Network Working Group B. Haberman, Ed. Internet-Draft Johns Hopkins University Applied Physics Lab Intended status: Informational T. Jensen Expires: 31 October 2024 Microsoft B. Woodcock 29 April 2024 Problem Statement for Digitized Emblems draft-haberman-digital-emblem-ps-00 Abstract International law defines a number of emblems, such as the blue helmets of United Nations peacekeeping forces, the blue and white shield of UNESCO, and the Red Cross of the International Committee of the Red Cross, as indicative of special protections under the Geneva Conventions. Similar protections attach to journalists who wear "Press" protective emblems on the battlefield, under Article 79 of Protocol I of the Geneva Conventions and Resolution 2222 of the United Nations Security Council. The emblems of national governments and inter-governmental organizations protect diplomatic pouches, couriers, and envoys under the Vienna Convention on Diplomatic Relations. Other marks enjoy protections against mis-use under the Paris Convention, the Madrid Protocol, and the Trade-Related Aspects of Intellectual Property Rights. Such physical emblems have a number of weaknesses and do not translate to the digital realm. This document provides a summary of the problems and documents identified requirements from a number of stakeholders for a digital emblem which addresses the shortcomings of the physical emblems and makes possible the indication of protections of digital assets under international law. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." Haberman, et al. Expires 31 October 2024 [Page 1] Internet-Draft Digital Emblems April 2024 This Internet-Draft will expire on 31 October 2024. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 3 2. Weaknesses of Physical Emblems . . . . . . . . . . . . . . . 3 2.1. Authenticity . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Visibility . . . . . . . . . . . . . . . . . . . . . . . 3 2.3. Mis-use . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.4. Management . . . . . . . . . . . . . . . . . . . . . . . 4 3. Notional Requirements for Digital Emblems . . . . . . . . . . 4 3.1. Identification Requirements . . . . . . . . . . . . . . . 4 3.2. Distribution Requirements . . . . . . . . . . . . . . . . 5 3.3. Trust model requirements . . . . . . . . . . . . . . . . 5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 8.2. Informative References . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction International law defines a number of emblems, such as the blue helmets of United Nations (UN) peacekeeping forces [BLUEHELMET], the blue and white shield of UNESCO [BLUESHIELD], and the Red Cross of the International Committee of the Red Cross (ICRC) [REDCROSS], as indicative of special protections under international law. Similar protections attach to journalists who wear "Press" protective emblems on the battlefield [PRESS]. The emblems of national governments and inter-governmental organizations protect diplomatic pouches, Haberman, et al. Expires 31 October 2024 [Page 2] Internet-Draft Digital Emblems April 2024 couriers, and envoys [DIPLOMAT], and international law protects certain marks against counterfeiting. 1.1. Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2. Weaknesses of Physical Emblems Physical emblems have served a number of key functions over hundreds of years. The design/use of those physical emblems were limited by the available resources and capabilities during the time of their inceptions. As technology advances and newer capabilities become available, it is beneficial to examine limitations with existing emblems and identify potential needs going forward. The following describes a number of weaknesses with physical emblems. 2.1. Authenticity It is generally not possible to evaluate the authenticity of a physical emblem in real-time. Physical emblems do not carry any type of attestation from an authorized party indicating the validity of emblem. Mis-use of a physical emblem requires a post-facto investigation. 2.2. Visibility Physical emblems may not always be visible to an observing party. They can be difficult or impossible to see in the dark. The physical emblem may be deployed on the opposite side of an object from an observing party. They may be difficult to observe from a distance or at an oblique angle. The visibility of a physical emblem may be affected by wear, vandalism, or obfuscation. 2.3. Mis-use Physical emblems do not provide sufficient context to indicate the validity of their observed use. Physical emblems requested for use in a specific location and/or at a certain time can be re-used at other locations or times that are not authorized. No mechanism exists to correlate the validity of a physical emblem with specific locations, times, items, or people subject to protection. Such abuse is similar to known security attacks (replay, time-shifting, and location-shifting attacks). Haberman, et al. Expires 31 October 2024 [Page 3] Internet-Draft Digital Emblems April 2024 2.4. Management As noted above, potential mis-use of a physical emblem typically requires a post-facto investigation. There is no mechanism to revoke the instance of a physical emblem that has been abused, compromised, or is no longer valid. 3. Notional Requirements for Digital Emblems The above list of weaknesses highlights the need for an emblem approach that meets a number of requirements to perform its function properly under international law. Because there are multiple use cases for digital emblems, some of which are fundamentally different from one another, it is not presumed that any one use of a digital emblem would necessarily have every single one of these requirements for a given implementation. 