►
From YouTube: IETF109-DRIP-20201118-0730
Description
DRIP meeting session at IETF109
2020/11/18 0730
https://datatracker.ietf.org/meeting/109/proceedings/
B
B
So
if
you
did
not
expect
to
be
in
the
direct
working
group,
then
you
are
in
the
bronx
session
and
let's
start
so.
I
hope
it's
not
the
first
time
you
see
the
not
well,
but
if
it
is,
please
take
the
time
to
to
read
it,
and
if
you
have
any
questions,
please
check
that
with
myself
or
eric
or
every
director
logistic,
so
see
what
happens
when
you
don't
do
it.
B
And
if
you
want
us
to
see
you,
you
can
share
the
camera.
I
don't
expect
you
to
share
the
screen,
but
we
have
a
specific
icon
for
that,
and
there
are
also
other
tools
if
we
would
like
to
hum
or
if
you
want
to
chat,
you
can
use
that
as
well
as
the
regular
java
client.
B
Do
we
have
a
job,
a
jugger
scribe?
I
think
bob
is
doing.
B
That
well
I
I
can't
see
michael's
saying
I
was
explaining
how
to
unmute,
but
bob
are
you?
Are
you
the
job
described.
B
So
the
agenda
today
we
will
so
I
mean
okay,
the
milestones
so
today
we're
going
to
be
focused
on
the
architecture
and
then
in
a
solution
implementation.
We
will
have
a
few
presentations,
implementations,
demo
and
new
topics
like
attestation
claims
a
session
and
as
well
as
privacy.
B
I
mean
the
privacy
has
been
on
the
agenda
for
a
while.
Now
it's
gonna
be
present,
hopefully,
and
then
we
will
close
the
session
milestones,
so
we
have
the
first
document
being
shipped
to
our
area
director.
B
So
thank
you
stu
for
the
great
work
you
did,
because
it
was
not
an
easy
one,
but
you
managed
that,
and
now
the
working
group
has
two
I
mean
two
work
to
accomplish.
We
hope
that
the
architecture
document
is
gonna
be
by
the
end
of
the
year,
and
why
not?
The
other
document.
B
B
C
Nothing
specific
for
the
moment,
yeah
so
that
we
are,
as
you
mentioned,
we
have
just
received
the
deletion
statement.
We
also
received
them
a
note
from
from
jim
raid
to
to
have
more
background.
I
would
say
on
the
on
the
work
of
this
working
group,
so
yeah,
so
the
the
intent
will
be
to
discuss
how
we
can
deal
with
this.
C
I
would
say
if
we
want
to
to
to
reply
to
to
to
this
or
not,
but
this
is
something
I
will
discuss
with
the
aria
director
and
also
the
with
the
working
group.
So
this
is
this
is
to
be
done.
B
Yeah,
so
the
working
group
you
have
the
link
here,
I
can
put
it
on
the
well,
I
mean
it
has
been
sent
on
the
mailing
list
and
the
documents
are
here.
So
if
you
have
any
comment,
feel
free
to
make
some
jim.
Do
you
wanna
say
something.
D
B
So
is
your
question:
how
are
we
going
to
proceed
or
is
it
a
recommendation
that.
A
Yes,
indeed-
and
thank
you
jim
indeed,
that's
a
good
question
and
the
working
group
will
reply
so
it
will
be.
I
mean
we
will
not
spend
hours
and
hours
on
this,
but
the
point
is
that
the
working
group
itself
will
reply.
Of
course,
the
letter
or
the
email
will
be
written
by
the
chair,
but
content
will
be
based
on
the
working
group.
B
Yeah,
we
will
just
be
the
pipe,
so
I
mean
the
idea
is
that
if
you
want
to
make
comments,
please
provide
those
comments
on
the
on
the
mailing
list,
and
we
will
also
make
it
clear
that
this
has
been
discussed
internally.
B
E
Oh
hi,
can
you
hear
me
now?
Oh
yeah,
they
often
do
this
while
they'll
lob
liaisons
over
at
us,
and
ask
us
to
review.
Ask
a
working
group
to
review
their
output.
It's
up
to
you
to
decide
how
much
in-depth
review
you
want
to
provide
either
individuals,
the
working
group.
So
you
know
approach
at
you
know
as
you
see
fit,
but
I
think
the
the
going
up
and
using
the
existing
channels
and
making
sure
that
it
all
gets
answered
in
a
timely
fashion
is
important.
E
You
can
literally
just
thank
them
for
their
output
document
and
be
done
with
it.
You
don't
have
to
technically
enter
into
any
kind
of
back
and
forth
with
them,
but
it's
up
to
you
thanks.
B
Yeah
I
haven't
had
time
to
to
go
through
the
document.
I
must
say
yet,
but
I
hope
it's
not
too
or
forgotten
to
what
we're
doing.
B
Oh
okay,
right
I
took
the
the
first,
so
I
yeah.
B
G
G
Okay,
all
right
all
right
just
take
off
my
speaker,
so
I
want
to
say
thanks
to
for
making
the
effort
already.
Hopefully
we
can
make
this
out
together
on
time
next
slide,
please
so
we're
sending
out
the
zero
five
version
just
trying
to
address
the
previous
issues
from
the
I
would
say:
10
reviewers
already
we
have
a
github
to
list
other
issues
which
is
not
a
shared
to
the
other
person
except
the
author.
