[Dxspider-support] Secure node to node connection proposal

[Matthew Chambers]

>> Just because the OS supports SSH doesn't mean all software 
>> environments can! For example for me to add SSH to a NodeJS based 
>> desktop app, I'd have to pull in additional "node modules" or 
>> libraries which add additional bloat to our software. This is likely 
>> true of many programming environments. And I'm sure there are some 
>> out there that have no option for SSH so their software will no 
>> longer be able to participate.
> One of the basis in the proposal is that -at least at this point- 
> everybody will be allowed to connect and show spots,anns, wwv,wcy,etc.

You'd still be leaving a lot of users out to be able to contribute 
spots, what would they be receiving if no one is sending anything 
because everyone is receive only?

>>
>> Encrypted tunnels between nodes seems reasonable but SSH for end 
>> users is too far. I might as well shut off my node at that point as 
>> would probably the vast majority of sysops. Yeah you'd have a very 
>> secure network with no traffic!
> In case ssh tunnels should be a must for end users, I think that it 
> must be transparent for them. I think that even now, few or no users 
> use telnet windows to connect, but 3rd part software that can do it 
> (only if they want to upload information, of course.) as they are 
> already doing it with other platforms.

My point is that to add SSH natively to the software it doesn't matter 
one bit if windows or linux supports it. You'd have to add it natively 
to the client program unless your proposing that we dump client support 
in logging programs and force everyone to use the OS SSH client only. I 
can't add it to the program I'm working on, even adding telnet was too 
much so I had started working on a server side translation of telnet to 
websockets for receive only for now but I might as well just scratch 
that project completely as it wouldn't meet your overly high standard 
for end to end encryption.

I'm also wondering how encryption is going to stop bad actors from 
logging in via SSH with a fake callsign and throw away password and 
injecting their bad data into the system.


I'm going to conclude my thoughts for this thread with this is a very 
very stupid idea and is going to not fix what you think it will and will 
only kill what's left of the DX Cluster network. I think the path we 
started of getting everyone updated and getting the badwords and badips 
lists up to date is about all we're going to be able to realisticly do. 
If you want an extremely secure network, just eliminate all the users 
and you won't have a problem with bad data because there will be no data.

-- 
----
Matthew Chambers, CBRE
Amateur Operator NR0Q
Tulsa, OK - Tulsa ARC

GridTracker Development Team Lead

SBE Certified Broadcast Radio Engineer

-- 
The content of this email is confidential and intended for the 
recipient 
specified in message only. It is strictly forbidden to share 
any part of 
this message with any third party, without a written consent
 of the 
sender. If you received this message by mistake, please reply to
 this 
message and follow with its deletion, so that we can ensure such a
 mistake 
does not occur in the future.

Please do not print this email unless it is 
necessary. Every unprinted email helps the environment.