|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
|
|
#1
November 18th 03, 05:39 AM
|
|||
|
|||
Bruce Hoult wrote:
And I'll ammend my earlier remarks. In 1994 when I was recommending RSA to them I never imagined that they'd get to nearly 2004 before it became an issue. So they may have made the correct commercial decision. I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. RSA (or equivalent asymmetric algorithm) has been required for "all flights" approval since 1997, I believe... Marc 
|
|
#2
November 18th 03, 07:29 AM
|
|||
|
|||
|
On Tue, 18 Nov 2003 05:39:03 GMT, Marc Ramsey wrote:
Bruce Hoult wrote: And I'll ammend my earlier remarks. In 1994 when I was recommending RSA to them I never imagined that they'd get to nearly 2004 before it became an issue. So they may have made the correct commercial decision. I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. So what? If RSA had been required at that time there soon would have been. RSA (or equivalent asymmetric algorithm) has been required for "all flights" approval since 1997, I believe... So it has been perfectly acceptable to fly world records for the last 5 to 6 years without RSA security with loggers approved before 1997. If lack of RSA security was an issue why weren't legacy loggers given say 12 months to comply or lose "all flights" approval back in 1997? Why the change now? Would someone tell us why this is suddenly an issue? Which world record flights are suspect? Isn't it a remarkable coincidence that this action is being taken right after CAI Model 20 and 25 loggers are no longer in production? So a would a new design without RSA security would be acceptable for all but World Records? If not, why not? Mike Borgelt Borgelt Instruments
|
|
#3
November 18th 03, 08:38 AM
|
|||
|
|||
|
Mike Borgelt wrote:
On Tue, 18 Nov 2003 05:39:03 GMT, Marc Ramsey wrote: I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. So what? If RSA had been required at that time there soon would have been. I wasn't involved at the time, but the reason appears fairly obvious to me, it's called "jump-starting a market" over here. RSA (or equivalent asymmetric algorithm) has been required for "all flights" approval since 1997, I believe... So it has been perfectly acceptable to fly world records for the last 5 to 6 years without RSA security with loggers approved before 1997. Yes. If lack of RSA security was an issue why weren't legacy loggers given say 12 months to comply or lose "all flights" approval back in 1997? The only alternative available at the time was the Diamond-level approval. I can imagine the outrage of the early adopters when told they would need to spend more money to upgrade their already expensive boxes a couple of years after they bought them. Mike, you know as well as I do that most of those early designs would need a board swap to be able to adequately handle RSA and the like. Why the change now? Would someone tell us why this is suddenly an issue? The gap between what is needed to be approved now, and what was needed back then, is just too large. Among other things, it is unfair to those who are trying to get new designs approved to have to compete against 'grandfathered' designs. Which world record flights are suspect? None that I am aware of. Would you prefer to wait until there were some before an effort is made to shift the flight recorder requirements toward those currently required for approval? Isn't it a remarkable coincidence that this action is being taken right after CAI Model 20 and 25 loggers are no longer in production? As far as I know, they are still considered to be "in production". So a would a new design without RSA security would be acceptable for all but World Records? If not, why not? The whole point behind adding the all badges/diplomas approval was to allow more sensible security requirements for flight recorders used to document flights other than world records. If you have something specific to propose, you are welcome to contact GFAC for a formal answer. Marc
|
|
#4
November 19th 03, 03:10 AM
|
|||
|
|||
|
On Tue, 18 Nov 2003 08:38:21 GMT, Marc Ramsey wrote:
The gap between what is needed to be approved now, and what was needed back then, is just too large. Among other things, it is unfair to those who are trying to get new designs approved to have to compete against 'grandfathered' designs. And it has been since the RSA security requirements were introduced in 1997. Why is it suddenly so unfair now after 6 years ? The whole point behind adding the all badges/diplomas approval was to allow more sensible security requirements for flight recorders used to document flights other than world records. If you have something specific to propose, you are welcome to contact GFAC for a formal answer. Marc I think you need to read the r.a.s. archives before making statements like this. All of the above was done by myself and others when the F.R proposals were first mooted but all were ignored You are either ignorant of what really happened or being deliberately obtuse. I suggest you do a google search for r.a.s. for IGC flight recorders. You had better privately ask Mr Strachan about