If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Revised IGC-approvals for some types of legacy recorder
This GFAC announcement has been prepared with the agreement of
the IGC GNSS Committee and the IGC Bureau. It was put out a couple of days ago on the FAI IGC email mailing lists and ). A question that has been asked is where the current 24 types of IGC-approved recorder and their 10 manufacturers, are listed. This can be seen on: http://www.fai.org/gliding/gnss/igc_approved_frs.pdf ------------------------------------------------------------------- At the last IGC Plenary meeting earlier in 2003, a new approval level for GNSS flight recorders was agreed. This was for "all IGC badge and distance diploma flights" and was in addition to the existing levels for "all flights" and "badge flights up to and including Diamonds". The latter is used for types of recorder units that do not have their own GPS receiver but rely on a separate GPS unit connected to the recorder by cable. There are currently 24 models of IGC-approved GNSS recorder, from 10 different manufacturers. GFAC has completed a review of legacy recorders, the IGC-approvals of which go back as far as 1996. The following principles have been agreed for the futu For world record flight claims, it is not considered suitable to have recorders with one or more of the following characteristics: 1. No security microswitch or equivalent (this operates if the case is opened). 2. Without electronic security giving the strength of systems such as RSA (public/private key systems) as assessed by GFAC and its experts in electronic security. 3. No current manufacturer support (out of production and the original manufacturer either no longer exists or is no longer dealing with them). Negotiations with appropriate manufacturers have been going on for some time, and revised IGC-approval documents have been circulated to them. Types of recorders affected will have IGC-approvals for the new "all IGC badge flights and distance diploma" level. Types of recorders affected with the main reason: Cambridge 10, 20 and 25 (not RSA or equivalent strength). Filser LX20 first batch (not RSA or equivalent strength, no microswitch). Peschges VP8 (no microswitch, original manufacturer understood to be no longer in the recorder business). Print Technik GR1000 (not RSA or equivalent strength, original manufacturer no longer in the recorder business). Timescale Filser LX20, Peschges VP8 and Print Technik GR1000 - all on 1 January 2004. Cambridge 10, 20, 25 - the date of re-issue of IGC-approval documents as part of present negotiations with the Horn Lake (MS) and Martinsville (VA) operations (this could be earlier than 1 January). This announcement is made so that there will be no doubt of what is happening, and why. The only pilots affected will be those planning to attempt world record flights, for which other types of IGC-approved flight recorder must be used. Any questions to the undersigned, -- Ian Strachan Chairman, GNSS Flight Recorder Approval Committee (GFAC) of the International Gliding Commission Bentworth Hall West Bentworth Alton, Hampshire GU34 5LA ENGLAND Tel: +44 1420 564 195 Fax: +44 1420 563 140 |
#2
|
|||
|
|||
Hi Ian,
I am very suprised to learn about this development. So, if I undertand your note correctly, you are saying that the CAI GPS-NAV units are suddenly not considered secure? I think that is ridiculous. Please explain in detail why you came to that conclusion. Paul Remde "Ian Strachan" wrote in message ... This GFAC announcement has been prepared with the agreement of the IGC GNSS Committee and the IGC Bureau. It was put out a couple of days ago on the FAI IGC email mailing lists and ). A question that has been asked is where the current 24 types of IGC-approved recorder and their 10 manufacturers, are listed. This can be seen on: http://www.fai.org/gliding/gnss/igc_approved_frs.pdf ------------------------------------------------------------------- At the last IGC Plenary meeting earlier in 2003, a new approval level for GNSS flight recorders was agreed. This was for "all IGC badge and distance diploma flights" and was in addition to the existing levels for "all flights" and "badge flights up to and including Diamonds". The latter is used for types of recorder units that do not have their own GPS receiver but rely on a separate GPS unit connected to the recorder by cable. There are currently 24 models of IGC-approved GNSS recorder, from 10 different manufacturers. GFAC has completed a review of legacy recorders, the IGC-approvals of which go back as far as 1996. The following principles have been agreed for the futu For world record flight claims, it is not considered suitable to have recorders with one or more of the following characteristics: 1. No security microswitch or equivalent (this operates if the case is opened). 2. Without electronic security giving the strength of systems such as RSA (public/private key systems) as assessed by GFAC and its experts in electronic security. 