Home | Aktuelles | Amateurfunk | Chaoswelle | DARC-OV | Afu-Lexikon | Service | Datenschutz | Impressum | Anmelden
K
K
Zeile 23: Zeile 23:
* Operator Idenfitication Process
* Operator Idenfitication Process
* Revocation Process
* Revocation Process
 +
* Revokation from Owner
 +
* Revokation from Service Provider due to abuse

Version vom 14:59, 22. Okt. 2014

Inhaltsverzeichnis

HAM PKI

Problem

Access to some systems or services (for example APRS or the hamnet) within the Internet should only provided to authorized and licensed amateur radio operators.

APRS currently uses a passcode, which is just some kind of checksum against the callsign. There are many tools free available, which you can use to generate your own APRS passcode for every string you can imagine. Based on that information an APRS passcode is not a secure way of authenticating a amateur radio operator.


Solution

Some services started to use certificates to identify amateur radio operators. Theese certificates are issued by a CA which will identify the operator before issuing the certificate. No one can fake a certificate, because a certificate needs to be signed by a CA to be valid.

Currently there is only one CA, provided by the ARRL which can issue certificates. Despite the fact that this is a single point of failure, many hams may have problems with sending personal documents around the globe. This lead to the idea, that another CA could be needed and that rules for this CA need to be implemented which makes the whole process of issuing and revoking certificates transparent to the operator who is requesting a certificate.

One of the first ideas was to put this CA service into the local amateur radio operators group (for example ARRL in the US, DARC in Germany) but not every amateur radio operator is member of such a group.

Another - better idea - is to let volunteers provide this CA within a organization which is known for their privacy and IT knowledge and where every amateur radio operator can request an equal certificate.

Requirements

 * Issue Process
 * Operator Idenfitication Process
 * Revocation Process
  * Revokation from Owner
  * Revokation from Service Provider due to abuse


TODO

 * solid certification policy
 * CA implementation
 * validation volunteers