[HamWAN PSDR] Traffic protection without encryption

Benjamin Krueger ben.krueger at gmail.com
Thu Feb 21 19:54:34 PST 2013


Use certificates where? In what protocol?


On Thu, Feb 21, 2013 at 7:52 PM, steve monsey <stevewa206 at gmail.com> wrote:

> Just coming in the middle of this.  What about using certificates in some
> way. You can issue certificates to legit hams ( users ) either by machine (
> which is harder for machines that do not have that fuctionality) or by
> user. No encryption needed. In other words, two factor authentication, if
> you also have to log into the network. Basically a enterprise solution, or
> is that to difficult to manage?
>
>
> Steve N0FPF
>
> On Feb 21, 2013, at 7:46 PM, Bart Kus <me at bartk.us> wrote:
>
> Good direction, but I'd drop the requirement for policing the network by
> actively preventing hams from using crypto.  Hams are supposed to be
> self-policing, and we'll be engaging a losing battle, and inviting
> exploits.  Let's just provide the tools to play nice.  If people wanna run
> astray of rules, HamWAN as repeater operator, is not ultimately responsible.
>
> Let us know how the infonerd thing goes.  :)
>
> --Bart
>
>
> On 2/21/2013 7:21 PM, Benjamin Krueger wrote:
>
> I think we can solve a lot of our crypto-regulation problems if we explore
> IPSec in Authentication Header Transport mode. This signs every IP packet
> which gets us connection integrity, origin authentication, and replay
> protection without encrypting anything. Then we only have to take very
> basic measures to ensure folks don't intentionally or unintentionally make
> encrypted connections (over SSL, SSH, or other commonly encrypted
> protocols). The only outstanding question then is how to handle IKE (key
> exchange) in an automated way with certificates.
>
> I'm going to speak to some infosec geeks about this tonight
>
> NB: This doesn't handle initial network access authentication. That's
> still a problem to be solved, possibly with 802.1X, though that has its own
> problem since RouterOS only supports TLS-EAP which incorporates crypto.
>
>  --
> Benjamin
>
>
> _______________________________________________
> PSDR mailing listPSDR at hamwan.orghttp://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
>
>


-- 
Benjamin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20130221/1d7bb3d3/attachment.html>


More information about the PSDR mailing list