[HamWAN PSDR] Newbie
Stephen Kangas
stephen at kangas.com
Tue Mar 16 15:52:05 PDT 2021
“Pig Latin” as I understand that particular coding is NOT encryption, as the cipher and key are widely publicly available for anyone to find and decode the message, thus Pig Latin cannot be used to obscure the meaning of the message any more than Morse Code does or the Finnish language does. Encryption is meant to obscure a message in a way to purposely hide the information using a secret key that’s needed to decode the message. The FCC does not ban the use of Finnish, Navajo, FT8, Morse Code, RTTY, etc, despite them possibly being a mild inconvenience for some hams to obtain the publicly available cipher and key needed for finding the meaning of those UNencrypted codings.
I just now went back to refer to the latest version of FCC CFR 47 Part 97 and found the most relevant sections to be 97.309(a)(4), and in particular 97.309(b) which contains this text: “data emissions using
unspecified digital codes must not be transmitted for the purpose of obscuring the *meaning* of any communication.” That text fits the definition of encryption as it is widely understood in the digital coding industry and military, regardless of whether the actual word “encryption” is used in the regulation. Could the Part 97 text be more expliciti and clear? Perhaps, but it is close enough to the problem we’re discussing that we need to be concerned. I had the opportunity to have a phone conversation with an FCC lawyer about another matter (having to do with importation of Part 90 & 97 radios used by hams) back in 2018 and while on the phone brought up this encryption topic (because of AMBE at the time), and it is clear to me that the FCC legally views encryption ciphers and their required keys like SSL to be illegal OTA on ham bands, as it is clear to them (and should be to everyone else) that the intent of encryption is to obscure communications with privately (not publicly) available means to decode/decrypt the communications (just as many commercial radio systems are doing, including the growing use of encryption in public safety systems); the grey area if any is whether a ham or anyone else in the public has to pay $ to get the cipher and/or key from a private source (such as for AMBE from DVSI) , but that is another story I believe unrelated to what we’re discussing here.
Stephen W9SK
From: PSDR <psdr-bounces at hamwan.org> On Behalf Of Kevin Walsh
Sent: Tuesday, March 16, 2021 3:09 PM
To: Puget Sound Data Ring <psdr at hamwan.org>
Subject: Re: [HamWAN PSDR] Newbie
Hello,
The word encryption never appears in Part 97 rules, so its definition is irrelevant here. The key words in the rule are “intent” and “obscure”. So for instance, two people speaking pig-Latin with the intent of obscuring their conversation violate the same rule and the conversation is prohibited - even though it’s not encrypted.
If I may, another option would be to get any of your associated Public Safety agencies to in part sponsor HamWan. Public Safety was granted access to the “special” Amateur Radio portion of 5.8GHz years ago and they CAN use (and in my state require) secure communication. Then you’re operating under Part 15 and the conversation is moot.
https://www.fcc.gov/public-safety/public-safety-and-homeland-security/policy-and-licensing-division/public-safety-spectrum
Just food for thought, I’ll go back to lurking now :-).
73,
Kevin
W8KHW
On Mar 16, 2021, at 3:40 PM, Stephen Kangas <stephen at kangas.com <mailto:stephen at kangas.com> > wrote:
John, it’s a good idea to investigate FW filtering to prevent encrypted protocols, and certainly the MikroTik RouterOS is quite capable of that. We should experiment with that to see if it breaks the Winlink Express connection with CMS. Hopefully, as Scott pointed out, it will not by simply forcing the CMS to fall back to pure telnet protocol…but he says that may not remain the case into the future. I’ll give it a try later this week when I have some time, others should, too.
Stephen W9SK
From: PSDR <psdr-bounces at hamwan.org <mailto:psdr-bounces at hamwan.org> > On Behalf Of John D. Hays
Sent: Tuesday, March 16, 2021 11:22 AM
To: Puget Sound Data Ring <psdr at hamwan.org <mailto:psdr at hamwan.org> >
Subject: Re: [HamWAN PSDR] Newbie
The HamWAN client is a MikroTik device which has a robust IP tables implementation which could be used for filtering.
