Skip to main content

Drone Remote Identification Protocol (DRIP) Requirements

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 9153.
Authors Stuart W. Card , Adam Wiethuechter , Robert Moskowitz , Andrei Gurtov
Last updated 2021-07-01 (Latest revision 2021-06-28)
Replaces draft-card-drip-reqs
RFC stream Internet Engineering Task Force (IETF)
Additional resources Mailing list discussion
Stream WG state Submitted to IESG for Publication
Associated WG milestones
May 2020
Requirements and architecture drafts adopted by the WG
Sep 2020
Requirements and architecture drafts in the WGLC
Mar 2021
Submit Requirements Document to the IESG
Document shepherd Mohamed Boucadair
Shepherd write-up Show Last changed 2021-06-25
IESG IESG state Became RFC 9153 (Informational)
Consensus boilerplate Yes
Telechat date (None)
Has enough positions to pass.
Responsible AD Éric Vyncke
Send notices to,
IANA IANA review state IANA OK - No Actions Needed
DRIP                                                        S. Card, Ed.
Internet-Draft                                           A. Wiethuechter
Intended status: Informational                             AX Enterprize
Expires: 29 December 2021                                   R. Moskowitz
                                                          HTT Consulting
                                                               A. Gurtov
                                                    Linköping University
                                                            27 June 2021

        Drone Remote Identification Protocol (DRIP) Requirements


   This document defines terminology and requirements for Drone Remote
   Identification Protocol (DRIP) Working Group solutions to support
   Unmanned Aircraft System Remote Identification and tracking (UAS RID)
   for security, safety, and other purposes (e.g., initiation of
   identity based network sessions supporting UAS applications).
   Complementing external technical standards as regulator-accepted
   means of compliance with UAS RID regulations, DRIP will facilitate
   use of existing Internet resources to support RID and to enable
   enhanced related services, and will enable online and offline
   verification that RID information is trustworthy.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 29 December 2021.

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

Card, et al.            Expires 29 December 2021                [Page 1]
Internet-Draft              DRIP Requirements                  June 2021

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Simplified BSD License text
   as described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Motivation and External Influences  . . . . . . . . . . .   3
     1.2.  Concerns and Constraints  . . . . . . . . . . . . . . . .   8
     1.3.  DRIP Scope  . . . . . . . . . . . . . . . . . . . . . . .  10
     1.4.  Document Scope  . . . . . . . . . . . . . . . . . . . . .  11
   2.  Terms and Definitions . . . . . . . . . . . . . . . . . . . .  11
     2.1.  Requirements Terminology  . . . . . . . . . . . . . . . .  11
     2.2.  Definitions . . . . . . . . . . . . . . . . . . . . . . .  12
   3.  UAS RID Problem Space . . . . . . . . . . . . . . . . . . . .  20
     3.1.  Network RID . . . . . . . . . . . . . . . . . . . . . . .  22
     3.2.  Broadcast RID . . . . . . . . . . . . . . . . . . . . . .  25
     3.3.  USS in UTM and RID  . . . . . . . . . . . . . . . . . . .  29
     3.4.  DRIP Focus  . . . . . . . . . . . . . . . . . . . . . . .  30
   4.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .  31
     4.1.  General . . . . . . . . . . . . . . . . . . . . . . . . .  31
       4.1.1.  Normative Requirements  . . . . . . . . . . . . . . .  31
       4.1.2.  Rationale . . . . . . . . . . . . . . . . . . . . . .  32
     4.2.  Identifier  . . . . . . . . . . . . . . . . . . . . . . .  33
       4.2.1.  Normative Requirements  . . . . . . . . . . . . . . .  33
       4.2.2.  Rationale . . . . . . . . . . . . . . . . . . . . . .  34
     4.3.  Privacy . . . . . . . . . . . . . . . . . . . . . . . . .  35
       4.3.1.  Normative Requirements  . . . . . . . . . . . . . . .  35
       4.3.2.  Rationale . . . . . . . . . . . . . . . . . . . . . .  36
     4.4.  Registries  . . . . . . . . . . . . . . . . . . . . . . .  37
       4.4.1.  Normative Requirements  . . . . . . . . . . . . . . .  37
       4.4.2.  Rationale . . . . . . . . . . . . . . . . . . . . . .  37
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  38
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  38
   7.  Privacy and Transparency Considerations . . . . . . . . . . .  39
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  40
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  40
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  40
   Appendix A.  Discussion and Limitations . . . . . . . . . . . . .  44
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  46
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  46

Card, et al.            Expires 29 December 2021                [Page 2]
Internet-Draft              DRIP Requirements                  June 2021

1.  Introduction

   For any unfamiliar or _a priori_ ambiguous terminology herein, see
   Section 2.

1.1.  Motivation and External Influences

   Many considerations (especially safety and security) necessitate
   Unmanned Aircraft Systems (UAS) Remote Identification and tracking

   Unmanned Aircraft (UA) may be fixed wing, rotary wing (e.g.,
   helicopter), hybrid, balloon, rocket, etc.  Small fixed wing UA
   typically have Short Take-Off and Landing (STOL) capability; rotary
   wing and hybrid UA typically have Vertical Take-Off and Landing
   (VTOL) capability.  UA may be single- or multi-engine.  The most
   common today are multicopters: rotary wing, multi engine.  The
   explosion in UAS was enabled by hobbyist development, for
   multicopters, of advanced flight stability algorithms, enabling even
   inexperienced pilots to take off, fly to a location of interest,
   hover, and return to the take-off location or land at a distance.
   UAS can be remotely piloted by a human (e.g., with a joystick) or
   programmed to proceed from Global Navigation Satellite System (GNSS)
   waypoint to waypoint in a weak form of autonomy; stronger autonomy is

   Small UA are "low observable" as they:

   *  typically have small radar cross sections;

   *  make noise quite noticeable at short ranges but difficult to
      detect at distances they can quickly close (500 meters in under 13
      seconds by the fastest consumer mass market drones available in
      early 2021);

   *  typically fly at low altitudes (e.g., for those to which RID
      applies in the US, under 400 feet Above Ground Level (AGL) as per

   *  are highly maneuverable so can fly under trees and between

   UA can carry payloads including sensors, cyber and kinetic weapons,
   or can be used themselves as weapons by flying them into targets.
   They can be flown by clueless, careless, or criminal operators.  Thus
   the most basic function of UAS RID is "Identification Friend or Foe"
   (IFF) to mitigate the significant threat they present.

Card, et al.            Expires 29 December 2021                [Page 3]
Internet-Draft              DRIP Requirements                  June 2021

   Diverse other applications can be enabled or facilitated by RID.
   Internet protocols typically start out with at least one entity
   already knowing an identifier or locator of another; but an entity
   (e.g., UAS or Observer device) encountering an _a priori_ unknown UA
   in physical space has no identifier or logical space locator for that
   UA, unless and until one is provided somehow.  RID provides an
   identifier, which, if well chosen, can facilitate use of a variety of
   Internet family protocols and services to support arbitrary
   applications, beyond the basic security functions of RID.  For most
   of these, some type of identifier is essential, e.g., Network Access
   Identifier (NAI), Digital Object Identifier (DOI), Uniform Resource
   Identifier (URI), domain name, or public key.  DRIP motivations
   include both the basic security and the broader application support
   functions of RID.  The general scenario is illustrated in Figure 1.

                  +-----+    +-----+
                  | UA1 |    | UA2 |
                  +-----+    +-----+

      +----------+                   +----------+
      | General  |                   | Public   |
      | Public   |                   | Safety   |
      | Observer o------\     /------o Observer |
      +----------+      |     |      +----------+
                        |     |
   +----------+      *           *      +----------+
   | UA1      |      *           *      | UA2      |
   | Pilot/   o------*  Internet *------o Pilot/   |
   | Operator |      *           *      | Operator |
   +----------+      *           *      +----------+
                       |   |   |
        +----------+   |   |   |   +----------+
        | Public   o---/   |   \---o Private  |
        | Registry |       |       | Registry |
        +----------+       |       +----------+
                        | DNS |

                 Figure 1: "General UAS RID Usage Scenario"

   Figure 1 illustrates a typical case where there may be: multiple
   Observers, some of them members of the general public, others
   government officers with public safety/security responsibilities;
   multiple UA in flight within observation range, each with its own
   pilot/operator; at least one registry each for lookup of public and

Card, et al.            Expires 29 December 2021                [Page 4]
Internet-Draft              DRIP Requirements                  June 2021

   (by authorized parties only) private information regarding the UAS
   and their pilots/operators; and in the DRIP vision, DNS resolving
   various identifiers and locators of the entities involved.  Note the
   absence of any links to/from the UA in the figure; this is because
   UAS RID and other connectivity involving the UA varies, as described
   subsequently herein under Figure 3.  Remote Observer connectivity to
   the Internet may be very intermittent.

   An Observer of UA may need to classify them, as illustrated
   notionally in Figure 2, for basic airspace Situational Awareness
   (SA).  An Observer who classifies a UAS: as Taskable, can ask it to
   do something useful; as Low Concern, can reasonably assume it is not
   malicious and would cooperate with requests to modify its flight
   plans for safety concerns that arise; as High Concern or
   Unidentified, can focus surveillance on it.

                       x       x   No  +--------------+
                      x   ID?   x+---->| Unidentified |
                       x       x       +--------------+
                           | Yes
                       x       x
           .---------+x  Type?  x+----------.
           |           x       x            |
           |            xxxxxxx             |
           |               +                |
           v               v                v
   +--------------+ +--------------+ +--------------+
   |  Taskable    | | Low Concern  | | High Concern |
   +--------------+ +--------------+ +--------------+

                  Figure 2: "Notional UAS Classification"

   ASTM International, Technical Committee F38 (UAS), Subcommittee
   F38.02 (Aircraft Operations), Work Item WK65041, developed the widely
   cited Standard Specification for Remote ID and Tracking [F3411-19]:
   the published standard is available for purchase from ASTM and as an
   ASTM membership premium; early drafts are freely available as
   [OpenDroneID] specifications.  [F3411-19] is frequently referenced in
   DRIP, where building upon its link layers and both enhancing support
   for and expanding the scope of its applications are central foci.

Card, et al.            Expires 29 December 2021                [Page 5]
Internet-Draft              DRIP Requirements                  June 2021

   In many applications, including UAS RID, identification and
   identifiers are not ends in themselves; they exist to enable lookups
   and provision of other services.

   Using UAS RID to facilitate vehicular (V2X) communications and
   applications such as Detect And Avoid (DAA), which would impose
   tighter latency bounds than RID itself, is an obvious possibility,
   explicitly contemplated in the United States (US) Federal Aviation
   Administration (FAA) Remote Identification of Unmanned Aircraft rule
   [FRUR].  However, usage of RID systems and information beyond mere
   identification (primarily to hold operators accountable after the
   fact), including DAA, have been declared out of scope in ASTM F38.02
   WK65041, based on a distinction between RID as a security standard vs
   DAA as a safety application.  Aviation community Standards
   Development Organizations (SDOs) generally set a higher bar for
   safety than for security, especially with respect to reliability.
   Each SDO has its own cultural set of connotations of safety vs
   security; the denotative definitions of the International Civil
   Aviation Organization (ICAO) are cited in Section 2.

