[aprssig] aprsis DOS in Poland, observation

Scott Miller scott at opentrac.org
Mon Sep 7 22:46:37 EDT 2020


On 9/7/2020 4:51 PM, David Andrzejewski via aprssig wrote:
>
> Do your embedded systems run over IP or RF or both?
>
Both, but in this case I'm only talking about the IP side.
>
> Do we need (or want) additional authentication on RF?  I can see 
> arguments for both sides.  We don't really have any kind of strong 
> authentication on RF for most other modes.
>
No, but my trackers do have their own RF authentication scheme for 
remote control. It's a one-time password system based on a pre-shared 
key, and even the 8-bit versions could handle the XXTEA block cipher 
just fine.

If there has to be a heavy PKI scheme, maybe we could have some kind of 
authentication proxy service where you set up a certificate with the 
proxy along with a pre-shared key, and then a lightweight device uses 
its key to authorize the proxy to do the heavy lifting for it.

> As for LoTW being the CA, I'd caution that maybe we don't want a 
> singular organization to control the PKI.
>
I agree. I don't think we should even be in the business of verifying 
licenses; just making sure bots can't easily get lots of keys and that 
keys can be revoked.

Scott
N1VG



More information about the aprssig mailing list