17 Apr
2014
17 Apr
'14
5:54 p.m.
On Thu, Apr 17, 2014 at 10:47 AM, Heikki Hannikainen <hessu(a)hes.iki.fi>wrote;wrote:
(Please trim inclusions from previous messages)
_______________________________________________
On Thu, 17 Apr 2014, Don Fanning wrote:
One problem that comes to mind is SSL wouldn't be allowed on 44net unless
So again, explain to me why this should be used on an authentication system
that can be defeated with a pen and paper? If APRS-IS was meant to be
authenticated, then they should have went public-key/certificate based long
ago.
everyone has the private key and I doubt ARRL
will release that.
Humm, why?
The private keys of the ARRL CA are only needed by ARRL to sign the
certificates they give to the users. And they don't need to give those away
(actually, they must not give those away) - that would allow others to
impersonate ARRL and sign certificates on their behalf.
What everyone needs is their CA's certificate, which is public by
definition. That can then be used to verify certificates of individual
users - to confirm that those individual users have a good amateur radio
certificate given by a CA such as ARRL, and that CA has looked at the
license papers of that individual before giving him a certificate.
By the way, have to mention this again: SSL/TLS can run in a mode where
data is not encrypted (NULL cipher), it's just authenticated. You'll know
it came from me and nobody modified it on the way, but it's not encrypted.
- Hessu