   [Opinion1] and [WG105] cite the Direct Remote Identification (DRI)
   previously required and specified, explicitly stating that whereas
   DRI is primarily for security purposes, the "Network Identification
   Service" [Opinion1] (in the context of U-space [InitialView]) or
   "Electronic Identification" [WG105] is primarily for safety purposes
   (e.g., Air Traffic Management, especially hazards deconfliction) and
   also is allowed to be used for other purposes such as support of
   efficient operations.  These emerging standards allow the security
   and safety oriented systems to be separate or merged.  In addition to
   mandating both Broadcast and Network one-way to Observers, they will
   use V2V to other UAS (also likely to and/or from some manned
   aircraft).  These reflect the broad scope of the European Union (EU)
   U-space concept, as being developed in the Single European Sky ATM
   Research (SESAR) Joint Undertaking, the U-space architectural
   principles of which are outlined in [InitialView].

   ASD-STAN is an Associated Body to CEN (European Committee for
   Standardization) for Aerospace Standards.  It is publishing an EU
   standard "Aerospace series - Unmanned Aircraft Systems - Part 002:
   Direct Remote Identification; English version prEN 4709-002:2020" for
   which a current (early 2021) informal overview is freely available in
   [ASDRI].  It will provide compliance to cover the identical DRI
   requirements applicable to drones of classes C1 - [Delegated] Part 2,
   C2 - [Delegated] Part 3, C3 - [Delegated] Part 4, C5 - [Amended] Part
   16, and C6 - [Amended] Part 17.

Card, et al.            Expires 29 December 2021                [Page 6]
Internet-Draft              DRIP Requirements                  June 2021

   The standard contemplated in [ASDRI] will provide UA capability to be
   identified in real time during the whole duration of the flight,
   without specific connectivity or ground infrastructure link,
   utilizing existing mobile devices within broadcast range.  It will
   use Bluetooth 4, Bluetooth 5, Wi-Fi Neighbor Awareness Networking
   (NAN, also known as Wi-Fi Aware, [WiFiNAN]) and/or IEEE 802.11 Beacon
   modes.  The EU standard emphasis was compatibility with [F3411-19],
   although there are differences in mandatory and optional message
   types and fields.

   The [ASDRI] contemplated DRI system will broadcast locally:

   1.  the UAS operator registration number;

   2.  the [CTA2063A] compliant unique serial number of the UA;

   3.  a time stamp, the geographical position of the UA, and its height
       AGL or above its take-off point;

   4.  the UA ground speed and route course measured clockwise from true

   5.  the geographical position of the remote pilot, or if that is not
       available, the geographical position of the UA take-off point;

   6.  for Classes C1, C2, C3, the UAS emergency status.

   Under the [ASDRI] contemplated standard, data will be sent in plain
   text and the UAS operator registration number will be represented as
   a 16-byte string including the (European) state code.  The
   corresponding private ID part will contain 3 characters that are not
   broadcast but used by authorities to access regional registration
   databases for verification.

   ASD-STAN also contemplates corresponding Network Remote
   Identification (NRI) functionality.  The ASD-STAN RID target is to
   revise their current standard with additional functionality (e.g.,
   DRIP) to be published before 2022 [ASDRI].

   Security oriented UAS RID essentially has two goals: enable the
   general public to obtain and record an opaque ID for any observed UA,
   which they can then report to authorities; enable authorities, from
   such an ID, to look up information about the UAS and its operator.
   Safety oriented UAS RID has stronger requirements.

Card, et al.            Expires 29 December 2021                [Page 7]
Internet-Draft              DRIP Requirements                  June 2021

   Although dynamic establishment of secure communications between the
   Observer and the UAS pilot seems to have been contemplated by the FAA
   UAS ID and Tracking Aviation Rulemaking Committee (ARC) in their
   [Recommendations], it is not addressed in any of the
   subsequent regulations or international SDO technical specifications,
   other than DRIP, known to the authors as of early 2021.

1.2.  Concerns and Constraints

   Disambiguation of multiple UA flying in close proximity may be very
   challenging, even if each is reporting its identity, position, and
   velocity as accurately as it can.

   The origin of information in UAS RID and UAS Traffic Management (UTM)
   generally is the UAS or its operator.  Self-reports may be initiated
   by the remote pilot at the console of the Ground Control Station
   (GCS, the UAS subsystem used to remotely operate the UA), or
   automatically by GCS software; in Broadcast RID, they typically would
   be initiated automatically by a process on the UA.  Data in the
   reports may come from sensors available to the operator (e.g., radar
   or cameras), the GCS (e.g., "dead reckoning" UA location, starting
   from the takeoff location and estimating the displacements due to
   subsequent piloting commands, wind, etc.), or the UA itself (e.g., an
   on-board GNSS receiver); in Broadcast RID, all the data must be sent
   proximately by, and most of the data comes ultimately from, the UA
   itself.  Whether information comes proximately from the operator, or
   from automated systems configured by the operator, there are
   possibilities not only of unintentional error in but also of
   intentional falsification of this data.  Mandating UAS RID,
   specifying data elements required to be sent, monitoring compliance
   and enforcing it (or penalizing non-compliance) are matters for Civil
   Aviation Authorities (CAAs) et al; specifying message formats, etc.
   to carry those data elements has been addressed by other SDOs;
   offering technical means, as extensions to external standards, to
   facilitate verifiable compliance and enforcement/monitoring, are
   opportunities for DRIP.

Card, et al.            Expires 29 December 2021                [Page 8]
Internet-Draft              DRIP Requirements                  June 2021

   Minimal specified information must be made available to the public.
   Access to other data, e.g., UAS operator Personally Identifiable
   Information (PII), must be limited to strongly authenticated
   personnel, properly authorized in accordance with applicable policy.
   The balance between privacy and transparency remains a subject for
   public debate and regulatory action; DRIP can only offer tools to
   expand the achievable trade space and enable trade-offs within that
   space.  [F3411-19], the basis for most current (2021) thinking about
   and efforts to provide UAS RID, specifies only how to get the UAS ID
   to the Observer: how the Observer can perform these lookups and how
   the registries first can be populated with information are
   unspecified therein.

   The need for nearly universal deployment of UAS RID is pressing:
   consider how negligible the value of an automobile license plate
   system would be if only 90% of the cars displayed plates.  This
   implies the need to support use by Observers of already ubiquitous
   mobile devices (typically smartphones and tablets).  Anticipating CAA
   requirements to support legacy devices, especially in light of
   [Recommendations], [F3411-19] specifies that any UAS sending
   Broadcast RID over Bluetooth must do so over Bluetooth 4, regardless
   of whether it also does so over newer versions; as UAS sender devices
   and Observer receiver devices are unpaired, this implies extremely
   short "advertisement" (beacon) frames.

   Wireless data links to or from UA are challenging.  Flight is often
   amidst structures and foliage at low altitudes over varied terrain.
   UA are constrained in both total energy and instantaneous power by
   their batteries.  Small UA imply small antennas.  Densely populated
   volumes will suffer from link congestion: even if UA in an airspace
   volume are few, other transmitters nearby on the ground, sharing the
   same license free spectral band, may be many.  Thus air to air and
   air to ground links will generally be slow and unreliable.

   UAS Cost, Size, Weight, and Power (CSWaP) constraints are severe.
   CSWaP is a burden not only on the designers of new UAS for sale, but
   also on owners of existing UAS that must be retrofit.  Radio
   Controlled (RC) aircraft modelers, "hams" who use licensed amateur
   radio frequencies to control UAS, drone hobbyists, and others who
   custom build UAS, all need means of participating in UAS RID,
   sensitive to both generic CSWaP and application-specific

   To accommodate the most severely constrained cases, all these
   conspire to motivate system design decisions that complicate the
   protocol design problem.

Card, et al.            Expires 29 December 2021                [Page 9]
Internet-Draft              DRIP Requirements                  June 2021

   Broadcast RID uses one-way local data links.  UAS may have Internet
   connectivity only intermittently, or not at all, during flight.

   Internet-disconnected operation of Observer devices has been deemed
   by ASTM F38.02 too infrequent to address.  However, the preamble to
   [FRUR] cites "remote and rural areas that do not have reliable
   Internet access" as a major reason for requiring Broadcast rather
   than Network RID, and states that "Personal wireless devices that are
   capable of receiving 47 CFR part 15 frequencies, such as smart
   phones, tablets, or other similar commercially available devices,
   will be able to receive broadcast remote identification information
   directly without reliance on an Internet connection".  Internet-
   disconnected operation presents challenges, e.g., for Observers
   needing access to the [F3411-19] web based Broadcast Authentication
   Verifier Service or external lookups.

   As RID must often operate within these constraints, heavyweight
   cryptographic security protocols or even simple cryptographic
   handshakes are infeasible, yet trustworthiness of UAS RID information
   is essential.  Under [F3411-19], _even the most basic datum, the UAS
   ID itself, can be merely an unsubstantiated claim_.

   Observer devices being ubiquitous, thus popular targets for malware
   or other compromise, cannot be generally trusted (although the user
   of each device is compelled to trust that device, to some extent); a
   "fair witness" functionality (inspired by [Stranger]) is desirable.

   Despite work by regulators and SDOs, there are substantial gaps in
   UAS standards generally and UAS RID specifically.  [Roadmap] catalogs
   UAS related standards, ongoing standardization activities and gaps
   (as of 2020); Section 7.8 catalogs those related specifically to UAS
   RID.  DRIP will address the most fundamental of these gaps, as
   foreshadowed above.

1.3.  DRIP Scope

   DRIP's initial charter is to make RID immediately actionable, in both
   Internet and local-only connected scenarios (especially emergencies),
   in severely constrained UAS environments, balancing legitimate (e.g.,
   public safety) authorities' Need To Know trustworthy information with
   UAS operators' privacy.  By "immediately actionable" is meant
   information of sufficient precision, accuracy, timeliness, etc. for
   an Observer to use it as the basis for immediate decisive action,
   whether that be to trigger a defensive counter-UAS system, to attempt
   to initiate communications with the UAS operator, to accept the
   presence of the UAS in the airspace where/when observed as not
   requiring further action, or whatever, with potentially severe
   consequences of any action or inaction chosen based on that

Card, et al.            Expires 29 December 2021               [Page 10]
Internet-Draft              DRIP Requirements                  June 2021

   information.  For further explanation of the concept of immediate
   actionability, see [ENISACSIRT].

   Note that UAS RID must achieve nearly universal adoption, but DRIP
   can add value even if only selectively deployed.  Authorities with
   jurisdiction over more sensitive airspace volumes may set a higher
   than generally mandated RID requirement for flight in such volumes.
   Those with a greater need for high-confidence IFF can equip with
   DRIP, enabling strong authentication of their own aircraft and allied
   operators without regard for the weaker (if any) authentication of

   DRIP (originally Trustworthy Multipurpose Remote Identification, TM-
   RID) potentially could be applied to verifiably identify other types
   of registered things reported to be in specified physical locations,
   and providing timely trustworthy identification data is also
   prerequisite to identity-oriented networking, but the urgent
   motivation and clear initial focus is UAS.  Existing Internet
   resources (protocol standards, services, infrastructure, and business
   models) should be leveraged.

1.4.  Document Scope

   This document describes the problem space for UAS RID conforming to
   proposed regulations and external technical standards, defines common
   terminology, specifies numbered requirements for DRIP, identifies
   some important considerations (IANA, security, privacy and
   transparency), and discusses limitations.

