[Cryptography] OpenPGP and trust

[Stuart Longland]

On Sat, 29 Mar 2014 19:22:54 -0700, Watson Ladd wrote:

> On Sat, Mar 29, 2014 at 6:57 PM, Dave Horsfall <dave at horsfall.org>
> wrote:
>> Naturally I changed the key every so often, because the idiots regarded
>> it as a challenge to decrypt my commands (I'd quickly learned to avoid
>> replay attacks by using some sort of a rolling-key scheme), but strong
>> crypto was, and still is, a definite no-no.

Indeed, this is one exact scenario I'm thinking of.  In my case, proving 
I'm "VK4MSL" to an automatic station (regardless of the medium; it could 
equally be the Internet or a radio link), and thus allowing the station 
to make a decision as to, based on my alleged identity, grant me 
particular privileges.

It could be that you are an administrator of a system, giving a system 
administration command (e.g. "turn repeater off") or you could be logging 
into a system to retrieve BBS messages and deleting the ones you've read 
and sending sending a few replies.  (You don't want someone maliciously 
logging in and deleting your mail before you get to it, or stirring up 
other kinds of mischief by sending bogus mail on your behalf.)

The other thing I want to remove, is reliance on a central system, where 
it be Logbook Of The World, QRZ.com, HamQTH.com, or having to verify 
yourself again and again (e.g. EchoLink require you to email them a scan 
of your license).

(The irony that I'm trying to remedy the situation of multiple databases 
by effectively creating another is not lost on me.  The thing I'm *not* 
doing, is creating another *centralised* database.)

> Aren't MACs okay? I believe the 2003 ARRL handbook explains that each
> command to an OSCAR is suffixed with an authentication code to prevent
> mischief.

I would've thought so.  So long as the actual message isn't obscured, the 
other is nothing more than a fancy checksum for the purposes of privacy. 
i.e. it does the same job as CRC: tells the other end that the message 
they received more likely matches the other end (ignoring collisions).

The other thing it does is tell them the person who sent that message 
knows the requisite private key, i.e. the message more likely originated 
from the person/group who holds that key and not an imposter.

Digital signatures would remove the need to set up a shared secret out-of-
band and thus easier to update.  One would probably generate their key to 
expire when their license does (with a small grace period perhaps).

I'm just looking at ways of using existing technology to try and 
implement this idea.  I take the discussion here, rather than to an 
amateur radio list/forum/newsgroup, because people here won't go "You're 
using encryption!! Boo! Hiss!".  (And there are people who don't 
understand the difference between things like "encryption" and 
"encoding", who would make such judgements.)