[aprssig] APRS Mobile 1.0 Released for iPhone/iPad
javier at kjsl.org
Mon Sep 22 19:49:20 EDT 2014
On Mon, Sep 22, 2014 at 5:25 PM, Steve Dimse <steve at dimse.com> wrote:
> On Sep 22, 2014, at 3:01 PM, Javier Henderson <javier at kjsl.org> wrote:
> > If the passcode is so useless, maybe we should revise the use of
> certificates, as it has been proposed here before more than once.
> Again, the issue isn't the front end where people sign on, it is the back
> end where the data travels. It doesn't matter how secure the authentication
> is when the transport is wide open.
> Any system you design for authentication must transmit that authentication
> information via the APRS IS. Since the passcode is all that is needed to
> fully authenticate with the APRS IS anyone can put anything on the APRS IS.
> So if you want security, you must replace the APRS IS.
> Is it possible to have a new, secure APRS IS? Yes, but would it reach
> critical mass? If you move, you lose some connectivity with hams connected
> through the old system. This would not be an insurmountable hurdle with
> early adopters blazing the way, except for the fact that the vast majority
> of users do not see a problem with the current system. So moving has no
> benefit and a significant loss. Combined with the problem of upgrading
> software and setting up a new back end transport network it just isn't
> worth the effort to people that look upon APRS as a functional system
> rather than a theoretical playpen.
You are making a lot of assumptions, rather than rehash everything please
refer to past posts on this, it's all been explained how the proposal
involving SSL certificates includes workarounds for those using ancient or
modern software that doesn't have native support, as well as the benefits
of using strong authentication, such as new services for example.
Aren't we suppose to innovate, advance the state of the art, and so on?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the aprssig