[HamWAN PSDR] Newbie

Cory (NQ1E) cory at nq1e.hm
Tue Mar 16 13:45:22 PDT 2021


>  “encryption” means purposefully hiding/obfuscating/coding information
with intent of unauthorized users to discover/decode the information.
[...] encryption by definition is used to keep information private

You're close, but it's more nuanced than that.  The actual
dictionary definition of encryption is:

"the process of converting information or data into a code, especially to
prevent unauthorized access."

They way most cryptographic protocols prevent "unauthorized access" is by
using three major features, and they're not all always required:

1. Privacy - Using a cipher to encode a message in a way that hides its
true meaning

2. Authentication - Verifying that the message was sent from the intended
party

3. Integrity - Verifying that the message is complete and has not been
altered in transit

You may be surprised to hear that the word "encryption" is not actually
used anywhere in part 97.  What it actually says is:

"No amateur station shall transmit [...] messages encoded for the purpose
of obscuring their meaning, except as otherwise provided herein"
- §97.113(4)

There is nothing prohibiting us from using the non-privacy related features
of cryptography in regular transmissions.  While not common, disabling
ciphers is possible in SSL, SSH, and other internet protocols.  Even the
IPSec tunnels HamWAN uses are part97 compliant since you can absolutely see
the original traffic encapsulated in the tunnel, even though you cannot
alter or impersonate it without the proper keys.



On Tue, Mar 16, 2021 at 12:35 PM Stephen Kangas <stephen at kangas.com> wrote:

