[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption
kg4wsv at gmail.com
Mon Mar 31 16:28:15 CDT 2014
On Mon, Mar 31, 2014 at 3:47 PM, <pfbram at comcast.net> wrote:
> Just thinking out loud here, but how about a separate
> authentication/verification system in which I/SGATE operators login to an
Involving SSL doesn't magically make a system secure. SSL is about
encrypting traffic in flight - that's it. Forcing use of SSL can
provide some measure of authentication, based on the whole CA system.
> And it would require a
> centralized database.
That little aside _is_ the problem. Who do you trust? Who do you
trust to keep a list of people that can be trusted?
For any authentication system to work, someone has to keep a list, and
then be willing to deal with all the extra work involved in certifying
everyone on the list.
I'm with Steve K4HG on this one - as far as APRS is concerned all I'm
seeing are solutions in search of problems.
More information about the aprssig