draft-ietf-drip-registries-02.txt   draft-ietf-drip-registries-03.txt 
drip Working Group A. Wiethuechter (Editor) drip Working Group A. Wiethuechter (Editor)
Internet-Draft S. Card Internet-Draft S. Card
Intended status: Standards Track AX Enterprize, LLC Intended status: Standards Track AX Enterprize, LLC
Expires: 1 November 2022 R. Moskowitz Expires: 12 November 2022 R. Moskowitz
HTT Consulting HTT Consulting
J. Reid J. Reid
RTFM llp RTFM llp
30 April 2022 11 May 2022
DRIP Entity Tag Registration & Lookup DRIP Entity Tag Registration & Lookup
draft-ietf-drip-registries-02 draft-ietf-drip-registries-03
Abstract Abstract
This document creates the DRIP DET registration and discovery This document creates the DRIP DET registration and discovery
ecosystem. This includes all components in the ecosystem (e.g., RAA, ecosystem. This includes all components in the ecosystem (e.g., RAA,
HDA, UA, GCS, USS). The registration process will use the Extensible HDA, UA, GCS, USS). The registration process will use the Extensible
Provisioning Protocol (EPP) and other protocols. The discovery Provisioning Protocol (EPP) and other protocols. The discovery
process will leverage DNS and DNSSEC and related technology. The process will leverage DNS and DNSSEC and related technology. The
DETs can be registered with as their "raw public keys" or in X.509 DETs can be registered with as their "raw public keys" or in X.509
certificates. certificates.
skipping to change at page 1, line 40 skipping to change at page 1, line 40
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 1 November 2022. This Internet-Draft will expire on 12 November 2022.
Copyright Notice Copyright Notice
Copyright (c) 2022 IETF Trust and the persons identified as the Copyright (c) 2022 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License. provided without warranty as described in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Abstract Process & Reasoning . . . . . . . . . . . . . . 4 1.1. Abstract Process & Reasoning . . . . . . . . . . . . . . 5
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Required Terminology . . . . . . . . . . . . . . . . . . 5 2.1. Required Terminology . . . . . . . . . . . . . . . . . . 5
2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 5 2.2. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6
3. Registries . . . . . . . . . . . . . . . . . . . . . . . . . 6 3. Registries . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Classes . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Classes . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1.1. Root . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1. Root . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1.2. Registered Assigning Authorities . . . . . . . . . . 6 3.1.2. Registered Assigning Authorities . . . . . . . . . . 7
3.1.3. Hierarchial HIT Domain Authorities . . . . . . . . . 7 3.1.3. Hierarchial HIT Domain Authorities . . . . . . . . . 7
3.2. Key Rollover & Federation . . . . . . . . . . . . . . . . 8 3.2. Key Rollover & Federation . . . . . . . . . . . . . . . . 8
4. DRIP Fully Qualified Domain Names . . . . . . . . . . . . . . 8 4. DRIP Fully Qualified Domain Names . . . . . . . . . . . . . . 9
4.1. Serial Number . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Serial Number . . . . . . . . . . . . . . . . . . . . . . 9
4.2. DET . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4.2. DET . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.3. Reverse DET . . . . . . . . . . . . . . . . . . . . . . . 9 4.3. Reverse DET . . . . . . . . . . . . . . . . . . . . . . . 9
5. Supported DNS Records . . . . . . . . . . . . . . . . . . . . 9 5. Supported DNS Records . . . . . . . . . . . . . . . . . . . . 10
5.1. HIP RR . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.1. HIP RR . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.2. CERT RR . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.2. CERT RR . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.3. NS RR . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.3. NS RR . . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.4. AAAA RR . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.4. AAAA RR . . . . . . . . . . . . . . . . . . . . . . . . . 10
5.5. SVR RR . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.5. SVR RR . . . . . . . . . . . . . . . . . . . . . . . . . 11
