[aprssig] APRS Mobile 1.0 Released for iPhone/iPad
steve at dimse.com
Mon Sep 22 16:25:28 CDT 2014
On Sep 22, 2014, at 3:01 PM, Javier Henderson <javier at kjsl.org> wrote:
> If the passcode is so useless, maybe we should revise the use of certificates, as it has been proposed here before more than once.
Again, the issue isn't the front end where people sign on, it is the back end where the data travels. It doesn't matter how secure the authentication is when the transport is wide open.
Any system you design for authentication must transmit that authentication information via the APRS IS. Since the passcode is all that is needed to fully authenticate with the APRS IS anyone can put anything on the APRS IS. So if you want security, you must replace the APRS IS.
Is it possible to have a new, secure APRS IS? Yes, but would it reach critical mass? If you move, you lose some connectivity with hams connected through the old system. This would not be an insurmountable hurdle with early adopters blazing the way, except for the fact that the vast majority of users do not see a problem with the current system. So moving has no benefit and a significant loss. Combined with the problem of upgrading software and setting up a new back end transport network it just isn't worth the effort to people that look upon APRS as a functional system rather than a theoretical playpen.
More information about the aprssig