[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption
steve at dimse.com
Sat Mar 29 10:00:00 CDT 2014
On Mar 29, 2014, at 10:25 AM, Georg Lukas <georg at op-co.de> wrote:
> Hi Steve,
> * Steve Dimse <steve at dimse.com> [2014-03-29 14:05]:
>> What I haven't heard is exactly what problem all this is aiming to
>> solve. Is this a regulatory issue?
> If you see no problems with providing a fully automatic,
> no-checks-performed, passcode generator like the ones in the original
> post, I will be the first one to cease all this tedious work and make
> the passcode generation faster and easier for my users, at the cost of
> allowing everybody onto APRS-IS.
I don't know how many times I can say it. Everyone IS allowed on the APRS IS, or more correctly no one can be prevented from being on the APRS IS. It has been that way since Dale Heatherington open-sourced aprsd. Anyone that thinks otherwise is burying their head in the sand. I do not consider fully automatic passcode generators OK. I wish dearly the passcode was still secret. At 15 bits a brute force cracker could solve it in a minute or two, but it would still serve the original purpose, to provide cover for IGate operators.
While I might wish the secret was only known to a few it is not. So from a practical, realistic point of view I think you have been wasting your time generating all those codes when aprsd users have been generating their own for perhaps 15 years and xastir users for, what, 10 years?
> However, if you consider the other groups doing amateur radio over IP,
> we are here at the starting point of a great opportunity to reduce the
> total amount of work (maybe by delegating certificate issuing to radio
> clubs or regulators like the FCC), and to provide a common mechanism for
> Internet-enabled amateur radio services.
I don't have any trouble with hubs offering validation through SSL. What I object to is the idea that implementing this in any way makes the APRS IS more secure. It is OK, even cool that APRSC accepts LOTW certs. But I strenuously object to concepts that start there, make it mandatory, link the hubs with SSL, rewrite the APRS IS protocol, and then exclude legacy apps when all that accomplishes is to protect IGate operators from something that has never happened and has a vanishingly small possibility of ever happening.
More information about the aprssig