> Let’s keep in mind that “encryption” means purposefully
> hiding/obfuscating/coding information with intent of unauthorized users to
> discover/decode the information.  To accomplish encryption, both a cipher
> and a key are needed; the cipher is an algorithm-driven means to hiding the
> information and the key is used to perform the encryption and decryption.
> Symmetric encryption uses a single key shared between authorized users,
> whereas asymmetric encryption typically uses mathematically related key
> pairs…it is the latter that is done with TLS/SSL via the Public Key
> Infrastructure.  Regardless of how it is done, encryption by definition is
> used to keep information private to those who do not know the cipher or
> have the correct key, which is not legal in Part 97 for any purpose as I
> read it, whether for authentication, integrity, or confidentiality of
> communications.
>
>
>
> As we hams know, there are methods of “coding” information that may seem
> like purposeful encryption, but are not because the ciphers and keys are
> publicly, even widely, available to anyone.  Examples include Morse Code,
> CRC checksums (for integrity), IPA, digital communications protocols OTA,
> etc.  These are not encryption (contrary to how some old hams argue who do
> not understand PSK31 or other “new” digital protocols for example).  So the
> question pertaining to what we’re discussing is: is the intent to purposely
> make the data private for some by a few or even a group of only those
> people (or machines/programs) who know the cipher used and have the key to
> decode?  Apparently the connection from default installation of Winlink
> Express for Windows to CMS does intend to keep that traffic private using a
> method very difficult to break encryption for most public observers (at
> least when local RMS is performed during the install).
>
>
>
> Stephen W9SK
>
>
>
>
>
> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Aaron Taggert
> *Sent:* Tuesday, March 16, 2021 8:27 AM
> *To:* Puget Sound Data Ring <psdr at hamwan.org>
> *Subject:* Re: [HamWAN PSDR] Newbie
>
>
>
> On the authentication/integrity side... FCC says no encryption so we can
> all hear what you're on about. Ham would not be much fun if all you heard
> was encrypted pseudo noise. SSL/TLS authentication is a bit like me sending
> you a list of 100 words and asking you to tell me word 45. Everything is in
> the clear, but I can authenticate that whomever is at the other end at
> least has the right list. Another SSL/TLS feature is integrity, meaning the
> whole message is received. They would be like saying I sent 3421 characters
> CW 786 of them were vowels. Again everybody can hear what we're saying but
> it would be difficult to impersonate the sender (or receiver) or change the
> message.
>
>
>
> On Tue, Mar 16, 2021, 6:32 AM Steve - WA7PTM <psdr-list at aberle.net> wrote:
>
> If we separate Winlink (the system) from Winlink Express (the client
> program), is a SSL connection also the case with the other six clients
> listed on the https://winlink.org/ClientSoftware page when used in
> telnet mode?
>
> Steve
>
>
> Scott Currie wrote on 3/15/21 10:06 PM:
> > Yeah, I discussed this with the WDT, and the issue with using HamWAN or
> > ARDEN. I had asked if we could force a non-SSL connection to the CMS.
> They
> > have been under pressure from AWS to switch to all SSL connections, so
> they
> > had to make the change. They did commit to leaving the client or gateway
> > connection to RMS Relay as non-SSL, so that is why we have suggested
> having
> > a regional instance of RMS Relay on HamWAN that the RMS Gateways and
> > clients could point to. Backend of the RMS Relay would then connect to
> the
> > CMS over SSL on a hardened Internet connection (like at a county EOC or
> the
> > State EOC), or even HF forwarding if the Internet is down.
> >
> > -Scott
> >
> > On Mon, Mar 15, 2021 at 9:41 PM Stephen Kangas <stephen at kangas.com>
> wrote:
> >
> >> Scott, thanks for that update, interesting.  “Telnet” is a misnomer in
> >> this WinLink instance, as that port 22 protocol is historically and
> >> normally unencrypted, and widely understood in the industry as such
> >> (whereas SSH is encrypted).   It looks like the email client is
> connecting
> >> locally to an RMS Relay in that mode, which then connects to the CMS on
> the
> >> internet.
> >>
> >>
> >>
> >> --Stephen W9SK
> >>
> >>
> >>
> >> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Scott Currie
> >> *Sent:* Monday, March 15, 2021 5:56 PM
> >> *To:* Puget Sound Data Ring <psdr at hamwan.org>
> >> *Subject:* Re: [HamWAN PSDR] Newbie
> >>
> >>
> >>
> >> This is not entirely true. Winlink does use TLS/SSL connections for some
> >> things. The normal telnet connection is now SSL (will fallback to
> non-SSL
> >> if the connection fails). Also, RMS Gateway to the CMS is now SSL.
> Telnet
> >> P2P and telnet to RMS Relay is not SSL. I believe updates are also SSL
> now.
> >>
> >>
> >>
> >> Winlink Express Link Test:
> >>
> >> Test started 2021/03/16 00:52 UTC
> >>
> >> Testing CMS telnet connection to cms.winlink.org through port 8772...
> >>    Successfully connected to a CMS through port 8772 in 253 Milliseconds
> >>
> >> Testing CMS SSL telnet connection to cms.winlink.org through port
> 8773...
> >>    Successfully connected to a CMS through port 8773 in 311 Milliseconds
> >>
> >> Testing API service access through port 443 to api.winlink.org...
> >>    Successfully performed API service to api.winlink.org through port
> 443
> >> in 756 Milliseconds
> >>
> >> Testing Autoupdate server access through port 443 to
> >> autoupdate2.winlink.org...
> >>    Successfully checked autoupdate server through port 443 in 439
> >> Milliseconds
> >>
