[aprssig] Universal APRS messaging

Magnus magnus at yonderway.com
Fri Oct 24 08:21:12 EDT 2008


Heikki Hannikainen wrote:
> And while there isn't security on APRS-IS, I wouldn't actually mind 
> improving security on the web interfaces. It'll be useful when/if the 
> security on APRS-ISv2 (or whatever) is implemented. OpenID would be nice 
> for mutual sharing of verified license status information, I suggested it 
> in the spring:
>
> http://oh7lzb.blogspot.com/2008/05/how-to-authenticate-licensed-hams.html
In your blog, you suggest that US'ians authenticate through their ARRL
membership.  Keep in mind, a minority of US'ian hams are ARRL members.

In the end, the only sort of existing strong identity authentication
system that can match an online user to a real world person would be a
certificate authority.  Maybe something like Thawte.

So to get an ID on the authentication system, you have to provide a
trusted certificate showing enough inherent trust (either through having
multiple known people say "yes I have verified that this is KI4OTK" or
one extremely well trusted cert signer).

So throughout the year, ideally one  ought to be able to get a
certificate through their local club.  Hams that just "don't do
meetings" ought to be able to get one at a hamfest.  Or make private
arrangements with a listed certificate authority to get their cert.

All of this truly is a pain in the glutes but it ties real world
presentation of ones ID and license to an online identity.

This doesn't fix any of the inherent lack of security anywhere else in
the chain.  But if you want to start tightening things up on the
internet portal side, this is one way of doing it.

The upshot is a certificate from a trusted authority could likely be
used for other purposes as well.

More information: http://en.wikipedia.org/wiki/Thawte

(Note: in practice, the Thawte model would be very difficult, I think,
to bootstrap into the amateur radio community due to some of the
limiting metrics in how their model works... but I cite it as an example
for a starting point).

-Magnus, KI4OTK

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20081024/7c9f9064/attachment.asc>


More information about the aprssig mailing list