3.1. Identification Requirements A digital emblem capable of acting as an official marking of legal significance needs to be identifiable by its intended legal purpose and what assets it applies to. To do this, digital emblems... * MUST provide a clearly detectable and unambiguous marking mappable to enable verification, * MUST be machine-readable to enable automated verification, * MUST be capable of carrying a visual representation of the physical emblem it represents, * MUST carry an unambiguous indication of the international law or laws conferring protection upon the entity marked with the emblem, * MUST be possible to associate with a range or specific quantity of persons or items, * MUST be possible to associate with online services (e.g., websites, email servers, databases), * MUST be possible to associate with data in transit or at rest, * MUST be possible to associate with network-addressable equipment (e.g., routers, servers, laptops, IoT devices), * MUST be possible to associate with a physical object (e.g., building, vehicle, container), Haberman, et al. Expires 31 October 2024 [Page 4] Internet-Draft Digital Emblems April 2024 * MUST be possible to associate with a person or group of people 3.2. Distribution Requirements A digital emblem applicable to a variety of physical and digital assets will need to support a variety of discovery mechanisms to ensure emblem verification is a practical process international law can enforce. Practicality can mean multiple things, including minimizing the risk that verifying emblems will disclose verifier presence or behavior, minimizing the cost of verifying digital emblems, and ensuring universal access to emblem-bearing for legally entitled assets. To accomplish practical emblem distribution, digital emblems... * MUST NOT impose an undue cost to verify, * MUST NOT impose an undue cost to apply to or remove from an asset, * MUST NOT impose an undue cost to acquire authority to deploy, * MUST NOT require verifiers of the emblem to reveal to the emblem bearer that existence checking is occurring, * SHOULD be possible to view an emblem in-band via a communications network, optically (e.g., QR code), or wirelessly (e.g., RFID). 3.3. Trust model requirements A digital emblem needs to be trustworthy in order to provide any value. This means that parties verifying the presence of emblems need to know that the asset bearing an emblem is entitled to do so for the declared asset, time frame, and other scopes. Therefore, digital emblems... * MUST be authorized by a party that has the legal authority to issue it, * MUST identify the authorizing party that issued it to ensure accountability of emblem use, * MUST carry an unambiguous indication of the international law or laws conferring protection upon the entity marked with the emblem, * MUST be capable of providing a reference to additional relevant information (e.g., photographs, unique identifiers) which can be used to corroborate the association of the digital emblem with the entity bearing it, Haberman, et al. Expires 31 October 2024 [Page 5] Internet-Draft Digital Emblems April 2024 * MUST be revocable when they are no longer valid, * MUST be restrictable by temporal scope, * MUST be restrictable by geographic scope, * MUST be robust against being replayed by invalid bearers, * MUST be robust against forgery of its various properties. 4. IANA Considerations This document makes no requests of the IANA. 5. Security Considerations A key part of this document highlights the risks surrounding physical emblems. Technical implementations of digital emblems will undoubtedly incur their own security considerations. However, this document does not propose technical solutions; it enumerates the use cases that justify creating technical solutions and what requirements are imposed on such solutions. 6. Contributors Bill Woodcock and Allison Mankin provided significant input on the issues surrounding physical emblems and the criteria for a digital emblem. Tony DeSimone, Kerstin Vignard, and Erin Hahn provided insight into the legal and policy issues surrounding emblems. Felix Linker and Mauro Vignati provided many of the requirements that derive from digital asset use cases. 7. Acknowledgments 8. References 8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 8.2. Informative References Haberman, et al. Expires 31 October 2024 [Page 6] Internet-Draft Digital Emblems April 2024 [BLUEHELMET] Doctors Without Borders, "The Practical Guide to Humanitarian Law", n.d., . [BLUESHIELD] United Nations Educational, Scientific and Cultural Organization, "Enhanced Protection - Cultural Property of Highest Importance to Humanity", n.d., . [DIPLOMAT] Cornell Law School - Legal Information Institute, "Personnel of Foreign Governments and International Organizations and Special Treatment for Returning Individuals", n.d., . [PRESS] Reporters Without Borders, "RSF Resource for Journalists' Safety", n.d., . [REDCROSS] International Committee of the Red Cross, "The Protection of the Red Cross / Red Crescent Emblems", n.d., . Authors' Addresses Brian Haberman (editor) Johns Hopkins University Applied Physics Lab Email: brian@innovationslab.net Tommy Jensen Microsoft Email: tojens@microsoft.com Bill Woodcock Email: woody@pch.net Haberman, et al. Expires 31 October 2024 [Page 7]