If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
On Tue, 18 Nov 2003 05:39:03 GMT, Marc Ramsey wrote:
Bruce Hoult wrote: And I'll ammend my earlier remarks. In 1994 when I was recommending RSA to them I never imagined that they'd get to nearly 2004 before it became an issue. So they may have made the correct commercial decision. I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. So what? If RSA had been required at that time there soon would have been. RSA (or equivalent asymmetric algorithm) has been required for "all flights" approval since 1997, I believe... So it has been perfectly acceptable to fly world records for the last 5 to 6 years without RSA security with loggers approved before 1997. If lack of RSA security was an issue why weren't legacy loggers given say 12 months to comply or lose "all flights" approval back in 1997? Why the change now? Would someone tell us why this is suddenly an issue? Which world record flights are suspect? Isn't it a remarkable coincidence that this action is being taken right after CAI Model 20 and 25 loggers are no longer in production? So a would a new design without RSA security would be acceptable for all but World Records? If not, why not? Mike Borgelt Borgelt Instruments |
#12
|
|||
|
|||
Mike Borgelt wrote:
On Tue, 18 Nov 2003 05:39:03 GMT, Marc Ramsey wrote: I'd make the simple point that if RSA was required when the first flight recorder specification was issued in 1995, there were no existing flight recorder designs which could have been approved. So what? If RSA had been required at that time there soon would have been. I wasn't involved at the time, but the reason appears fairly obvious to me, it's called "jump-starting a market" over here. RSA (or equivalent asymmetric algorithm) has been required for "all flights" approval since 1997, I believe... So it has been perfectly acceptable to fly world records for the last 5 to 6 years without RSA security with loggers approved before 1997. Yes. If lack of RSA security was an issue why weren't legacy loggers given say 12 months to comply or lose "all flights" approval back in 1997? The only alternative available at the time was the Diamond-level approval. I can imagine the outrage of the early adopters when told they would need to spend more money to upgrade their already expensive boxes a couple of years after they bought them. Mike, you know as well as I do that most of those early designs would need a board swap to be able to adequately handle RSA and the like. Why the change now? Would someone tell us why this is suddenly an issue? The gap between what is needed to be approved now, and what was needed back then, is just too large. Among other things, it is unfair to those who are trying to get new designs approved to have to compete against 'grandfathered' designs. Which world record flights are suspect? None that I am aware of. Would you prefer to wait until there were some before an effort is made to shift the flight recorder requirements toward those currently required for approval? Isn't it a remarkable coincidence that this action is being taken right after CAI Model 20 and 25 loggers are no longer in production? As far as I know, they are still considered to be "in production". So a would a new design without RSA security would be acceptable for all but World Records? If not, why not? The whole point behind adding the all badges/diplomas approval was to allow more sensible security requirements for flight recorders used to document flights other than world records. If you have something specific to propose, you are welcome to contact GFAC for a formal answer. Marc |
#13
|
|||
|
|||
"Paul Remde" wrote in message news:rQgub.32000$Dw6.156983@attbi_s02...
I just find this absurd. I'm very angry about the sudden change. As Ian mentioned this decision was taken by the IGC Plenum at their meeting in March 2003 and was mentioned in the minutes of this meeting so no question about sudden change. If I remember correctly, Steve Fossett is using a GPS-NAV (and a 302 I believe) and currently setting world records in the southern hemisphere. I think Mr. Fossett is well capable to afford a flight recorder which is suitable for World Records. I'm still waiting for a good answer to the question why. Why is the GPS-NAV suddenly not secure for world records? Your anger must have blinded you, just read the points mentioned in Ians mailing which is in perfect English. This is not acceptable behavior by the IGC. What exactly do you not find acceptable? Progress? Computing power has changed considerably since these initial specifications were introduced. I think pilots going for world records will be happy in the knowledge that their traces come from FR's with the highest security available and nobody will be able to manufacture a record by breaking the security of these older FR's. Regards Bruno IGC-GNSS Committee Paul Remde "Marc Ramsey" wrote in message om... Paul Remde wrote: Yes, but doesn't the CAI system work? It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it "insecure". As of January 1st, the CAI Model 10/20/25 won't be considered "insecure", they just won't be considered "secure enough" for world records. You can still use it for badges, 1000K+ diplomas, contests, etc., just not world records. What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements? Minimally, a firmware upgrade would be required, but it is not clear that the microcontroller is fast enough to support the needed changes. The manufacturer(s?) is the only one that can provide an answer... Marc |
