Early Review of draft-ietf-drip-registries-09
review-ietf-drip-registries-09-opsdir-early-jaeggli-2023-06-12-00
Request | Review of | draft-ietf-drip-registries |
---|---|---|
Requested revision | No specific revision (document currently at 18) | |
Type | Early Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2023-06-09 | |
Requested | 2023-05-11 | |
Requested by | Mohamed Boucadair | |
Authors | Adam Wiethuechter , Jim Reid | |
I-D last updated | 2023-06-12 | |
Completed reviews |
Tsvart Early review of -09
by Yoshifumi Nishida
(diff)
Secdir Early review of -09 by Derrell Piper (diff) Opsdir Early review of -09 by Joel Jaeggli (diff) Dnsdir Early review of -09 by Tim Wicinski (diff) |
|
Comments |
As a preparation to the WGLC, we would like to have external reviews and fresh eyes to assess the specification and help identifying issues and fix them early in the process. Many thanks in advance. |
|
Assignment | Reviewer | Joel Jaeggli |
State | Partially completed | |
Request | Early review on draft-ietf-drip-registries by Ops Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/z9_uy8PSHpPF9FhuUg5fiIPz1rs | |
Reviewed revision | 09 (document currently at 18) | |
Result | Has issues | |
Completed | 2023-06-12 |
review-ietf-drip-registries-09-opsdir-early-jaeggli-2023-06-12-00
Greetings, I have reviewed https://datatracker.ietf.org/doc/draft-ietf-drip-registries/ on behalf of the Operations and Managament area. this is an early review so take it with a grain of salt. --- Section 5.3 us underspecified at a minimum for the normative operation of a nameserver providing services. (the authors note this) 5.3. Name Server (NS) The interface of the Name Server to any component (nominally the Registry) in a DIME is out of scope as typically they are implementation specific. Author Note: This may be very important here as we should not preclude a USS from running his own Name Server but they are not DNS experts and will need guidance or at least pointers to it to not mess it up. Such as SOA and NS formats to allow delegation if as RAA. In particular name resolution for UAS registries seems like the sort of application that should come with language about availability as a potentially life-critical system. --- I struggle with the descriptions in section 6.1 6.1. Serial Number There are four ways a Serial Number is supported (by DRIP): 1. As itself as a clear-text string with additional information 2. As itself as a clear-text string mapped to a DET "post" generation by the manufacturer (for use in authentication) and additional information 3. As itself as a clear-text string mapped to a DET "post" generation by the user (for use in authentication) and additional information 4. As an encoding of an HI and associated DET by the manufacturer (for use in authentication) with additional information these could be both tightened up and be more clear if written as something like the following track backing and forth between the explanitory notes or the cases should end up being 4 sub headings e.g. 6.1.1 2/3/4 and not simply a list. 6.1. Serial Number There are four ways a Serial Number is supported (by DRIP): 1. A clear-text string with additional information The case where a UA is provisioned with a Serial Number by the manufacturer. The manufacturer is runs an MAA and uses the mechanisms of this document to provide additional information. 2. A clear-text string mapped to a DET "post" generation by the manufacturer (for use in authentication) and additional information A UAS is provisioned with a Serial Number and DET by the manufacturer enabling their devices to use [drip-auth] and provide additional information. A public mapping of the Serial Number to DET and all public artifacts MUST be provided by the manufacturer. This document RECOMMENDS the manufacturer use an MAA for this task. 3. A clear-text string mapped to a DET "post" generation by the user (for use in authentication) and additional information where a UAS has a Serial Number (from the manufacturer) and the user has a mechanism to generate and map a DET to the Serial Number after production. This can provide dynamic signing keys for DRIP Authentication Messages via [drip-auth] for UAS that MUST fly only using Serial Numbers. Registration SHOULD be allowed to any relevant DIME that supports it. 4. As an encoding of an HI and associated DET by the manufacturer (for use in authentication) with additional information where a UAS manufacturer chooses to use the Serial Number scheme defined in [RFC9374] to create Serial Numbers, their associated DETs for [drip-auth] and provide additional information. This document RECOMMENDED that the manufacturer "locks" the device from changing its authentication method so identifiers in both the Basic ID and Authentication Message do not de-sync. The manufacturer MUST use an MAA for this task, with the mapping between their Manufacturer Code and the upper portion of the DET publicly available. --- section 6.3.1 6.3.2 should be labeled properly as session-ids --- section 7 is observably incomplete It is noted by the authors that as this system scales the problem becomes a, well known and tricky, key management problem. While recommendations for key management are useful they are not necessarily in scope for this document as best common practices around key management should already be mandated and enforced by the cognizant authorities in their existing systems. This document instead focuses on finding a balance for generic wide-spread interoperability between DIMEs with authorities and their existing systems in a Differentiated Access Process (DAP). at a minimum the key managment problem should be elucidated DRIP has no intention to develop a new "art" of key management, instead hoping to leverage existing systems and be flexible enough to adapt as new ones become popular. --- ICAO administered domain apex sounds like this is specifying a type of TLD, if it is not then what is described should be more narrowly specified. if it does this is ietf direction to ICANN 8. DRIP in the Domain Name System Per [drip-arch] all information classified as public is stored in the DNS to satisfy REG-1 from [RFC9153]. The apex for domain names MUST be under the administrative control of ICAO, the international treaty organization providing the critical coordination platform for civil aviation. ICAO SHOULD be responsible for the operation of the DNS-related infrastructure for these domain name apexes. It MAY chose to run that infrastructure directly or outsource it to competent third parties or some combination of the two. ICAO SHOULD specify the technical and administrative criteria for the provision of these services: contractual terms (if any), reporting, uptime, SLAs (if any), DNS query handling capacity, response times incident handling, complaints, law enforcement interaction and so on. --- DNS review should probably come from a DNS SME for additional considerations.