[aprssig] Who/where is the Certificate Authority for the APRS-IS servers?

Andrew P. andrewemt at hotmail.com
Wed Sep 24 21:28:40 EDT 2014 

I was planning on supporting the null cipher for SSL links to the 
APRS-IS servers. Is there any reason to support encrypting ciphers at 
all? Considering the number of jurisdictions where encryption isn't 
allowed, is it worth making it conditional versus just always locking to
 null ciphers?

In any case, it's working now, except that I 
occasionally find servers in the ssl.aprs2.net pool that aren't playing by the rules; they have 
SSL but don't seem to have certificates signed by the correct CA, so my 
connection gets rejected. Sometimes, I find a good server, and then all 
works well.

Andrew, KA2DDO

> Date: Wed, 24 Sep 2014 10:44:50 -0700
> Subject: Re: [aprssig] Who/where is the Certificate Authority for the	APRS-IS servers?
> 
> Andrew,
> 
> The Tier 2 servers that have been configured for experimental SSL
> identify with certificates signed by a custom Tier 2 Certificate
> Authority. For client verification, they check that certificates are
> signed by ARRL LotW.
[snip]
> P.S. Please make sure your application allows, and can be configured
> to request, eNULL cipher. This allows SSL authentication without
> encryption, so it is legal for use over Part 97. In our area, some
> igates connect over Part 97 wifi links. If the client does not request
> eNULL cipher, aprsc will default to using encryption over SSL links.
> 
> Tom KD7LXL
> 
> On Wed, Sep 24, 2014 at 10:12 AM, Andrew P. <andrewemt at hotmail.com> wrote:
> > Greetings, all.
> >
> > I was working on implementing SSL support in my APRS application, and
> > noticed that the APRS-IS servers identify themselves with certificates
> > issued by someone other than any of the big Certificate Authorities. Where
> > does one get the trusted root CA certificate for these servers? Is it
> > available on a webpage somewhere (maybe where the server code is available)?
> >
> > Thanks in advance.
> >
> > Andrew Pavlin, KA2DDO
> > author of YAAC

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20140924/aea32e6f/attachment.html>

More information about the aprssig mailing list