5.6. TLSA RR . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.6. TLSA RR . . . . . . . . . . . . . . . . . . . . . . . . . 11
6. Registry Operations . . . . . . . . . . . . . . . . . . . . . 11 6. Registry Operations . . . . . . . . . . . . . . . . . . . . . 11
6.1. Registering a Registry . . . . . . . . . . . . . . . . . 11 6.1. Registering a Registry . . . . . . . . . . . . . . . . . 11
6.1.1. Registering an RAA . . . . . . . . . . . . . . . . . 11 6.1.1. Registering an RAA . . . . . . . . . . . . . . . . . 12
6.1.2. Registering an IRM . . . . . . . . . . . . . . . . . 12 6.1.2. Registering an IRM . . . . . . . . . . . . . . . . . 13
6.1.3. Registering an HDA . . . . . . . . . . . . . . . . . 13 6.1.3. Registering an HDA . . . . . . . . . . . . . . . . . 14
6.1.4. Registering an MRA . . . . . . . . . . . . . . . . . 14 6.1.4. Registering an MRA . . . . . . . . . . . . . . . . . 15
6.2. Registering a Serial Number . . . . . . . . . . . . . . . 15 6.2. Registering a Serial Number . . . . . . . . . . . . . . . 16
6.3. Registering an Operator . . . . . . . . . . . . . . . . . 17 6.3. Registering an Operator . . . . . . . . . . . . . . . . . 18
6.4. Registering a Session ID . . . . . . . . . . . . . . . . 18 6.4. Registering a Session ID . . . . . . . . . . . . . . . . 19
6.4.1. Standard Provisioning . . . . . . . . . . . . . . . . 20 6.4.1. Standard Provisioning . . . . . . . . . . . . . . . . 21
6.4.2. Operator Assisted Provisioning . . . . . . . . . . . 22 6.4.2. Operator Assisted Provisioning . . . . . . . . . . . 23
6.4.3. Initial Provisioning . . . . . . . . . . . . . . . . 23 6.4.3. Initial Provisioning . . . . . . . . . . . . . . . . 24
7. EPP Command Mappings . . . . . . . . . . . . . . . . . . . . 23 7. EPP Command Mappings . . . . . . . . . . . . . . . . . . . . 24
7.1. Common Attributes . . . . . . . . . . . . . . . . . . . . 23 7.1. Common Attributes . . . . . . . . . . . . . . . . . . . . 24
7.2. EPP Query Commands . . . . . . . . . . . . . . . . . . . 24 7.2. EPP Query Commands . . . . . . . . . . . . . . . . . . . 25
7.2.1. EPP <check> Command . . . . . . . . . . . . . . . . . 24 7.2.1. EPP <check> Command . . . . . . . . . . . . . . . . . 25
7.2.2. EPP <info> Command . . . . . . . . . . . . . . . . . 24 7.2.2. EPP <info> Command . . . . . . . . . . . . . . . . . 25
7.2.3. EPP <transfer> Command . . . . . . . . . . . . . . . 24 7.2.3. EPP <transfer> Command . . . . . . . . . . . . . . . 25
7.3. EPP Transform Commands . . . . . . . . . . . . . . . . . 24 7.3. EPP Transform Commands . . . . . . . . . . . . . . . . . 25
7.3.1. EPP <create> Command . . . . . . . . . . . . . . . . 24 7.3.1. EPP <create> Command . . . . . . . . . . . . . . . . 25
7.3.2. EPP <delete> Command . . . . . . . . . . . . . . . . 28 7.3.2. EPP <delete> Command . . . . . . . . . . . . . . . . 29
7.3.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 30 7.3.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 31
7.3.4. EPP <transfer> Command . . . . . . . . . . . . . . . 30 7.3.4. EPP <transfer> Command . . . . . . . . . . . . . . . 31
7.3.5. EPP <update> Command . . . . . . . . . . . . . . . . 30 7.3.5. EPP <update> Command . . . . . . . . . . . . . . . . 31
8. RDAP Definitions . . . . . . . . . . . . . . . . . . . . . . 30 8. RDAP Definitions . . . . . . . . . . . . . . . . . . . . . . 31
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
10. Security Considerations . . . . . . . . . . . . . . . . . . . 30 10. Security Considerations . . . . . . . . . . . . . . . . . . . 31
10.1. DET Generation . . . . . . . . . . . . . . . . . . . . . 30 10.1. DET Generation . . . . . . . . . . . . . . . . . . . . . 31
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 32
12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 31 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 32
13. References . . . . . . . . . . . . . . . . . . . . . . . . . 31 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 32
13.1. Normative References . . . . . . . . . . . . . . . . . . 31 13.1. Normative References . . . . . . . . . . . . . . . . . . 32
13.2. Informative References . . . . . . . . . . . . . . . . . 31 13.2. Informative References . . . . . . . . . . . . . . . . . 33