G
Yet
so
we
also
try
to
analyze
the
issues
we're
trying
to
improve
at
the
end
of
the
presentation,
just
to
keep
in
mind
that
we
have
not
addressed
all
the
comments.
G
Yet,
I
will
specify
what
comment
has
been
addressed
in
following
slide,
but
we
haven't
got
the
time
and
the
the
I
will
see
the
first
thing
we
want
to
try
to
organize
the
context
a
little
bit
based
on
the
comment
and
we
needed
to
figure
out
what
goes
where
and
what
really
needed
this
draft
once
we
figured
that
out,
so
the
the
rest
just
filled
out
the
details,
hopefully
under
the
working
group
logical,
we
can
get
a
solution
on
that
next
slide,
please!
G
G
Correct
me.
If
I'm
wrong,
this
is
my
understanding
so
yeah
I
mean,
I
think
the
drip
architecture
driver
should
describe
ecosystems,
including
read,
which
is
called
remote
id
design
emphasize
on
why
we
use
issued
id
and
instead
of
how
so
the
details,
of
course,
gonna
go
to
the
specific
draft.
G
Then
we
also
refer
to
the
requirement
itself,
and
that's
also
some
of
the
comments
from
the
previous
already
and
the
architecture
should
also
explain
the
relationships
among
all
the
drip
entities
such
as
the
uav
ground
control
station
operator
registry
and
security,
trustworthy.
All
these
entities
and
the
current
arc
draft,
including
all
of
them
so
and
stu,
has
already
shared
offline,
a
list
of
the
entities
which
we
needed
to.
I
think
we
needed
to
cherry
pick
and
discuss
and
hash
out
all
the
details.
What
should
be
including
this
architecture?
G
So,
as
far
as
I
can
tell
from
the
list,
we
have
most
entities
covered
in
solution
draft
in
in
separate
draft.
We
just
need
to
explain
how
it's
going
to
be
used
and
the
relationship
in
between
different
entities
in
the
architecture
graph.
I
think
that's
the
most.
The
comment
and
some
of
the
comments
from
previous
is
kind
of
overlapping,
but
that's
the
main
concerns
to
explain
the
english.
The
connections
between
each
of
entities
next
slide.
G
Thank
you
all
right.
You
can
skip
this
one,
just
basically
summarize
what
I
said
from
last
slide,
so
you
can.
You
can
skip
with
this
one.
G
Okay,
so
this
is
one
of
the
summary
we
have
tried
to
address
on
the
new
version.
Some
of
the
comments
are
the
same
with
from
others
such
as
lack
of
a
broadcast
read
introduction,
so
we
added
section
1.1
1.2.2,
which
is
borrowed
from
the
requirement
documents.
I
think
one
of
the
comments
from
daniel
from
you
is
actually
trying
to
make
sure
the
architectural
draft
is
self-contained.
G
So
that's
one
of
the
things
we
taking
actions
on
it
and
we
also
added
section
three
to
explore
all
the
acronyms.
That's
the
michael's
comment.
There's
too
many
tl
is,
and
it's
hard
to
understand,
so
we
we
try
to
edit
as
much
as
we
can
on
the
section
three.
So
there's
a
new
section
on
section
four:
this
is
it
for
us
id.
G
I
expect
the
most
in
this
section
will
resolve
lots
of
existing
comments
such
as
like
why
hdit
is
a
perfect
design,
I'll
call
it
perfect
design
for
a
read
and
what
perk
pro
what's
the
problem
it
will
solve.
So
it's
current
format.
We
put
lots
of
notes
in
there
because
michael
has
has
comment.
I
think
it's
pretty
common
to
list
the
issues.
G
We're
trying
to
address
this
issue
in
this
section
and
also
the
comments
regarding
inform
to
language
usage
that
will
be.
We
will
be
gradually
fix
it
once
we
put
all
the
details
in
there,
so
that's
shouldn't
be
a
big
deal
next
slide.
Please.
G
So
more
comments
regarding
the
hybrid
remote
id
subsection.
We
remove
that,
and
I've
discussed
with
bob.
I
think
that's
not
to
be
used
useful
anymore.
Hopefully,
everybody
agrees
that
again
we
added
the
broadcast
id
figure
and
we
will
put
more
explanations
for
the
comments
regarding
how
a
broadcast
study
would
be
used
without
networking
or
with
networking.
G
We
also
planning
to
address
the
safety
and
the
security
issues.
I
would
assume
gonna
be
in
section
10
security
considerations,
but
there's
I
think
there
are
three
people
comment
on
that
constantly
and
amelia
think
that
we
need
to
make
distinction
right.
What
is
safety
and
security
in
in
in
the
architecture?
Draft?
G
Okay,
next
slide,
please
so
this
is
this
slide
lists
the
things
at
least.
I
think
we
need
to
focus
on
for
next
one
or
two
revisions,
so
mostly
existing
comments.
Maybe
it's
solved.
You
will
fill
out
all
the
details
in
the
list
items
for
the
others
like
alex,
and
I
think
and
his
comment
we
have.