On Tue, Mar 16, 2021 at 10:22 AM Aaron Taggert <aaron.taggert at gmail.com <mailto:aaron.taggert at gmail.com> > wrote:
I do not know what router you have but you could install squid (on the router or on a raspberry pi) on the ham wan connection and 'splice' the TLS Cipher to NULL: https://wiki.squid-cache.org/Features/SslPeekAndSplice
Also from HamWan.org:
https://hamwan.org/Administrative/Internet%20and%20Part%2097.html
https://hamwan.org/Standards/Network%20Engineering/Authentication/SSL%20without%20Encryption.html
https://hamwan.org/Standards/Network%20Engineering/Authentication.html
On Tue, Mar 16, 2021, 8:42 AM Steve - WA7PTM <psdr-list at aberle.net <mailto:psdr-list at aberle.net> > wrote:
Thanks Aaron. I fully understand what SSL/TLS is, but am trying to zero
in on how to avoid it on my HamWAN connection. Unfortunately, the
sneaky protocol translations on the back end will only continue, and we
just need to be know which software to stop using when things are not
obvious on the front end.
Steve
Aaron Taggert wrote on 3/16/21 8:26 AM:
> On the authentication/integrity side... FCC says no encryption so we can
> all hear what you're on about. Ham would not be much fun if all you heard
> was encrypted pseudo noise. SSL/TLS authentication is a bit like me sending
> you a list of 100 words and asking you to tell me word 45. Everything is in
> the clear, but I can authenticate that whomever is at the other end at
> least has the right list. Another SSL/TLS feature is integrity, meaning the
> whole message is received. They would be like saying I sent 3421 characters
> CW 786 of them were vowels. Again everybody can hear what we're saying but
> it would be difficult to impersonate the sender (or receiver) or change the
> message.
>
> On Tue, Mar 16, 2021, 6:32 AM Steve - WA7PTM <psdr-list at aberle.net <mailto:psdr-list at aberle.net> > wrote:
>
>> If we separate Winlink (the system) from Winlink Express (the client
>> program), is a SSL connection also the case with the other six clients
>> listed on the https://winlink.org/ClientSoftware page when used in
>> telnet mode?
>>
>> Steve
>>
>>
>> Scott Currie wrote on 3/15/21 10:06 PM:
>>> Yeah, I discussed this with the WDT, and the issue with using HamWAN or
>>> ARDEN. I had asked if we could force a non-SSL connection to the CMS.
>> They
>>> have been under pressure from AWS to switch to all SSL connections, so
>> they
>>> had to make the change. They did commit to leaving the client or gateway
>>> connection to RMS Relay as non-SSL, so that is why we have suggested
>> having
>>> a regional instance of RMS Relay on HamWAN that the RMS Gateways and
>>> clients could point to. Backend of the RMS Relay would then connect to
>> the
>>> CMS over SSL on a hardened Internet connection (like at a county EOC or
>> the
>>> State EOC), or even HF forwarding if the Internet is down.
>>>
>>> -Scott
>>>
>>> On Mon, Mar 15, 2021 at 9:41 PM Stephen Kangas <stephen at kangas.com <mailto:stephen at kangas.com> >
>> wrote:
>>>
>>>> Scott, thanks for that update, interesting. “Telnet” is a misnomer in
>>>> this WinLink instance, as that port 22 protocol is historically and
>>>> normally unencrypted, and widely understood in the industry as such
>>>> (whereas SSH is encrypted). It looks like the email client is
>> connecting
>>>> locally to an RMS Relay in that mode, which then connects to the CMS on
>> the
>>>> internet.
>>>>
>>>>
>>>>
>>>> --Stephen W9SK
>>>>
>>>>
>>>>
>>>> *From:* PSDR <psdr-bounces at hamwan.org <mailto:psdr-bounces at hamwan.org> > *On Behalf Of *Scott Currie
>>>> *Sent:* Monday, March 15, 2021 5:56 PM
>>>> *To:* Puget Sound Data Ring <psdr at hamwan.org <mailto:psdr at hamwan.org> >
>>>> *Subject:* Re: [HamWAN PSDR] Newbie
>>>>
>>>>
>>>>
>>>> This is not entirely true. Winlink does use TLS/SSL connections for some
>>>> things. The normal telnet connection is now SSL (will fallback to
>> non-SSL
>>>> if the connection fails). Also, RMS Gateway to the CMS is now SSL.
