[aprssig] Universal APRS messaging

Steve Dimse steve at dimse.com
Thu Oct 23 20:11:47 EDT 2008 

On Oct 23, 2008, at 6:57 PM, Gregory A. Carter wrote:

> I still maintain that it would be wise to create an OpenID style  
> system.  Of course it would take quite a while before the various  
> pieces of software eventually got up to date to use the new auth  
> system for APRS-IS (and some software may never), however the longer  
> the implementation is delayed, the longer it will take to impliment  
> (how's that for a brain teaser).

Do you see that you cannot simply tack a new authorization system onto  
the present APRS IS? No matter how you choose to represent that a  
packet used that system, I can simply duplicate that representation  
when I send a packet to the APRS IS.

The solution requires either to cryptographically sign each packet on  
the APRS IS that is from a verified station (in a way that does not  
break current software, hard!), or to create a new APRS IS where  
access is limited to those who implement the new authorization scheme.  
The latter method would be my choice.

A new APRS IS could inject all the data from the old APRS IS and flag  
it as unverified, so that people using the new system could see all  
the old data, and choose how much trust to give it. Data from the new  
system could also be fed back into the old, so there would be no  
isolation. People could switch to the new system as their software was  
updated to use the new validation, whatever that be, yet the legacy  
programs still work (albeit with no IGate security).

The biggest hurdle is that not many people really care. I think that  
is because most IGate operators do not concern themselves with the  
risks. I thought releasing the algorithm back when would make IGate  
operators act as I did and shut down their two-way IGates. Not only  
did that not happen, but the APRS IS is probably 20 times the size it  
was then by any measure. It probably helps that there has never been  
an enforcement action against APRS. I don't want to take the chance on  
being the first. Until this week, I also felt it was my responsibility  
to do all that was in my power to prevent people from hurting  
themselves. The users have changed my mind, I just provide the tools,  
how people use them is not my responsibility,

Steve K4HG

More information about the aprssig mailing list