   A natural Internet-based approach to meet these requirements is
   described in a companion architecture document [drip-architecture]
   and elaborated in other DRIP documents.

2.  Terms and Definitions

2.1.  Requirements Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

Card, et al.            Expires 29 December 2021               [Page 11]
Internet-Draft              DRIP Requirements                  June 2021

2.2.  Definitions

   This section defines a non-comprehensive set of terms expected to be
   used in DRIP documents.  This list is meant to be the DRIP
   terminology reference; as such, some of the terms listed below are
   not used in this document.

   [RFC4949] provides a glossary of Internet security terms that should
   be used where applicable.

   In the UAS community, the plural form of acronyms generally is the
   same as the singular form, e.g., Unmanned Aircraft System (singular)
   and Unmanned Aircraft Systems (plural) are both represented as UAS.
   On this and other terminological issues, to encourage comprehension
   necessary for adoption of DRIP by the intended user community, that
   community's norms are respected herein, and definitions are quoted in
   cases where they have been found in that community's documents.  Most
   of the listed terms are from that community (even if specific source
   documents are not cited); any that are DRIP-specific or invented by
   the authors of this document are marked "(DRIP)".

      Four-dimensional.  Latitude, Longitude, Altitude, Time.  Used
      especially to delineate an airspace volume in which an operation
      is being or will be conducted.

      Attestation, Authentication, Authorization, Access Control,
      Accounting, Attribution, Audit, or any subset thereof (uses differ
      by application, author, and context).  (DRIP)

      AirBorne DAA.  Accomplished using systems onboard the aircraft
      involved.  Supports "self-separation" (remaining "well clear" of
      other aircraft) and collision avoidance.

      Automatic Dependent Surveillance - Broadcast.  "ADS-B Out"
      equipment obtains aircraft position from other on-board systems
      (typically GNSS) and periodically broadcasts it to "ADS-B In"
      equipped entities, including other aircraft, ground stations, and
      satellite based monitoring systems.

      Above Ground Level.  Relative altitude, above the variously
      defined local ground level, typically of a UA, measured in feet or
      meters.  Should be explicitly specified as either barometric
      (pressure) or geodetic (GNSS) altitude.

Card, et al.            Expires 29 December 2021               [Page 12]
Internet-Draft              DRIP Requirements                  June 2021

      Air Traffic Control.  Explicit flight direction to pilots from
      ground controllers.  Contrast with ATM.

      Air Traffic Management.  A broader functional and geographic scope
      and/or a higher layer of abstraction than ATC.  "The dynamic,
      integrated management of air traffic and airspace including air
      traffic services, airspace management and air traffic flow
      management - safely, economically and efficiently - through the
      provision of facilities and seamless services in collaboration
      with all parties and involving airborne and ground-based
      functions" [ICAOATM].

   Authentication Message
      [F3411-19] Message Type 2.  Provides framing for authentication
      data, only; the only message that can be extended in length by
      segmenting it across more than one page.

   Basic ID Message
      [F3411-19] Message Type 0.  Provides UA Type, UAS ID Type, and UAS
      ID, only.

   Broadcast Authentication Verifier Service
      System component designed to handle any authentication of
      Broadcast RID by offloading signature verification to a web
      service [F3411-19].

      Beyond Visual Line Of Sight.  See VLOS.

      Used here in its now-customary sense as a synonym for "octet", as
      "byte" is used exclusively in definitions of data structures
      specified in [F3411-19]

      Civil Aviation Authority of a regulatory jurisdiction.  Often so
      named, but other examples include the United States Federal
      Aviation Administration (FAA) and the Japan Civil Aviation Bureau.

      Cost, Size, Weight, and Power.

Card, et al.            Expires 29 December 2021               [Page 13]
Internet-Draft              DRIP Requirements                  June 2021

      Command and Control.  Previously mostly used in military contexts.
      Properly refers to a function, exercisable over arbitrary
      communications; but in the small UAS context, often refers to the
      communications (typically RF data link) over which the GCS
      controls the UA.

      Detect And Avoid, formerly Sense And Avoid (SAA).  A means of
      keeping aircraft "well clear" of each other and obstacles for
      safety.  "The capability to see, sense or detect conflicting
      traffic or other hazards and take the appropriate action to comply
      with the applicable rules of flight" [ICAOUAS].

   DRI (not to be confused with DRIP)
      Direct Remote Identification.  EU regulatory requirement for "a
      system that ensures the local broadcast of information about a UA
      in operation, including the marking of the UA, so that this
      information can be obtained without physical access to the UA".
      [Delegated] that presumably can be satisfied with appropriately
      configured [F3411-19] Broadcast RID.

      Discovery and Synchronization Service.  The UTM system overlay
      network backbone.  Most importantly, it enables one USS to learn
      which other USS have UAS operating in a given 4-D airspace volume,
      for strategic deconfliction of planned operations and Network RID
      surveillance of active operations.  [F3411-19]

      European Organisation for Civil Aviation Equipment.  Aviation SDO,
      originally European, now with broader membership.  Cooperates
      extensively with RTCA.

      Ground Based DAA.  Accomplished with the aid of ground based

      Ground Control Station.  The part of the UAS that the remote pilot
      uses to exercise C2 over the UA, whether by remotely exercising UA
      flight controls to fly the UA, by setting GNSS waypoints, or
      otherwise directing its flight.

      Global Navigation Satellite System.  Satellite based timing and/or
      positioning with global coverage, often used to support

Card, et al.            Expires 29 December 2021               [Page 14]
Internet-Draft              DRIP Requirements                  June 2021

      Global Positioning System.  A specific GNSS, but in the UAS
      context, the term is typically misused in place of the more
      generic term GNSS.

      Global Resilient Aviation Interoperable Network.  ICAO managed
      IPv6 overlay internetwork based on IATF, dedicated to aviation
      (but not just aircraft).  Currently (2021) in design,
      accommodating the proposed DRIP identifier.

      International Aviation Trust Framework.  ICAO effort to develop a
      resilient and secure by design framework for networking in support
      of all aspects of aviation.

      International Civil Aviation Organization.  A United Nations
      specialized agency that develops and harmonizes international
      standards relating to aviation.

      Identification Friend or Foe. Originally, and in its narrow sense
      still, a self-identification broadcast in response to
      interrogation via radar, to reduce friendly fire incidents, which
      led to military and commercial transponder systems such as ADS-B.
      In the broader sense used here, any process intended to
      distinguish friendly from potentially hostile UA or other entities

      Low Altitude Authorization and Notification Capability.  Supports
      ATC authorization requirements for UAS operations: remote pilots
      can apply to receive a near real-time authorization for operations
      under 400 feet in controlled airspace near airports.  FAA
      authorized partial stopgap in the US until UTM comes.

   Location/Vector Message
      [F3411-19] Message Type 1.  Provides UA location, altitude,
      heading, speed, and status.

      Line Of Sight.  An adjectival phrase describing any information
      transfer that travels in a nearly straight line (e.g.,
      electromagnetic energy, whether in the visual light, RF, or other
      frequency range) and is subject to blockage.  A term to be avoided
      due to ambiguity, in this context, between RF LOS and VLOS.

Card, et al.            Expires 29 December 2021               [Page 15]
Internet-Draft              DRIP Requirements                  June 2021

   Message Pack
      [F3411-19] Message Type 15.  The framed concatenation, in message
      type index order, of at most one message of each type of any
      subset of the other types.  Required to be sent in Wi-Fi NAN and
      in Bluetooth 5 Extended Advertisements, if those media are used;
      cannot be sent in Bluetooth 4.

      Mean Sea Level.  Shorthand for relative altitude, above the
      variously defined mean sea level, typically of a UA (but in [FRUR]
      also for a GCS), measured in feet or meters.  Should be explicitly
      specified as either barometric (pressure) or geodetic (e.g., as
      indicated by GNSS, referenced to the WGS84 ellipsoid).

   Net-RID DP
      Network RID Display Provider.  [F3411-19] logical entity that
      aggregates data from Net-RID SPs as needed in response to user
      queries regarding UAS operating within specified airspace volumes,
      to enable display by a user application on a user device.
      Potentially could provide not only information sent via UAS RID
      but also information retrieved from UAS RID registries or
      information beyond UAS RID.  Under superseded [NPRM], not
      recognized as a distinct entity, but a service provided by USS,
      including Public Safety USS that may exist primarily for this
      purpose rather than to manage any subscribed UAS.

   Net-RID SP
      Network RID Service Provider.  [F3411-19] logical entity that
      collects RID messages from UAS and responds to NetRID-DP queries
      for information on UAS of which it is aware.  Under superseded
      [NPRM], the USS to which the UAS is subscribed ("Remote ID USS").

   Network Identification Service
      EU regulatory requirement in [Opinion1] and [WG105] that
      presumably can be satisfied with appropriately configured
      [F3411-19] Network RID.

      An entity (typically but not necessarily an individual human) who
      has directly or indirectly observed a UA and wishes to know
      something about it, starting with its ID.  An Observer typically
      is on the ground and local (within VLOS of an observed UA), but
      could be remote (observing via Network RID or other surveillance),
      operating another UA, aboard another aircraft, etc.  (DRIP)

Card, et al.            Expires 29 December 2021               [Page 16]
Internet-Draft              DRIP Requirements                  June 2021

      A flight, or series of flights of the same mission, by the same
      UAS, separated by at most brief ground intervals.  (Inferred from
      UTM usage, no formal definition found)

      "A person, organization or enterprise engaged in or offering to
      engage in an aircraft operation" [ICAOUAS].

   Operator ID Message
      [F3411-19] Message Type 5.  Provides CAA issued Operator ID, only.
      Operator ID is distinct from UAS ID.

      Payload of a frame, containing a chunk of a message that has been
      segmented, to allow transport of a message longer than can be
      encapsulated in a single frame.  [F3411-19]

      Pilot In Command.  "The pilot designated by the operator, or in
      the case of general aviation, the owner, as being in command and
      charged with the safe conduct of a flight" [ICAOUAS].

      Personally Identifiable Information.  In the UAS RID context,
      typically of the UAS Operator, Pilot In Command (PIC), or Remote
      Pilot, but possibly of an Observer or other party.  This specific
      term is used primarily in the US; other terms with essentially the
      same meaning are more common in other jurisdictions (e.g.,
      "personal data" in the EU).  Used herein generically to refer to
      personal information, which the person might wish to keep private,
      or may have a statutorily recognized right to keep private (e.g.,
      under the EU [GDPR]), potentially imposing (legally or ethically)
      a confidentiality requirement on protocols/systems.

   Remote Pilot
      A pilot using a GCS to exercise proximate control of a UA.  Either
      the PIC or under the supervision of the PIC.  "The person who
      manipulates the flight controls of a remotely-piloted aircraft
      during flight time" [ICAOUAS].

      Radio Frequency.  Adjective, e.g., "RF link", or noun.

Card, et al.            Expires 29 December 2021               [Page 17]
Internet-Draft              DRIP Requirements                  June 2021

      RF Line Of Sight.  Typically used in describing a direct radio
      link between a GCS and the UA under its control, potentially
      subject to blockage by foliage, structures, terrain, or other
      vehicles, but less so than VLOS.

      Radio Technical Commission for Aeronautics.  US aviation SDO.
      Cooperates extensively with EUROCAE.

