[Dxspider-support] Secure node to node connection proposal

Kin ea3cv at cronux.net
Sun Feb 26 12:46:36 GMT 2023 

But Matthew, that will only happen if the sysop just gives out passwords without a minimum of verification. We come back to the issue of the management of a node by the administrator.

 

Kin EA3CV

 

 

De: Dxspider-support <dxspider-support-bounces at tobit.co.uk> En nombre de Matthew Chambers via Dxspider-support
Enviado el: domingo, 26 de febrero de 2023 13:43
Para: The DXSpider Support list <dxspider-support at tobit.co.uk>
CC: Matthew Chambers <mchambers at mchambersradio.com>
Asunto: Re: [Dxspider-support] Secure node to node connection proposal

 

I agree, it's not really going to slow down a bad actor who will create accounts with fake callsigns and throw away passwords anyways. And again just breaking all the clients currently in use.

 

Matthew NR0Q 

 

On Sun, Feb 26, 2023, 06:38 Ian Maude via Dxspider-support <dxspider-support at tobit.co.uk <mailto:dxspider-support at tobit.co.uk> > wrote:

Personally I am totally and utterly against forcing users to have a password.  I also do not see the point of having a password on node connections but, like users, if they want one, they can have one.

73 Ian

> On 26 Feb 2023, at 09:36, Mikel EA2CW via Dxspider-support <dxspider-support at tobit.co.uk <mailto:dxspider-support at tobit.co.uk> > wrote:
> 
> After a lot of hours with some sysops already here, I have wrote down a first proposal of the first -small- step we could take, rising a bit the node 2 node connections. Again, this is only a basic document to start, not an absolute and unique true.
> I expect to have an good open discussion among all us to define and agree the path to a better dx-cluster net.
> 
> NODE<>NODE SECURE CONNECTION CRITERIA:
> 
> 1. Unregistered users can connect and view spots, they cannot upload any info into the network.
> 
> 2. Registered users can login, view and also upload spots, anns, etc.
> 
> 3. All registered users must have a password. Registered users without password would not be acceptable.
> 
> 4. All nodes to which the node is connected must meet the same requirements.
> 
> 5. The connection between nodes must be between registered nodes and with password, that is:
>     - set/spider [node]
>     - set/reg <node>
>     - set/password <node>
>     - set/password <node> <password>.
>     (The /spider/connect/<server> files must be modified so that the password is used).
> 
> 6. If possible, the connection between nodes should be made via ssh or other secure mechanism. (Already testing a ssh tunneling protocol with success)
> 
> 7. The connection to the RBN servers is optional from each server, but the received RBN spots will not be forwarded to other nodes.
> 
> After -I hope- achieving an agreement, I would want to start a net where all the clusters connected meet the agreed conditions.
> I ask you the sysops whom already meet them or with this aim, to contact me and other partners in the same position for a -probably- slow but firm evolution.
> 
> 
> POSSIBLE NEXT STEPS IN THE FUTURE
> 
> * A protocol should be designed within the dx-cluster standard to share hashed passwords between nodes, avoiding the need to register multiple times the same user in different nodes and reducing the maintenance tasks of each sysop. This information, i.e. (user:hash:origin_cluster) could be later be broadcasted around the net and/or being also distributed via config files as we already do, i.e. with bad IPs, and stored on each node.
> 
> * The connections of identified nodes / users to any node should be made always using secured connections. No more telnet usr/pwd open transmissions should be allowed.
> 
> * The secure connection system should be implemented as a part of the server programs (as telnet is now) avoiding the added complexity of creating tunnels between each pair of servers. This system could be used for secure connection between nodes as well as for connection and identification of users, who could continue to access in an insecure way -without the ability to upload information to the network. It would keep the connection system of the current client softwares unchanged.
> 
> 
> 
> Hope we can discuss all this among us, securing the future of an open, safe and not hierarchically structured. This philosophy is IMHO the one that has kept alive the dxcluster network during so many years/decades.
> 
> Thank you and 73 de Mikel EA2CW
> 
> 
> 
> 
> -- 
> ea2cw at gautxori.com <mailto:ea2cw at gautxori.com> 
> Bilbao, Bizkaia. IN83MG
> http://radio.gautxori.com
> http://qrz.com/db/ea2cw
> https://t.me/EA2CW
> 
> 
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk <mailto:Dxspider-support at tobit.co.uk> 
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support


_______________________________________________
Dxspider-support mailing list
Dxspider-support at tobit.co.uk <mailto:Dxspider-support at tobit.co.uk> 
https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

 

The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future.


Please do not print this email unless it is necessary. Every unprinted email helps the environment.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20230226/3070313b/attachment-0001.htm>

More information about the Dxspider-support mailing list