> >> Testing connection to web site - www.winlink.org:443
> >>    Successfully connected to www.winlink.org through port 443 in 47
> >> Milliseconds
> >>
> >> Testing FTP connection to SFI site -
> >> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
> >>    Successfully connected to
> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
> >> through port 20/21 in 1522 Milliseconds
> >>
> >> Test completed successfully.
> >>
> >> -Scott, NS7C
> >>
> >>
> >>
> >> On Mon, Mar 15, 2021 at 5:45 PM Stephen Kangas <stephen at kangas.com>
> wrote:
> >>
> >> Phil, an example of the ham band traffic that Kenny mentioned is not
> >> permitted by the FCC is encrypted communications traffic…this means the
> >> majority of websites your visit today and many email hosters, since
> >> websites commonly use TLS/SSL encryption (indicated by “https” in front
> of
> >> the URL in your browser address bar) or encrypted settings in your email
> >> hoster & client.  Winlink does NOT use encryption, thus is legal, and is
> >> the primary application for my ARES team using HamWAN.  As Kenny points
> >> out, certain routers (not inexpensive home models) can be used to split
> >> that traffic appropriately, but it is not an easy setup unless you have
> a
> >> background in data networks or cybersecurity…so it’s far easier to
> either
> >> use HamWAN just for your dedicated ARES laptop use or switch a cable
> back
> >> and forth using one pipe at a time.
> >>
> >>
> >>
> >> FWIW, Stephen W9SK
> >>
> >>
> >>
> >>
> >>
> >> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Kenny Richards
> >> *Sent:* Monday, March 15, 2021 12:49 PM
> >> *To:* Puget Sound Data Ring <psdr at hamwan.org>
> >> *Subject:* Re: [HamWAN PSDR] Newbie
> >>
> >>
> >>
> >> Just want to add two things to what Carl said already.
> >>
> >>
> >>
> >> 1) Line of sight means you can actually 'see' the HamWAN node, or at
> least
> >> you can with something like a pair of binoculars.
> >>
> >>
> >>
> >> 2) Remember that HamWAN is not meant to be a replacement for your home
> >> internet. Be very conscious of what traffic you are putting over
> HamWAN. I
> >> don't recommend connecting it to your home network unless you are
> familiar
> >> enough with routing rules to limit what traffic goes out the HamWAN
> link.
> >>
> >>
> >>
> >> Good luck,
> >>
> >> Kenny, KU7M
> >>
> >>
> >>
> >>
> >>
> >> On Mon, Mar 15, 2021 at 12:40 PM <carl at n7kuw.com> wrote:
> >>
> >> Hi Phil,
> >>
> >> You can do all of the configuration while on the ground, but obviously
> you
> >> won’t have any signal. You don’t indicate what specific equipment you
> have,
> >> but if you have the mAnt30 dish and separate router/modem, make sure you
> >> have the antenna connected before powering it up.
> >>
> >>
> >>
> >> As to trees, they are an absolute show stopper. You must have clear,
> >> visual, line of sight to the HamWAN site you are shooting to. Hopefully
> you
> >> will have that, or can achieve that, from where you plan to mount the
> >> dish.  As to “just over them”, a microwave shot consists of the direct,
> >> pure line of sight, but also what is referred to as the Fresnel zone – a
> >> cigar shaped “balloon” around the pure line of sight.  Items in the
> Fresnel
> >> zone (including trees) can reduce the amount of signal you have, so you
> may
> >> not get optimum performance, but some.
> >>
> >>
> >>
> >> In your initial post you commented about how to balance between your
> >> regular internet and HamWAN for a Winlink node.  My suggestion would be
> to
> >> just leave it on one (whichever one) as the norm, and only switch to the
> >> other if the one goes down.  You can also acquire routers that include
> >> failover capability to automatically make that switch.  You can go more
> >> advanced with load sharing and such between multiple connections, but
> that
> >> requires much better understanding of internet routing, and for a
> winlink
> >> node basic failover will serve your purpose.
> >>
> >>
> >>
> >> Good luck, let us know how things turn out.
> >>
> >> Carl, N7KUW
> >>
> >>
> >>
> >> *From:* PSDR <psdr-bounces at hamwan.org> *On Behalf Of *Phil Cornell via
> >> PSDR
> >> *Sent:* Monday, March 15, 2021 12:11 PM
> >> *To:* psdr at hamwan.org
> >> *Subject:* [HamWAN PSDR] Newbie
> >>
> >>
> >>
> >> OK, I figured out my problem and I now have Winbox talking to the radio
> >> and reporting status.  I's not linking to anything since the antenna is
> >> still on the ground.  How much configuration can I do before mounting
> it on
> >> my roof.  The only question in my sight path may be some trees but I
> think
> >> I can aim just over them and get a signal.  My friend Bruce/WA7BAM will
> be
> >> helping with the antenna installation on Wed afternoon.  Making
> progress...
> >>
> >>
> >>
> >> *Phil Cornell  *
> >>
> >> *W7PLC *
> >>
> >> *SHARES NCS590*
> >>
> >> *Hybrid Gateway W7PLC*
> >>
> >> *TCARES  VP*
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> PSDR mailing list
> >> PSDR at hamwan.org
> >> http://mail.hamwan.net/mailman/listinfo/psdr
> >>
> >> _______________________________________________
> >> PSDR mailing list
> >> PSDR at hamwan.org
> >> http://mail.hamwan.net/mailman/listinfo/psdr
> >>
> >>
> >>
> >>
> >> --
> >>
> >> *-Scott*
> >> _______________________________________________
> >> PSDR mailing list
> >> PSDR at hamwan.org
> >> http://mail.hamwan.net/mailman/listinfo/psdr
> >>
> >
> >
> >
> > _______________________________________________
> > PSDR mailing list
> > PSDR at hamwan.org
> > http://mail.hamwan.net/mailman/listinfo/psdr
> >
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.net/mailman/listinfo/psdr
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20210316/a0cd5966/attachment.html>


More information about the PSDR mailing list