drip Working Group A. Wiethuechter Internet-Draft AX Enterprize, LLC Intended status: Standards Track 18 September 2023 Expires: 21 March 2024 UAS Serial Numbers in DNS draft-wiethuechter-drip-uas-sn-dns-00 Abstract This document describes a way Uncrewed Aerial System (UAS) Serial Numbers are placed into and retrieved from the Domain Name System (DNS). This is to directly support DRIP-based Serial Numbers. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 21 March 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Wiethuechter Expires 21 March 2024 [Page 1] Internet-Draft uas-sn-dns September 2023 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Supported Scenarios . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Required Terminology . . . . . . . . . . . . . . . . . . 3 2.2. Additional Definitions . . . . . . . . . . . . . . . . . 4 3. Serial Number Registration . . . . . . . . . . . . . . . . . 4 3.1. Serial Method 1 . . . . . . . . . . . . . . . . . . . . . 4 3.2. Serial Method 2 . . . . . . . . . . . . . . . . . . . . . 5 3.3. Serial Method 3 . . . . . . . . . . . . . . . . . . . . . 6 3.4. Serial Method 4 . . . . . . . . . . . . . . . . . . . . . 7 4. Serial Numbers in DNS . . . . . . . . . . . . . . . . . . . . 8 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 7.2. Informative References . . . . . . . . . . . . . . . . . 10 Appendix A. UAS Serial Number FQDN . . . . . . . . . . . . . . . 10 Appendix B. DNS Examples . . . . . . . . . . . . . . . . . . . . 10 B.1. Serial Method 1 . . . . . . . . . . . . . . . . . . . . . 10 B.2. Serial Method 2 . . . . . . . . . . . . . . . . . . . . . 10 B.3. Serial Method 3 . . . . . . . . . . . . . . . . . . . . . 10 B.4. Serial Method 4 . . . . . . . . . . . . . . . . . . . . . 11 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 1. Introduction The lookup of Serial Number for Uncrewed Aerial Systems (UAS) is a major concern. On one hand if a pilot plans to use DRIP Entity Tags (DETs, [RFC9374]) or other Session IDs the Serial Number is considered, by many Civil Aviation Authorities (CAAs), PII. However when this is not the case, the Serial Number can be used in the clear as the UAS ID, and generally will be by default. It may be helpful for receiving devices or other devices presented with a UAS Serial Number to look up additional information of the aircraft, if the manufacturer wishes to provide it publicly. This information could be general specifications, such as number or props or color. DRIP directly uses the [CTA2063A] Serial Number format as defined in [RFC9374] to encode a DET. A such a way to lookup a Serial Number to see if it corresponds to a DET is important and something that [detim] does not currently address. Wiethuechter Expires 21 March 2024 [Page 2] Internet-Draft uas-sn-dns September 2023 [detim] already adds support for such DRIP Serial Numbers with the creation of the Manufacturer Code Authority (MCA) and Manufacturer Unmanned Aircraft Authority (MAA) roles. 1.1. Supported Scenarios 1. UA using manufacturer generated Serial Number for UAS ID. No additional information provided. 2. UA using manufacturer generated Serial Number for UAS ID. Manufacturer using a DIME. Manufacturer MUST provided pointer to additional information via DNS (even if null). 3. UA using manufacturer generated Serial Number which is mapped to a DET by manufacturer for UAS ID. UA using manufacturer generated DET for Authentication. Manufacturer using a DIME. DIME MUST place public DET information into DNS (i.e. HI). DIME MUST provide mapping of Serial Number to DET in DNS. Manufacturer MUST provide pointer to additional information via DNS (even if null). 4. UA using manufacturer generated DRIP enhanced Serial Number for UAS ID. UA using manufacturer generated DET for Authentication. Manufacturer using a DIME. DIME MUST place public information into DNS (i.e. HI) - either directly or as a mapping to a DET. DIME MUST provide pointer to additional information via DNS (even if null). 5. UA using manufacturer generated Serial Number for UAS ID. UA using user generated DET for Authentication. User uses DIME with capability to publicly map Serial Number to a DET (via a USS). DIME MUST place public DET information into DNS (i.e. HI). DIME MUST provide mapping of Serial Number to DET in DNS. DIME MUST provide pointer to additional information via DNS (even if null). 2. Terminology 2.1. Required Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Wiethuechter Expires 21 March 2024 [Page 3] Internet-Draft uas-sn-dns September 2023 2.2. Additional Definitions This document makes use of the terms (PII, USS, etc.) defined in [RFC9153]. Other terms (DIME, Endorsement, etc.) are from [RFC9434], while others (RAA, HDA, etc.) are from [RFC9374]. 