[HamWAN PSDR] Idea for addressing HTTPS on HamWAN

Jake Visser visser.jacob at outlook.com
Fri Aug 16 19:13:50 PDT 2019 

> From reading the draft, it looks like adding a root cert will still allow over
riding this

Your right – that is the intent; but in current implementations, it’s the “it is acceptable” wording that is interpreted.  In all cases so far the “SHOULD NOT” submit a report is honored, but Chrome isn’t going to let you load google using any certificate not issued by a google.  There are ways around this for enterprise deployments; and it probably is a fair assessment that hams could deploy a second browser configured in that manner… but for a general user, its going to be a lot harder than just installing a new root cert.

From: Bryan Fields<mailto:Bryan at bryanfields.net>
Sent: Friday, August 16, 2019 6:58 PM
To: Puget Sound Data Ring<mailto:psdr at hamwan.org>
Subject: Re: [HamWAN PSDR] Idea for addressing HTTPS on HamWAN

On 8/16/19 9:40 PM, Jake Visser wrote:
> Much like HSTS; Expect-CT is starting to be deployed too (this replaces
> certificate pinning).
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FHeaders%2FExpect-CT&data=02%7C01%7C%7Cecd5e4bb42b44a1451f608d722b6550a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637016038809698674&sdata=kzuM9RFUO816UaYPT%2FpYBwcR1khLM86O1QLIK6PeMj0%3D&reserved=0
>
> This will prevent users from accessing sites that are signed by a
> certificate that does not appear in the public transparency logs…

>From reading the draft, it looks like adding a root cert will still allow over
riding this.  Is that not what 2.4.1 speaks of in there?  I'll admit I'm not
up on the newest SSL standards.

> The best option – if this is truly to be used for emergency communications
> – is to try the proposed FCC path.

I would say we not try that.  The FCC rules can be interpreted a number of
different ways now, it's likely if we ask for clarification they may do so in
a way making this all a violation.   Right now the FCC rules are moot on
encryption, the word doesn't appear in part 97 at all.

--
Bryan Fields

727-409-1194 - Voice
https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbryanfields.net&data=02%7C01%7C%7Cecd5e4bb42b44a1451f608d722b6550a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637016038809708685&sdata=B5gtHYNuNHid52YmaWu205rclAQzDiRyC5sMXi%2FKix4%3D&reserved=0
_______________________________________________
PSDR mailing list
PSDR at hamwan.org
https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.hamwan.net%2Fmailman%2Flistinfo%2Fpsdr&data=02%7C01%7C%7Cecd5e4bb42b44a1451f608d722b6550a%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637016038809708685&sdata=XPLFa%2FJlJkZanR4uB4CGLo9GAwhvREibuhu3NMnxLZs%3D&reserved=0

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20190817/89520dc7/attachment.html>

More information about the PSDR mailing list