[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption

Paul Bramscher pfbram at comcast.net
Tue Apr 1 00:21:52 EDT 2014


Maybe where some hesitation comes is in centralization of trust (as
opposed to community trust or self-policing).  Centralization is a whole
different sort of trust, and might imply managing a very large database
of users/credentials.

CA's can be handmade for free.  As long as the "fingerprint" is
documented and matches what sits on a reputable organization's web site
which offers it, they could be trusted by manually adding the homemade
Certificate Authority to any modern browser.

The philosophy behind public keyrings (web of trust) is generally
community-maintained.  It's just a big bucket of public keys.
Advertising yours is your responsibility, and accepting someone is your
judgement call.  The idea is that you can't have trust without identity
and security.

Could be more trouble than it's worth here, though.  Looks like a
Wikipedia article does a good job of distinguishing between the models:
http://en.wikipedia.org/wiki/Web_of_trust.

I watched parts of the video, pretty good summary.

-Paul / KD0KZE

On 3/31/2014 8:44 PM, Javier Henderson wrote:
> 
> On Mar 31, 2014, at 5:28 PM, Jason KG4WSV <kg4wsv at gmail.com> wrote:
> 
> 
>>> And it would require a
>>> centralized database.
>>
>> That little aside _is_ the problem.  Who do you trust? Who do you
>> trust to keep a list of people that can be trusted?
>>
>> For any authentication system to work, someone has to keep a list, and
>> then be willing to deal with all the extra work involved in certifying
>> everyone on the list.
> 
> If we use LotW certificates, we’d be trusting the ARRL. They consider those secure enough to trust them for DXCC credit, so I’m sure we can trust them for this purpose as well.
> 
> And in the future, other suitable CA’s could be accepted if they’re ran by equally trusted sources, such as ARRL counterparts in other countries, StartSSL, Verisign, etc.
> 
> Hessu OH7LZB did a presentation about all of this at DCC last year, which is available on youtube:
> 
> https://www.youtube.com/watch?v=wQxtvvhf4K8
> 
> 73,
> -jav k4jh
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> http://www.tapr.org/mailman/listinfo/aprssig
> 




More information about the aprssig mailing list