#14
|
|||
|
|||
In article gJfub.230766$Fm2.231960@attbi_s04, Paul Remde
writes snip What is the plan to get the approval back in place? That is up to the manufacturer, of course. Cambridge already makes the 302 series that use the DSA public/private key system that is assessed as equivalent in security strength to the original Rivest, Shamir and Adleman (RSA) system. The 302 is therefore, together with many other types of recorder, IGC-approved for "all flights" including of course world records. What must CAI do to make it meet your new requirements? If they think it worthwhile, offer an "RSA or equivalent" upgrade for their legacy recorder designs. The requirements are not new but go back to 1997, see below. ------------------------------------- For new recorder designs, "RSA or equivalent" level of security has been in the Technical Specification for IGC-approved GNSS Flight Recorders for many years. Here is an extract from the first edition of the IGC Specification, effective 1 October 1997: "FRs approved for world record flights must have an asymmetric algorithm (such as RSA) or have a system providing equivalent security". What we are talking about here is an adjustment to the "Grandfather rights" provisions for recorder designs that were IGC-approved a long time ago and do not comply with the current IGC Specification. Incidentally, you may recall that one of the non-RSA security systems for a GNSS recorder was successfully hacked by the Wedekinds in Germany. This was all in the public domain and was extensively publicised at the time. This was done as an exercise rather than for malpractice, but shows what can be done. The manufacturer concerned immediately changed to an RSA-based system without any prompting from IGC. The non-RSA recorder concerned is on the list recently announced, together with recorders with similar types of security. It was felt that we should be even-handed to all recorder designs rather than just adjust the IGC-approval for the Wedekind-hacked design and leave the rest. That is what has been done, perhaps a bit late, but first we had to get the IGC Plenary to agree to the new "all IGC badges and distance diploma" level first, to have somewhere to put legacy recorders that had lower levels of security without affecting the vast majority of owners and pilots. As it is, only world record aspirants will be affected and there are plenty of other recorder designs that are available for this type of flight. -- Ian Strachan Chairman IGC GFA Committee |
#15
|
|||
|
|||
I agree with Paul.
So, all the world records that have been set with a CAI mod 10/20/25 may perhaps not be secure enough???? The reason for increasing the security should, if you using rational arguments, be a result of attempts to cheat. I wonder which records that can be.... Of course all this is pure nonsense. Is this the way IGC is using its resources to increase world wide gliding membership? Yes, the decision was taken at the IGC plenary meeting, but lots of delegates did not understand what was really happening as the presentation was, if I may you use the word, very clever. I did not realize at the meeting that the result was to degrade existant recorders. Robert Paul Remde wrote: Yes, but doesn't the CAI system work? It is my impression that it is perfectly secure and has never been compromised. So why suddenly call it "insecure". What is the plan to get the approval back in place? What must CAI do to make it meet your new requirements? Paul Remde "Bruce Hoult" wrote in message ... In article , "tango4" wrote: After going to all of the time designing the hardware security along came the idea of public key cryptography so the IGC spec was 'upgraded' to incorporate this additional security layer. The Cambridges and others got caught between the two specs. Public key cryptography was well known in 1994 when the Cambridge 10's were used at the NZ pre-worlds, and in fact I *told* them at the time that they should be using something like RSA instead of something home-grown. Oh well. -- Bruce |
#16
|
|||
|
|||
I'm betting that more than 75% of the questions being asked on this
thread can be answered "Because of Moore's Law." Of course, I'm not betting much... Bob K. |
#17
|
|||
|
|||
Ian Strachan wrote:
At the last IGC Plenary meeting earlier in 2003, a new approval level for GNSS flight recorders was agreed. This was for "all IGC badge and distance diploma flights" and was in addition to the existing levels for "all flights" and "badge flights up to and including Diamonds". The latter is used for types of recorder units that do not have their own GPS receiver but rely on a separate GPS unit connected to the recorder by cable. Let's admit that this third level was necessary... Now the problem is that most people refer to "IGC approved" loggers, not mentionning whether it is for "all IGC badge and distance diploma flights" or "all flights" or "badge flights up to and including Diamonds" ... in fact most glider pilots ignore that there are different level of IGC approval ! May I suggest that there be somewhat shorter names such as "approved level 1, 2 or 3" or "class A, B or C" ? Things