      "The state in which risks associated with aviation activities,
      related to, or in direct support of the operation of aircraft, are
      reduced and controlled to an acceptable level."  From Annex 19 of
      the Chicago Convention, quoted in [ICAODEFS]

      "Safeguarding civil aviation against acts of unlawful
      interference."  From Annex 17 of the Chicago Convention, quoted in

   Self-ID Message
      [F3411-19] Message Type 3.  Provides a 1 byte descriptor and 23
      byte ASCII free text field, only.  Expected to be used to provide
      context on the operation, e.g., mission intent.

      Standards Development Organization.  ASTM, IETF, et al.

      Supplemental Data Service Provider.  An entity that participates
      in the UTM system, but provides services beyond those specified as
      basic UTM system functions (e.g., weather data).  [FAACONOPS]

   System Message
      [F3411-19] Message Type 4.  Provides general UAS information,
      including remote pilot location, multiple UA group operational
      area, etc.

      EU concept and emerging framework for integration of UAS into all
      classes of airspace, specifically including high density urban
      areas, sharing airspace with manned aircraft [InitialView].

      Unmanned Aircraft.  In popular parlance, "drone".  "An aircraft
      which is intended to operate with no pilot on board" [ICAOUAS].

Card, et al.            Expires 29 December 2021               [Page 18]
Internet-Draft              DRIP Requirements                  June 2021

      Unmanned Aircraft System.  Composed of UA, all required on-board
      subsystems, payload, control station, other required off-board
      subsystems, any required launch and recovery equipment, all
      required crew members, and C2 links between UA and control station

      UAS identifier.  Although called "UAS ID", it is actually unique
      to the UA, neither to the operator (as some UAS registration
      numbers have been and for exclusively recreational purposes are
      continuing to be assigned), nor to the combination of GCS and UA
      that comprise the UAS.  _Maximum length of 20 bytes_ [F3411-19].

   UAS ID Type
      UAS Identifier type index. 4 bits, see Section 3, Paragraph 6 for
      currently defined values 0-3.  [F3411-19]

      UAS Remote Identification and tracking.  System to enable
      arbitrary Observers to identify UA during flight.

      UAS Service Supplier.  "A USS is an entity that assists UAS
      Operators with meeting UTM operational requirements that enable
      safe and efficient use of airspace" and "... provide services to
      support the UAS community, to connect Operators and other entities
      to enable information flow across the USS Network, and to promote
      shared situational awareness among UTM participants" [FAACONOPS].

      UAS Traffic Management.  "A specific aspect of air traffic
      management which manages UAS operations safely, economically and
      efficiently through the provision of facilities and a seamless set
      of services in collaboration with all parties and involving
      airborne and ground-based functions" [ICAOUTM].  In the US,
      according to the FAA, a "traffic management" ecosystem for
      "uncontrolled" low altitude UAS operations, separate from, but
      complementary to, the FAA's ATC system for "controlled" operations
      of manned aircraft.

      Vehicle-to-Vehicle.  Originally communications between
      automobiles, now extended to apply to communications between
      vehicles generally.  Often, together with Vehicle-to-
      Infrastructure (V2I) etc., generalized to V2X.

Card, et al.            Expires 29 December 2021               [Page 19]
Internet-Draft              DRIP Requirements                  June 2021

      Visual Line Of Sight.  Typically used in describing operation of a
      UA by a "remote" pilot who can clearly directly (without video
      cameras or any aids other than glasses or under some rules
      binoculars) see the UA and its immediate flight environment.
      Potentially subject to blockage by foliage, structures, terrain,
      or other vehicles, more so than RF LOS.

3.  UAS RID Problem Space

   CAAs worldwide are mandating UAS RID.  The European Union Aviation
   Safety Agency (EASA) has published [Delegated] and [Implementing]
   Regulations.  The US FAA has published a "final" rule [FRUR] and has
   described the key role that UAS RID plays in UAS Traffic Management
   (UTM) in [FAACONOPS] (especially Section 2.6).  CAAs currently (2021)
   promulgate performance-based regulations that do not specify
   techniques, but rather cite industry consensus technical standards as
   acceptable means of compliance.

   The most widely cited such industry consensus technical standard for
   UAS RID is [F3411-19], which defines two means of UAS RID:

      Network RID defines a set of information for UAS to make available
      globally indirectly via the Internet, through servers that can be
      queried by Observers.

      Broadcast RID defines a set of messages for UA to transmit locally
      directly one-way over Bluetooth or Wi-Fi (without IP or any other
      protocols between the data link and application layers), to be
      received in real time by local Observers.

   UAS using both means must send the same UAS RID application layer
   information via each [F3411-19].  The presentation may differ, as
   Network RID defines a data dictionary, whereas Broadcast RID defines
   message formats (which carry items from that same data dictionary).
   The interval (or rate) at which it is sent may differ, as Network RID
   can accommodate Observer queries asynchronous to UAS updates (which
   generally need be sent only when information, such as location,
   changes), whereas Broadcast RID depends upon Observers receiving UA
   messages at the time they are transmitted.

Card, et al.            Expires 29 December 2021               [Page 20]
Internet-Draft              DRIP Requirements                  June 2021

   Network RID depends upon Internet connectivity in several segments
   from the UAS to each Observer.  Broadcast RID should need Internet
   (or other Wide Area Network) connectivity only to retrieve UAS
   registry information using the directly locally received UAS
   Identifier (UAS ID) as the primary unique key for database lookup.
   Broadcast RID does not assume IP connectivity of UAS; messages are
   encapsulated by the UA _without IP_, directly in link layer frames
   (Bluetooth 4, Bluetooth 5, Wi-Fi NAN, IEEE 802.11 Beacon, or in the
   future perhaps others).

   [F3411-19] specifies three UAS ID Type values:

   1  A static, manufacturer assigned, hardware serial number as defined
      in ANSI/CTA-2063-A "Small Unmanned Aerial System Serial Numbers"

   2  A CAA assigned (generally static) ID, like the registration number
      of a manned aircraft.

   3  A UTM system assigned UUID [RFC4122], which can but need not be

   Per [Delegated], the EU allows only UAS ID Type 1.  Under [FRUR], the
   US allows types 1 and 3.  [NPRM] proposed that a type 3 "Session ID"
   would be "e.g., a randomly-generated alphanumeric code assigned by a
   Remote ID UAS Service Supplier (USS) on a per-flight basis designed
   to provide additional privacy to the operator", but given the
   omission of Network RID from [FRUR], how this is to be assigned in
   the US is still to be determined.

   As yet apparently there are no CAA public proposals to use UAS ID
   Type 2.  In the preamble of [FRUR], the FAA argues that registration
   numbers should not be sent in RID, insists that the capability of
   looking up registration numbers from information contained in RID
   should be restricted to FAA and other Government agencies, and
   implies that Session ID would be linked to the registration number
   only indirectly via the serial number in the registration database.
   The possibility of cryptographically blinding registration numbers,
   such that they can be revealed under specified circumstances, does
   not appear to be mentioned in applicable regulations or external
   technical standards.

   Under [Delegated], the EU also requires an operator registration
   number (an additional identifier distinct from the UAS ID) that can
   be carried in an [F3411-19] optional Operator ID message.

Card, et al.            Expires 29 December 2021               [Page 21]
Internet-Draft              DRIP Requirements                  June 2021

   [FRUR] allows RID requirements to be met by either the UA itself,
   which is then designated a "standard remote identification unmanned
   aircraft", or by an add-on "remote identification broadcast module".
   Relative to a standard RID UA, the different requirements for a
   module are that the latter: must transmit its own serial number
   (neither the serial number of the UA to which it is attached, nor a
   Session ID); must transmit takeoff location as a proxy for the
   location of the pilot/GCS; need not transmit UA emergency status; and
   is allowed to be used only for operations within VLOS of the remote

   Jurisdictions may relax or waive RID requirements for certain
   operators and/or under certain conditions.  For example, [FRUR]
   allows operators with UAS not equipped for RID to conduct VLOS
   operations at counter-intuitively named "FAA-recognized
   identification areas" (FRIA); radio controlled model aircraft flying
   clubs and other eligible organizations can apply to the FAA for such
   recognition of their operating areas.

3.1.  Network RID

   +-------------+     ******************
   |     UA      |     *    Internet    *
   +--o-------o--+     *                *
      |       |        *                *
      |       |        *                *     +------------+
      |       '--------*--(+)-----------*-----o            |
      |                *   |            *     |            |
      |       .--------*--(+)-----------*-----o NET-Rid SP |
      |       |        *                *     |            |
      |       |        *         .------*-----o            |
      |       |        *         |      *     +------------+
      |       |        *         |      *
      |       |        *         |      *     +------------+
      |       |        *         '------*-----o            |
      |       |        *                *     | NET-Rid DP |
      |       |        *         .------*-----o            |
      |       |        *         |      *     +------------+
      |       |        *         |      *
      |       |        *         |      *     +------------+
   +--o-------o--+     *         '------*-----o Observer's |
   |     GCS     |     *                *     | Device     |
   +-------------+     ******************     +------------+

                  Figure 3: "Network RID Information Flow"

Card, et al.            Expires 29 December 2021               [Page 22]
Internet-Draft              DRIP Requirements                  June 2021

   Figure 3 illustrates Network RID information flows.  Only two of the
   three typically wireless links shown involving the UAS (UA-GCS, UA-
   Internet, and GCS-Internet) need exist.  All three may exist, at the
   same or different times, especially in Beyond Visual Line Of Sight
   (BVLOS) operations.  There must be some information flow path (direct
   or indirect) between the GCS and the UA, for the former to exercise
   C2 over the latter.  If this path is two-way (as increasingly it is,
   even for inexpensive small UAS), the UA will also send its status
   (and position, if suitably equipped, e.g., with GNSS) to the GCS.
   There also must be some path between at least one subsystem of the
   UAS (UA or GCS) and the Internet, for the former to send status and
   position updates to its USS (serving _inter alia_ as a Net-RID SP).

   Direct UA-Internet wireless links are expected to become more common,
   especially on larger UAS, but currently (2021) are rare.  Instead,
   the RID data flow typically originates on the UA and passes through
   the GCS, or originates on the GCS.  Network RID data makes three
   trips through the Internet (GCS-SP, SP-DP, DP-Observer, unless any of
   them are colocated), implying use of IP (and other middle layer
   protocols, e.g., TLS/TCP or DTLS/UDP) on those trips.  IP is not
   necessarily used or supported on the UA-GCS link (if indeed that
   direct link exists, as it typically does now, but in BVLOS operations
   often will not).

   Network RID is publish-subscribe-query.  In the UTM context:

   1.  The UAS operator pushes an "operational intent" (the current term
       in UTM corresponding to a flight plan in manned aviation) to the
       USS (call it USS#1) that will serve that UAS (call it UAS#1) for
       that operation, primarily to enable deconfliction with other
       operations potentially impinging upon that operation's 4-D
       airspace volume (call it Volume#1).

   2.  Assuming the operation is approved and commences, UAS#1
       periodically pushes location/status updates to USS#1, which
       serves _inter alia_ as the Network RID Service Provider (Net-RID
       SP) for that operation.

   3.  When users of any other USS (whether they be other UAS operators
       or Observers) develop an interest in any 4-D airspace volume
       (e.g., because they wish to submit an operational intent or
       because they have observed a UA), they query their own USS on the
       volumes in which they are interested.