3. No current manufacturer support (out of production and the original manufacturer either no longer exists or is no longer dealing with them). Negotiations with appropriate manufacturers have been going on for some time, and revised IGC-approval documents have been circulated to them. Types of recorders affected will have IGC-approvals for the new "all IGC badge flights and distance diploma" level. Types of recorders affected with the main reason: Cambridge 10, 20 and 25 (not RSA or equivalent strength). Filser LX20 first batch (not RSA or equivalent strength, no microswitch). Peschges VP8 (no microswitch, original manufacturer understood to be no longer in the recorder business). Print Technik GR1000 (not RSA or equivalent strength, original manufacturer no longer in the recorder business). Timescale Filser LX20, Peschges VP8 and Print Technik GR1000 - all on 1 January 2004. Cambridge 10, 20, 25 - the date of re-issue of IGC-approval documents as part of present negotiations with the Horn Lake (MS) and Martinsville (VA) operations (this could be earlier than 1 January). This announcement is made so that there will be no doubt of what is happening, and why. The only pilots affected will be those planning to attempt world record flights, for which other types of IGC-approved flight recorder must be used. Any questions to the undersigned, -- Ian Strachan Chairman, GNSS Flight Recorder Approval Committee (GFAC) of the International Gliding Commission Bentworth Hall West Bentworth Alton, Hampshire GU34 5LA ENGLAND Tel: +44 1420 564 195 Fax: +44 1420 563 140 |
#3
|
|||
|
|||
After going to all of the time designing the hardware security along came
the idea of public key cryptography so the IGC spec was 'upgraded' to incorporate this additional security layer. The Cambridges and others got caught between the two specs. On the basis of openness and transparency shouldn't the IGC be disclosing all known or suspected cases of 'trace fraud?' ( If there have been any ) then the general gliding community can get a grip on how the system is working. Ian Molesworth "Paul Remde" wrote in message news:VA9ub.28061$Dw6.139143@attbi_s02... Hi Ian, I am very suprised to learn about this development. So, if I undertand your note correctly, you are saying that the CAI GPS-NAV units are suddenly not considered secure? I think that is ridiculous. Please explain in detail why you came to that conclusion. Paul Remde "Ian Strachan" wrote in message ... This GFAC announcement has been prepared with the agreement of the IGC GNSS Committee and the IGC Bureau. It was put out a couple of days ago on the FAI IGC email mailing lists and ). A question that has been asked is where the current 24 types of IGC-approved recorder and their 10 manufacturers, are listed. This can be seen on: http://www.fai.org/gliding/gnss/igc_approved_frs.pdf ------------------------------------------------------------------- At the last IGC Plenary meeting earlier in 2003, a new approval level for GNSS flight recorders was agreed. This was for "all IGC badge and distance diploma flights" and was in addition to the existing levels for "all flights" and "badge flights up to and including Diamonds". The latter is used for types of recorder units that do not have their own GPS receiver but rely on a separate GPS unit connected to the recorder by cable. There are currently 24 models of IGC-approved GNSS recorder, from 10 different manufacturers. GFAC has completed a review of legacy recorders, the IGC-approvals of which go back as far as 1996. The following principles have been agreed for the futu For world record flight claims, it is not considered suitable to have recorders with one or more of the following characteristics: 1. No security microswitch or equivalent (this operates if the case is opened). 2. Without electronic security giving the strength of systems such as RSA (public/private key systems) as assessed by GFAC and its experts in electronic security. 3. No current manufacturer support (out of production and the original manufacturer either no longer exists or is no longer dealing with them). Negotiations with appropriate manufacturers have been going on for some time, and revised IGC-approval documents have been circulated to them. Types of recorders affected will have IGC-approvals for the new "all IGC badge flights and distance diploma" level. Types of recorders affected with the main reason: Cambridge 10, 20 and 25 (not RSA or equivalent strength). Filser LX20 first batch (not RSA or equivalent strength, no microswitch). Peschges VP8 (no microswitch, original manufacturer understood to be no longer in the recorder business). Print Technik GR1000 (not RSA or equivalent strength, original manufacturer no longer in the recorder business). Timescale Filser LX20, Peschges VP8 and Print Technik GR1000 - all on 1 January 2004. Cambridge 10, 20, 25 - the date of re-issue of IGC-approval documents as part of present negotiations with the Horn Lake (MS) and Martinsville (VA) operations (this could be earlier than 1 January). This announcement is made so that there will be no doubt of what is happening, and why. The only pilots affected will be those planning to attempt world record flights, for which other types of IGC-approved flight recorder must be used. Any questions to the undersigned, -- Ian Strachan Chairman, GNSS Flight Recorder Approval Committee (GFAC) of the International Gliding Commission Bentworth Hall West Bentworth Alton, Hampshire GU34 5LA ENGLAND Tel: +44 1420 564 195 Fax: +44 1420 563 140 |
#4
|
|||
|
|||
In article ,
"tango4" wrote: After going to all of the time designing the hardware security along came the idea of public key cryptography so the IGC spec was 'upgraded' to incorporate this additional security layer. The Cambridges and others got caught between the two specs. Public key cryptography was well known in 1994 when the Cambridge 10's were used at the NZ pre-worlds, and in fact I *told* them at the time that they should be using something like RSA instead of something home-grown. Oh well. -- Bruce |
