17 Apr
2014
17 Apr
'14
7 p.m.
If you are volunteering to verify callsigns, free,
just as the ARRL
does, then I will have no problem adding your Certificate Authority to
my configuration. This scheme is very much capable of using multiple
authorities for authentication. The ARRL just happens to be the one
who already has a large, trusted install base and has agreed to let us
use their service in this manner.
Anybody who can install this:
https://packages.debian.org/search?searchon=contents&keywords=aprspass&…
or something similar.
can generate passcodes for any valid or invalid callsign...
There is no security in the APRS passcode, the passcode is derivated
from the callsign itself by a static algorithm.
The algorithm itself was kept somewhat in the dark, but it is no secret.
APRS passcodes must be considered public knowledge.
73 de Marc