Appendix A. DRIP Attestations & Certificates . . . . . . . . . . 33 Appendix A. DRIP Attestations & Certificates . . . . . . . . . . 34
A.1. Attestation Structure . . . . . . . . . . . . . . . . . . 33 A.1. Attestation Structure . . . . . . . . . . . . . . . . . . 34
A.1.1. Attestor Identity Information . . . . . . . . . . . . 34 A.1.1. Attestor Identity Information . . . . . . . . . . . . 35
A.1.2. Attestation Data . . . . . . . . . . . . . . . . . . 34 A.1.2. Attestation Data . . . . . . . . . . . . . . . . . . 36
A.1.3. Expiration Timestamp . . . . . . . . . . . . . . . . 34 A.1.3. Expiration Timestamp . . . . . . . . . . . . . . . . 36
A.1.4. Signing Timestamp . . . . . . . . . . . . . . . . . . 35 A.1.4. Signing Timestamp . . . . . . . . . . . . . . . . . . 36
A.1.5. Signature . . . . . . . . . . . . . . . . . . . . . . 35 A.1.5. Signature . . . . . . . . . . . . . . . . . . . . . . 36
A.2. Attestations . . . . . . . . . . . . . . . . . . . . . . 35 A.2. Attestations . . . . . . . . . . . . . . . . . . . . . . 36
A.2.1. Self-Attestation (SA-x) . . . . . . . . . . . . . . . 35 A.2.1. Self-Attestation (SA-x) . . . . . . . . . . . . . . . 37
A.2.2. Attestation (A-x.y) . . . . . . . . . . . . . . . . . 36 A.2.2. Attestation (A-x.y) . . . . . . . . . . . . . . . . . 38
A.2.3. Concise Attestation (CA-x.y) . . . . . . . . . . . . 37 A.2.3. Concise Attestation (CA-x.y) . . . . . . . . . . . . 39
A.2.4. Mutual Attestation (MA-x.y) . . . . . . . . . . . . . 38 A.2.4. Mutual Attestation (MA-x.y) . . . . . . . . . . . . . 40
A.2.5. Link Attestation (LA-x.y) . . . . . . . . . . . . . . 39 A.2.5. Link Attestation (LA-x.y) . . . . . . . . . . . . . . 41
A.2.6. Broadcast Attestation (BA-x.y) . . . . . . . . . . . 40 A.2.6. Broadcast Attestation (BA-x.y) . . . . . . . . . . . 42
A.3. Certificates . . . . . . . . . . . . . . . . . . . . . . 42 A.3. Certificates . . . . . . . . . . . . . . . . . . . . . . 44
A.3.1. Attestation Certificate (AC-z.x.y) . . . . . . . . . 42 A.3.1. Attestation Certificate (AC-z.x.y) . . . . . . . . . 44
A.3.2. Concise Certificate (CC-z.x.y) . . . . . . . . . . . 43 A.3.2. Concise Certificate (CC-z.x.y) . . . . . . . . . . . 45
A.3.3. Link Certificate (LC-z.x.y) . . . . . . . . . . . . . 43 A.3.3. Link Certificate (LC-z.x.y) . . . . . . . . . . . . . 45
A.3.4. Mutual Certificate (MC-z.x.y) . . . . . . . . . . . . 44 A.3.4. Mutual Certificate (MC-z.x.y) . . . . . . . . . . . . 46
A.4. Abbreviations & File Naming Conventions . . . . . . . . . 45 A.4. Abbreviations & File Naming Conventions . . . . . . . . . 47
A.4.1. In Text Abbreviation . . . . . . . . . . . . . . . . 46 A.4.1. In Text Abbreviation . . . . . . . . . . . . . . . . 48
A.4.2. File Naming . . . . . . . . . . . . . . . . . . . . . 46 A.4.2. File Naming . . . . . . . . . . . . . . . . . . . . . 48
Appendix B. X.509 Certificates . . . . . . . . . . . . . . . . . 46 Appendix B. X.509 Certificates . . . . . . . . . . . . . . . . . 48
Appendix C. Blockchain-based Registries . . . . . . . . . . . . 47 B.1. Certificate Policy and Certificate Stores . . . . . . . . 49
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 48 B.2. Certificate Management . . . . . . . . . . . . . . . . . 49
B.3. Examples . . . . . . . . . . . . . . . . . . . . . . . . 50
B.4. Alternative Certificate Encoding . . . . . . . . . . . . 50
Appendix C. Blockchain-based Registries . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 52
1. Introduction 1. Introduction
Registries are fundamental to RID. Only very limited information can Registries are fundamental to RID. Only very limited information can
be Broadcast, but extended information is sometimes needed. The most be Broadcast, but extended information is sometimes needed. The most
essential element of information sent is the UAS ID itself, the essential element of information sent is the UAS ID itself, the
unique key for lookup of extended information in registries. unique key for lookup of extended information in registries.
While it is expected that registry functions will be integrated with While it is expected that registry functions will be integrated with
USS, who will provide them is not yet determined in most, and is USS, who will provide them is not yet determined in most, and is
skipping to change at page 25, line 13 skipping to change at page 26, line 13
should be used in place of spaces. should be used in place of spaces.
