Drone Remote ID Protocol (drip) WG Agenda Wed 2020-03-25 20:00-21:30 (UTC) Co-Chairs: Daniel Migault & Mohamed Boucadair webex: etherpad: https://etherpad.ietf.org:9009/p/notes-ietf-107-drip?useMonospaceFont=true jabber: drip@jabber.ietf.org ********************************************************************** Agenda & Minutes ********************************************************************** (1) Chairs slides 15 min Note well, Minute taker, jabber, agenda bashing https://datatracker.ietf.org/meeting/107/materials/slides-107-drip-chairs-slides Agenda bashing and Note Well. Daniel explains github use, and then explains goals of session about Requirements to be understood by all the IETF. (2) DRIP Requirements 30 min 2.1 draft-card-drip-reqs [Stuart] 20 min https://datatracker.ietf.org/meeting/107/materials/slides-107-drip-drip-requirements Stu talking, presenting about the slides. Many acronyms presented. Firemen sees UA above fire, whose is it? "UTM is the future of Aviation" FAA UTM Pilot Project 2 architecture, DRIP must fit here as well as in EU equivalent. "Punts security methods to implementors" slide 9: Type 3: randomly-generated alphanumeric code is encouraged in US, but forbidden in EU Everyone says we should protect the identity of the pilot, but not how. jabber Amelia Andersdotter: how depressing that EASA would not allowed a randomly generated alphanumeric code for only one flight someone: integrity protected and authenticated lies are still lies Aviators understand push-to-talk analog, but not networking. have been moving fast outside the IETF with HIP-based code. badly need help with review, testing, etc. Jim Reid: how is this WG going to interact with the aviation authorities? Stu: There are no formal liasons in place. Not the one to push that. Joseph Potvin: Re: Regulation and Measures for Compliance, in particular DRIP General Req's #5. Can you provide more detail on the approach so far? Stu: explains how the RID would go into a registry, akin to telephone numbers. Joseph explains that Xalgorithms Foundation can participate with its free/libre methods and working & components that enable a control table in JSON or CBOR DSL to be associated with a Drone ID and pilot ID, within the 20 byte constraint. We have a way to include the essential reqs "in effect" GIVEN jurisdictions and date/time, and "applicable" WHEN various particulars are present. THEN a certain control table (EU regs; US regs etc) is associated with the ID. One of our team is involved in natoln team drone racing. We are happy to commit to assist with you DRIP GenReq #5. Contact: jpotvin@xalgorithms.org Stewart Bryant: will there be a ground based proxy for this? Stu: some are already over-constrained, very light, not easily retrofitted. Rarely one to give governments clue, and explains that the network-RID can come from any part of the UA-System, so they RID can come from the ground station, including the smartphone. Shuai Zhao: trying to use the ID from 3GPP SA2 and SA6 Stu: I'm hoping that you can connect us with that, because I definitely want to connect on this. (Adam looks forward to email) See you are as key role in connecting the communities. Hannes: you are using BT, and what other communication technologies are in use? Stu: the ASTN took the lead from from EU and USA regulators that first responders be able to identify the aircraft using devices they already have, which meant BT4. This means direct BT4 from UA to device on hand, and BT5 is on spec, and discussing ASTN requiring/allowing other media. For Network-RID, anythiing that gets you on the Internet is fine. Joseph Potvin: Xalgorithms, the way that we have split is to split up the rule maker from rule taker. Stephan Wenger: many think that there is a broadcast value, but considering the speed of the Internet, it seems like rather than jumping through hoops, why not, when sending out info over the Internet, why not query that information directly? Stu: while I agree with your idea, some of the regulation is above our pay grade, and there is back-pressure against FAA (in US) and in EU against requiring Internet. They wanted to allow either. There are many places where there is not ubiquitous Internet, and there places where they still want to identity things. Daniel asks: Stu: increasing awareness that systems need to be integrated. D: But out of scope? Stu: out of scope for the ASTM F3411, but maybe not for DRIP. Daniel asks that people check that the use case really fits into the requirements. webex: Mika Jarvenpaa 16:46 New U-space regulation draft https://www.easa.europa.eu/document-library/opinions/opinion-012020 2.2 Discussion [ALL] 10 min (3) DRIP Reference Architecture 30 min 3.1 draft-card-drip-arch [Stuart] 20 min https://datatracker.ietf.org/meeting/107/materials/slides-107-drip-drip-architecture unverified, weakly coorelated assertions about who is going where. one-way BT4 beacon frames with 24-bytes each, paged multi-frame at most 224 bytes (minus any ECC) the UAS ID, even though it is called that, it's an aircraft ID, because the ground station could operate multiple aircraft. Done 17:06, Jim Reid: 1) when do you need this architecture framework to be completed? Stu: hard to answer, as yet unwise in the ways of the IETF, trying to move as fast as the regulator is moving. JR 2) if you look at what happened in ICANN with WHOIS and RDAP(?) and LE... if you have any kind of information that identifies a human being, then the GDPR gets involved. So good to have a dialog with data protection authorities. Stu: one of the things that astonished me is that the European Aviation association required the type-1 identifier (the manufacturer identifier). Seems counter-intuitive given EU views on privacy. Jim Reid: a big problem, and I don't see an easy solution Hannes: you mentioned a prototype, did you produce a write-up/blog-post, etc? wants to learn more. Stu: I will get together with the developers and put together something. SDaSilva: issues relating to mobility? How does this impact the