3. Serial Number Registration There are four ways a Serial Number can be registered and used by DRIP: 1. As a clear-text string with additional information (Section 3.1) 2. As a clear-text string mapped to a DET "post" generation by the *manufacturer* (for use in authentication) and additional information (Section 3.2) 3. As a clear-text string mapped to a DET "post" generation by the *user (via an HDA)* (for use in authentication) and additional information (Section 3.3) 4. As an encoding of an HI and associated DET by the *manufacturer* (for use in authentication) with additional information (Section 3.4) Note: additional information here refers to any subset of keys defined in [detim]. 3.1. Serial Method 1 This is where a UA is provisioned with a Serial Number by the manufacturer. The Serial Number is just text string, defined by [CTA2063A]. The manufacturer runs an Name Server delegated under the Serial Number apex and points to information using a DET RR (filling in only the Serial Number and URI fields). Wiethuechter Expires 21 March 2024 [Page 4] Internet-Draft uas-sn-dns September 2023 +-------------------+ | Unmanned Aircraft | +--o---o------------+ | ^ (a) | | (b) | | *******|***|***************************** * | | DIME: MAA * * | | * * v | +----------+ * * +--o---o--+ | | * * | DPA o--------->o | * * +----o----+ (d) | | * * | | | * * | (c) | DIA/RDDS | * * v | | * * +----o--------+ | | * * | Registry/NS | | | * * +-------------+ | | * * +----------+ * * * ***************************************** (a) Serial Number, UA Information (b) Success Code (c) DET RR (d) UA Information Figure 1: Example DIME:MAA with Serial Number Registration 3.2. Serial Method 2 This is where a UAS is provisioned with a Serial Number and DET by the manufacturer enabling their devices to use [drip-auth] and provide additional information. A public mapping of the Serial Number to DET and all public artifacts MUST be provided by the manufacturer. The manufacturer MUST use an MAA for this task. The device MAY allow the DET to be regenerated dynamically with the MAA. Wiethuechter Expires 21 March 2024 [Page 5] Internet-Draft uas-sn-dns September 2023 +-------------------+ | Unmanned Aircraft | +--o---o------------+ | ^ (a) | | (b) | | *******|***|***************************** * | | DIME: MAA * * | | * * v | +----------+ * * +--o---o--+ | | * * | DPA o--------->o | * * +----o----+ (d) | | * * | | | * * | (c) | DIA/RDDS | * * v | | * * +----o--------+ | | * * | Registry/NS | | | * * +-------------+ | | * * +----------+ * * * ***************************************** (a) Serial Number, UA Information, Self-Endorsement: UA (b) Success Code, Broadcast Endorsement: MAA on UA (c) DET RR, PTR RR (d) UA Information Figure 2: Example DIME:MAA with Serial Number + DET Registration 3.3. Serial Method 3 This is where a UAS has a Serial Number (from the manufacturer) and the user (via a DIME) has a mechanism to generate and map a DET to the Serial Number after production. This can provide dynamic signing keys for DRIP Authentication Messages via [drip-auth] for UAS that MUST fly only using Serial Numbers. Registration SHOULD be allowed to any relevant DIME that supports it. A public mapping of the DET to the Serial Number SHOULD be provided. Wiethuechter Expires 21 March 2024 [Page 6] Internet-Draft uas-sn-dns September 2023 +-------------------+ | Unmanned Aircraft | +--o---o------------+ | ^ (a) | | (b) | | *******|***|***************************** * | | DIME * * | | * * v | +----------+ * * +--o---o--+ | | * * | DPA o--------->o | * * +----o----+ (d) | | * * | | | * * | (c) | DIA/RDDS | * * v | | * * +----o--------+ | | * * | Registry/NS | | | * * +-------------+ | | * * +----------+ * * * ***************************************** (a) Serial Number, UA Information, Self-Endorsement: UA (b) Success Code, Broadcast Endorsement: DIME on UA (c) DET RR (d) UA Information Figure 3: Example DIME with Serial Number + DET Registration 3.4. Serial Method 4 This is where a UAS manufacturer chooses to use the Serial Number scheme defined in [RFC9374] to create Serial Numbers, their associated DETs for [drip-auth] and provide additional information. This document RECOMMENDS that the manufacturer "locks" the device from changing its authentication method so identifiers in both the Basic ID Message and Authentication Message do not de-sync. The manufacturer MUST use an MAA for this task, with the mapping between their Manufacturer Code and the upper portion of the DET