The mfrCode field is only used by an MRA (Section 3.1.3.1) when The mfrCode field is only used by an MRA (Section 3.1.3.1) when
registering with an IRM (Section 3.1.2.1) and holds the ICAO assigned registering with an IRM (Section 3.1.2.1) and holds the ICAO assigned
Manufacturer Code for ANSI CTA2063-A Serial Numbers. It has a max of Manufacturer Code for ANSI CTA2063-A Serial Numbers. It has a max of
4 characters. 4 characters.
Example: Example:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> <extension>
<command> <dripRegistry:dripRegistry xmlns:dripRegistry="urn:ietf:params:xml:ns:dripRegistry-1.0">
<create> <dripRegistry:det>2001:0030:00a0:0145:a3ad:1952:0ad0:a69e</dripRegistry:det>
<dripRegistry:create xmlns:dripRegistry="urn:ietf:params:xml:ns:dripRegistry-1.0"> <dripRegistry:hi></dripRegistry:hi>
<dripRegistry:det>2001:0030:00a0:0145:a3ad:1952:0ad0:a69e</dripRegistry:det> <dripRegistry:selfAttestation>Hex of SelfAttestation(Registry)</dripRegistry:selfAttestation>
<dripRegistry:hi></dripRegistry:hi> <dripRegistry:raa>10</dripRegistry:raa>
<dripRegistry:raa>10</dripRegistry:raa> <dripRegistry:hda>20</dripRegistry:hda>
<dripRegistry:hda>20</dripRegistry:hda> <dripRegistry:abbreviation>FAA</dripRegistry:abbreviation>
<dripRegistry:abbreviation>FAA</dripRegistry:abbreviation> <dripRegistry:mfrCode>MFR0</dripRegistry:mfrCode>
<dripRegistry:mfrCode>MFR0</dripRegistry:mfrCode> <dripRegistry:postalInfo type="int">
<dripRegistry:postalInfo type="int"> <dripRegistry:name>Federal Aviation Administration</dripRegistry:name>
<dripRegistry:name>Federal Aviation Administration</dripRegistry:name> <dripRegistry:phys_addr>
<dripRegistry:phys_addr> <dripRegistry:street1>Orville Wright Federal Building</dripRegistry:street1>
<dripRegistry:street1>Orville Wright Federal Building</dripRegistry:street1> <dripRegistry:street2>800 Independence Avenue SW</dripRegistry:street2>
<dripRegistry:street2>800 Independence Avenue SW</dripRegistry:street2> <dripRegistry:city>Washington</dripRegistry:city>
<dripRegistry:city>Washington</dripRegistry:city> <dripRegistry:sp>DC</dripRegistry:sp>
<dripRegistry:sp>DC</dripRegistry:sp> <dripRegistry:pc>20591</dripRegistry:pc>
<dripRegistry:pc>20591</dripRegistry:pc> <dripRegistry:cc>US</dripRegistry:cc>
<dripRegistry:cc>US</dripRegistry:cc> </dripRegistry:phys_addr>
</dripRegistry:phys_addr> </dripRegistry:postalInfo>
</dripRegistry:postalInfo> <dripRegistry:voice x="1234">1 (866) 835-5322</dripRegistry:voice>
<dripRegistry:voice x="1234">1 (866) 835-5322</dripRegistry:voice> <dripRegistry:email>stephen.dickson@faa.gov</dripRegistry:email>
<dripRegistry:email>stephen.dickson@faa.gov</dripRegistry:email> </dripRegistry:dripRegistry>
</dripRegistry:create> </extension>
</create>
<clTRID>ADD-REGIS</clTRID>
</command>
</epp>
7.3.1.2. Operator 7.3.1.2. Operator
Example: Example:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> <extension>
<command> <dripOperator:dripOperator xmlns:dripOperator="urn:ietf:params:xml:ns:dripOperator-1.0">
<create> <dripOperator:postalInfo type="int">
<dripOperator:create xmlns:dripOperator="urn:ietf:params:xml:ns:dripOperator-1.0"> <dripOperator:phys_addr>
<dripOperator:postalInfo type="int"> <dripOperator:street1>123 Example Dr.</dripOperator:street1>
<dripOperator:name>John Doe</dripOperator:name> <dripOperator:street2>Suite 100</dripOperator:street2>
<dripOperator:phys_addr> <dripOperator:city>Dulles</dripOperator:city>
<dripOperator:street1>123 Example Dr.</dripOperator:street1> <dripOperator:sp>VA</dripOperator:sp>
<dripOperator:street2>Suite 100</dripOperator:street2> <dripOperator:pc>20166-6503</dripOperator:pc>
<dripOperator:city>Dulles</dripOperator:city> <dripOperator:cc>US</dripOperator:cc>
<dripOperator:sp>VA</dripOperator:sp> </dripOperator:phys_addr>
