[aprssig] Universal APRS messaging

Tyler Allison tyler at allisonhouse.com
Thu Oct 23 20:58:30 EDT 2008


> It is certainly true that the system never had the security you would
> want your bank to use protecting your accounts. On the other hand, the
> combination of small network size, human monitoring, and the 15 bit login
>  protection provided the design level of security, i.e. enough to protect
>  the licenses of IGate operators. That level of protection was what was
> I'm saying lost about 8 years ago. That is the level of protection I
> think the APRS IS ought to try to restore.

Seems "reasonable" to me. :)

What I do not think is reasonable is attempting to overlay or "bolt on"
additional security onto the existing APRS-IS. That will never work for
various reasons, some of which are beyond the control of the ham community
(eg: upgrading firmware/software on radios). It's been proved over and
over again that if you do not start from the point of view of security,
which we have already agreed was not a tenant of the original APRS spec,
you will fail in attempting to "bolt on"...miserably.

However, like you..I don't think the greater community cares.  So building
a new APRS-IS is also bound to fail in the short term. So what's the
point? Unless some legal action is taken against an igate operator there
will be no incentive to improve no mater how many regulations people
identify and point to as evidence of liability.

The only thing I can think of that has any real chance of success is
securing the front door(s) we can secure (eg: web based injection, not
RF). OpenID would be fine, but don't expect it to secure the APRS-IS
itself...it's only real value is the front door...not the backbone.

-Tyler






More information about the aprssig mailing list