[aprssig] APRS Mobile 1.0 Released for iPhone/iPad
John Gorkos
jgorkos at gmail.com
Mon Sep 22 21:32:10 EDT 2014
Ding ding ding ding! We have a winner! THIS is how we should be doing
authentication on new clients. ARRL LotW certs. The ARRL does the hard
work, we just trust them to get it right. Infinitely better than the
'passcode' system, and not exceptionally difficult to do, especially if
you bake it in to new code. Extensible, as additional cert authorities
come online (RGSB? The Germans?) we just add their certs as trusted to
the server.
I'm with you Javier.
John Gorkos
On 9/22/14, 4:01 PM, Javier Henderson wrote:
>
>
> On Mon, Sep 22, 2014 at 2:19 PM, Steve Dimse <steve at dimse.com
> <mailto:steve at dimse.com>> wrote:
>
>
> On Sep 22, 2014, at 9:30 AM, Lynn W. Deffenbaugh (Mr)
> <ldeffenb at homeside.to <mailto:ldeffenb at homeside.to>> wrote:
>
> > Ug. And this conforms how to the requirement on
> http://www.aprs-is.net/Connecting.aspx (emphasis theirs):
> >
> >> It is the responsibility of each software author to provide the
> proper passcode to their individual users on a request basis. This
> is to aid in keeping APRS-IS restricted to amateur radio use only.
> >
> > IMHO, it should default to -1 until some contact is made to honor
> the responsibility of the software author to get a proper passcode
> for their callsign.
> >
> Again, this is busy work. There is NO security provided by the
> passcode, at this point it is nothing but an annoyance. If you would
> feel even the slightest bit better if it defaults to -1 you are
> delusional.
>
>
> If the passcode is so useless, maybe we should revise the use of
> certificates, as it has been proposed here before more than once.
>
> 73,
> -jav k4jh
>
>
>
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> http://www.tapr.org/mailman/listinfo/aprssig
>
More information about the aprssig
mailing list