After being in service since 2009, its time to evolve MAVLink and add encryption, starting with a Request for Comments (RFC). The initial MAVLink protocol had only the scope to serve for the PIXHAWK student project at ETH, and hence security was left for the link layer. Obviously the adoption is far beyond the scope of the original design by now. After Arthur's great job on the MAVLink Wikipedia article there is no further need to explain what MAVLink exactly is, but there is one important insight: The adoption and use exceeds by far the original design space, in particular because typical links do not provide authentication and encryption, which was originally assumed.
With more and wider adoption, the exposure of the protocol increases, and so the next revision (which will be backwards compatible if by any means technically possible) will add support for authentication and encryption.
The purpose of this post is to ask for comments on the very early draft of a request for comments call posted today. We're interested in technical contributions (specs, code, testing) but also in general considerations. At this point it is too early to discuss which hardware it can be run on, it will certainly run fine on PX4-generation systems (a first test of the crypto primitives is here), and there is currently no reason to assume that other existing aircraft setups can't be upgraded in a modular fashion as well. Please respond directly for the mailing list thread here for comments on the RFC, for general comments on this post feel free to use the comment box.