I
haven't
got
enough
time
to
look
at
it,
but
his
comment
is
more
regarding
why
it
is
not
perfect.
G
I
mean
it's
perfect,
I
mean,
so
we
need
to
explain
that
in
section
four
also,
as
I
already
mentioned,
that
we
have
done
in
section
one
and
the
detail
of
the
section
1.4,
which
is
the
drip
architecture
overview
and
that
still
needs
some
work
to
explain,
drip
ecosystems
plus
the
stews
of
recommend,
sorry
at
least
over
the
entities,
will
probably
need
to
put
the
some
of
the
entities
there.
Try
to
make
connections
then
section
five
comments
regarding
adding
a
ds
registry
section.
G
I
think
this
is
great
comment.
Then
we
can
use
that
session
to
explain
why
reid
should
be
using
reverse
dns
lookup,
and
I
think
that's
one
of
daniel
yours,
commenting
you
and
also
stu.
Also,
I
mean,
as
I
mentioned,
still
stress
the
list
of
and
youtube
sorry
the
entities
that
will
be
also
explained
in
section
five.
G
G
Things
like
http
naming
collisions
and
that's
one
of
the
comments.
We
need
to
explain
and
why
hrit
has
a
better
encryption
than
the
others
like
x509.
G
So
I
think
that's
that's
that's
my
last
slide.
That's
a
that's
a
summary
I
have
done
and
the
the
things
I
in
my
mind
things.
We
need
to
improve
with
this
draft,
so
any
comments.
I
think
this
goes
faster
than
I
expected,
but
that's
all
I
want
to
say.
G
Well,
I'm
guessing
in
one
or
two
weeks
we
should
have
a
new
version
to
get
the
architecture.
We
want
the
the
structure
we
want
it
right
at
least
one
or
two
weeks.
I
think
we
need
to.
We
need
to
hash
all
the
details.
All
right,
I
mean
I
only
took
it
over
like
two
or
three
weeks,
so
I
need
to
understand
the
the
the
other
draft
to
understand
what
I
mean.
G
I
think
the
first
thing
in
this
meeting
we
understand,
if,
because
I
keep
seeing
the
drip
ecosystem
when
we're
talking
about
the
architecture,
it's
this,
the
same
concept
that
you
guys
have
or
the
working
group
has
like
it-
is
the
architecture's
job
to
explain
the
ecosystem
inside
the
group,
not
outside
the
group,
right
whatever
we
have
currently
in
our
working
group
repository.
G
So
I
think
that's
that's
the
things
we
need
to
agree
on,
because
previous
comments
is
to
keep
explaining
that
and
droop
architecture.
I
mean
we
don't
have
architecture,
but
in
my
mind
we
do
have
architecture
but
should
be
focusing
inside
the
group
that
that's
my
understanding.
So
I
think,
when
you
hash
out
the
architecture,
the
structure
first
in
one
or
two
weeks,
then
the
rest
will
be
fitting
details
and
I
think
everybody
can
chip
in
for
that.
G
Okay,
the
original
deadline
milestone
we
had
should
work
out,
but
they
consider
this
holiday
season
on
december
and
also
the
thanksgivings,
but
you
know
expect
some
delays
as
well.
B
Okay
right,
so
I
I
I
I
expect
that
the
next
version
people
should
commit
to
to
get
some
reviews.
G
Right,
I
I
would
I
would
let
people
wait
for
next
revision,
because
we
have
so
many
notes
in
there
just
wait
a
little
bit
and
then
we
will
call
out
people.
Then
things
are
ready
to
for
deep
reviews.
I
I
Bye,
okay,
so
my
name
is
andre
guerto
from
linchpin
university,
sweden
and
I'm
going
to
describe
process
for
making
open
source
implementation
of
drip
next
slide.
I
Please.
So
it's
a
joint
effort
by
the
nine
students
and
me
in
the
in
the
course
in
the
university,
and
we
have
two
components
to
to
develop
so.
First
openhip
open
source
version
which
have
been
updating
for
for
few
years
and
the
new
crypto
protocols
that
bob
is
submitting
in
that
draft
and
we
also
took
open
source
open
drone
id
as
a
starting
point
for
for
develop
observer
app
and
also
a
broadcast
study.
I
So
for
hip,
we
need
to
update
that
code
because
it's
used
in
at
least
part
of
solutions
in
indrip.
I
So
first
we
needed
to
make
better
signature
algorithm
for
for
signing
messages,
so
edward
digital's,
initial
algorithm,
then
the
structure
of
new
arcades,
which
describe
how
the
host
identity
tag
is
made
and
finally
they're
introducing
hierarchy
into
the
heat
so
that,
for
example,
it's
not
like
plain
text,
128
string,
but
it's
also
include
some
data
like
who
issued
this
hit.
Next,
one.
I
So
this
orchid
actually
now
is
a
little
bit
outdated
because
it's
describes
the
first
version
of
remote
id
draft,
but,
as
you
see
the
traditional
orchid,
they
had
the
reserved
prefix
and
for
for
new
orchid,
where
we
have
hierarchy,
we
need
like
a
special
hash
function,
called
c
shake
definable
output
and
it's
also
inco
includes
the
id
of
organization
that
issued
it.
So
it's
a
new
change.
