[aprssig] Callsign Verification (Was: Pirates on APRS IS)

Heikki Hannikainen hessu at hes.iki.fi
Fri Mar 15 12:56:21 EDT 2013


On Fri, 15 Mar 2013, Steve Dimse wrote:

> fixed with any add-on security. The only option is to create a new 
> APRS-IS that is secure. As we have seen time and again, hams don't make 
> changes unless something new gives them a clear and significant benefit. 
> If someone spent the effort to create a system that was truly secure, 
> and others diligently performed the required verification, you still 
> need to give the users a reason to switch.

I wholeheartedly agree, just adding strong authentication would create an 
awful lot of extra work for everyone, and would make people go for an 
unsecure alternative instead, or set it up themselves.

> The fact is that despite the complete lack of security there have been 
> no significant problems in these 12 years. Hackers have much more 
> interesting and valuable networks to target. I would propose that the 
> effort to create a secure APRS-IS would be better spent elsewhere.

Well, apparently APRS is gaining popularity in CB circles 
(http://cbaprs.de/), and some of them would prefer to get their packets on 
APRS-IS. It's a small problem for now, but makes it too scary for many to 
run TX igates for two-way messaging.

Also, if there was a secure way to authenticate hams on the Internet, 
whole new classes of services could be provided. Not just on APRS-IS. Free 
and paid.

Personally, I could let people inject packets to the APRS-IS and my APRS 
RF transmitters directly from aprs.fi. I could let them delete and edit 
their own historic APRS data stored on aprs.fi. Could provide a nice web 
chat interface to APRS messaging. All sorts of new cool stuff.

Others could let people automatically access repeater networks and even HF 
transmitters remotely from the Internet. Or something along those lines.

Currently all ham service providers need to do their own validation, which 
is an impossible undertaking for most. If there was a common way to 
validate an Internet users ham license in a more reliable way, I suppose a 
lot of new innovations could pop up.

   - Hessu, OH7LZB




More information about the aprssig mailing list