Thread: Revised IGC-approvals for some types of legacy recorder
View Single Post
  #5  
Old November 18th 03, 02:36 PM
Ian Strachan
external usenet poster
  
Posts: n/a
Default
In article gJfub.230766$Fm2.231960@attbi_s04, Paul Remde
writes

snip

What is the plan to get the approval back in place?

That is up to the manufacturer, of course.

Cambridge already makes the 302 series that use the DSA public/private
key system that is assessed as equivalent in security strength to the
original Rivest, Shamir and Adleman (RSA) system. The 302 is therefore,
together with many other types of recorder, IGC-approved for "all
flights" including of course world records.

What must CAI do to
make it meet your new requirements?

If they think it worthwhile, offer an "RSA or equivalent" upgrade for
their legacy recorder designs. The requirements are not new but go back
to 1997, see below.

-------------------------------------

For new recorder designs, "RSA or equivalent" level of security has been
in the Technical Specification for IGC-approved GNSS Flight Recorders
for many years. Here is an extract from the first edition of the IGC
Specification, effective 1 October 1997: "FRs approved for world record
flights must have an asymmetric algorithm (such as RSA) or have a system
providing equivalent security".

What we are talking about here is an adjustment to the "Grandfather
rights" provisions for recorder designs that were IGC-approved a long
time ago and do not comply with the current IGC Specification.

Incidentally, you may recall that one of the non-RSA security systems
for a GNSS recorder was successfully hacked by the Wedekinds in Germany.
This was all in the public domain and was extensively publicised at the
time. This was done as an exercise rather than for malpractice, but
shows what can be done. The manufacturer concerned immediately changed
to an RSA-based system without any prompting from IGC. The non-RSA
recorder concerned is on the list recently announced, together with
recorders with similar types of security.

It was felt that we should be even-handed to all recorder designs rather
than just adjust the IGC-approval for the Wedekind-hacked design and
leave the rest. That is what has been done, perhaps a bit late, but
first we had to get the IGC Plenary to agree to the new "all IGC badges
and distance diploma" level first, to have somewhere to put legacy
recorders that had lower levels of security without affecting the vast
majority of owners and pilots. As it is, only world record aspirants
will be affected and there are plenty of other recorder designs that are
available for this type of flight.

--
Ian Strachan
Chairman IGC GFA Committee