[Dxspider-support] Newbie question about passwords

[Dirk Koopman]

On 26/06/12 22:00, Ton Machielsen wrote:
> I think this is a REALLY nice opportunity for enhancement. The "only"
> thing you need to do is propagate user accounts and passwords to your
> next connected node.
>
> On Tue, Jun 26, 2012 at 7:18 PM, Jan <pa4jj at pa4jj.nl
> <mailto:pa4jj at pa4jj.nl>> wrote:
>
>     Ton
>     I don't know how to prevent this.
>     Even if all nodes should have the option password set then it is
>     still possible that e.g. I use your call with a password that I have
>     chosen. In fact when I do this with all nodes (takes me some time)
>     then you would have a problem logging in to these nodes.
>
>     But maybe I am wrong about this. Let's see if one of the guru's have
>     a comment on this matter.
>     73
>     Jan
>     PA4JJ
>

Whilst it might well be, at first sight, a useful and welcome 
enhancement, it isn't actually as easy as you imagine. Here are some 
counter arguments:

* In order to achieve this one needs to have a trust relationship 
between each node (much) greater than currently exists.

* One has to either a) distribute key material throughout the system or 
b) maintain the key material at the home node and have a (fast) 
mechanism for authentication from login -> home node.

* Any of the above will likely involve some form of encryption. Which 
instantly stops data being (legally) passed over amateur radio links.

* Many users maintain connections to more than one node at a time. Which 
one is the 'true' home node?

* Whilst impersonation is a problem, it isn't IMHO a sufficiently 
serious one that it can't be kept under control by active sysopping. 
Yes, it's very distressing for the usurped call and, once discovered, 
generally causes much comment (which is usually far more distressing 
than the original usurping).

* How is a sysop going verify that new user G1TLH is indeed who he says 
he is? What occurs if he happens to connect only via AX25?

Dirk G1TLH