Next,
one.
I
So
for
new
crypto
we
have
currently
implemented
kiock
cipher
because
it's
light
weight
and
more
efficient
than
ies,
but
it
has
not
been
selected
for
next
nist
route.
So
maybe
we
are
switching
to
hudiak.
Also
a
key
generation
function
based
on
it
and
the
edwards
curve.
Digital
signature
algorithm
that
I
already
mentioned
for
efficient
small
signatures.
Next.
I
So
to
test
all
this,
we
are
using
the
open
source
core
network
emulator
that
we
also
have
updated
to
include
latest
version
of
python
test
suits,
so
that
we
can
check
that
all
the
new
features
are
working
and
the
base
exchange
works
and
in
general
code
is
operational.
I
I
I
So
this
is
like
prerequisite
to
have
this
feature
when
we
start
adding
trust
into
the
remote
id
or
provide
transport
for
network
id
next,
please
so
for
the
drip
implementation.
We
want
to
start
with
implementation
of
broadcast
drone
id
using
bluetooth
orifi,
where
we
just
assign
this
post
identity
tag
in
hierarchical
way
and
for
development
platform.
I
So
for
android
application
for
open
drone
id,
it
supported
only
bluetooth
so
far,
but
we
wanted
to
try
wi-fi
first,
because
we
didn't
have
like
bluetooth
dongle,
and
we
took
this
wi-fi
analyzer
as
like
open
source
application
to
start
with,
and
it
proved
to
be
a
bit
challenging
because
actually
to
get
some
data
from
the
drone,
you
need
to
connect
to
it
as
access
point
and
then
like
try
to
figure
out
what
is
it
broadcasting.
So
it's
as
next
slide
will
show
it's
a
bit
tricky
in
practice.
I
So
currently
we
are
reading
this
ssids
of
wi-fi
drones
and
try
to
identify
them
this
way
in
future,
maybe
using
wi-fi,
neighbor
neighborhood
aware
networking
mode
would
will
be
like
more
practical,
because
in
current
mode
you
basically
need
to
root
your
android
device
and
it
it's
not
corresponding
to
the
model
when
a
user
just
installs
something
from
up
play,
store
and
see.
Let's
see
the
drone,
so
it's,
but
on
the
other
hand,
this
nine
mode.
It
requires
hardware,
support
from
wi-fi
chip
and
also
maybe
updating
the
android
version.
I
So
in
this
slide
you
can
see
a
prototype
of
wi-fi
listening
and
displaying
access
points
which
are
like
flying
drones
in
in
this
our
current
prototype,
but
since
it's
kind
of
hard
and
implement
without
rooting,
so
maybe
wi-fi
is
not
the
best
option
for
using
this
broadcast
remote
id,
and
that
might
be
explains
also
why
open
drone
id
and
the
adams
prototype
has
not
been
using
it.
So
now
we
are
switching
to
bluetooth
because
it
seems
to
be
easier
and
does
not
require
this
rooting
problem
next
slide.
I
So
currently
we
started
to
look
at
the
back
performance
in
bluetooth
and
there
are
different
versions,
so
this
is
even
like
bluetooth,
low
energy,
but
I
think
for
for
drones.
It
makes
sense
to
use
regular
bluetooth
because
we
need
the
bigger
range
and
also
it's
not
so
critical.
On
the
battery
I
mean
drones
operate
max
few
hours.
So
it's
not
like
a
sensor
that
needs
to
save
battery,
for,
for,
for
I
don't
know,
weeks
or
years
so
maybe
it'll
switch
to
the
standard
next
slide.
I
But
so
far
we
found
bluetooth
much
better
to
and
easier
to
work
with
than
than
wifi.
So
there
are
already
several
applications
available
that
we
are
working
to
to
improve
on
and
bluetooth
flow.
Energy
range
is
not
that
big
around
50
meters,
but
I
think
in
adams
experiments
they
reached
about
100
meters
total
to
4
and
500
4.25.
So
we
are
looking
also
to
achieve
this
kind
of
ranges
slide.
I
So
that's
basically
it
so
we
are
aiming
to
complete
complete,
like
a
full
version
of
remote
broadcast
id
with
bluetooth
and
wi-fi
by
end
of
this
year.
So
now
we
are
working
to
update
their
kit.
Implementation
of
hit
to
2.5
also
take
hodjak
latest
cipher
and
update
to
the
latest
air
id04
implementation.
I
Hopefully
we
also
have
time
to
to
try
on
a
real
flying
platform
like
attach
some
raspberry
pi
and
gps
to
phantom
four
tron
and
in
future,
I'm
already
defining
for
the
spring
terms,
some
physics
topics
and
projects
also
for
remote
id
and
maybe
bringing
implementing
claims
and
having
trust
into
the
hit.
B
F
So
perhaps
adam
you
could
take
over
note
taking
for
the
moment,
while
I
present
the
next
few
slides.
F
So
we've
had
some
activity
beyond
writing
drafts
is
my
audio
going
out
clearly
yeah,
okay,
great
oh
astm,
the
the
overall
uas
committee
f-38
met
in
the
first
week
of
november,
but
the
uas
remote
id
working
group
within
f38
did
not
meet
as
part
of
the
big
plenary
meetings,
because
the
agreement
remains
that
the
f-3411
updates
will
wait
until
the
faa
publishes
their
final
rule.