<dripOperator:pc>20166-6503</dripOperator:pc> </dripOperator:postalInfo>
<dripOperator:cc>US</dripOperator:cc> <dripOperator:part107_acct_name>some_faa_account</dripOperator:part107_acct_name>
</dripOperator:phys_addr> <dripOperator:rec_flyer_id>123456</dripOperator:rec_flyer_id>
<dripOperator:ma_addr> <dripOperator:caaId></dripOperator:caaId>
<dripOperator:street1>123 Example Dr.</dripOperator:street1> <dripOperator:det></dripOperator:det>
<dripOperator:street2>Suite 100</dripOperator:street2> <dripOperator:hi></dripOperator:hi>
<dripOperator:city>Dulles</dripOperator:city> <dripOperator:selfAttestation>Hex of SelfAttestation(Operator)</dripOperator:selfAttestation>
<dripOperator:sp>VA</dripOperator:sp> <dripOperator:attestation>Hex of Attestation(Registry, Operator)</dripOperator:attestation>
<dripOperator:pc>20166-6503</dripOperator:pc> </dripOperator::dripOperator>
<dripOperator:cc>US</dripOperator:cc> </extension>
</dripOperator:ma_addr>
</dripOperator:postalInfo>
<dripOperator:voice x="1234">+1.7035555555</dripOperator:voice>
<dripOperator:email>jdoe@example.com</dripOperator:email>
<dripOperator:part107_acct_name>some_faa_account</dripOperator:part107_acct_name>
<dripOperator:rec_flyer_id>123456</dripOperator:rec_flyer_id>
<dripOperator:caaId></dripOperator:caaId>
<dripOperator:det></dripOperator:det>
<dripOperator:hi></dripOperator:hi>
</dripOperator:create>
</create>
<clTRID>ADD-OPER</clTRID>
</command>
</epp>
7.3.1.3. Aircraft Serial Number 7.3.1.3. Aircraft Serial Number
Example: Example:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> <extension>
<command> <dripSerial:dripSerial xmlns:dripSerial="urn:ietf:params:xml:ns:dripSerial-1.0">
<create> <dripSerial:serial>0000F000000000000000</dripSerial:serial>
<dripSerial:create xmlns:dripSerial="urn:ietf:params:xml:ns:dripSerial-1.0"> <dripSerial:det></dripSerial:det>
<dripSerial:serial>0000F000000000000000</dripSerial:serial> <dripSerial:hi></dripSerial:hi>
<dripSerial:det></dripSerial:det> <dripSerial:selfAttestation>Hex of SelfAttestation(Aircraft)</dripSerial:selfAttestation>
<dripSerial:hi></dripSerial:hi> <dripSerial:broadcastAttestation>Hex of BroadcastAttestation(Registry, Aircraft)</dripSerial:broadcastAttestation>
<dripSerial:manufacturer>Drones R Us</dripSerial:manufacturer> <dripSerial:manufacturer>Drones R Us</dripSerial:manufacturer>
<dripSerial:make>Fast Drone</dripSerial:make> <dripSerial:make>Fast Drone</dripSerial:make>
<dripSerial:model>9000</dripSerial:model> <dripSerial:model>9000</dripSerial:model>
<dripSerial:color>White</dripSerial:color> <dripSerial:color>White</dripSerial:color>
<dripSerial:material>Plastic</dripSerial:material> <dripSerial:material>Plastic</dripSerial:material>
<dripSerial:weight>12.0</dripSerial:weight> <dripSerial:weight>12.0</dripSerial:weight>
<dripSerial:length>5.0</dripSerial:length> <dripSerial:length>5.0</dripSerial:length>
<dripSerial:width>4.0</dripSerial:width> <dripSerial:width>4.0</dripSerial:width>
<dripSerial:height>3.0</dripSerial:height> <dripSerial:height>3.0</dripSerial:height>
<dripSerial:numRotors>4</dripSerial:numRotors> <dripSerial:numRotors>4</dripSerial:numRotors>
<dripSerial:propLength>2.0</dripSerial:propLength> <dripSerial:propLength>2.0</dripSerial:propLength>
<dripSerial:batteryCapacity>5000</dripSerial:batterCapacity> <dripSerial:batteryCapacity>5000</dripSerial:batterCapacity>
<dripSerial:batteryVoltage>12</dripSerial:batteryVoltage> <dripSerial:batteryVoltage>12</dripSerial:batteryVoltage>
<dripSerial:batteryWeight>5.2</dripSerial:batteryWeight> <dripSerial:batteryWeight>5.2</dripSerial:batteryWeight>
<dripSerial:batteryChemistry>Lithium-Ion</dripSerial:batteryChemistry> <dripSerial:batteryChemistry>Lithium-Ion</dripSerial:batteryChemistry>
<dripSerial:takeOffWeight>15</dripSerial:takeOffWeight> <dripSerial:takeOffWeight>15</dripSerial:takeOffWeight>
