[CQ-Contest] if you didn't like the last one...

David Robbins K1TTT k1ttt at arrl.net
Sun Oct 5 12:20:29 EDT 2003 


> -----Original Message-----
> From: Lyndon Nerenberg [mailto:lyndon at orthanc.ca]
> Sent: Sunday, October 05, 2003 01:55
> To: David Robbins K1TTT; reflector cq-contest
> Subject: RE: [CQ-Contest] if you didn't like the last one...
> 
> 
> > This has been discussed many times over the years of packet and now
> > internet spotting with no real solution being found.  The only way
to
> > really do it would be to start a new network completely separate
from
> > the existing one that used something like the arrl's certificate
system
> > to validate all incoming spots.  This would be a long and complex
> > process to design and set up,
> 
> Nonsense. The software to do this has existed for years, and there are
> many possible solutions. It can be done quickly and simply by
> incorporating Kerberos authentication into the existing network.
> 
> > then would require validation of users,
> > issuing certificates, dedicated client side software to encrypt and
> > transmit the spots, and more complex server side software to
validate
> > user inputs as well as validate other node connections... and it
could
> > not be used over rf links (at least in the U.S.) under existing
rules
> > because of the encryption needed to make the links secure.
> 
> This is just plain wrong. There is no requirement for encryption. What
> you need to do is add SASL authentication using Kerberos 5 and
mandatory
> SASL integrity to connections. This isn't rocket science.
> 
> What it does point out, though, is the need for a neutral authority to
> administer and operate an authentication infrastructure.
> 
> --lyndon

The generic Kerberos process includes encryption of the keys.  As I
remember it also has problems with time delays like you would encounter
with slow rf links if that were possible with the encrypted stuff.  And
it would still require a method of determining that someone is who they
say they are which needs some out-of-band process like the arrl's
postcard system.  So there would still need to be all new software and a
system of authenticating both users and nodes that includes some outside
authority.



David Robbins K1TTT
e-mail: mailto:k1ttt at arrl.net
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net

More information about the CQ-Contest mailing list