publicly available. Wiethuechter Expires 21 March 2024 [Page 7] Internet-Draft uas-sn-dns September 2023 +-------------------+ | Unmanned Aircraft | +--o---o------------+ | ^ (a) | | (b) | | *******|***|***************************** * | | DIME: MAA * * | | * * v | +----------+ * * +--o---o--+ | | * * | DPA o--------->o | * * +----o----+ (d) | | * * | | | * * | (c) | DIA/RDDS | * * v | | * * +----o--------+ | | * * | Registry/NS | | | * * +-------------+ | | * * +----------+ * * * ***************************************** (a) Serial Number, UA Information, Self-Endorsement: UA (b) Success Code, Broadcast Endorsement: MAA on UA (c) DET RR (d) UA Information Figure 4: Example DIME:MAA with DRIP Serial Number Registration 4. Serial Numbers in DNS Author Note: There MUST be an entry point in DNS for the lookup of UAS Serial Numbers. This section is very much a shot in the dark on how this looks and functions. This document specifies the creation and delegation to an apex organization (TBD) of the subdomain uas.arpa. To enable lookup of Serial Numbers a subdomains of sn.uas.arpa is maintained. All entries under sn.uas.arpa are to follow the convention found in Appendix A. This is to enable a singular lookup point for Serial Numbers for UAS. Wiethuechter Expires 21 March 2024 [Page 8] Internet-Draft uas-sn-dns September 2023 Note that other subdomains under uas.arpa can be made to support other identifiers in UAS. The creation and use of other such other subdomains are out of scope for this document. The further use and creation of items under uas.arpa is the authority of the apex organization (which has been delegated control). DETs MUST not have a subdomain in uas.arpa (such as det.uas.arpa) as they fit within the predefined ip6.arpa as they are IPv6 addresses as defined in [detim]. 5. IANA Considerations TODO 6. Security Considerations TODO 7. References 7.1. Normative References [detim] Wiethuechter, A. and J. Reid, "DRIP Entity Tag (DET) Identity Management Architecture", Work in Progress, Internet-Draft, draft-ietf-drip-registries-13, 18 September 2023, . [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9153] Card, S., Ed., Wiethuechter, A., Moskowitz, R., and A. Gurtov, "Drone Remote Identification Protocol (DRIP) Requirements and Terminology", RFC 9153, DOI 10.17487/RFC9153, February 2022, . [RFC9374] Moskowitz, R., Card, S., Wiethuechter, A., and A. Gurtov, "DRIP Entity Tag (DET) for Unmanned Aircraft System Remote ID (UAS RID)", RFC 9374, DOI 10.17487/RFC9374, March 2023, . Wiethuechter Expires 21 March 2024 [Page 9] Internet-Draft uas-sn-dns September 2023 [RFC9434] Card, S., Wiethuechter, A., Moskowitz, R., Zhao, S., Ed., and A. Gurtov, "Drone Remote Identification Protocol (DRIP) Architecture", RFC 9434, DOI 10.17487/RFC9434, July 2023, . 7.2. Informative References [CTA2063A] "ANSI/CTA 2063-A Small Unmanned Aerial Systems Numbers", September 2019, . [drip-auth] Wiethuechter, A., Card, S. W., and R. Moskowitz, "DRIP Entity Tag Authentication Formats & Protocols for Broadcast Remote ID", Work in Progress, Internet-Draft, draft-ietf-drip-auth-32, 18 September 2023, . Appendix A. UAS Serial Number FQDN {id}.{length}.{manufacturer-code}.{apex}. Apex: .sn.uas.icao.arpa. Serial: MFR0ADR1P1SC00L Manufacturer Code: MFR0 Length: A ID: DR1P1SC00L FQDN: dr1p1sc00l.a.mfr0.sn.uas.icao.arpa. Appendix B. DNS Examples B.1. Serial Method 1 @ORIGIN mfr0.uas-sn.arpa example1.8 IN URI ( https://example.com/sn/EXAMPLE1 ) B.2. Serial Method 2 @ORIGIN mfr0.uas-sn.arpa example2.8 IN DET ( 5 20010033e872f705f3ce91124b677d65 ... "MFR MFR0" MFR08EXAMPLE2 https://example.com/sn/EXAMPLE2 ... active ) @ORIGIN 3.2.f.7.0.f.a.1.3.0.0.1.0.0.2.ip6.arpa 6.5.d.7.7.6.b.4.2.1.1.9.e.c.3.f.5.0 IN PTR example2.8.mfr0.uas-sn.arpa B.3. Serial Method 3 Wiethuechter Expires 21 March 2024 [Page 10] Internet-Draft uas-sn-dns September 2023 @ORIGIN mfr0.uas-sn.arpa example3.8 IN DET ( 5 20010033e872f70584b1fa2b70421112 ... "MFR MFR0" MFR08EXAMPLE3 https://example.com/sn/EXAMPLE3 ... active ) @ORIGIN 3.2.f.7.0.f.a.1.3.0.0.1.0.0.2.ip6.arpa 2.1.1.1.2.4.0.7.b.2.a.f.1.b.4.8.5.0 IN PTR example3.8.mfr0.uas-sn.arpa B.4. Serial Method 4 @ORIGIN mfr0.uas-sn.arpa example4.8 IN DET ( 5 20010033e872f705ba8af5252a35030e ... "MFR MFR0" MFR08EXAMPLE4 https://example.com/sn/EXAMPLE4 ... active ) @ORIGIN 3.2.f.7.0.f.a.1.3.0.0.1.0.0.2.ip6.arpa e.0.3.0.5.3.a.2.5.2.5.f.a.8.a.b.5.0 IN PTR example4.8.mfr0.uas-sn.arpa Author's Address Adam Wiethuechter AX Enterprize, LLC 4947 Commercial Drive Yorkville, NY 13495 United States of America Email: adam.wiethuechter@axenterprize.com Wiethuechter Expires 21 March 2024 [Page 11]