would be clearer this way. Now, what about World Championships ??? Are they less important that world records ??? I don't think so. One could say that it is more difficult to cheat in a Championship than for records, that's right, but it is not impossible (and it already happened !), and the stake is higher too. You (GFAC) didn't say anything about which approval level would be appropriate for World Championships, did you ? If I read the rules for these Championships, it says (Annex A 5.4.a) : "All GNSS FR’s approved by the IGC up to two months prior to the Opening Day shall be accepted." Does it mean that all loggers SHALL be accepted, whatever their approval level ??? Same question for national records or Championships, what type of approved loggers would you recommand ? I understand that for these type of performances NACs may have their own rules, and allow non-IGC-approved loggers (which is not even permitted for a mere 50 km silver D badge, but this is another debate...), but I think that IGC should emit at least a recommendation. -- Denis Private replies: remove "moncourrielest" from my e-mail address Pour me répondre utiliser l'adresse courriel figurant après moncourrielest" dans mon adresse courriel... |
#19
|
|||
|
|||
On Tue, 18 Nov 2003 08:38:21 GMT, Marc Ramsey wrote:
The gap between what is needed to be approved now, and what was needed back then, is just too large. Among other things, it is unfair to those who are trying to get new designs approved to have to compete against 'grandfathered' designs. And it has been since the RSA security requirements were introduced in 1997. Why is it suddenly so unfair now after 6 years ? The whole point behind adding the all badges/diplomas approval was to allow more sensible security requirements for flight recorders used to document flights other than world records. If you have something specific to propose, you are welcome to contact GFAC for a formal answer. Marc I think you need to read the r.a.s. archives before making statements like this. All of the above was done by myself and others when the F.R proposals were first mooted but all were ignored You are either ignorant of what really happened or being deliberately obtuse. I suggest you do a google search for r.a.s. for IGC flight recorders. You had better privately ask Mr Strachan about the meeting at Lasham at which reasons were invented not to approve loggers which met the rules as written and approved by the IGC at the time. Ask him who most of the participants had business associations with either before, at the time or subsequently. Also ask where the principal of that business was at the time. The history of F.R.s on the FAI site is inaccurate as it omits these details and others. How about a straight answer in public to - is it the intention of GFAC to approve new designs for "all but World records category"? I'm sure GFAC have a policy, it may just not be the written down official one based on past history. p.s. "jump starting the market" in that way as you put it would most likely contravene the Trade Practices Act (1974) in Australia and land you with a large fine. Ask the freight companies who were fined after the ACCC(Australian Consumer and Competition Commission) used an electronic barograph to prove that goods being sent by "airfreight" were in fact going by truck between Brisbane- Sydney- Melbourne. Mike Borgelt Borgelt Instruments |
#20
|
|||
|
|||
Mike Borgelt wrote:
And it has been since the RSA security requirements were introduced in 1997. Why is it suddenly so unfair now after 6 years ? A) There is now a better (for the pilots) option than a downgrade to Diamond-level approval, and B) the process was only approved by the IGC this year. I think you need to read the r.a.s. archives before making statements like this. All of the above was done by myself and others when the F.R proposals were first mooted but all were ignored You are either ignorant of what really happened or being deliberately obtuse. I suggest you do a google search for r.a.s. for IGC flight recorders. As you well know, I was not a member of GFAC at that time. Anything I state about then (or now, for that matter) is simply my opinion. If you want the official word, you know how to contact Ian. How about a straight answer in public to - is it the intention of GFAC to approve new designs for "all but World records category"? Obviously yes, since there is a new design (THEMI) that is approved in this category. I'm sure GFAC have a policy, it may just not be the written down official one based on past history. There is no written policy at this moment, as the category is less than a year old, and it's not clear whether any other manufacturers will make use of it. The whole point is to keep it fairly flexible, so those who can't or won't go for all flights approval have another category to work with. "jump starting the market" in that way as you put it would most likely contravene the Trade Practices Act (1974) in Australia and land you with a large fine. Ask the freight companies who were fined after the ACCC(Australian Consumer and Competition Commission) used an electronic barograph to prove that goods being sent by "airfreight" were in fact going by truck between Brisbane- Sydney- Melbourne. I have no idea what you are talking about. Marc |
Thread Tools | |
Display Modes | |
|
|