Card, et al.            Expires 29 December 2021               [Page 23]
Internet-Draft              DRIP Requirements                  June 2021

   4.  Their USS query, via the UTM Discovery and Synchronization
       Service (DSS), all other USS in the UTM system, and learn of any
       USS that have operations in those volumes (including any volumes
       intersecting them); thus those USS whose query volumes intersect
       Volume#1 (call them USS#2 through USS#n) learn that USS#1 has
       such operations.

   5.  Interested parties can then subscribe to track updates on that
       operation of UAS#1, via their own USS, which serve as Network RID
       Display Providers (Net-RID DP) for that operation.

   6.  USS#1 (as Net-RID SP) will then publish updates of UAS#1 status
       and position to all other subscribed USS in USS#2 through USS#n
       (as Net-RID DP).

   7.  All Net-RID DP subscribed to that operation of UAS#1 will deliver
       its track information to their users who subscribed to that
       operation of UAS#1 (via means unspecified by [F3411-19] etc., but
       generally presumed to be web browser based).

   Network RID has several connectivity scenarios:

      _Persistently Internet connected UA_ can consistently directly
      source RID information; this requires wireless coverage throughout
      the intended operational airspace volume, plus a buffer (e.g.,
      winds may drive the UA out of the volume).

      _Intermittently Internet connected UA_, can usually directly
      source RID information, but when offline (e.g., due to signal
      blockage by a large structure being inspected using the UAS), need
      the GCS to proxy source RID information.

      _Indirectly connected UA_ lack the ability to send IP packets that
      will be forwarded into and across the Internet, but instead have
      some other form of communications to another node that can relay
      or proxy RID information to the Internet; typically this node
      would be the GCS (which to perform its function must know where
      the UA is, although C2 link outages do occur).

Card, et al.            Expires 29 December 2021               [Page 24]
Internet-Draft              DRIP Requirements                  June 2021

      _Non-connected UA_ have no means of sourcing RID information, in
      which case the GCS or some other interface available to the
      operator must source it.  In the extreme case, this could be the
      pilot or other agent of the operator using a web browser/
      application to designate, to a USS or other UTM entity, a time-
      bounded airspace volume in which an operation will be conducted.
      This is referred to as a "non-equipped network participant"
      engaging in "area operations".  This may impede disambiguation of
      ID if multiple UAS operate in the same or overlapping 4-D volumes.
      In most airspace volumes, most classes of UA will not be permitted
      to fly if non-connected.

   In most cases in the near term (2021), the Network RID first hop data
   link is likely to be cellular, which can also support BVLOS C2 over
   existing large coverage areas, or Wi-Fi, which can also support
   Broadcast RID.  However, provided the data link can support at least
   UDP/IP and ideally also TCP/IP, its type is generally immaterial to
   higher layer protocols.  The UAS, as the ultimate source of Network
   RID information, feeds a Net-RID SP (typically the USS to which the
   UAS operator subscribes), which proxies for the UAS and other data
   sources.  An Observer or other ultimate consumer of Network RID
   information obtains it from a Net-RID DP (also typically a USS),
   which aggregates information from multiple Net-RID SPs to offer
   airspace Situational Awareness (SA) coverage of a volume of interest.
   Network RID Service and Display providers are expected to be
   implemented as servers in well-connected infrastructure,
   communicating with each other via the Internet, and accessible by
   Observers via means such as web Application Programming Interfaces
   (APIs) and browsers.

   Network RID is the less constrained of the defined UAS RID means.
   [F3411-19] specifies only Net-RID SP to Net-RID DP information
   exchanges.  It is presumed that IETF efforts supporting the more
   constrained Broadcast RID (see next section) can be generalized for
   Network RID and potentially also for UAS to USS or other UTM

3.2.  Broadcast RID

Card, et al.            Expires 29 December 2021               [Page 25]
Internet-Draft              DRIP Requirements                  June 2021

            | Unmanned Aircraft |
                      | app messages directly over one-way RF data link
   | Observer's device (e.g., smartphone) |

                 Figure 4: "Broadcast RID Information Flow"

   Figure 4 illustrates Broadcast RID information flow.  Note the
   absence of the Internet from the figure.  This is because Broadcast
   RID is one-way direct transmission of application layer messages over
   a RF data link (without IP) from the UA to local Observer devices.
   Internet connectivity is involved only in what the Observer chooses
   to do with the information received, such as verify signatures using
   a web-based Broadcast Authentication Verifier Service and look up
   information in registries using the UAS ID as the primary unique key.

   Broadcast RID is conceptually similar to Automatic Dependent
   Surveillance - Broadcast (ADS-B).  However, for various technical and
   other reasons, regulators including the EASA have not indicated
   intent to allow, and FAA has explicitly prohibited, use of ADS-B for

   [F3411-19] specifies four Broadcast RID data links: Bluetooth 4.x,
   Bluetooth 5.x with Extended Advertisements and Long Range Coded PHY
   (S=8), Wi-Fi NAN at 2.4 GHz, and Wi-Fi NAN at 5 GHz.  A UA must
   broadcast (using advertisement mechanisms where no other option
   supports broadcast) on at least one of these.  If sending on
   Bluetooth 5.x, it is also required concurrently to do so on 4.x
   (referred to in [F3411-19] as Bluetooth Legacy); current (2021)
   discussions in ASTM F38.02 on revising the standard, motivated by
   European standards drafts, suggest that both Bluetooth versions will
   be required.  If broadcasting Wi-Fi NAN at 5 GHz, it is also required
   concurrently to do so at 2.4 GHz; current discussions in F38.02
   include relaxing this.  Wi-Fi Beacons are also under consideration.
   Future revisions of [F3411-19] may allow other data links.

   The selection of the Broadcast media was driven by research into what
   is commonly available on 'ground' units (smartphones and tablets) and
   what was found as prevalent or 'affordable' in UA.  Further, there

Card, et al.            Expires 29 December 2021               [Page 26]
Internet-Draft              DRIP Requirements                  June 2021

   must be an API for the Observer's receiving application to have
   access to these messages.  As yet only Bluetooth 4.x support is
   readily available, thus the current focus is on working within the 31
   byte payload limit of the Bluetooth 4.x "Broadcast Frame" transmitted
   as an "advertisement" on beacon channels.  After overheads, this
   limits the RID message to 25 bytes and UAS ID string to a maximum
   length of 20 bytes.

   Length constraints also preclude a single Bluetooth 4.x frame
   carrying not only the UAS ID but also position, velocity, and other
   information that should be bound to the UAS ID, much less strong
   authentication data.  Messages that cannot be encapsulated in a
   single frame (thus far, only the Authentication Message) must be
   segmented into message "pages" (in the terminology of [F3411-19]).
   Message pages must somehow be correlated as belonging to the same
   message.  Messages carrying position, velocity and other data must
   somehow be correlated with the Basic ID message that carries the UAS
   ID.  This correlation is expected to be done on the basis of MAC
   address: this may be complicated by MAC address randomization; not
   all the common devices expected to be used by Observers have APIs
   that make sender MAC addresses available to user space receiver
   applications; and MAC addresses are easily spoofed.  Data elements
   are not so detached on other media (see Message Pack in the paragraph
   after next).

   [F3411-19] Broadcast RID specifies several message types.  The 4 bit
   message type field in the header can index up to 16 types.  Only 7
   are currently defined.  Only 2 are mandatory.  All others are
   optional, unless required by a jurisdictional authority, e.g., a CAA.
   To satisfy both EASA and FAA rules, all types are needed, except
   Self-ID and Authentication, as the data elements required by the
   rules are scattered across several message types (along with some
   data elements not required by the rules).

   The Message Pack (type 0xF) is not actually a message, but the framed
   concatenation of at most one message of each type of any subset of
   the other types, in type index order.  Some of the messages that it
   can encapsulate are mandatory, others optional.  The Message Pack
   itself is mandatory on data links that can encapsulate it in a single
   frame (Bluetooth 5.x and Wi-Fi).

Card, et al.            Expires 29 December 2021               [Page 27]
Internet-Draft              DRIP Requirements                  June 2021

    | Index                 | Name            | Req       | Notes     |
    | 0x0                   | Basic ID        | Mandatory | -         |
    | 0x1                   | Location/Vector | Mandatory | -         |
    | 0x2                   | Authentication  | Optional  | paged     |
    | 0x3                   | Self-ID         | Optional  | free text |
    | 0x4                   | System          | Optional  | -         |
    | 0x5                   | Operator        | Optional  | -         |
    | 0xF                   | Message Pack    | -         | BT5 and   |
    |                       |                 |           | Wi-Fi     |
    | See Section 5.4.5 and | -               | -         | -         |
    | Table 3 of [F3411-19] |                 |           |           |

                      Table 1: F3411-19 Message Types

   [F3411-19] Broadcast RID specifies very few quantitative performance
   requirements: static information must be transmitted at least once
   per 3 seconds; dynamic information (the Location/Vector message) must
   be transmitted at least once per second and be no older than one
   second when sent.  [FRUR] requires all information be sent at least
   once per second.

   [F3411-19] Broadcast RID transmits all information as cleartext
   (ASCII or binary), so static IDs enable trivial correlation of
   patterns of use, unacceptable in many applications, e.g., package
   delivery routes of competitors.

   Any UA can assert any ID using the [F3411-19] required Basic ID
   message, which lacks any provisions for verification.  The Position/
   Vector message likewise lacks provisions for verification, and does
   not contain the ID, so must be correlated somehow with a Basic ID
   message: the developers of [F3411-19] have suggested using the MAC
   addresses on the Broadcast RID data link, but these may be randomized
   by the operating system stack to avoid the adversarial correlation
   problems of static identifiers.

   The [F3411-19] optional Authentication Message specifies framing for
   authentication data, but does not specify any authentication method,
   and the maximum length of the specified framing is too short for

Card, et al.            Expires 29 December 2021               [Page 28]
Internet-Draft              DRIP Requirements                  June 2021

   conventional digital signatures and far too short for conventional
   certificates (e.g., X.509).  Fetching certificates via the Internet
   is not always possible (e.g., Observers working in remote areas, such
   as national forests), so devising a scheme whereby certificates can
   be transported over Broadcast RID is necessary.  The one-way nature
   of Broadcast RID precludes challenge-response security protocols
   (e.g., Observers sending nonces to UA, to be returned in signed
   messages).  Without DRIP extensions to [F3411-19], an Observer would
   be seriously challenged to validate the asserted UAS ID or any other
   information about the UAS or its operator looked up therefrom.

3.3.  USS in UTM and RID

   UAS RID and UTM are complementary; Network RID is a UTM service.  The
   backbone of the UTM system is comprised of multiple USS: one or
   several per jurisdiction; some limited to a single jurisdiction,
   others spanning multiple jurisdictions.  USS also serve as the
   principal or perhaps the sole interface for operators and UAS into
   the UTM environment.  Each operator subscribes to at least one USS.
   Each UAS is registered by its operator in at least one USS.  Each
   operational intent is submitted to one USS; if approved, that UAS and
   operator can commence that operation.  During the operation, status
   and location of that UAS must be reported to that USS, which in turn
   provides information as needed about that operator, UAS, and
   operation into the UTM system and to Observers via Network RID.

