On Thu, Apr 17, 2014 at 10:47 AM, Heikki Hannikainen hessu@hes.iki.fiwrote:
(Please trim inclusions from previous messages) _______________________________________________ On Thu, 17 Apr 2014, Don Fanning wrote:
One problem that comes to mind is SSL wouldn't be allowed on 44net unless
everyone has the private key and I doubt ARRL will release that.
Humm, why?
The private keys of the ARRL CA are only needed by ARRL to sign the certificates they give to the users. And they don't need to give those away (actually, they must not give those away) - that would allow others to impersonate ARRL and sign certificates on their behalf.
What everyone needs is their CA's certificate, which is public by definition. That can then be used to verify certificates of individual users - to confirm that those individual users have a good amateur radio certificate given by a CA such as ARRL, and that CA has looked at the license papers of that individual before giving him a certificate.
By the way, have to mention this again: SSL/TLS can run in a mode where data is not encrypted (NULL cipher), it's just authenticated. You'll know it came from me and nobody modified it on the way, but it's not encrypted.
- Hessu
So again, explain to me why this should be used on an authentication system that can be defeated with a pen and paper? If APRS-IS was meant to be authenticated, then they should have went public-key/certificate based long ago.