite ID. This is encoded as part of the DET using the HHIT Suite ID.
DETs that use cSHAKE128 [NIST.SP.800-185] compute the hash as DETs that use cSHAKE128 [NIST.SP.800-185] compute the hash as
follows: follows:
skipping to change at line 1292 skipping to change at line 1298
Message Packs are sent only over Extended Transports that provide Message Packs are sent only over Extended Transports that provide
FEC. Thus, the DRIP decoders will never be presented with a Message FEC. Thus, the DRIP decoders will never be presented with a Message
Pack from which a constituent Authentication Page has been dropped; Pack from which a constituent Authentication Page has been dropped;
DRIP FEC could never provide benefit to a Message Pack, only consume DRIP FEC could never provide benefit to a Message Pack, only consume
its precious payload space. Therefore, DRIP FEC (Section 5) MUST NOT its precious payload space. Therefore, DRIP FEC (Section 5) MUST NOT
be used in Message Packs. be used in Message Packs.
6.3. Authentication 6.3. Authentication
To fulfill the requirements in [RFC9153], a UA: To fulfill the requirements in [RFC9153], a UA MUST:
1. MUST: send DRIP Link (Section 4.2) using the _BE: Apex, RAA_ 1. send DRIP Link (Section 4.2) using the _BE: Apex, RAA_ (partially
(partially satisfying GEN-3); at least once per 5 minutes. Apex satisfying GEN-3); at least once per 5 minutes. Apex in this
in this context is the DET prefix owner. context is the DET prefix owner.
2. MUST: send DRIP Link (Section 4.2) using the BE: RAA, HDA 2. send DRIP Link (Section 4.2) using the BE: RAA, HDA (partially
(partially satisfying GEN-3); at least once per 5 minutes. satisfying GEN-3); at least once per 5 minutes.
3. MUST: send DRIP Link (Section 4.2) using the BE: HDA, UA 3. send DRIP Link (Section 4.2) using the BE: HDA, UA (satisfying
(satisfying ID-5, GEN-1 and partially satisfying GEN-3); at least ID-5, GEN-1 and partially satisfying GEN-3); at least once per
once per minute. minute.
4. MUST: send any other DRIP Authentication Format (non-DRIP Link) 4. send any other DRIP Authentication Format (non-DRIP Link) where
where the UA is dynamically signing data that is guaranteed to be the UA is dynamically signing data that is guaranteed to be
unique, unpredictable, and easily cross checked by the receiving unique, unpredictable, and easily cross checked by the receiving
device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5 device (satisfying ID-5, GEN-1 and GEN-2); at least once per 5
seconds. seconds.
An Observer MUST verify the signature (cryptographically) on each of An Observer's receiver must verify the signature (cryptographically,
the 4 messages immediately above and validate the signed content (via as specified in Section 3.1.1) on each of the 4 messages sent in the
non-cryptographic means) of the 4th message immediately above. operations specified immediately above and the Observer MUST validate
the signed content (via non-cryptographic means) of the 4th message
sent in the last operation immediately above (the non-DRIP Link
message).
These transmission, receiver verification, and Observer validation These transmission, receiver verification, and Observer validation
requirements collectively satisfy GEN-3. requirements collectively satisfy GEN-3.
6.4. Operational 6.4. Operational
UAS operation may impact the frequency of sending DRIP Authentication UAS operation may impact the frequency of sending DRIP Authentication
Messages. When a UA dwells at an approximate location, and the Messages. When a UA dwells at an approximate location, and the
channel is heavily used by other devices, less frequent message channel is heavily used by other devices, less frequent message
authentication may be effective (to minimize RF packet collisions) authentication may be effective (to minimize RF packet collisions)
skipping to change at line 1383 skipping to change at line 1392
A chain of DRIP Links provides trust in a key. A message, signed by A chain of DRIP Links provides trust in a key. A message, signed by
that key, containing data that changes rapidly and is not predictable that key, containing data that changes rapidly and is not predictable
far in advance (relative to typical operational flight times) but far in advance (relative to typical operational flight times) but
that can be validated by Observers, provides trust that some agent that can be validated by Observers, provides trust that some agent
with access to that data also possesses that key. If the validation with access to that data also possesses that key. If the validation
involves correlating physical world observations of the UA with involves correlating physical world observations of the UA with
claims in that data, then the probability is high that the observed claims in that data, then the probability is high that the observed
UA is (or is collaborating with or observed in real time by) the UA is (or is collaborating with or observed in real time by) the
agent with the key. agent with the key.
