[aprssig] APRS-IS Passcode alternative: SSL + Certificates, with no data encryption
Ya'akov Sloman
yaakov at sloman.me
Sun Mar 30 06:33:29 EDT 2014
I'd like to make a couple of suggestions for consideration.
The need for TCP might be reduced to an authentication handshake rather than every frame. If something akin to SMTP AUTH is used, along with some other *temporary* form of shared secret exchanged at the time of the authentication, and combined with the source address, it would reduce the possible abuse window to the horizon of the authenticated "session".
That is, using TLS or equivalent, the station can authenticate to the server using TCP. It is handed an expiring secret, and the session state is retained by the server which includes the call, secret, and source address. After that, UDP frames are used as usual, with the secret acting just as the current passcode does, but with expiration.
It might be beneficial to use the model of DHCP and have the client request a new secret (via the TCP mechanism) at 1/2-expiry.
The method of authentication *could* be PKI or something else since TLS will hide the exchange. PKI has the advantage of not requiring the maintenance of a password file and managing access to it.
There is also the possibility of WoT (Web of Trust) using PGP (or GnuPG, most likely) to decentralize the CA. If we used some method to record trusted signers (which could be completely open since it is not, in itself, confidential), and we required one or more signatures from previously trusted operators, no CA would be needed.
These are just some thoughts, for what they are worth.
Ya'akov
N1EWO
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20140330/660f30ab/attachment.asc>
More information about the aprssig
mailing list