[Dxspider-support] Secure node to node connection proposal

Mikel EA2CW ea2cw at gautxori.com
Sun Feb 26 11:37:41 GMT 2023 

Thanks again Matthew,
>> > How do you do SSH over packet radio as that's still a real use case 
>> for the packet cluster?
>> All we know that there is already a big hole on the system integrity, 
>> every can transmit with a fake callsign and both "humans" and 
>> skimmers will spot him wrong.  It seems that this is inherently 
>> unavoidable. We will never be able to give 100% security, we can only 
>> try to raise the skills needed to have success.
>
> Not talking about skimmers, talking about clients connecting via 
> packet radio to a node to receive and send spots as if it were telnet. 
> In the US, encryption would be illegal and you'd automatically kill 
> those hams that don't have internet at their operation location and 
> rely on 1200baud VHF packet back to civilization to connect to the 
> network.
>
Yes, I understood you. This could be an issue that, or we will have to 
kept open (in a similar way that with fake radio txmissions), or find a 
way to solve it.
Related to coded transmissions, in EA, at the beginning, even digital 
ham transmissions were not allowed as they couldn't be listened "by ear" 
and had to be decoded...
>>
>>>
>>> I think this proposal is throwing the baby out with the bath water 
>>> and will kill all but a handful of nodes as there won't be hardly 
>>> any logging programmers willing to rewrite their software to support 
>>> SSH so a lot of users will just go somewhere else. Telnet is 
>>> somewhat easy as it's just a TCP connection, but to have to involve 
>>> keeping up with OpenSSL or similar and not all programming 
>>> environments natively support SSH either.
>> XDDDDDDD Never listened before that about babies!. Well as it has 
>> already been said, a lot of logger and contest softwares use 
>> different protocols to connect to several information sources or auto 
>> uploading logs (i.e. to QRZ.COM, LoTW, etc.) Why cannot be the same 
>> with cluster?
>> Almost all that software runs on Linux or Windows, and both have 
>> native ssh support. In any case, they can keep on connecting and 
>> downloading info from the dx-cluster net.
>
> Just because the OS supports SSH doesn't mean all software 
> environments can! For example for me to add SSH to a NodeJS based 
> desktop app, I'd have to pull in additional "node modules" or 
> libraries which add additional bloat to our software. This is likely 
> true of many programming environments. And I'm sure there are some out 
> there that have no option for SSH so their software will no longer be 
> able to participate.
One of the basis in the proposal is that -at least at this point- 
everybody will be allowed to connect and show spots,anns, wwv,wcy,etc.
>
> Encrypted tunnels between nodes seems reasonable but SSH for end users 
> is too far. I might as well shut off my node at that point as would 
> probably the vast majority of sysops. Yeah you'd have a very secure 
> network with no traffic!
In case ssh tunnels should be a must for end users, I think that it must 
be transparent for them. I think that even now, few or no users use 
telnet windows to connect, but 3rd part software that can do it (only if 
they want to upload information, of course.) as they are already doing 
it with other platforms.

73 Mikel

-- 
ea2cw at gautxori.com
Bilbao, Bizkaia. IN83MG
http://radio.gautxori.com
http://qrz.com/db/ea2cw
https://t.me/EA2CW

More information about the Dxspider-support mailing list