[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption
steve at dimse.com
Tue Apr 1 00:02:18 CDT 2014
On Apr 1, 2014, at 12:21 AM, Paul Bramscher <pfbram at comcast.net> wrote:
> Could be more trouble than it's worth here, though.
I've been trying to imaging how even with magic wands there could be an APRS IS that was secure. I don't see one; as long as there is any way to get illegitimate data onto the APRS IS it cannot be called secure. Here is a scenario for you optimists to chew on.
A basic principle of the present APRS IS and the US rules is that a transmission on amateur RF can be retransmitted without any repercussion. Transmission on RF is accepted as authentication (e.g. a repeater trustee has no responsibility for retransmitting bootleggers). Imagine there is suddenly a steady stream of profane messages on the newly-secured APRS IS that appear to be originated by NNN4XYZ on RF. They appear on the APRS IS signed with the certificate of IGate operator WWW4ABC.
So use your complex hypothetical proposals to differentiate between these two possibilities: Is IGate operator WWW4ABC trying to poison the reputation of NNN4XYZ? Or is a third party trying to poison the rep of WWW4ABC and/or NNN4XYZ by placing this data on RF making it appear to be from one ham and signed by a second? Unless the RF packets are also signed individually (way too bandwidth-intenstive) I don't see any way to tell (other than by sitting in front of the QTH of the IGate to see if it is on RF - the monitor must be very close because it could be a milliwatt xmitter hidden in a nearby tree) to differentiate between these two.
There is a huge difference in liability between these two scenarios. Someone that transmits profane data on 144.39 is violating Part 97. Someone who injects the same data into the APRS IS violates no FCC rule, instead liability is with any IGate operator that retransmits the data. So long as I can legally inject data into the APRS IS that causes an IGate operator to break the rules, there is no shield for the IGate operator, and the whole exercise of securing the APRS IS is pointless.
In other words, not only do I think reaching any level of security on the APRS IS is a waste of time, not only do I think it would require every APRS IS packet be individually signed, but I'm beginning to think it also would require packet level signing of the RF network as well.
More information about the aprssig