-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clarification section 4.3 #27
Comments
@mglt, I can integrate this into section 4.2.
the new Section 4.2, after integrating with text from original section 4.3
Please let me know if this is acceptable. |
It is unclear to me what section 4.3 says more regarding to registration and lookup than the following lines: Therefore, a DRIP identifier is represented as a HHIT and registered with the In which case, having an section to specify the indirection to section 5.2 is questionable. It seems to me that such indication may be provided in the preamble of section 4 and section 4.3 can be removed. |
updated text in section 4.3.
|
4.3. HHIT for DRIP Identifier Registration and Lookup
"""
An
HHIT DRIP identifier contains cryptographically embedded registration
information. This HHIT registration hierarchy, along with the IPv6
prefix, is trustable and sufficient information that can be used to
perform such a lookup. Additionally, the IPv6 prefix can enhance the
HHITs use beyond the basic Remote ID function (e.g use in HIP,
[RFC7401]).
Therefore, a DRIP identifier can be represented as a HHIT. It can be
self-generated by a UAS (either UA or GCS) and registered with the
Private Information Registry (More details in Section 5.2) identified
in its hierarchy fields. Each DRIP identifier represented as an HHIT
can not be used more than once.
A DRIP identifier can be assigned to a UAS as a static HHIT by its
manufacturer, such as a single HI and derived HHIT encoded as a
hardware serial number per [CTA2063A]. Such a static HHIT can only
be used to bind one-time use DRIP identifiers to the unique UA.
Depending upon implementation, this may leave a HI private key in the
possession of the manufacturer (more details in Section 8).
In another case, a UAS equipped for Broadcast RID can be provisioned
not only with its HHIT but also with the HI public key from which the
HHIT was derived and the corresponding private key, to enable message
signature. A UAS equipped for Network RID can be provisioned
likewise; the private key resides only in the ultimate source of
Network RID messages (i.e. on the UA itself if the GCS is merely
relaying rather than sourcing Network RID messages). Each Observer
device can be provisioned either with public keys of the DRIP
identifier root registries or certificates for subordinate
registries.
HHITs can be used throughout the UAS/UTM system. The Operators,
Private Information Registries, as well as other UTM entities, can
use HHITs for their IDs. Such HHITs can facilitate DRIP security
functions such as used with HIP to strongly mutually authenticate and
encrypt communications.
"""
It is unclear to me how this text is related to the lookup or the registration. It seesm to me the text ismore appropriated to section 4.2. HIT as A Trustworthy DRIP Entity Identifier.
The text was updated successfully, but these errors were encountered: