[Dxspider-support] Secure node to node connection proposal

[Matthew Chambers]

>
> > How do you do SSH over packet radio as that's still a real use case 
> for the packet cluster?
> All we know that there is already a big hole on the system integrity, 
> every can transmit with a fake callsign and both "humans" and skimmers 
> will spot him wrong.  It seems that this is inherently unavoidable. We 
> will never be able to give 100% security, we can only try to raise the 
> skills needed to have success.

Not talking about skimmers, talking about clients connecting via packet 
radio to a node to receive and send spots as if it were telnet. In the 
US, encryption would be illegal and you'd automatically kill those hams 
that don't have internet at their operation location and rely on 
1200baud VHF packet back to civilization to connect to the network.

>
>>
>> I think this proposal is throwing the baby out with the bath water 
>> and will kill all but a handful of nodes as there won't be hardly any 
>> logging programmers willing to rewrite their software to support SSH 
>> so a lot of users will just go somewhere else. Telnet is somewhat 
>> easy as it's just a TCP connection, but to have to involve keeping up 
>> with OpenSSL or similar and not all programming environments natively 
>> support SSH either.
> XDDDDDDD Never listened before that about babies!. Well as it has 
> already been said, a lot of logger and contest softwares use different 
> protocols to connect to several information sources or auto uploading 
> logs (i.e. to QRZ.COM, LoTW, etc.) Why cannot be the same with cluster?
> Almost all that software runs on Linux or Windows, and both have 
> native ssh support. In any case, they can keep on connecting and 
> downloading info from the dx-cluster net.

Just because the OS supports SSH doesn't mean all software environments 
can! For example for me to add SSH to a NodeJS based desktop app, I'd 
have to pull in additional "node modules" or libraries which add 
additional bloat to our software. This is likely true of many 
programming environments. And I'm sure there are some out there that 
have no option for SSH so their software will no longer be able to 
participate.

Encrypted tunnels between nodes seems reasonable but SSH for end users 
is too far. I might as well shut off my node at that point as would 
probably the vast majority of sysops. Yeah you'd have a very secure 
network with no traffic!

-- 
----
Matthew Chambers, CBRE
Amateur Operator NR0Q
Tulsa, OK - Tulsa ARC

GridTracker Development Team Lead

SBE Certified Broadcast Radio Engineer

-- 
The content of this email is confidential and intended for the 
recipient 
specified in message only. It is strictly forbidden to share 
any part of 
this message with any third party, without a written consent
 of the 
sender. If you received this message by mistake, please reply to
 this 
message and follow with its deletion, so that we can ensure such a
 mistake 
does not occur in the future.

Please do not print this email unless it is 
necessary. Every unprinted email helps the environment.