At 16:49 03 September 2010, Darryl Ramm wrote:


I really just don't get the process at all. The long term logic ought
to be develop a validation program entirely independent of the
hardware manufacturer. Given any valid IGC file and the public key
this should be doable. There should be no ongoing need for any
software from these small flight recorder companies. The source code
for that validation program ought to be open source, but yes binaries
need to be signed and blessed by the IGC.

Darryl


Given a trace and the public key that would be possible. There are however
lots of keys to keep track of. From the spec (see section 2.8.3.1.1 on page
21) each logger has a unique private key so there is a separate public key
for every logger out in the wild, not one per manufacturer. If a security
reset is required for any reason a new private key may be installed and
hence a new public key is required.

The manufacture then produces the validation program/DLL containing all
the public keys for a long production run. If they use them all up they
have to produce a revised validation test which includes a new batch of
keys.

The IGC have decided that "As used in IGC approved recorders, the public
key is not intended to be available "in clear" to everyone, but should
be regarded as a confidential part of the IGC security system in the same
way as the private key."

Without that statement changing the existing system remains. The onus is
also then on the manufacturer to keep track and provide the validation
using all available public keys they have produced.

Nick