[EAS] Correction: Date FCC required checking CAP digital signatures

[Sean Donelan]

A correction, I recalled the wrong date.

The FCC added "11.56 (c) EAS Participants shall configure their systems to 
reject all CAP-formatted EAS messages that include an invalid digital 
signature.": Effective September 10, 2018, except for the amendments to 47 
CFR 11.33 and 11.56, which are effective August 12, 2019.

https://www.govinfo.gov/content/pkg/FR-2018-08-10/pdf/2018-17096.pdf

The FCC essentially never revokes previously certified EAS equipment. So 
some folks keep using old equipment as long as possible.  For 
end-stations and cable systems, it doesn't matter that much.  Any 
SP/LP-1/LP-2 station needs to have up-to-date EAS equipment.

FEMA's CAP conformity testing assessments (not a certification) in 
2011-2012 didn't check digital signatures. In the early days, CAP 
manufacturers didn't check signatures or use SSL/TLS. FEMA was trying to 
encourage participation in IPAWS, and didn't want to be too strict.

I don't have the date IPAWS required alert originator software to 
digitally sign cap messages. States didn't update old certificates, 
because it wasn't "broken." FEMA/IPAWS eventually started rejected 
invalid CAP messages, and state alert originators fixed their systems. I 
think it was in the mid-2015's, but can't find the exact date.

Sometimes you have to break things, to get people to fix them.