RID? Is this a real issue? mobility problem with Internet? Stu: I first got involved with mobile-IP in the context of aircraft, and aircraft were handed off between base stations, and this was challenging. Although there have been great strides in the last 20 years, but I don't see secure arbitrary mobility. I can't say anything more specific than that. Stewart Bryant: I am rather surprised, every vehicle that has flown for the past 100 years has had it's identity as public information (aircraft, vehicles, boats). I can see Europeans taking that position maybe. GDPR is about personal information, and not about the identity of the vehicle. Stu: that's mostly correct, but the broadcast information contains not just the identity/location of the vehicle, but the location of the pilot. Stewart: never heard anyone being at risk in the UK from this? Toerless: maybe there has never been a risk of the information being public. Stu: someone does something bad with a drone, and then somebody else sees the drone flying, envision the scenario where a mob attacks the wrong person. Toerless: the established tradition is that vehicle (plane) identifier was public , no requirement for "need to know". Stu: public visibility of the identifier, visibility of the information about the operator (name,rank,serial no, home address), EU and US have taken different approaches. Stu: UTM is the future of ATM. Very risk adverse, so hard to experiment with new ways to do things, where as unmapped systems are non-threatening, so they provide a place to innovate. Toerless: must be transparent and ??? ... privacy vs ... just a normal person having a lot of drones around me, then maybe I want to know more. Stephan Wenger: limited experience with FAA man-carrying regulation work, when you just look at what is obvious to those who have taken a flight lesson... recent regulator change. Introducing ADSB, the man-carrying equivalent to RID, which took 20 years to get. Mandatory as of 2020, using 199x technology... just being phased. Stick to our guns, and make the drones workable, because the timelines for man-carrying are an order of magnitude too long for us. Stu: the IETF is the best group to solve the problem, because we know the 90% of the problem. Toerless: it's not that the IETF is slow, it's that people do not have time to comment quickly. But that nagging would have to be unicast. Hannes: I'm not sure that the regulators will really be that fast. In Europe there are other problems that this kind of regulation. Stephan: I agree, but the IETF schedule of 1yr is often 5. Daniel suggests that we try to keep this deadline. I don't see any difficulties with the current documents. No technical difficulties. MCR suggests that it is the requirements that will be controversial, not the solutions, and that we need to deal with the objections from people who are new to this topic now. Toerless tries to agree with me. Hannes the tricky issue is to describe the requirements and the architecture. The solution is easy to do if you know the requirements. Shuai: do we have any specific dates? Daniel: we will ask, do you think these documents should be adopted, and this will occur in April. (Then explains the IETF process, and Stewart adds also area review) Eric: "feel free to continue use webex room. But, please close the official meeting and the minutes. Hallway track starts :-) and note well still applies" Jim Reid: need to ask the WG to adopt, (Stewart reminds that the chairs can do this unilaterally) 3.2 Discusion [ALL] 10 min (4) WG Planning & Closing 15 min ===If time permits (5) Protocol Documents 5.1 DRIP Authentication Formats & Identity Claims [Adam] draft-wiethuechter-drip-auth https://datatracker.ietf.org/meeting/107/materials/slides-107-drip-authentication-formats draft-wiethuechter-drip-identity-claims https://datatracker.ietf.org/meeting/107/materials/slides-107-drip-identity-claims 5.2 CS-RID & HIP Updates [Robert] draft-moskowitz-tmrid-crowd-sourced-rid https://datatracker.ietf.org/meeting/107/materials/slides-107-drip-crowd-sourced-remoteid-nonotes ********************************************************************** Bluesheet - Sign with your name and affiliation ********************************************************************** Éric Vyncke, Cisco Adam Wiethuechter, AX Enterprize, LLC Stuart Card, AX Enterprize, LLC Scott Hollenbeck, Verisign Bernie Hoeneisen. pEp Foundation Mohit Sethi, Ericsson Shuai Zhao, Tencent Robert Moskowitz, HTT Consulting Henk Birkholz, Fraunhofer SIT John Kaippallimalil, Futurewei Valery Smyslov, ELVIS-PLUS Zaid AlBanna, Verisign Peter Yee, AKAYLA Mohamed Boucadair, Orange Jonathan Hoyland, Cloudflare James Gould, Verisign Keith Moore, Network Heretics Ronald in 't Velt, TNO Andrew Lacher, The Boeing Company Stephan Wenger (Tencent) Ross Finlayson, Live Networks Amelia Andersdotter (CENTR) Stefano Faccin (Qualcomm) John Border, Hughes Ari Keränen, Ericsson David Smith, Verisign Stewart Bryant Futurewei US Nicolai Leymann, Deutsche Telekom Andy Thurling NUAIR Yuji Tochio, Fujitsu Erik Kline, Loon LLC Linda Dunbar, Futurewei Carsten Bormann, TZI Brendan Moran, Arm Michael Richardson, Sandelman Software Works Michael Gibbs, Verisign Teemu Kärkkäinen, TUM Ash Wilson, Valimail Jim Reid, rtfm llp Donald Eastlake, Futurewei Richard Wilhelm, Verisign Emile Stephan, Orange Russ Housley, Vigil Security LLC Behcet Sarikaya, Self Jari Arkko, Ericsson Toerless Eckert, Futurewei Barbara Stark, AT&T Josef Jahn, Frequentis AG Justin Iurman, University of Liege Olaf Maennel, Tallinn University of Technology Samita Chakrabarti, Verizon Philip Hall, RelmaTech Kiran Makhijani (Futurewei) Xavier de Foy, Interdigital Mika Järvenpää, Nokia Larry Masinter, LarryMasinter.net Fanny Parzysz, Orange Mike Boyle, NSA Steve Olshansky, ISOC Joseph Potvin, Xalgorithms Foundation Peter Koch, DENIC eG Daniel Migault Ericsson Hannes Tschofenig, Arm Brad Peabody Peter Van Roste, CENTR Godfred Ahuma, Packetfile Dieter Sibold, PTB Karen O'Donoghue, Internet Society Mitsuaki Hatano