[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption
Andrew Elwell
andrew.elwell at gmail.com
Tue Apr 1 04:48:28 EDT 2014
>> That little aside _is_ the problem. Who do you trust? Who do you
>> trust to keep a list of people that can be trusted?
> And in the future, other suitable CA's could be accepted if they're ran by equally trusted sources, such as ARRL counterparts in other countries, StartSSL, Verisign, etc.
Declaration of interest: I used to look after grid computing sites &
software that depended on delegated authentication / authorization
systems, and it's not a trivial problem.
Using the passcode works. There's very little overhead in the
transaction. It's more of a deterrent than a security feature, same as
CTCSS.
How do you ensure that each 'ARRL counterpart"' follows some sort of
acceptable verifcation of the individual? keeps their certificate
chain secure? has proper policies for revocation / updates etc?
Each client would then need to trust all the CAs that issue
certificates. In the grid world we did this through the IGTF
(http://www.gridpma.org/) and even that needed 3 policy areas
(Americas, EMEA, Asia-Pacific) and the amount of work that was needed
on *each* grid server to follow changes in the list was non-trivial.
see https://dist.eugridpma.info/distribution/igtf/current/ for an
indication of how many *accredited* CAs there are, let alone test and
unaccredited ones. Remember you have to check *each* of those for a
revocation list.
Yes, it can work, but it's a lot of work for possibly very little gain.
Andrew
More information about the aprssig
mailing list