>> Telnet
>>>> P2P and telnet to RMS Relay is not SSL. I believe updates are also SSL
>> now.
>>>>
>>>>
>>>>
>>>> Winlink Express Link Test:
>>>>
>>>> Test started 2021/03/16 00:52 UTC
>>>>
>>>> Testing CMS telnet connection to cms.winlink.org <http://cms.winlink.org> through port 8772...
>>>> Successfully connected to a CMS through port 8772 in 253 Milliseconds
>>>>
>>>> Testing CMS SSL telnet connection to cms.winlink.org <http://cms.winlink.org> through port
>> 8773...
>>>> Successfully connected to a CMS through port 8773 in 311 Milliseconds
>>>>
>>>> Testing API service access through port 443 to api.winlink.org...
>>>> Successfully performed API service to api.winlink.org <http://api.winlink.org> through port
>> 443
>>>> in 756 Milliseconds
>>>>
>>>> Testing Autoupdate server access through port 443 to
>>>> autoupdate2.winlink.org...
>>>> Successfully checked autoupdate server through port 443 in 439
>>>> Milliseconds
>>>>
>>>> Testing connection to web site - www.winlink.org:443 <http://www.winlink.org:443>
>>>> Successfully connected to www.winlink.org <http://www.winlink.org> through port 443 in 47
>>>> Milliseconds
>>>>
>>>> Testing FTP connection to SFI site -
>>>> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
>>>> Successfully connected to
>> ftp://ftp.swpc.noaa.gov/pub/latest/SGAS.txt
>>>> through port 20/21 in 1522 Milliseconds
>>>>
>>>> Test completed successfully.
>>>>
>>>> -Scott, NS7C
>>>>
>>>>
>>>>
>>>> On Mon, Mar 15, 2021 at 5:45 PM Stephen Kangas <stephen at kangas.com <mailto:stephen at kangas.com> >
>> wrote:
>>>>
>>>> Phil, an example of the ham band traffic that Kenny mentioned is not
>>>> permitted by the FCC is encrypted communications traffic…this means the
>>>> majority of websites your visit today and many email hosters, since
>>>> websites commonly use TLS/SSL encryption (indicated by “https” in front
>> of
>>>> the URL in your browser address bar) or encrypted settings in your email
>>>> hoster & client. Winlink does NOT use encryption, thus is legal, and is
>>>> the primary application for my ARES team using HamWAN. As Kenny points
>>>> out, certain routers (not inexpensive home models) can be used to split
>>>> that traffic appropriately, but it is not an easy setup unless you have
>> a
>>>> background in data networks or cybersecurity…so it’s far easier to
>> either
>>>> use HamWAN just for your dedicated ARES laptop use or switch a cable
>> back
>>>> and forth using one pipe at a time.
>>>>
>>>>
>>>>
>>>> FWIW, Stephen W9SK
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *From:* PSDR <psdr-bounces at hamwan.org <mailto:psdr-bounces at hamwan.org> > *On Behalf Of *Kenny Richards
>>>> *Sent:* Monday, March 15, 2021 12:49 PM
>>>> *To:* Puget Sound Data Ring <psdr at hamwan.org <mailto:psdr at hamwan.org> >
>>>> *Subject:* Re: [HamWAN PSDR] Newbie
>>>>
>>>>
>>>>
>>>> Just want to add two things to what Carl said already.
>>>>
>>>>
>>>>
>>>> 1) Line of sight means you can actually 'see' the HamWAN node, or at
>> least
>>>> you can with something like a pair of binoculars.
>>>>
>>>>
>>>>
>>>> 2) Remember that HamWAN is not meant to be a replacement for your home
>>>> internet. Be very conscious of what traffic you are putting over
>> HamWAN. I
>>>> don't recommend connecting it to your home network unless you are
>> familiar
>>>> enough with routing rules to limit what traffic goes out the HamWAN
>> link.
>>>>
>>>>
>>>>
>>>> Good luck,
>>>>
>>>> Kenny, KU7M
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Mar 15, 2021 at 12:40 PM <carl at n7kuw.com <mailto:carl at n7kuw.com> > wrote:
>>>>
>>>> Hi Phil,
>>>>
>>>> You can do all of the configuration while on the ground, but obviously
>> you
>>>> won’t have any signal. You don’t indicate what specific equipment you
>> have,
>>>> but if you have the mAnt30 dish and separate router/modem, make sure you
>>>> have the antenna connected before powering it up.