the meeting at Lasham at which reasons were invented not to approve loggers which met the rules as written and approved by the IGC at the time. Ask him who most of the participants had business associations with either before, at the time or subsequently. Also ask where the principal of that business was at the time. The history of F.R.s on the FAI site is inaccurate as it omits these details and others. How about a straight answer in public to - is it the intention of GFAC to approve new designs for "all but World records category"? I'm sure GFAC have a policy, it may just not be the written down official one based on past history. p.s. "jump starting the market" in that way as you put it would most likely contravene the Trade Practices Act (1974) in Australia and land you with a large fine. Ask the freight companies who were fined after the ACCC(Australian Consumer and Competition Commission) used an electronic barograph to prove that goods being sent by "airfreight" were in fact going by truck between Brisbane- Sydney- Melbourne. Mike Borgelt Borgelt Instruments
|
|
#5
November 18th 03, 02:36 PM
|
|||
|
|||
|
In article gJfub.230766$Fm2.231960@attbi_s04, Paul Remde
writes snip What is the plan to get the approval back in place? That is up to the manufacturer, of course. Cambridge already makes the 302 series that use the DSA public/private key system that is assessed as equivalent in security strength to the original Rivest, Shamir and Adleman (RSA) system. The 302 is therefore, together with many other types of recorder, IGC-approved for "all flights" including of course world records. What must CAI do to make it meet your new requirements? If they think it worthwhile, offer an "RSA or equivalent" upgrade for their legacy recorder designs. The requirements are not new but go back to 1997, see below. ------------------------------------- For new recorder designs, "RSA or equivalent" level of security has been in the Technical Specification for IGC-approved GNSS Flight Recorders for many years. Here is an extract from the first edition of the IGC Specification, effective 1 October 1997: "FRs approved for world record flights must have an asymmetric algorithm (such as RSA) or have a system providing equivalent security". What we are talking about here is an adjustment to the "Grandfather rights" provisions for recorder designs that were IGC-approved a long time ago and do not comply with the current IGC Specification. Incidentally, you may recall that one of the non-RSA security systems for a GNSS recorder was successfully hacked by the Wedekinds in Germany. This was all in the public domain and was extensively publicised at the time. This was done as an exercise rather than for malpractice, but shows what can be done. The manufacturer concerned immediately changed to an RSA-based system without any prompting from IGC. The non-RSA recorder concerned is on the list recently announced, together with recorders with similar types of security. It was felt that we should be even-handed to all recorder designs rather than just adjust the IGC-approval for the Wedekind-hacked design and leave the rest. That is what has been done, perhaps a bit late, but first we had to get the IGC Plenary to agree to the new "all IGC badges and distance diploma" level first, to have somewhere to put legacy recorders that had lower levels of security without affecting the vast majority of owners and pilots. As it is, only world record aspirants will be affected and there are plenty of other recorder designs that are available for this type of flight. -- Ian Strachan Chairman IGC GFA Committee
|
|
#6
November 18th 03, 08:49 PM
|
|||
|
|||
|
I agree with Paul.
So, all the world records that have been set with a CAI mod 10/20/25 may perhaps not be secure enough???? The reason for increasing the security should, if you using rational arguments, be a result of attempts to cheat. I wonder which records that can be.... Of course all this is pure nonsense. Is this the way IGC is using its resources to increase world wide gliding membership? Yes, the decision was taken at the IGC plenary meeting, but lots of delegates did not understand what was really happening as the presentation was, if I may you use the word, very clever. I did not realize at the meeting that the result was to degrade existant recorders. Robert Paul Remde wrote: Yes, but doesn't the CAI system work? It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it "insecure". What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements? Paul Remde "Bruce Hoult" wrote in message ... In article , "tango4" wrote: After going to all of the time designing the hardware security along came the idea of public key cryptography so the IGC spec was 'upgraded' to incorporate this additional security layer. The Cambridges and others got caught between the two specs. Public key cryptography was well known in 1994 when the Cambridge 10's were used at the NZ pre-worlds, and in fact I *told* them at the time that they should be using something like RSA instead of something home-grown. Oh well. -- Bruce
|
|
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