   USS provide services not limited to Network RID; indeed, the primary
   USS function is deconfliction of airspace usage by different UAS and
   other (e.g., manned aircraft, rocket launch) operations.  Most
   deconfliction involving a given operation is hoped to be completed
   prior to commencing that operation, and is called "strategic
   deconfliction".  If that fails, "tactical deconfliction" comes into
   play; ABDAA may not involve USS, but GBDAA likely will.  Dynamic
   constraints, formerly called UAS Volume Restrictions (UVR), can be
   necessitated by local emergencies, extreme weather, etc., specified
   by authorities on the ground, and propagated in UTM.

   No role for USS in Broadcast RID is currently specified by regulators
   or [F3411-19].  However, USS are likely to serve as registries (or
   perhaps registrars) for UAS (and perhaps operators); if so, USS will
   have a role in all forms of RID.  Supplemental Data Service Providers
   (SDSP) are also likely to find roles, not only in UTM as such but
   also in enhancing UAS RID and related services.  Whether USS, SDSP,
   etc. are involved or not, RID services, narrowly defined, provide
   regulator specified identification information; more broadly defined,
   RID services may leverage identification to facilitate related
   services or functions, likely beginning with V2X.

Card, et al.            Expires 29 December 2021               [Page 29]
Internet-Draft              DRIP Requirements                  June 2021

3.4.  DRIP Focus

   In addition to the gaps described above, there is a fundamental gap
   in almost all current or proposed regulations and technical standards
   for UAS RID.  As noted above, ID is not an end in itself, but a
   means.  Protocols specified in [F3411-19] etc. provide limited
   information potentially enabling, and no technical means for, an
   Observer to communicate with the pilot, e.g., to request further
   information on the UAS operation or exit from an airspace volume in
   an emergency.  The System Message provides the location of the pilot/
   GCS, so an Observer could physically go to the asserted location to
   look for the remote pilot; this is at best slow and may not be
   feasible.  What if the pilot is on the opposite rim of a canyon, or
   there are multiple UAS operators to contact, whose GCS all lie in
   different directions from the Observer?  An Observer with Internet
   connectivity and access privileges could look up operator PII in a
   registry, then call a phone number in hopes someone who can
   immediately influence the UAS operation will answer promptly during
   that operation; this is at best unreliable and may not be prudent.
   Should pilots be encouraged to answer phone calls while flying?
   Internet technologies can do much better than this.

   Thus complementing [F3411-19] with protocols enabling strong
   authentication, preserving operator privacy while enabling immediate
   use of information by authorized parties, is critical to achieve
   widespread adoption of a RID system supporting safe and secure
   operation of UAS.

   DRIP will focus on making information obtained via UAS RID
   immediately usable:

   1.  by making it trustworthy (despite the severe constraints of
       Broadcast RID);

   2.  by enabling verification that a UAS is registered for RID, and if
       so, in which registry (for classification of trusted operators on
       the basis of known registry vetting, even by Observers lacking
       Internet connectivity at observation time);

   3.  by facilitating independent reports of UA aeronautical data
       (location, velocity, etc.) to confirm or refute the operator
       self-reports upon which UAS RID and UTM tracking are based;

   4.  by enabling instant establishment, by authorized parties, of
       secure communications with the remote pilot.

Card, et al.            Expires 29 December 2021               [Page 30]
Internet-Draft              DRIP Requirements                  June 2021

   The foregoing considerations, beyond those addressed by baseline UAS
   RID standards such as [F3411-19], imply the following requirements
   for DRIP.

4.  Requirements

   The following requirements apply to DRIP as a set of related
   protocols, various subsets of which, in conjunction with other IETF
   and external technical standards, may suffice to comply with the
   regulations in any given jurisdiction or meet any given user need.
   It is not intended that each and every DRIP protocol alone satisfy
   each and every requirement.

4.1.  General

4.1.1.  Normative Requirements

   GEN-1   Provable Ownership: DRIP MUST enable verification that the
           UAS ID asserted in the Basic ID message is that of the actual
           current sender of the message (i.e., the message is not a
           replay attack or other spoof, authenticating, e.g., by
           verifying an asymmetric cryptographic signature using a
           sender provided public key from which the asserted ID can be
           at least partially derived), even on an Observer device
           lacking Internet connectivity at the time of observation.

   GEN-2   Provable Binding: DRIP MUST enable binding all other
           [F3411-19] messages from the same actual current sender to
           the UAS ID asserted in the Basic ID message.

   GEN-3   Provable Registration: DRIP MUST enable verification that the
           UAS ID is in a registry and identification of that registry,
           even on an Observer device lacking Internet connectivity at
           the time of observation; with UAS ID Type 3, the same sender
           may have multiple IDs, potentially in different registries,
           but each ID must clearly indicate in which registry it can be

   GEN-4   Readability: DRIP MUST enable information (regulation
           required elements, whether sent via UAS RID or looked up in
           registries) to be read and utilized by both humans and

   GEN-5   Gateway: DRIP MUST enable Broadcast RID to Network RID
           application layer gateways to stamp messages with precise
           date/time received and receiver location, then relay them to
           a network service (e.g., SDSP or distributed ledger).

Card, et al.            Expires 29 December 2021               [Page 31]
Internet-Draft              DRIP Requirements                  June 2021

   GEN-6   Contact: DRIP MUST enable dynamically establishing, with AAA,
           per policy, strongly mutually authenticated, end-to-end
           strongly encrypted communications with the UAS RID sender and
           entities looked up from the UAS ID, including at least the
           pilot (remote pilot or Pilot In Command), the USS (if any)
           under which the operation is being conducted, and registries
           in which data on the UA and pilot are held.

   GEN-7   QoS: DRIP MUST enable policy based specification of
           performance and reliability parameters.

   GEN-8   Mobility: DRIP MUST support physical and logical mobility of
           UA, GCS and Observers.  DRIP SHOULD support mobility of
           essentially all participating nodes (UA, GCS, Observers, Net-
           RID SP, Net-RID DP, Private Registry, SDSP, and potentially
           others as RID and UTM evolve).

   GEN-9   Multihoming: DRIP MUST support multihoming of UA and GCS, for
           make-before-break smooth handoff and resiliency against path/
           link failure.  DRIP SHOULD support multihoming of essentially
           all participating nodes.

   GEN-10  Multicast: DRIP SHOULD support multicast for efficient and
           flexible publish-subscribe notifications, e.g., of UAS
           reporting positions in designated airspace volumes.

   GEN-11  Management: DRIP SHOULD support monitoring of the health and
           coverage of Broadcast and Network RID services.

4.1.2.  Rationale

   Requirements imposed either by regulation or [F3411-19] are not
   reiterated here, but drive many of the numbered requirements listed
   here.  The [FRUR] regulatory QoS requirement currently would be
   satisfied by ensuring information refresh rates of at least 1 Hertz,
   with latencies no greater than 1 second, at least 80% of the time,
   but these numbers may vary between jurisdictions and over time.  So
   instead the DRIP QoS requirement is that performance, reliability,
   etc. parameters be user policy specifiable, which does not imply
   satisfiable in all cases, but (especially together with the
   management requirement) implies that when specifications are not met,
   appropriate parties are notified.

   The "provable ownership" requirement addresses the possibility that
   the actual sender is not the claimed sender (i.e., is a spoofer).
   The "provable binding" requirement addresses the MAC address
   correlation problem of [F3411-19] noted above.  The "provable
   registration" requirement may impose burdens not only on the UAS

Card, et al.            Expires 29 December 2021               [Page 32]
Internet-Draft              DRIP Requirements                  June 2021

   sender and the Observer's receiver, but also on the registry; yet it
   cannot depend upon the Observer being able to contact the registry at
   the time of observing the UA.  The "readability" requirement pertains
   to the structure and format of information at endpoints rather than
   its encoding in transit, so may involve machine assisted format
   conversions, e.g., from binary encodings, and/or decryption (see
   Section 4.3).

   The "gateway" requirement is in pursuit of three objectives: (1) mark
   up a RID message with where and when it was actually received, which
   may agree or disagree with the self-report in the set of messages;
   (2) defend against replay attacks; and (3) support optional SDSP
   services such as multilateration, to complement UAS position self-
   reports with independent measurements.  This is the only instance in
   which DRIP transports [F3411-19] messages; most of DRIP pertains to
   the authentication of such messages and identifiers carried in them.

   The "QoS" requirement is only that performance and reliability
   parameters can be _specified_ by policy, not that any such
   specifications must be guaranteed to be met; any failure to meet such
   would be reported under the "management" requirement.  Examples of
   such parameters are the maximum time interval at which messages
   carrying required data elements may be transmitted, the maximum
   tolerable rate of loss of such messages, and the maximum tolerable
   latency between a dynamic data element (e.g., GNSS position of UA)
   being provided to the DRIP sender and that element being delivered by
   the DRIP receiver to an application.

   The "mobility" requirement refers to rapid geographic mobility of
   nodes, changes of their points of attachment to networks, and changes
   to their IP addresses; it is not limited to micro-mobility within a
   small geographic area or single Internet access provider.

4.2.  Identifier

4.2.1.  Normative Requirements

   ID-1  Length: The DRIP entity identifier MUST NOT be longer than 20
         bytes, to fit in the UAS ID field of the Basic ID message of

   ID-2  Registry ID: The DRIP identifier MUST be sufficient to identify
         a registry in which the entity identified therewith is listed.

   ID-3  Entity ID: The DRIP identifier MUST be sufficient to enable
         lookups of other data associated with the entity identified
         therewith in that registry.

Card, et al.            Expires 29 December 2021               [Page 33]
Internet-Draft              DRIP Requirements                  June 2021

   ID-4  Uniqueness: The DRIP identifier MUST be unique within the
         applicable global identifier space from when it is first
         registered therein until it is explicitly de-registered
         therefrom (due to, e.g., expiration after a specified lifetime,
         revocation by the registry, or surrender by the operator).

   ID-5  Non-spoofability: The DRIP identifier MUST NOT be spoofable
         within the context of a minimal Remote ID broadcast message set
         (to be specified within DRIP to be sufficient collectively to
         prove sender ownership of the claimed identifier).

   ID-6  Unlinkability: The DRIP identifier MUST NOT facilitate
         adversarial correlation over multiple operations.  If this is
         accomplished by limiting each identifier to a single use or
         brief period of usage, the DRIP identifier MUST support well-
         defined, scalable, timely registration methods.

4.2.2.  Rationale

   The DRIP identifier can refer to various entities.  In the primary
   initial use case, the entity to be identified is the UA.  Entities to
   be identified in other likely use cases include but are not limited
   to the operator, USS, and Observer.  In all cases, the entity
   identified must own (have the exclusive capability to use, such that
   receivers can verify its ownership of) the identifier.

   The DRIP identifier can be used at various layers.  In Broadcast RID,
   it would be used by the application running directly over the data
   link.  In Network RID, it would be used by the application running
   over HTTPS (and possibly other protocols).  In RID initiated V2X
   applications such as DAA and C2, it could be used between the network
   and transport layers, e.g., with the Host Identity Protocol (HIP,
   [RFC4423], [RFC7401], etc.), or between the transport and application
   layers, e.g., with Datagram Transport Layer Security (DTLS,

   Registry ID (which registry the entity is in) and Entity ID (which
   entity it is, within that registry) are requirements on a single DRIP
   entity identifier, not separate (types of) ID.  In the most common
   use case, the entity will be the UA, and the DRIP identifier will be
   the UAS ID; however, other entities may also benefit from having DRIP
   identifiers, so the entity type is not prescribed here.

