[Dxspider-support] Secure node to node connection proposal
Matthew Chambers
mchambers at mchambersradio.com
Sun Feb 26 12:27:24 GMT 2023
>> Just because the OS supports SSH doesn't mean all software
>> environments can! For example for me to add SSH to a NodeJS based
>> desktop app, I'd have to pull in additional "node modules" or
>> libraries which add additional bloat to our software. This is likely
>> true of many programming environments. And I'm sure there are some
>> out there that have no option for SSH so their software will no
>> longer be able to participate.
> One of the basis in the proposal is that -at least at this point-
> everybody will be allowed to connect and show spots,anns, wwv,wcy,etc.
You'd still be leaving a lot of users out to be able to contribute
spots, what would they be receiving if no one is sending anything
because everyone is receive only?
>>
>> Encrypted tunnels between nodes seems reasonable but SSH for end
>> users is too far. I might as well shut off my node at that point as
>> would probably the vast majority of sysops. Yeah you'd have a very
>> secure network with no traffic!
> In case ssh tunnels should be a must for end users, I think that it
> must be transparent for them. I think that even now, few or no users
> use telnet windows to connect, but 3rd part software that can do it
> (only if they want to upload information, of course.) as they are
> already doing it with other platforms.
My point is that to add SSH natively to the software it doesn't matter
one bit if windows or linux supports it. You'd have to add it natively
to the client program unless your proposing that we dump client support
in logging programs and force everyone to use the OS SSH client only. I
can't add it to the program I'm working on, even adding telnet was too
much so I had started working on a server side translation of telnet to
websockets for receive only for now but I might as well just scratch
that project completely as it wouldn't meet your overly high standard
for end to end encryption.
I'm also wondering how encryption is going to stop bad actors from
logging in via SSH with a fake callsign and throw away password and
injecting their bad data into the system.
I'm going to conclude my thoughts for this thread with this is a very
very stupid idea and is going to not fix what you think it will and will
only kill what's left of the DX Cluster network. I think the path we
started of getting everyone updated and getting the badwords and badips
lists up to date is about all we're going to be able to realisticly do.
If you want an extremely secure network, just eliminate all the users
and you won't have a problem with bad data because there will be no data.
--
----
Matthew Chambers, CBRE
Amateur Operator NR0Q
Tulsa, OK - Tulsa ARC
GridTracker Development Team Lead
SBE Certified Broadcast Radio Engineer
--
The content of this email is confidential and intended for the
recipient
specified in message only. It is strictly forbidden to share
any part of
this message with any third party, without a written consent
of the
sender. If you received this message by mistake, please reply to
this
message and follow with its deletion, so that we can ensure such a
mistake
does not occur in the future.
Please do not print this email unless it is
necessary. Every unprinted email helps the environment.
More information about the Dxspider-support
mailing list