2008/11/10, Martin Spott <[EMAIL PROTECTED]>: > You/they should probably start by explaining to FG developers/users > which sort of "security" - what an elastic term ! - is meant to be > achieved by not publishing the network protocol. > In other words: The simple fact that there's no officially blessed copy > of the network protocol spec floating around actually doesn't buy IVAO > not even the slightest "security" at all. If somone really aims at > messing with the IVAO air traffic then they're simply going to grab an > inofficial copy of such spec or do the reverse engineering themselves. > This might be a point which I think deserves to get addressed.
I agree that concealing the protocol specs doesn't avoid the possible hacks, but just makes it harder or postpones them. I assume they just want to make it harder, as there are thousands of IVAO active users, and we can assume there will always be a small fraction of users that will want to acces the system via unauthorised means or for bad purposes. > Finally, if the sort of IVAO's security needs become apparent, then > you/we have a hook that allows to start arguing from there. One item > which certainly has still to be resolved is the fact that FlightGear's > MP protocol currently doesn't provide robust authentication mechanisms > and without knowing about the actual "security" requirements it would > be quite difficult to properly add the required feature. > > BTW, how would the practical process of authenticating the user be > done with the INL. Does INL authenticate against the servers using some > sort of authentication token which resides on the disk and which has to > placed there by the user after signing up with IVAO ? Yes, that is a crucial need: every IVAO user, regardless of what flight simulator or ATC client is using, has a personal ID number and password. Once logged in the network using them, all communication are based on this VID/password connection: pilot position, weather, flight plan, transponder, etc. (so far, voice is addressed using Temspeak, a separate application, so no need to worry about that by now). So to summarize, te important thing is authentication and data exchange control, to avoid for example an software sending FP's continuously or constant weather requests to overcharge communication lines and servers. Regards, Pep. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