#5
|
|||
|
|||
Yes, but doesn't the CAI system work? It is my impression that it is
perfectly secure and has never been compromised. So why suddenly call it "insecure". What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements? Paul Remde "Bruce Hoult" wrote in message ... In article , "tango4" wrote: After going to all of the time designing the hardware security along came the idea of public key cryptography so the IGC spec was 'upgraded' to incorporate this additional security layer. The Cambridges and others got caught between the two specs. Public key cryptography was well known in 1994 when the Cambridge 10's were used at the NZ pre-worlds, and in fact I *told* them at the time that they should be using something like RSA instead of something home-grown. Oh well. -- Bruce |
#6
|
|||
|
|||
Paul Remde wrote:
Yes, but doesn't the CAI system work? It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it "insecure". As of January 1st, the CAI Model 10/20/25 won't be considered "insecure", they just won't be considered "secure enough" for world records. You can still use it for badges, 1000K+ diplomas, contests, etc., just not world records. What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements? Minimally, a firmware upgrade would be required, but it is not clear that the microcontroller is fast enough to support the needed changes. The manufacturer(s?) is the only one that can provide an answer... Marc |
#7
|
|||
|
|||
I just find this absurd. I'm very angry about the sudden change.
If I remember correctly, Steve Fossett is using a GPS-NAV (and a 302 I believe) and currently setting world records in the southern hemisphere. I'm still waiting for a good answer to the question why. Why is the GPS-NAV suddenly not secure for world records? This is not acceptable behavior by the IGC. Paul Remde "Marc Ramsey" wrote in message om... Paul Remde wrote: Yes, but doesn't the CAI system work? It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it "insecure". As of January 1st, the CAI Model 10/20/25 won't be considered "insecure", they just won't be considered "secure enough" for world records. You can still use it for badges, 1000K+ diplomas, contests, etc., just not world records. What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements? Minimally, a firmware upgrade would be required, but it is not clear that the microcontroller is fast enough to support the needed changes. The manufacturer(s?) is the only one that can provide an answer... Marc |
#8
|
|||
|
|||
In article gJfub.230766$Fm2.231960@attbi_s04,
"Paul Remde" wrote: "Bruce Hoult" wrote in message ... Public key cryptography was well known in 1994 when the Cambridge 10's were used at the NZ pre-worlds, and in fact I *told* them at the time that they should be using something like RSA instead of something home-grown. Yes, but doesn't the CAI system work? Unfortunately we have no way of knowing, because the method used isn't published. But essentially I believe it is a typical private key system which relies on only trusted parties knowing the secret key. These trusted parties include anyone writing software to upload flights (which I suspect is the reason they would never give me the specs for writing mac software), and authorized repair agents. It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it "insecure". Secure doesn't mean "hasn't (to our knowledge) been compromised". It means "*can't* be compromised". If we didn't know how to do the latter that would be a different matter, but we do. And I'll ammend my earlier remarks. In 1994 when I was recommending RSA to them I never imagined that they'd get to nearly 2004 before it became an issue. So they may have made the correct commercial decision. -- Bruce |
#9
|
|||
|
|||
Paul Remde wrote:
I just find this absurd. I'm very angry about the sudden change. If I remember correctly, Steve Fossett is using a GPS-NAV (and a 302 I believe) and currently setting world records in the southern hemisphere. The 302 will continue to be approved for world records for the forseeable future. Steve Fossett also owns at least two Volksloggers, which will also continue to be approved for world records. I'm still waiting for a good answer to the question why. Why is the GPS-NAV suddenly not secure for world records? According to the current flight recorder specifications, a new design similar to the GPS-NAV could not be approved for world records. There are other older flight recorder models for which there are known security concerns. The only (more or less) fair way remove world record approval from some models was to remove such approval from all similar designs approved under the older specifications. This is not acceptable behavior by the IGC. I can't think of any way this could have been done that everyone would find acceptable... Marc |
#10
|
|||
|
|||
Bruce Hoult wrote:
And I'll ammend my earlier remarks. In 1994 when I was recommending RSA to them I never imagined that they'd get to nearly 2004 before it became an issue. So they may have made the correct commercial decision. I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. RSA (or equivalent asymmetric algorithm) has been required for "all flights" approval since 1997, I believe... Marc |
Thread Tools | |
Display Modes | |
|
|