F
The
uas
redworking
group
did
have
an
interim
meeting
they're
very
friendly
to
our
few
small
requests,
but
all
mods,
not
just
ours,
are
in
the
backlog,
iko's
trust
framework
people
are
also
accepting
our
inputs
in
a
very
friendly
way.
They've
made
some
substantial
revisions
to
their
documents
based
upon
our
inputs.
F
I've
mostly
been
working
lately
with
the
the
people
who
are
doing
the
use
cases,
that's
the
tron
working
group
and
then
that
gets
turned
into
identity
standards
by
the
di
working
group
and
then
a
network
by
the
grain
working
group
and
bob
has
been
more
active
in
in
those.
But
he
indicated
to
me
earlier
today
that
that
that's
been
a
little
bit
quiet.
In
the
last
few
weeks,
we've
had
a
number
of
interactions
with
various
us
agencies,
starting
with
faa.
Of
course,
all
the
other
agencies.
F
There
was
a
lot
of
interest
in
what's
variously
called
blue
force,
tracking
or
iff,
which
leads
to
interest
in
resilience
against
spoofing,
which
drip
provides
in
the
utm
pilot
project.
2,
we
showed
multi-vendor
uss,
uss
interoperability
with
you
know,
key
functions,
including
both
forms
of
remote
id,
remain
range
of
the
broadcast.
Remote
id
remains
a
concern
and
the
faa
in
their
nprm
said,
don't
use
unmanned
aircraft
registration
numbers
as
the
uas
id
type,
and
they
gave
their
reasoning
for
not
wanting
to
do
that.
F
F
So
you've
all
seen
this
before.
I
just
wanted
you
to
see
what
we
said
to
the
federal
agencies
and
how
we
set
it,
and
I
don't
see
any
point
in
drilling
into
it
right
now.
People
can
look
at
this
slide
later
if
they
want
to
next
slide,
and
we
had
a
lot
of
slides
like
this
that
you've
seen
before
now,
you
see
the
fine
print
under
the
red
cannot
be
spoofed.
F
Of
course,
there
is
no
such
thing
as
a
system
that
can't
be
spoofed,
but
we
think
that
to
spoof
this
you
need
to
have
a
little
tiny
quantum
computer,
and
this
was
very
popular
with
the
federal
agencies,
and
the
point
is
that
this
is
the
first
thing
that
we
do
above
and
beyond.
Astm
f3411
next
slide.
F
So
this
is
what
it
looked
like.
We
did
a.
We
did
a
scenario
where
we
had
operators
alice
bob
and
carol,
and
we
had
observers
doug
and
eve,
and
there
was
a
several
step
scenario
and
we
showed
that
if
the
sender
has
only
baseline
astm
or
if
the
observer,
the
receiver
has
only
baseline
astm,
then
you
cannot
disambiguate
between
spoofers
and
real
folks.
But
if
both
the
sender
and
the
observer's
receiver
have
our
trustworthy
extensions,
then
yay
verily,
you
can
disambiguate
a
spoofer
from
the
real
deal
next
slide.
F
Oh
the
the
picture
in
the
middle
is
adam's
app,
yep,
okay,
so
it's
really
nifty
so
way
forward.
Registries,
big
open
area.
This
really
needs
to
be
hit
hard.
We
have
talked
about
crowdsourced
grid,
feeding,
broadcast
into
network.
We
need
to
start
prototyping
that
and
then
we
need
to
start
leveraging
drip
to
enable
the
things
beyond
you
know
id
as
an
end
itself,
things
where
id
is
instead
a
means
to
various
ends,
and
so
you
know
making
the
sender
trustworthy,
not
just
the
communications,
trustworthy,
but
the
origin
of
the
communications.
F
Trustworthy
would
be
an
obvious
next
step
and
then
we
need
to
start
thinking
about
what
happens.
You
know
on
beyond
that
with
intermittently
networked
autonomous
uas,
and
I
believe
that
was
my
last
slide
so
anyway,
a
lot
of
interest
from
u.s
federal
agencies.
I
can't
say
what
the
europeans
or
anybody
else
may
be
thinking
at
this
point.
We
kind
of
need
some
champions
to
you
know
to
put
this
forward
to
easa
and
other
caas
around
the
world.
Other
regulators
and-
and
you
know
not
just
the
faa
thanks-
I'm
done.
B
Okay,
so
what
you're
saying
what
you
said
in
the
beginning
was
that
the
broadcast
mode
is
is
prioritized
or
they
completely
get
rid
of
the
network
mode.
F
They're
just
well
okay,
so
this
is
all
rumor,
because
the
faa
rule
writers
are
not
allowed
to
talk
to
anybody
else.
Even
other
federal
agencies,
while
they're
writing
a
rule,
but
the
rumor
is
that
they
are
abandoning
the
concept
of
network
remote
id.
Now
I've
gone
on
record
with
the
federal
agencies
as
saying
that's
not
going
to
happen,
because
even
if
there's
no
network
remote
id
by
name,
there
will
nonetheless
within
the
scope
of
utm,
be
functions
that
are
essentially
the
equivalent
of
network
remote
id.
