[aprssig] APRS-IS authentication
Matti Aarnio oh2mqk at sral.fiFri Aug 20 21:24:47 UTC 2010
- Previous message: [aprssig] APRS-IS authentication
- Next message: [aprssig] APRS-IS authentication
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Aug 19, 2010 at 12:01:44PM -0500, Jason KG4WSV wrote: > On Thu, Aug 19, 2010 at 11:47 AM, Bill V WA7NWP <wa7nwp at gmail.com> wrote: > > There is nothing illegal about non hams putting traffic on the > > APRS-IS. > > I wouldn't be so sure. > > The core of APRS-IS runs javAPRSsrv, which is licensed for amateur > radio use. Non-ham use violates my license agreement with Pete, as > best I understand it. Service would not be for hams... There are commercial services of fleet/person tracking, but a "free" one will always attract people. How to make _automatic_ ham status discovery and generation of authentication code? An automatic web-page thing could work by sending a QSL to claimed callsign at LoTW. If the recipient acknowledges it, then there is a proof that LoTW keepers have accepted the user as a ham, and the passcode can be given to the user. You want also to validate that the LoTW ack is really by the same user as had been interacting with robot page - you send some random token text on QSL's "message" field to be returned to the passcode page. Absolutely you don't want to be supplying passcodes by manual verification of licenses, or you have to get a far and widely accredited group of verification volunteers. Something alike DXCC verifiers. Present passcode system uses a trivial hash function calculated on callsign characters. A non-trivial passcode could be using systems like Digest-MD, which is a sort of password verification, but neither the verifier keeps the reference secret nor the communication carry the secret in plain. The reference secrets must be generated somewhere, and distributed globally, automatically without manual touches and in reasonably quick time on order of minutes, but that is semi-trivial operational thing compared even with LoTW verification. Doing SSL encryption and using so called mutual authentication would work too, but running SSL eats up servers, and makes rotate.aprs.net practically impossible. So don't do SSL, use Digest-MD. > APRS-IS traffic gets gated to RF by various iGate operators across the > globe. Non-ham traffic on APRS-IS could cause these operators to be > in violation of their license by transmitting non-ham traffic on RF. > While the legality issue here is for the operator of the iGate, the > basic premise of IS->RF gating is the assumption that APRS-IS traffic > _is_ ham traffic. Very true. Some countries have very few igates at all, because Bob does always exhort "the igates must be bidirectional!", but local legislation makes that very troublesome. Having Rx-only-iGates at places like UK means that people can do some APRS things, even if not doing that holy grail of bidirectional messaging in between far-away users over RF and APRS-IS. We Finns have very relaxed legistlation compared to some other parts of EU.. > -Jason > kg4wsv 73 de Matti, OH2MQK
- Previous message: [aprssig] APRS-IS authentication
- Next message: [aprssig] APRS-IS authentication
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the aprssig mailing list