[HamWAN PSDR] Traffic protection without encryption
Benjamin Krueger
ben.krueger at gmail.com
Thu Feb 21 19:51:49 PST 2013
That *should* be how things work, but a bunch of rulings about message
passing on packet networks threw that on its head. We need to take
reasonable precautions to prevent encrypted traffic from moving over the
network. Blocking common encrypted ports is simple and no-cost.
On Thu, Feb 21, 2013 at 7:46 PM, Bart Kus <me at bartk.us> wrote:
> Good direction, but I'd drop the requirement for policing the network by
> actively preventing hams from using crypto. Hams are supposed to be
> self-policing, and we'll be engaging a losing battle, and inviting
> exploits. Let's just provide the tools to play nice. If people wanna run
> astray of rules, HamWAN as repeater operator, is not ultimately responsible.
>
> Let us know how the infonerd thing goes. :)
>
> --Bart
>
>
>
> On 2/21/2013 7:21 PM, Benjamin Krueger wrote:
>
> I think we can solve a lot of our crypto-regulation problems if we explore
> IPSec in Authentication Header Transport mode. This signs every IP packet
> which gets us connection integrity, origin authentication, and replay
> protection without encrypting anything. Then we only have to take very
> basic measures to ensure folks don't intentionally or unintentionally make
> encrypted connections (over SSL, SSH, or other commonly encrypted
> protocols). The only outstanding question then is how to handle IKE (key
> exchange) in an automated way with certificates.
>
> I'm going to speak to some infosec geeks about this tonight
>
> NB: This doesn't handle initial network access authentication. That's
> still a problem to be solved, possibly with 802.1X, though that has its own
> problem since RouterOS only supports TLS-EAP which incorporates crypto.
>
> --
> Benjamin
>
>
> _______________________________________________
> PSDR mailing listPSDR at hamwan.orghttp://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
--
Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20130221/2d958ccc/attachment.html>
More information about the PSDR
mailing list