At least once per session, after signature verification of any DRIP At least once per Observation session, after signature verification
Authentication Message containing UAS RID information elements (e.g., of any DRIP Authentication Message containing UAS RID information
DRIP Wrapper, Section 4.3), the Observer MUST use other sources of elements (e.g., DRIP Wrapper, Section 4.3), the Observer must use
information to correlate against and perform validation. An example other sources of information to correlate against and perform
of another source of information is a visual confirmation of the UA validation (as specified in Section 6.3). An example of another
position. source of information is a visual confirmation of the UA position.
When correlation of these different data streams does not match in When correlation of these different data streams does not match in
acceptable thresholds, the data MUST be rejected as if the signature acceptable thresholds, the data MUST be rejected as if the signature
failed to validate. Acceptable threshold limits and what happens failed to validate. Acceptable threshold limits and what happens
after such a rejection are out of scope for this document. after such a rejection are out of scope for this document.
7. Summary of Addressed DRIP Requirements 7. Summary of Addressed DRIP Requirements
The following requirements as defined in [RFC9153] are addressed in The following requirements as defined in [RFC9153] are addressed in
this document: this document:
skipping to change at line 1539 skipping to change at line 1548
6.4.2. As non-normative clarification, the requirements are 6.4.2. As non-normative clarification, the requirements are
satisfied as follows: satisfied as follows:
The public key corresponding to a given DET (i.e., the key attested The public key corresponding to a given DET (i.e., the key attested
in the DRIP Link (BE: HDA, UA) that is the last link in the relevant in the DRIP Link (BE: HDA, UA) that is the last link in the relevant
chain of DRIP Links) is used by an Observer's receiver to try to chain of DRIP Links) is used by an Observer's receiver to try to
authenticate some signed message. authenticate some signed message.
If the signature check passes, If the signature check passes,
AND the message was a Wrapper or Manifest, _and_ the message was a Wrapper or Manifest,
AND the wrapped or manifested message contained content that was _and_ the wrapped or manifested message contained content that was
nonce-like, nonce-like,
AND the Observer validated that content by non-cryptographic means _and_ the Observer validated that content by non-cryptographic
(e.g., if the wrapped or manifested message was a Location/Vector means (e.g., if the wrapped or manifested message was a Location/
Message and the UA was visually observed to be in approximately Vector Message and the UA was visually observed to be in
the claimed location at the reported time), approximately the claimed location at the reported time),
ONLY THEN can the Observer trust that the currently observed sending _only then_ can the Observer trust that the currently observed
UA actually possesses the corresponding private key (and thus owns sending UA actually possesses the corresponding private key (and thus
the corresponding DET). owns the corresponding DET).
Messages that pass signature verification with trusted keys could Messages that pass signature verification with trusted keys could
still be replays if they contain only static information (e.g., still be replays if they contain only static information (e.g.,
Broadcast Endorsements (Section 4.2), [F3411] Basic ID or [F3411] Broadcast Endorsements (Section 4.2), [F3411] Basic ID or [F3411]
Operator ID), or information that cannot be readily validated (e.g., Operator ID), or information that cannot be readily validated (e.g.,
[F3411] Self-ID). Replay of Link messages is harmless (unless sent [F3411] Self-ID). Replay of Link messages is harmless (unless sent
so frequently as to cause RF data link congestion) and indeed can so frequently as to cause RF data link congestion) and indeed can
increase the likelihood of an Observer device collecting an entire increase the likelihood of an Observer device collecting an entire
trust chain in a short time window. Replay of other messages trust chain in a short time window. Replay of other messages
([F3411] Basic ID, [F3411] Operator ID, or [F3411] Self-ID) remains a ([F3411] Basic ID, [F3411] Operator ID, or [F3411] Self-ID) remains a
 End of changes. 14 change blocks. 
34 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.48.