B
Okay,
okay,
right!
Thank
you
good
to
know.
I
suggest
we
move
to
the
next
presentation.
Let
me
try,
which
is.
H
Yes,
oh
there
it
is
there
we
go
pardon
the
cheeky
name.
I
worked.
I
worked,
it's
3
10
a.m.
For
me,
so
I've
been
working
on
this
the
past
couple
days,
so
my
mind
turned
to
mush.
So
I'm
going
to
just
talk
about
claims,
assertions,
attestations
and
certificates.
Oh
my
next
slide,
please
so
small
recap.
This
was
first
off
the
draft
that
this
is
pulling
from
was
rewritten
massively.
It
got
switched
from
xml
to
markdown.
H
I've
started
to
call
it
drip
proofs,
but
that's
kind
of
me
talking
out
of
wherever
I'm
talking
but
stu
started
a
conversation
on
the
list
because
he
was
realizing
that
there
was
a
lot
of
people
getting
confused
because
we
were
throwing
the
term
certificate
around.
We
were
throwing
the
term
claim
around
and
then
the
word
attestation
started
getting
thrown
around
and
he
started
a
email
chain
in
the
list
to
be
like.
What
do
we
mean
by
these
terms?
H
H
So
this
presentation's
kind
of
me
after
reading
the
emails
about
7
000
times
what
I
saw
and
how
it
fits
into
what
drip
is
doing.
So
this
is
my
proposed
way
of
going
forward
with
it,
because
it's
important
it
touches
the
claims
draft.
It
touches
the
auth
formats
draft.
It
touches
the
registry
draft
which
hasn't
been
written
yet,
but
is
going
to
be,
and
is
the
next
thing
on
my
list,
along
with
bob
and
michael
pelage,
and
also
the
uas
draft
next
slide.
H
Okay,
so
we'll
start
simple,
there's
claims
and
there's
assertions.
Claims
are
a
predicate
consisting
of
two
elements.
This
comes
from
a
definition
I
think
stew
put
into
the
list.
There
are
some
examples
there
x
owns
y
x
is
y
x,
belongs
to
y
and
a
little
hints
of
what
it
looks
like
in
drip
and
an
assertion
is
a
grouping
of
one
or
more
claims
by
a
given
entity.
H
So
here's
an
example
of
a
claim.
This
was
something
that
bob
pointed
out
in
his
email.
A
hierarchical
host,
identity
tag
is
an
assertion.
Slash
claim
I'd,
argue
it's
an
assertion.
It
has
a
bunch
of
claims
in
it,
as
you
can
see
in
the
color-coded
portion
at
the
bottom.
We
have
a
claim
of.
I
have
a
unique
identity
or
a
unique
hash
that
points
to
a
key
pair,
and
I
have
a
unique
registry
that
I
belong
to.
That's
a
pairing
of
a
rra
and
an
h,
an
raa
and
an
hda.
H
H
So
we
move
to
the
next
piece
attestation
and
certificate.
An
attestation
is
a
signed
assertion.
It
can
be
signed
by
anybody
in
drip
scenario.
It
would
most
likely
be
signed
by
the
party
that
owns
or
claims
to
own
said
assertion,
so
they
have
the
associated
private
key
pair
public
private
key
pair
that
the
hit
points
to
and
you
sign
against
it
or
anything
else
that
you
want
and
use
the
hit
as
a
key
to
get
in
the
minimum
is
a
hierarchical
hit.
Hi
pairing
the
host
identity,
pairing.
H
You
can
also
use
it
to
bind
relationships
between
different
parties
using
other
pieces.
The
second
thing
is
certificates,
so
a
certificate
is
by
stu's
definition
that
I
kind
of
took-
and
I
think
is
a
generalization
of
what
carsten
and
hank
and
michael
were
going
after
is
it
is
signed
by
a
third
party
and
that's
the
critical
thing.
A
certificate
is
something
that
a
third
party
is
attesting
to
and
for
drip.
It
is
mostly
identities.
H
We
could
narrow
this
further
to
be
a
trusted.
Third
party
aka.
The
registry,
though
I
think
that
gets
us
in
a
very
weird
situation
where
we're
saying.
Oh,
it's
a
trusted
third
party,
but
then
how
do
you
trust
it?
I
don't
wanna
go
down
that
rabbit
hole,
so
it's
a
thought,
but
I
don't
think
we
need
to
go
there
unless
the
working
group
thinks
we
do
next
slide
please.
H
So
this
is
I'm
sorry
if
it's
small,
the
slides
are
available.
So
you
can
blow
this
up
to
see
it
a
little
bit
better.
These
are
the
examples
of
attestations
and
certificates,
the
structures
that
are
defined
in
the
identity
claims
draft.
H
So
a
typical
attestation
is
a
hierarchical
host
identity
tag,
it's
a
corresponding
higher
host
identity,
a
expiration,
timestamp
signing
timestamp
and
the
64
byte
signature.
That's
at
the
max.
The
minimum
would
be
the
hierarchical
host
identity,
tag,
an
expiration
time
stamp
and
a
signature
certificates
embed
these
attestations,
so
c,
x,
x,
c,
x,
x
and
c
y
y
in
these
examples
is
wrong.
