[aprssig] Callsign Verification (Was: Pirates on APRS IS)

Georg Lukas georg at op-co.de
Fri Mar 15 07:47:27 CDT 2013


Hi,

We are doing a significant amount of callsign validation to give out
passcodes for APRSdroid users (over 12000 processed requests since
APRSdroid launched, 11000 of them approved).

* Charles Blackburn <ai4ri at cfl.rr.com> [2013-03-15 13:27]:
> another thing you could do is verify it through say, QRZ especially
> the non-us ones as they have to be manually verified, before being
> accepted.

QRZ.com data is often outdated, incomplete or completely missing,
especially for asian amateurs... And it is not too hard to enter fake
data there, provided some amount of malice. However, the main problem
here is to verify that somebody claiming to own "DO1GL" is actually the
person Georg Lukas referenced on QRZ.com and not some impostor.

Therefore we have to fallback to manual checks rather often. Then again,
some amateurs are too paranoid to enter correct data (or too ignorant
about what kind of info they need to enter).

Recently, we had somebody enter "team at aprsdroid.org", our own support
address, into the form. Obviously we could not deliver his passcode via
email...

> basically you can do, want to be verified straight away? upload your
> public lotw certificate. EU users make sure you have an entry on
> qrz.com :) then anyone who's had verification through qrz you can
> just double check it.

Just uploading the certificate is not a guarantee that you also have the
private key. Some kind of cryptographic protocol will still be needed
here, requiring either a custom app or a modification to the tqsl suite.

Unfortunately, there is no straight-forward process here. It would be
nice if radio clubs would start issuing SSL certificates to their
members, but I suppose this will stay a pipe dream for a long time...

Maybe a semi-commercial CA issuing certs at some single-digit cost after
validating license documents is the way to go...


73 from Germany,

Georg DO1GL
-- 
APRSdroid - Open Source APRS Client for Android ++ http://aprsdroid.org/m
     ++ https://market.android.com/details?id=org.aprsdroid.app ++
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: Digital signature
URL: <http://www.tapr.org/pipermail/aprssig/attachments/20130315/48a023be/attachment.pgp>


More information about the aprssig mailing list