>>>>
>>>>
>>>>
>>>> As to trees, they are an absolute show stopper. You must have clear,
>>>> visual, line of sight to the HamWAN site you are shooting to. Hopefully
>> you
>>>> will have that, or can achieve that, from where you plan to mount the
>>>> dish. As to “just over them”, a microwave shot consists of the direct,
>>>> pure line of sight, but also what is referred to as the Fresnel zone – a
>>>> cigar shaped “balloon” around the pure line of sight. Items in the
>> Fresnel
>>>> zone (including trees) can reduce the amount of signal you have, so you
>> may
>>>> not get optimum performance, but some.
>>>>
>>>>
>>>>
>>>> In your initial post you commented about how to balance between your
>>>> regular internet and HamWAN for a Winlink node. My suggestion would be
>> to
>>>> just leave it on one (whichever one) as the norm, and only switch to the
>>>> other if the one goes down. You can also acquire routers that include
>>>> failover capability to automatically make that switch. You can go more
>>>> advanced with load sharing and such between multiple connections, but
>> that
>>>> requires much better understanding of internet routing, and for a
>> winlink
>>>> node basic failover will serve your purpose.
>>>>
>>>>
>>>>
>>>> Good luck, let us know how things turn out.
>>>>
>>>> Carl, N7KUW
>>>>
>>>>
>>>>
>>>> *From:* PSDR <psdr-bounces at hamwan.org <mailto:psdr-bounces at hamwan.org> > *On Behalf Of *Phil Cornell via
>>>> PSDR
>>>> *Sent:* Monday, March 15, 2021 12:11 PM
>>>> *To:* psdr at hamwan.org <mailto:psdr at hamwan.org>
>>>> *Subject:* [HamWAN PSDR] Newbie
>>>>
>>>>
>>>>
>>>> OK, I figured out my problem and I now have Winbox talking to the radio
>>>> and reporting status. I's not linking to anything since the antenna is
>>>> still on the ground. How much configuration can I do before mounting
>> it on
>>>> my roof. The only question in my sight path may be some trees but I
>> think
>>>> I can aim just over them and get a signal. My friend Bruce/WA7BAM will
>> be
>>>> helping with the antenna installation on Wed afternoon. Making
>> progress...
>>>>
>>>>
>>>>
>>>> *Phil Cornell *
>>>>
>>>> *W7PLC *
>>>>
>>>> *SHARES NCS590*
>>>>
>>>> *Hybrid Gateway W7PLC*
>>>>
>>>> *TCARES VP*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> PSDR mailing list
>>>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>>>> http://mail.hamwan.net/mailman/listinfo/psdr
>>>>
>>>> _______________________________________________
>>>> PSDR mailing list
>>>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>>>> http://mail.hamwan.net/mailman/listinfo/psdr
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *-Scott*
>>>> _______________________________________________
>>>> PSDR mailing list
>>>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>>>> http://mail.hamwan.net/mailman/listinfo/psdr
>>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> PSDR mailing list
>>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>>> http://mail.hamwan.net/mailman/listinfo/psdr
>>>
>> _______________________________________________
>> PSDR mailing list
>> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
>> http://mail.hamwan.net/mailman/listinfo/psdr
>>
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org <mailto:PSDR at hamwan.org>
> http://mail.hamwan.net/mailman/listinfo/psdr
>
_______________________________________________
PSDR mailing list
PSDR at hamwan.org <mailto:PSDR at hamwan.org>
http://mail.hamwan.net/mailman/listinfo/psdr
_______________________________________________
PSDR mailing list
PSDR at hamwan.org <mailto:PSDR at hamwan.org>
http://mail.hamwan.net/mailman/listinfo/psdr
--
John D. Hays
Kingston, WA
K7VE / WRJT-215
_______________________________________________
PSDR mailing list
PSDR at hamwan.org <mailto:PSDR at hamwan.org>
http://mail.hamwan.net/mailman/listinfo/psdr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20210316/2883dd04/attachment.html>
More information about the PSDR
mailing list