H
So
this
is
the
proposed
flow
in
drip
using
the
provisioning
process
as
a
guide.
So
the
registry,
the
aircraft
and
the
operator
would
create
attestations
on
themselves.
I'm
going
to
be
root
and
say
these
are
r
and
o,
but
it's
a-r-r-a-a-a
and
a-o-o.
The
operator
creates
a
certificate
for
the
relationship
between
itself
and
an
aircraft.
This
would
be
coa,
so
the
term
doesn't
actually
change.
H
It's
still
a
certificate
and
the
registry
would
use
aoo
to
create
a
certificate
between
itself
and
the
operator
with
cro,
and
the
registry
would
at
least
use
coa
a
certificate
on
the
certificate
regis
operator
on
aircraft
to
create
croa
and
what
we've
been
calling
cra
for
a
long
time
now,
which
bob
is
now
starting
to
call
the
offline
attestation
certificate
and
this
actually
changes
a
little
bit.
So,
let's
go
to
the
next
slide.
H
So
we
had
a
discussion
me
and
bob,
because
bob
realized
that
there
was
a
timing
attack
or
there
was
a
replay
attack
on
the
certificate
that
we
were
actually
using
and
that
we've
been
demonstrating
for
the
past
couple
months,
and
that
is
that
it
can
just
be
replayed,
and
this
is
his
proposed
fix
to
it.
I
see
where
he's
coming
from.
I
think
it's
a
good
idea,
so
the
top
portion
is
created
by
the
registry.
It
uses
coa
to
glean
the
pieces
and
create
this
attestation
structure
of
the
identity
of
the
registry.
H
Well,
what
we
call
a
certain
message
right
now:
the
aircraft
would
add
in
another
timestamp
assigning,
timestamp
or
current
or
expiration
timestamp
and
another
64
bytes
worth
of
signature,
which
is
created
by
signing
the
entire
upper
structure
and
the
four
byte
new
timestamp
the
question.
H
Well,
can
you
go
back
daniel
sorry,
so
I
believe
that
the
upper
portion
will
be
defined
in
the
identity
claims
it
might
get
defined
in
the
registry
draft
that
has
yet
been
written.
I
do
not
know
for
now
it
will
be
in
the
identity
claims
draft
the
lower
portion
is
going
to
be
defined
in
the
auth
formats
draft.
I
know
that
for
certain,
so
that
will
we
have
to
make
some
amendments
there.
I
have
an
open
question:
is
this
a
certificate
or
an
attestation?
H
The
whole
structure?
I
know
that
upper
bid
is
an
attestation,
definitely
because
it
fits
with
the
definition.
But
what's
the
whole
thing
is
the
whole
thing
a
certificate
or
is
it
an
attestation
because
it's
the
aircraft
signing,
I'm
not
sure.
So
I
think
it's
an
attestation-
and
I
think
bob
is
right
in
saying
it's
an
attestation
as
well,
but
I'd
like
some
feedback
on
the
work
from
the
working
group
on
this,
because
I'm
not
a
hundred
percent
sure
how
it
what
bin
it
falls
under.
H
It
doesn't
matter
to
me
it's
just
the
text
of
what
I
use
next
slide
daniel.
H
I
need
to
change
all
the
terms
around
to
say,
search
change
certificate
to
attestation,
where
it
needs
to
and
attestation
to
certificate
where
it
needs
to
and
change
some
of
these
short
names
or
friendly
names
to
some
of
the
structures.
I
believe
the
offline
form
is
a
good
name.
It
might
just
be
called
offline
attestation
to
match
with
what
bob
was
going
with,
and
I
need
to
prefix
the
provisioning
section
so
that
all
the
naming
conventions
flow
through
the
whole
document.
H
So
other
to-do's-
this
is
kind
of
overarching
for
me,
so
that
the
working
group
kind
of
knows
where
I'm
going
with
a
lot
of
the
work
I'm
doing
so
first
off,
is
the
authentication
formats
draft.
Obviously
I
need
to
update
that.
If
I
update
the
identity
claims,
I
need
to
update
the
structures
there
to
make
sure
that
everything
aligns
and
isn't
being
fragmented.
H
I
need
to
start
working
on
a
registry
drive
for
bob
we've
been
discussing
this
I'm
getting
in
touch
with
michael
polage
me
and
bob
and
michael
will
be
sitting
down.
Hopefully
in
a
week
or
two
to
discuss
some
things,
I
have
to
continue
the
ax
implementation,
which
is
still
unfortunately
closed
source.
H
I'm
working
on
that
fingers
crossed,
I
still
haven't,
switched
to
the
newer
off
style.
It's
still
on
the
old
off
style.
It
got
frozen
due
to
the
many
demos
that
stu
actually
briefed.
I
didn't
want
to
change
anything
too
suddenly
and
make
things
explode
in
front
of
a
customer's
face
next
slide.
H
J
So
in
in
claim
one
you
say:
enzione's
unique
id,
yes,
yeah
unique,
I'm
not
quite
sure
what
this
can't
be
claimed
or
sorry.
Uniqueness
can
be
cleaned.
Uniqueness
can't
be
proven.
