[aprssig] Who/where is the Certificate Authority for the APRS-IS servers?
Georg Lukas
georg at op-co.de
Tue Sep 30 03:01:50 EDT 2014
Hey Andrew,
* Andrew P. <andrewemt at hotmail.com> [2014-09-25 03:30]:
> I was planning on supporting the null cipher for SSL links to the
> APRS-IS servers. Is there any reason to support encrypting ciphers at
> all?
This is actually a very good question. I follow the stance that
encryption is disallowed over ham radio frequencies, but does no harm
for amateur radio issues over public IP networks. However, it might well
happen that our APRS-IS traffic is routed via HamNet, putting it in
violation.
APRSdroid is currently using the default cipher suite of Android, which
excludes null, but I am not opposed to change that. As amateur radio
communication is public anyway, I'm probably just too paranoid if I want
it protected from non-amateurs.
Georg
P.S: in this early stage, it might not be useful to perform
server-certificate checks in the client, but just to accept anything.
The client certificate presented by your application should prevent MitM
attacks, after all, and this lowers the hurdle to running an APRS-SSL
server.
--
|| http://op-co.de ++ GCS d--(++) s: a C+++ UL+++ !P L+++ !E W+++ N ++
|| gpg: 0x962FD2DE || o? K- w---() O M V? PS+ PE-- Y++ PGP+ t+ 5 R+ ||
|| Ge0rG: euIRCnet || X(+++) tv+ b+(++) DI+++ D- G e++++ h- r++ y? ||
++ IRCnet OFTC OPN ||_________________________________________________||
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20140930/99c0422b/attachment.asc>
More information about the aprssig
mailing list