Card, et al.            Expires 29 December 2021               [Page 34]
Internet-Draft              DRIP Requirements                  June 2021

   Whether a UAS ID is generated by the operator, GCS, UA, USS,
   registry, or some collaboration thereamong, is unspecified; however,
   there must be agreement on the UAS ID among these entities.
   Management of DRIP identifiers is the primary function of their
   registration hierarchies, from the root (presumably IANA), through
   sector-specific and regional authorities (presumably ICAO and CAAs),
   to the identified entities themselves.

   While "uniqueness" might be considered an implicit requirement for
   any identifier, here the point of the explicit requirement is not
   just that it should be unique, but also where and when it should be
   unique: global scope within a specified space, from registration to

   While "non-spoofability" imposes requirements for and on a DRIP
   authentication protocol, it also imposes requirements on the
   properties of the identifier itself.  An example of how the nature of
   the identifier can support non-spoofability is embedding a hash of
   both the registry ID and a public key of the entity in the entity
   identifier, thus making it self-authenticating any time the entity's
   corresponding private key is used to sign a message.

   While "unlinkability" is a privacy desideratum (see next section), it
   imposes requirements on the DRIP identifier itself, as distinct from
   other currently permitted choices for the UAS ID (including primarily
   the static serial number of the UA or RID module).

4.3.  Privacy

4.3.1.  Normative Requirements

   PRIV-1  Confidential Handling: DRIP MUST enable confidential handling
           of private information (i.e., any and all information
           designated by neither cognizant authority nor the information
           owner as public, e.g., personal data).

   PRIV-2  Encrypted Transport: DRIP MUST enable selective strong
           encryption of private data in motion in such a manner that
           only authorized actors can recover it.  If transport is via
           IP, then encryption MUST be end-to-end, at or above the IP
           layer.  DRIP MUST NOT encrypt safety critical data to be
           transmitted over Broadcast RID in any situation where it is
           unlikely that local Observers authorized to access the
           plaintext will be able to decrypt it or obtain it from a
           service able to decrypt it.  DRIP MUST NOT encrypt data when/
           where doing so would conflict with applicable regulations or
           CAA policies/procedures, i.e., DRIP MUST support configurable
           disabling of encryption.

Card, et al.            Expires 29 December 2021               [Page 35]
Internet-Draft              DRIP Requirements                  June 2021

   PRIV-3  Encrypted Storage: DRIP SHOULD facilitate selective strong
           encryption of private data at rest in such a manner that only
           authorized actors can recover it.

   PRIV-4  Public/Private Designation: DRIP SHOULD facilitate
           designation, by cognizant authorities and information owners,
           of which information is public and which is private.  By
           default, all information required to be transmitted via
           Broadcast RID, even when actually sent via Network RID or
           stored in registries, is assumed to be public; all other
           information held in registries for lookup using the UAS ID is
           assumed to be private.

   PRIV-5  Pseudonymous Rendezvous: DRIP MAY enable mutual discovery of
           and communications among participating UAS operators whose UA
           are in 4-D proximity, using the UAS ID without revealing
           pilot/operator identity or physical location.

4.3.2.  Rationale

   Most data to be sent via Broadcast RID or Network RID is public, thus
   the "encrypted transport" requirement for private data is selective,
   e.g., for the entire payload of the Operator ID Message, but only the
   pilot/GCS location fields of the System Message.

   In some jurisdictions, the configurable enabling and disabling of
   encryption may need to be outside the control of the operator.
   [FRUR] mandates manufacturers design RID equipment with some degree
   of tamper resistance; the preamble and other FAA commentary suggest
   this is to reduce the likelihood that an operator, intentionally or
   unintentionally, might alter the values of the required data elements
   or disable their transmission in the required manner (e.g., as

   How information is stored on end systems is out of scope for DRIP.
   Encouraging privacy best practices, including end system storage
   encryption, by facilitating it with protocol design reflecting such
   considerations, is in scope.  Similar logic applies to methods for
   designating information as public or private.

   The privacy requirements above are for DRIP, neither for [F3411-19]
   (which requires obfuscation of location to any Network RID subscriber
   engaging in wide area surveillance, limits data retention periods,
   etc., in the interests of privacy), nor for UAS RID in any specific
   jurisdiction (which may have its own regulatory requirements).  The
   requirements above are also in a sense parameterized: who are the
   "authorized actors", how are they designated, how are they
   authenticated, etc.?

Card, et al.            Expires 29 December 2021               [Page 36]
Internet-Draft              DRIP Requirements                  June 2021

4.4.  Registries

4.4.1.  Normative Requirements

   REG-1  Public Lookup: DRIP MUST enable lookup, from the UAS ID, of
          information designated by cognizant authority as public, and
          MUST NOT restrict access to this information based on identity
          or role of the party submitting the query.

   REG-2  Private Lookup: DRIP MUST enable lookup of private information
          (i.e., any and all information in a registry, associated with
          the UAS ID, that is designated by neither cognizant authority
          nor the information owner as public), and MUST, according to
          applicable policy, enforce AAA, including restriction of
          access to this information based on identity or role of the
          party submitting the query.

   REG-3  Provisioning: DRIP MUST enable provisioning registries with
          static information on the UAS and its operator, dynamic
          information on its current operation within the U-space/UTM
          (including means by which the USS under which the UAS is
          operating may be contacted for further, typically even more
          dynamic, information), and Internet direct contact information
          for services related to the foregoing.

   REG-4  AAA Policy: DRIP AAA MUST be specifiable by policies; the
          definitive copies of those policies must be accessible in
          registries; administration of those policies and all DRIP
          registries must be protected by AAA.

4.4.2.  Rationale

   Registries are fundamental to RID.  Only very limited information can
   be Broadcast, but extended information is sometimes needed.  The most
   essential element of information sent is the UAS ID itself, the
   unique key for lookup of extended information in registries.  Beyond
   designating the UAS ID as that unique key, the registry information
   model is not specified herein, in part because regulatory
   requirements for different registries (UAS operators and their UA,
   each narrowly for UAS RID and broadly for U-space/UTM) and business
   models for meeting those requirements are in flux.  While it is
   expected that registry functions will be integrated with USS, who
   will provide them is not yet determined in most, and is expected to
   vary between, jurisdictions.  However this evolves, the essential
   registry functions, starting with management of identifiers, are
   expected to remain the same, so are specified herein.

Card, et al.            Expires 29 December 2021               [Page 37]
Internet-Draft              DRIP Requirements                  June 2021

   While most data to be sent via Broadcast or Network RID is public,
   much of the extended information in registries will be private.  Thus
   AAA for registries is essential, not just to ensure that access is
   granted only to strongly authenticated, duly authorized parties, but
   also to support subsequent attribution of any leaks, audit of who
   accessed information when and for what purpose, etc.  As specific AAA
   requirements will vary by jurisdictional regulation, provider
   philosophy, customer demand, etc., they are left to specification in
   policies, which should be human readable to facilitate analysis and
   discussion, and machine readable to enable automated enforcement,
   using a language amenable to both, e.g., XACML.

5.  IANA Considerations

   This document does not make any IANA request.

6.  Security Considerations

   DRIP is all about safety and security, so content pertaining to such
   is not limited to this section.  This document does not define any
   protocols, so security considerations of such are speculative.
   Potential vulnerabilities of DRIP solutions to these requirements
   include but are not limited to:

   *  Sybil attacks

   *  confusion created by many spoofed unsigned messages

   *  processing overload induced by attempting to verify many spoofed
      signed messages (where verification will fail but still consume

   *  malicious or malfunctioning registries

   *  interception by on-path attacker of (i.e., Man In The Middle
      attacks on) registration messages

   *  UA impersonation through private key extraction, improper key
      sharing, or carriage of a small (presumably harmless) UA, i.e., as
      a "false flag", by a larger (malicious) UA

   It may be inferred from the general requirements (Section 4.1) for
   provable ownership, provable binding, and provable registration,
   together with the identifier requirements (Section 4.2), that DRIP
   must provide:

   *  message integrity

Card, et al.            Expires 29 December 2021               [Page 38]
Internet-Draft              DRIP Requirements                  June 2021

   *  non-repudiation

   *  defense against replay attacks

   *  defense against spoofing

   One approach to so doing involves verifiably binding the DRIP
   identifier to a public key.  Providing these security features,
   whether via this approach or another, is likely to be especially
   challenging for Observers without Internet connectivity at the time
   of observation.  For example, checking the signature of a registry on
   a public key certificate received via Broadcast RID in a remote area
   presumably would require that the registry's public key had been
   previously installed on the Observer's device, yet there may be many
   registries and the Observer's device may be storage constrained, and
   new registries may come on-line subsequent to installation of DRIP
   software on the Observer's device.  Thus there may be caveats on the
   extent to which requirements can be satisfied in such cases, yet
   strenuous effort should be made to satisfy them, as such cases, e.g.,
   firefighting in a national forest, are important.

7.  Privacy and Transparency Considerations

   Privacy and transparency are important for legal reasons including
   regulatory consistency.  [EU2018] states "harmonised and
   interoperable national registration systems... should comply with the
   applicable Union and national law on privacy and processing of
   personal data, and the information stored in those registration
   systems should be easily accessible."

   Privacy and transparency (where essential to security or safety) are
   also ethical and moral imperatives.  Even in cases where old
   practices (e.g., automobile registration plates) could be imitated,
   when new applications involving PII (such as UAS RID) are addressed
   and newer technologies could enable improving privacy, such
   opportunities should not be squandered.  Thus it is recommended that
   all DRIP work give due regard to [RFC6973] and more broadly

   However, privacy and transparency are often conflicting goals,
   demanding careful attention to their balance.

   DRIP information falls into two classes: that which, to achieve the
   purpose, must be published openly as cleartext, for the benefit of
   any Observer (e.g., the basic UAS ID itself); and that which must be
   protected (e.g., PII of pilots) but made available to properly
   authorized parties (e.g., public safety personnel who urgently need
   to contact pilots in emergencies).

Card, et al.            Expires 29 December 2021               [Page 39]
Internet-Draft              DRIP Requirements                  June 2021

   How properly authorized parties are authorized, authenticated, etc.
   are questions that extend beyond the scope of DRIP, but DRIP may be
   able to provide support for such processes.  Classification of
   information as public or private must be made explicit and reflected
   with markings, design, etc.  Classifying the information will be
   addressed primarily in external standards; herein it will be regarded
   as a matter for CAA, registry, and operator policies, for which
   enforcement mechanisms will be defined within the scope of DRIP WG
   and offered.  Details of the protection mechanisms will be provided
   in other DRIP documents.  Mitigation of adversarial correlation will
   also be addressed.

8.  References

8.1.  Normative References

   [F3411-19] ASTM International, "Standard Specification for Remote ID
              and Tracking", February 2020,

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <>.