H
So
I
think
this
ties
into
a
little
bit
what
the
registry
does,
because
the
registry
would
get
it
an
age
hit
and
then
check
in
the
listing
of
eight
hits
that
are
available
of.
Oh,
is
this
unique
within
my
scope,
the
hda
scope
and
then
the
sign
and
the
certificate
come
in
to
claim
this
is
a
unique
id.
So
the
wording
I
I
agree
with
you
is
wrong
here:
that's
not
the
right
term.
H
H
It
creates
a
key
pair
and
then
it
hashes
it
and
then
creates
the
hierarchical
hit,
and
then
it
asks
the
registry,
the
hda.
I
have
this
new
128
byte
thing.
Can
I
use
this
to
be
who
I
am?
Can
I
use
this
as
my
name
as
my
identifier
and
the
registry
gets
the
final
say
of
saying
no
someone's
already
taken
that
that's
already
in
my
list
or
yeah?
That's
yours!
H
C
Med
to
move
to
the
next
slot
because
we
are
running
out
of
time,
so
bob
can
jump
in.
K
K
Privacy,
to
whom-
and
that
is
to
the
observer,
what
whether
they
should
know
or
not.
No,
let's
go
on
the
problem
statement
is
that
in
the
standard
messages
there
is
uas
operator
pai
and
something
needs
to
be
done
about
that
to
fight
to
meet
pai
regulations
go
on
who
should
have
access
pai,
the
uss
for
the
ua
authorized
entities,
no
whom
and
so
forth
others,
but
we
do
need
to
protect.
We
do
need
to
encrypt
the
api.
That's
coming
with
the
broadcast,
go
on.
K
So
how
to
encrypt
the
pei?
The
us
should
have
business
relations
with
some
uss.
In
fact
that's
basic
requirement.
Thus
they
can
establish
a
symmetric
key
for
encrypting,
the
pai
with
authorized
entities
able
to
access,
ask
the
uss
for
either
the
pi
directly
or
for
the
key
for
ongoing
real-time
access
to
the
information
and
so
on.
So
let's
go
next
slide
here,
so
the
symmetric
cipher
must
encrypt
without
expanding
clear
text.
That's
hard
no
bites
to
spare.
K
K
I
think
michael
st
johnson
will
point
me
to
a
solution
going
on
michael
st
john's
is
very
simple
ascfb,
with
a
small
with
this,
with
whatever
your
block
is,
in
this
case,
cfv
32
with
the
hidden
iv
and
this
metric
key
derived
by
a
hybrid
ecis
scheme
handled
by
when
the
operation
is
registered
and
key
duration
function
is
now
included
in
this
last
graph
using
kmac.
K
K
The
I
said
this:
the
cypher
feedback
allows
for
variable
length,
block
sizes
like
32
bits.
I
chose
32
bits
because
that's
a
size
that
fits
with
the
fields
and
smaller
size
might
lead
to
crypto
tag
against
small
location
changes.
K
The
unique
id
is
not
needed
for
each
application
of
cfp.
So
again
it's
it's
just
a
good
cryptographic
fit.
I
did
get
a
couple
bruises
on
the
cfrg
list
coming
to
this
conclusion
now
when
to
encrypt
behind
this,
the
the
pi
must
be
conditional
only
when
allowed
by
the
uss
only
when
the
uas
has
connection
to
the
uss,
and
otherwise,
if
you
have
don't
mean,
let's,
let's
do
the
encryption,
but
there
are
limitations
to
this
and
that
must
be
put
into
the
protocol
and
the
recognition.
K
I
did
look
at
alternative
cfp
there's
a
fiso
scheme,
it's
slow,
but
pretty
neat,
probably
asctrs.
We
needed
two
bytes
in
the
message
for
a
counter
and
there's
no
two
bytes
available,
and
I've
spent
quite
a
bit
of
time
in
the
cfrg
list.
On
this,
there
might
be
an
alternative
coming
from
the
nist
lightweight
crypto,
but
that's
not
for
another
year
yet.
So
that's
why
I'm
staying
with
cfbs
32
for
now
continue
so
again.
Carmen's
met
is
privacy,
one
and
two
confidential
handling
and
encrypted
transport.
K
Can
you
and
read
the
draft?
It's
been
out
there
and
I'd
like
to
see
a
drop
adapted
adopted
by
the
work
group
for
for
this.
This
is
currently
the
only
pai
in
the
estm
messages
that
may
change
with
the
final
making
and
and
changes
to
it.
For
instance,
the
operator
location
does
not
save
the
operators.
Elevation
is
that
the
guy
on
the
third
floor
balcony
or
the
fourth
floor
balcony,
but
that's
that's
easily
handled,
because
that
would
just
be
handling
eight
eight
bytes
in
and
works
in
this
model.
K
So
I
like
to
see
this
adopted,
and
so
let's
go
I'm
out
of
time
and
so
I'll
take
questions
offline.
I
think
jonathan's
up
there.
J
B
Okay,
we
don't
have
much
time
for
questions
so
because
I
I
am
tempted
to
adjourn
that
meeting
unless
we
have
a
last
minute
question
last
minute
comment.
B
In
any
case,
please
provide
your
comment,
questions
on
the
mailing
list
and
we
will
plan
some
interim
meetings.
Thank
you,
everyone
and
see
you
at
the.