[aprssig] Universal APRS messaging

[Steve Dimse]

There is nothing wrong with WinLink's validation, or OpenAPRS, or  
findU's, the original APRS IS scheme, or even the old NOS BBS's you  
could telnet to (the validation question was "What is the standard  
offset in kHz for a 2 meter repeater?" Enter 600 and you were verified  
as a ham.) Weak as that was, it was probably enough. There is nothing  
in Part 97 that specifies the strength of the verification.

The problems are (1), there is no accountability for anything on the  
internet side. I can do absolutely anything on the internet and not be  
in violation of FCC Part 97. Just like while sitting in my home in  
Florida I am not subject to the Seattle Municipal Code, there is no  
jurisdiction. Compounded this with (2), any authentication scheme,  
OpenAPRS, WinLink, or 600 becomes worthless when you can inject  
validated packets into the system at the next step, the APRS IS. Since  
the authentication is trivially bypassed, anonymously and without  
guilt, that leaves the IGate operators on the hook.

And, this is just the US. APRS is worldwide, and there are dozens of  
different sets of rules that need to be considered!

I don't have any easy answers, I don't think there are any. At the  
very least I want the IGate operators to be aware of the risks others  
are exposing them to!

Steve K4HG

On Oct 19, 2008, at 6:33 PM, Brian Webster wrote:

> Is there any way to use the same methods for verification that  
> WinLink uses?
> That would keep the training of the hams a bit simplified since it  
> might end
> up being the same process for both systems. Just a thought. While  
> their
> system is not rock solid perfect, it certainly is a reasonable one  
> that does
> not seem to be abused as of yet. I would also think that whatever  
> method
> gets put in place that a provision to open things up in the event of  
> an
> emergency would be a good idea.