8.2.  Informative References

   [Amended]  European Union Aviation Safety Agency (EASA), "Commission
              Delegated Regulation (EU) 2020/1058 of 27 April 2020
              amending Delegated Regulation (EU) 2019/945", April 2020,

   [ASDRI]    ASD-STAN, "Introduction to the European UAS Digital Remote
              ID Technical Standard", January 2021, <https://asd-

   [CPDLC]    Gurtov, A., Polishchuk, T., and M. Wernberg, "Controller-
              Pilot Data Link Communication Security", MDPI
              Sensors 18(5), 1636, 2018,

Card, et al.            Expires 29 December 2021               [Page 40]
Internet-Draft              DRIP Requirements                  June 2021

   [CTA2063A] ANSI, "Small Unmanned Aerial Systems Serial Numbers",
              September 2019, <

              European Union Aviation Safety Agency (EASA), "Commission
              Delegated Regulation (EU) 2019/945 of 12 March 2019 on
              unmanned aircraft systems and on third-country operators
              of unmanned aircraft systems", March 2019,

              Card, S. W., Wiethuechter, A., Moskowitz, R., Zhao, S.,
              and A. Gurtov, "Drone Remote Identification Protocol
              (DRIP) Architecture", Work in Progress, Internet-Draft,
              draft-ietf-drip-arch-11, 23 February 2021,

              European Union Agency for Cybersecurity (ENISA),
              "Actionable information for Security Incident Response",
              November 2014, <

   [EU2018]   European Parliament and Council, "2015/0277 (COD) PE-CONS
              2/18", February 2018,

              FAA Office of NextGen, "UTM Concept of Operations v2.0",
              March 2020, <

   [FR24]     Flightradar24 AB, "Flightradar24 Live Air Traffic", May
              2021, <>.

   [FRUR]     Federal Aviation Administration, "Remote Identification of
              Unmanned Aircraft", January 2021,

   [GDPR]     European Parliament and Council, "General Data Protection
              Regulation", April 2016,

Card, et al.            Expires 29 December 2021               [Page 41]
Internet-Draft              DRIP Requirements                  June 2021

              Maeurer, N., Graeupl, T., and C. Schmitt, "L-band Digital
              Aeronautical Communications System (LDACS)", Work in
              Progress, Internet-Draft, draft-maeurer-raw-ldacs-06, 2
              October 2020, <

   [ICAOATM]  International Civil Aviation Organization, "Doc 4444:
              Procedures for Air Navigation Services: Air Traffic
              Management", November 2016, <

   [ICAODEFS] International Civil Aviation Organization, "Defined terms
              from the Annexes to the Chicago Convention and ICAO
              guidance material", July 2017,

   [ICAOUAS]  International Civil Aviation Organization, "Circular 328:
              Unmanned Aircraft Systems", February 2011,

   [ICAOUTM]  International Civil Aviation Organization, "Unmanned
              Aircraft Systems Traffic Management (UTM) - A Common
              Framework with Core Principles for Global Harmonization,
              Edition 3", October 2020,

              European Union Aviation Safety Agency (EASA), "Commission
              Implementing Regulation (EU) 2019/947 of 24 May 2019 on
              the rules and procedures for the operation of unmanned
              aircraft", May 2019,

              SESAR Joint Undertaking, "Initial view on Principles for
              the U-space architecture", July 2019,

   [NPRM]     United States Federal Aviation Administration (FAA),
              "Notice of Proposed Rule Making on Remote Identification
              of Unmanned Aircraft Systems", December 2019,

Card, et al.            Expires 29 December 2021               [Page 42]
Internet-Draft              DRIP Requirements                  June 2021


              Intel Corp., "Open Drone ID", March 2019,

   [OpenSky]  OpenSky Network non-profit association, "The OpenSky
              Network", May 2021,

   [Opinion1] European Union Aviation Safety Agency (EASA), "Opinion No
              01/2020: High-level regulatory framework for the U-space",
              March 2020, <

   [Part107]  United States Federal Aviation Administration, "Code of
              Federal Regulations Part 107", June 2016,

              FAA UAS Identification and Tracking Aviation Rulemaking
              Committee, "UAS ID and Tracking ARC Recommendations Final
              Report", September 2017, <

   [RFC4122]  Leach, P., Mealling, M., and R. Salz, "A Universally
              Unique IDentifier (UUID) URN Namespace", RFC 4122,
              DOI 10.17487/RFC4122, July 2005,

   [RFC4423]  Moskowitz, R. and P. Nikander, "Host Identity Protocol
              (HIP) Architecture", RFC 4423, DOI 10.17487/RFC4423, May
              2006, <>.

   [RFC4949]  Shirey, R., "Internet Security Glossary, Version 2",
              FYI 36, RFC 4949, DOI 10.17487/RFC4949, August 2007,

   [RFC6347]  Rescorla, E. and N. Modadugu, "Datagram Transport Layer
              Security Version 1.2", RFC 6347, DOI 10.17487/RFC6347,
              January 2012, <>.

Card, et al.            Expires 29 December 2021               [Page 43]
Internet-Draft              DRIP Requirements                  June 2021

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,

   [RFC7401]  Moskowitz, R., Ed., Heer, T., Jokela, P., and T.
              Henderson, "Host Identity Protocol Version 2 (HIPv2)",
              RFC 7401, DOI 10.17487/RFC7401, April 2015,

   [RFC8280]  ten Oever, N. and C. Cath, "Research into Human Rights
              Protocol Considerations", RFC 8280, DOI 10.17487/RFC8280,
              October 2017, <>.

   [Roadmap]  American National Standards Institute (ANSI) Unmanned
              Aircraft Systems Standardization Collaborative (UASSC),
              "Standardization Roadmap for Unmanned Aircraft Systems
              draft v2.0", April 2020, <
              Documents/Standards Activities/UASSC/

   [Stranger] Heinlein, R.A., "Stranger in a Strange Land", June 1961.

   [WG105]    EUROCAE, "WG-105 draft ED-282 Minimum Operational
              Performance Standards (MOPS) for Unmanned Aircraft System
              (UAS) Electronic Identification", June 2020.

   [WiFiNAN]  Wi-Fi Alliance, "Wi-Fi Aware™ Specification Version 3.2",
              October 2020, <

Appendix A.  Discussion and Limitations

   This document is largely based on the process of one SDO, ASTM.
   Therefore, it is tailored to specific needs and data formats of this
   standard.  Other organizations, for example in EU, do not necessarily
   follow the same architecture.

   The need for drone ID and operator privacy is an open discussion
   topic.  For instance, in the ground vehicular domain each car carries
   a publicly visible plate number.  In some countries, for nominal cost
   or even for free, anyone can resolve the identity and contact
   information of the owner.  Civil commercial aviation and maritime
   industries also have a tradition of broadcasting plane or ship ID,
   coordinates, and even flight plans in plain text.  Community networks
   such as OpenSky [OpenSky] and Flightradar24 [FR24] use this open
   information through ADS-B to deploy public services of flight

Card, et al.            Expires 29 December 2021               [Page 44]
Internet-Draft              DRIP Requirements                  June 2021

   tracking.  Many researchers also use these data to perform
   optimization of routes and airport operations.  Such ID information
   should be integrity protected, but not necessarily confidential.

   In civil aviation, aircraft identity is broadcast by a device known
   as transponder.  It transmits a four octal digit squawk code, which
   is assigned by a traffic controller to an airplane after approving a
   flight plan.  There are several reserved codes such as 7600 which
   indicate radio communication failure.  The codes are unique in each
   traffic area and can be re-assigned when entering another control
   area.  The code is transmitted in plain text by the transponder and
   also used for collision avoidance by a system known as Traffic alert
   and Collision Avoidance System (TCAS).  The system could be used for
   UAS as well initially, but the code space is quite limited and likely
   to be exhausted soon.  The number of UAS far exceeds the number of
   civil airplanes in operation.

   The ADS-B system is utilized in civil aviation for each "ADS-B Out"
   equipped airplane to broadcast its ID, coordinates, and altitude for
   other airplanes and ground control stations.  If this system is
   adopted for drone IDs, it has additional benefit with backward
   compatibility with civil aviation infrastructure; then, pilots and
   dispatchers will be able to see UA on their control screens and take
   those into account.  If not, a gateway translation system between the
   proposed drone ID and civil aviation system should be implemented.
   Again, system saturation due to large numbers of UAS is a concern.

   The Mode S transponders used in all TCAS and most ADS-B Out
   installations are assigned an ICAO 24 bit "address" (arguably really
   an identifier rather than a locator) that is associated with the
   aircraft as part of its registration.  In the US alone, well over
   2^20 UAS are already flying; thus, a 24 bit space likely would be
   rapidly exhausted if used for UAS (other than large UAS flying in
   controlled airspace, especially internationally, under rules other
   than those governing small UAS at low altitudes).

   Wi-Fi and Bluetooth are two wireless technologies currently
   recommended by ASTM specifications due to their widespread use and
   broadcast nature.  However, those have limited range (max 100s of
   meters) and may not reliably deliver UAS ID at high altitude or
   distance.  Therefore, a study should be made of alternative
   technologies from the telecom domain (WiMAX / IEEE 802.16, 5G) or
   sensor networks (Sigfox, LoRa).  Such transmission technologies can
   impose additional restrictions on packet sizes and frequency of
   transmissions, but could provide better energy efficiency and range.

Card, et al.            Expires 29 December 2021               [Page 45]
Internet-Draft              DRIP Requirements                  June 2021

   In civil aviation, Controller-Pilot Data Link Communications (CPDLC)
   is used to transmit command and control between the pilots and ATC.
   It could be considered for UAS as well due to long range and proven
   use despite its lack of security [CPDLC].

   L-band Digital Aeronautical Communications System (LDACS) is being
   standardized by ICAO and IETF for use in future civil aviation
   [I-D.maeurer-raw-ldacs].  It provides secure communication,
   positioning, and control for aircraft using a dedicated radio band.
   It should be analyzed as a potential provider for UAS RID as well.
   This will bring the benefit of a global integrated system creating a
   global airspace use awareness.


   The work of the FAA's UAS Identification and Tracking (UAS ID)
   Aviation Rulemaking Committee (ARC) is the foundation of later ASTM
   [F3411-19] and IETF DRIP efforts.  The work of Gabriel Cox, Intel
   Corp., and their Open Drone ID collaborators opened UAS RID to a
   wider community.  The work of ASTM F38.02 in balancing the interests
   of diverse stakeholders is essential to the necessary rapid and
   widespread deployment of UAS RID.  IETF volunteers who have
   extensively reviewed or otherwise contributed to this document
   include Amelia Andersdotter, Carsten Bormann, Mohamed Boucadair,
   Toerless Eckert, Susan Hares, Mika Jarvenpaa, Daniel Migault,
   Alexandre Petrescu, Saulo Da Silva and Shuai Zhao.  Thanks to Linda
   Dunbar for the Secdir review, Nagendra Nainar for the Opsdir review
   and Suresh Krishnan for the Gen-ART review.

Authors' Addresses

   Stuart W. Card (editor)
   AX Enterprize
   4947 Commercial Drive
   Yorkville, NY 13495
   United States of America


   Adam Wiethuechter
   AX Enterprize
   4947 Commercial Drive
   Yorkville, NY 13495
   United States of America


Card, et al.            Expires 29 December 2021               [Page 46]
Internet-Draft              DRIP Requirements                  June 2021

   Robert Moskowitz
   HTT Consulting
   Oak Park, MI 48237
   United States of America


   Andrei Gurtov
   Linköping University
   SE-58183 Linköping


Card, et al.            Expires 29 December 2021               [Page 47]