<dripSerial:maxTakeOffWeight>25</dripSerial:maxTakeOffWeight> <dripSerial:maxTakeOffWeight>25</dripSerial:maxTakeOffWeight>
<dripSerial:maxPayloadWeight>10</dripSerial:maxPayloadWeight> <dripSerial:maxPayloadWeight>10</dripSerial:maxPayloadWeight>
<dripSerial:maxFlightTime>15</dripSerial:maxFlightTime> <dripSerial:maxFlightTime>15</dripSerial:maxFlightTime>
<dripSerial:minOperatingTemp>35</dripSerial:minOperatingTemp> <dripSerial:minOperatingTemp>35</dripSerial:minOperatingTemp>
<dripSerial:maxOperatingTemp>90</dripSerial:maxOperatingTemp> <dripSerial:maxOperatingTemp>90</dripSerial:maxOperatingTemp>
<dripSerial:ipRating>55</dripSerial:ipRating> <dripSerial:ipRating>55</dripSerial:ipRating>
</dripSerial:create> </dripSerial:dripSerial>
</create> </extension>
<clTRID>ADD-AIRCRFT</clTRID>
</command>
</epp>
7.3.1.4. Aircraft Session ID 7.3.1.4. Aircraft Session ID
Example: Example:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> <extension>
<command> <dripSession:dripSession xmlns:dripSession="urn:ietf:params:xml:ns:dripSession-1.0">
<create> <dripSession:serial>0000F000000000000000</dripSession:serial>
<dripSession:create xmlns:dripSession="urn:ietf:params:xml:ns:dripSession-1.0"> <dripSession:uasId></dripSession:uasId>
<dripSession:serial>0000F000000000000000</dripSession:serial> <dripSession:sessionHi></dripSession:sessionHi>
<dripSession:uasId></dripSession:uasId> <dripSession:broadcastAttestation>Hex of BroadcastAttestation(Registry, Aircraft)</dripSession:broadcastAttestation>
<dripSession:sessionHi></dripSession:sessionHi> <dripSession:attestationCertificate>Hex of AttestationCertificate(Registry, Operator, Aircraft)</dripSession:attestationCertificate>
<dripSession:operationalIntent></dripSession:operationalIntent> <dripSession:operationalIntent></dripSession:operationalIntent>
<dripSession:operationalIntentSrc>uss.example.com</dripSession:operationalIntentSrc> <dripSession:operationalIntentSrc>uss.example.com</dripSession:operationalIntentSrc>
<dripSession:operatorId>NOP123456</dripSession:operatorId> <dripSession:operatorId>NOP123456</dripSession:operatorId>
<dripSession:operatorDet></dripSession:operatorDet> <dripSession:operatorDet></dripSession:operatorDet>
<dripSession:fa3>N1232456</dripSession:fa3> <dripSession:attestation>Hex of Attestation(Operator, Aircraft)</dripSession:attestation>
</dripSession:create> <dripSession:mutualAttestation>Hex of MutualAttestation(Registry, Operator)</dripSession:mutualAttestation>
</create> <dripSession:fa3>N1232456</dripSession:fa3>
<clTRID>ADD-SID</clTRID> <dripSession:sessionStart>2022-04-09T15:43:13Z</dripSession:sessionStart>
</command> <dripSession:sessionEnd>2022-04-09T20:43:13Z</dripSession:sessionEnd>
</epp> </dripSession:dripSession>
</extension>
7.3.2. EPP <delete> Command 7.3.2. EPP <delete> Command
7.3.2.1. Registry 7.3.2.1. Registry
Example: Example:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command> <command>
skipping to change at page 31, line 28 skipping to change at page 32, line 28
the DNS serving the HDA with the HIP RR and other relevant RR types the DNS serving the HDA with the HIP RR and other relevant RR types
(such as TXT and CERT). The registry MUST also generate the (such as TXT and CERT). The registry MUST also generate the
appropriate attestations/certificates for the given operation. appropriate attestations/certificates for the given operation.
If the registry denied the HI/DET pair, because there was a DET If the registry denied the HI/DET pair, because there was a DET
collision or any other reason, the registry MUST signal back to the collision or any other reason, the registry MUST signal back to the
device being provisioned that a new HI needs to be generated. device being provisioned that a new HI needs to be generated.
11. Acknowledgements 11. Acknowledgements
* Scott Hollenbeck for his guidance with EPP/RDAP * Scott Hollenbeck for his initial guidance with EPP/RDAP
12. Contributors 12. Contributors
* Andrei Gurtov for his insights as a pilot * Andrei Gurtov for his insights as a pilot
* Len Bayles for his help in formatting EPP definitions and creating
an extension for FRED
13. References 13. References
13.1. Normative References 13.1. Normative References
[F3411-19] "Standard Specification for Remote ID and Tracking", [F3411-19] "Standard Specification for Remote ID and Tracking",
February 2020. February 2020.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
13.2. Informative References 13.2. Informative References
[dane-clients]
Huque, S., Dukhovni, V., and A. Wilson, "TLS Client
Authentication via DANE TLSA records", Work in Progress,
Internet-Draft, draft-ietf-dance-client-auth-00, 24 March
2022, <https://www.ietf.org/archive/id/draft-ietf-dance-
client-auth-00.txt>.
[drip-arch] [drip-arch]
Card, S. W., Wiethuechter, A., Moskowitz, R., Zhao, S., Card, S. W., Wiethuechter, A., Moskowitz, R., Zhao, S.,
and A. Gurtov, "Drone Remote Identification Protocol and A. Gurtov, "Drone Remote Identification Protocol
(DRIP) Architecture", Work in Progress, Internet-Draft, (DRIP) Architecture", Work in Progress, Internet-Draft,
draft-ietf-drip-arch-22, 21 March 2022, draft-ietf-drip-arch-22, 21 March 2022,
<https://www.ietf.org/archive/id/draft-ietf-drip-arch- <https://www.ietf.org/archive/id/draft-ietf-drip-arch-
22.txt>. 22.txt>.
[drip-auth] [drip-auth]
Wiethuechter, A., Card, S., and R. Moskowitz, "DRIP Wiethuechter, A., Card, S., and R. Moskowitz, "DRIP
skipping to change at page 32, line 33 skipping to change at page 33, line 42
Requirements and Terminology", RFC 9153, Requirements and Terminology", RFC 9153,
DOI 10.17487/RFC9153, February 2022, DOI 10.17487/RFC9153, February 2022,
<https://www.rfc-editor.org/info/rfc9153>. <https://www.rfc-editor.org/info/rfc9153>.
[drip-rid] Moskowitz, R., Card, S. W., Wiethuechter, A., and A. [drip-rid] Moskowitz, R., Card, S. W., Wiethuechter, A., and A.
Gurtov, "UAS Remote ID", Work in Progress, Internet-Draft, Gurtov, "UAS Remote ID", Work in Progress, Internet-Draft,
draft-ietf-drip-uas-rid-01, 9 September 2020, draft-ietf-drip-uas-rid-01, 9 September 2020,
<https://www.ietf.org/archive/id/draft-ietf-drip-uas-rid- <https://www.ietf.org/archive/id/draft-ietf-drip-uas-rid-
01.txt>. 01.txt>.
[drip-secure-nrid-c2]
Moskowitz, R., Card, S. W., Wiethuechter, A., and A.
Gurtov, "Secure UAS Network RID and C2 Transport", Work in
Progress, Internet-Draft, draft-moskowitz-drip-secure-
nrid-c2-06, 5 May 2022, <https://www.ietf.org/archive/id/
draft-moskowitz-drip-secure-nrid-c2-06.txt>.
[hhit-registries] [hhit-registries]
Moskowitz, R., Card, S. W., and A. Wiethuechter, Moskowitz, R., Card, S. W., and A. Wiethuechter,
"Hierarchical HIT Registries", Work in Progress, Internet- "Hierarchical HIT Registries", Work in Progress, Internet-
Draft, draft-moskowitz-hip-hhit-registries-02, 9 March Draft, draft-moskowitz-hip-hhit-registries-02, 9 March
2020, <https://www.ietf.org/archive/id/draft-moskowitz- 2020, <https://www.ietf.org/archive/id/draft-moskowitz-
hip-hhit-registries-02.txt>. hip-hhit-registries-02.txt>.
[NPRM] "Notice of Proposed Rule Making on Remote Identification [NPRM] "Notice of Proposed Rule Making on Remote Identification
of Unmanned Aircraft Systems", December 2019. of Unmanned Aircraft Systems", December 2019.
[RFC6698] Hoffman, P. and J. Schlyter, "The DNS-Based Authentication
of Named Entities (DANE) Transport Layer Security (TLS)
Protocol: TLSA", RFC 6698, DOI 10.17487/RFC6698, August
2012, <https://www.rfc-editor.org/info/rfc6698>.
[RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token [RFC7519] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
(JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015, (JWT)", RFC 7519, DOI 10.17487/RFC7519, May 2015,
<https://www.rfc-editor.org/info/rfc7519>. <https://www.rfc-editor.org/info/rfc7519>.
[RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig, [RFC8392] Jones, M., Wahlstroem, E., Erdtman, S., and H. Tschofenig,
"CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392, "CBOR Web Token (CWT)", RFC 8392, DOI 10.17487/RFC8392,
May 2018, <https://www.rfc-editor.org/info/rfc8392>. May 2018, <https://www.rfc-editor.org/info/rfc8392>.
Appendix A. DRIP Attestations & Certificates Appendix A. DRIP Attestations & Certificates
skipping to change at page 47, line 4 skipping to change at page 49, line 4
Some examples of file names: Some examples of file names:
* sa-79d8a404d48f2ef9.cert * sa-79d8a404d48f2ef9.cert
* a-120b8f25b198c1e1_79d8a404d48f2ef9.cert * a-120b8f25b198c1e1_79d8a404d48f2ef9.cert
* ac-aac6b00abba268b7_120b8f25b198c1e1_79d8a404d48f2ef9.cert * ac-aac6b00abba268b7_120b8f25b198c1e1_79d8a404d48f2ef9.cert
Appendix B. X.509 Certificates Appendix B. X.509 Certificates
B.1. Certificate Policy and Certificate Stores
X.509 certificates are optional for the DRIP entities covered in this
document. DRIP endpoint entities (EE) (i.e., UA, GCS, and Operators)
may benefit from having X.509 certificates. Most of these
certificates will be for their DET and some will be for other UAS
identities. To provide for these certificates, some of the other
entities covered in this document will also have certificates to
create and manage the necessary PKI structure.
Any Certificate Authority (CA) supporting DRIP entities SHOULD adhere
to the ICAO's International Aviation Trust Framework (IATF)
Certificate Policy [ICAO-IATF-CP-draft]. The CA(s) supporting this
CP MUST either be a part of the IATF Bridge PKI or part of the IATF
CA Trust List.
EEs may use their X.509 certificates, rather than their rawPublicKey
(i.e. HI) in authentication protocols (as not all may support
rawPublicKey identities). Some EE HI may not be 'worth' supporting
the overhead of X.509. Short lived DETs like those used for a single
operation or even for a day's operations may not benefit from X.509.
Creating then almost immediately revoking these certificates is a
considerable burden on all parts of the system. Even using a short
notAfterDate will completely mitigate the burden of managing these
certificates. That said, many EEs will benefit to offset the effort.
It may also be a regulator requirement to have these certificates.
Typically an HDA either does or does not issue a certificate for all
its DETs. An RAA may specifically have some HDAs for DETs that do
not want/need certificates and other HDAs for DETs that do need them.
These types of HDAs could be managed by a single entity thus
providing both environments for its customers.
It is recommended that DRIP X.509 certificates be stored as DNS TLSA
Resource Records. This not only generally improves certificate
lookups, but also enables use of DANE [RFC6698] for the various
servers in the UTM and particularly DRIP registry environment and
DANCE [dane-clients] for EEs (e.g. [drip-secure-nrid-c2]). All DRIP
certificates MUST be available via RDAP. LDAP/OCSP access for other
UTM and ICAO uses SHOULD also be provided.
B.2. Certificate Management
(mostly TBD still)
PKIX standard X.509 issuance practices should be used. The
certificate request SHOULD be included in the DET registration
request (Section 6). A successful DET registration then MUST include
certificate creation, store, and return to the DET registrant.
Certificate revocation will parallel DET revocation. TLSA RR MUST be
deleted from DNS and RDAP, LDAP, and OCSP return revoked responses.
CRLs SHOULD be maintained per the CP.
Details of this are left out, as there are a number of approaches and
further research and experience will be needed.
B.3. Examples
TBD
B.4. Alternative Certificate Encoding
(CBOR encoded certs here. TBD)
Appendix C. Blockchain-based Registries Appendix C. Blockchain-based Registries
The implementation of the registries and Network Remote The implementation of the registries and Network Remote
Identification (Network RID; identify a UA through the network) in Identification (Network RID; identify a UA through the network) in
DRIP is yet to be determined. Blockchain, being synonymous with DRIP is yet to be determined. Blockchain, being synonymous with
ledger, is a technology that could naturally fulfil the role of a ledger, is a technology that could naturally fulfil the role of a
registry, while simultaneously offering its benefits such as registry, while simultaneously offering its benefits such as
auditability, persistency and decentralization. We suggest that auditability, persistency and decentralization. We suggest that
blockchain is an ample candidate to be used as registry within DRIP. blockchain is an ample candidate to be used as registry within DRIP.
We also show that it can be used to effectively leverage Network RID We also show that it can be used to effectively leverage Network RID
 End of changes. 22 change blocks. 
184 lines changed or deleted 254 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/