[Dxspider-support] Secure node to node connection proposal

Matthew Chambers mchambers at mchambersradio.com
Sun Feb 26 12:55:40 GMT 2023 

Yup, and asking sysops to take on additional load to maintain everything.
Several of us volunteer our tech resources but are limited in time to
babysit their nodes.

I do spend time developing client software and what realistically will
happen is developers will just drop DX Cluster support before sucking away
their time from improving other core functions of their software. Even if
they did add password or encryption support. We're asking hams to update
their software, most who are still running long out of support OSes and
other software and refuse to update because it's too much of a bother. I
still have users using 3-year old versions of my software, maybe older
because we didn't add version reporting on server login until 2021.

Matthew NR0Q

On Sun, Feb 26, 2023, 06:46 Kin <ea3cv at cronux.net> wrote:

> But Matthew, that will only happen if the sysop just gives out passwords
> without a minimum of verification. We come back to the issue of the
> management of a node by the administrator.
>
>
>
> Kin EA3CV
>
>
>
>
>
> *De:* Dxspider-support <dxspider-support-bounces at tobit.co.uk> *En nombre
> de *Matthew Chambers via Dxspider-support
> *Enviado el:* domingo, 26 de febrero de 2023 13:43
> *Para:* The DXSpider Support list <dxspider-support at tobit.co.uk>
> *CC:* Matthew Chambers <mchambers at mchambersradio.com>
> *Asunto:* Re: [Dxspider-support] Secure node to node connection proposal
>
>
>
> I agree, it's not really going to slow down a bad actor who will create
> accounts with fake callsigns and throw away passwords anyways. And again
> just breaking all the clients currently in use.
>
>
>
> Matthew NR0Q
>
>
>
> On Sun, Feb 26, 2023, 06:38 Ian Maude via Dxspider-support <
> dxspider-support at tobit.co.uk> wrote:
>
> Personally I am totally and utterly against forcing users to have a
> password.  I also do not see the point of having a password on node
> connections but, like users, if they want one, they can have one.
>
> 73 Ian
>
> > On 26 Feb 2023, at 09:36, Mikel EA2CW via Dxspider-support <
> dxspider-support at tobit.co.uk> wrote:
> >
> > After a lot of hours with some sysops already here, I have wrote down a
> first proposal of the first -small- step we could take, rising a bit the
> node 2 node connections. Again, this is only a basic document to start, not
> an absolute and unique true.
> > I expect to have an good open discussion among all us to define and
> agree the path to a better dx-cluster net.
> >
> > NODE<>NODE SECURE CONNECTION CRITERIA:
> >
> > 1. Unregistered users can connect and view spots, they cannot upload any
> info into the network.
> >
> > 2. Registered users can login, view and also upload spots, anns, etc.
> >
> > 3. All registered users must have a password. Registered users without
> password would not be acceptable.
> >
> > 4. All nodes to which the node is connected must meet the same
> requirements.
> >
> > 5. The connection between nodes must be between registered nodes and
> with password, that is:
> >     - set/spider [node]
> >     - set/reg <node>
> >     - set/password <node>
> >     - set/password <node> <password>.
> >     (The /spider/connect/<server> files must be modified so that the
> password is used).
> >
> > 6. If possible, the connection between nodes should be made via ssh or
> other secure mechanism. (Already testing a ssh tunneling protocol with
> success)
> >
> > 7. The connection to the RBN servers is optional from each server, but
> the received RBN spots will not be forwarded to other nodes.
> >
> > After -I hope- achieving an agreement, I would want to start a net where
> all the clusters connected meet the agreed conditions.
> > I ask you the sysops whom already meet them or with this aim, to contact
> me and other partners in the same position for a -probably- slow but firm
> evolution.
> >
> >
> > POSSIBLE NEXT STEPS IN THE FUTURE
> >
> > * A protocol should be designed within the dx-cluster standard to share
> hashed passwords between nodes, avoiding the need to register multiple
> times the same user in different nodes and reducing the maintenance tasks
> of each sysop. This information, i.e. (user:hash:origin_cluster) could be
> later be broadcasted around the net and/or being also distributed via
> config files as we already do, i.e. with bad IPs, and stored on each node.
> >
> > * The connections of identified nodes / users to any node should be made
> always using secured connections. No more telnet usr/pwd open transmissions
> should be allowed.
> >
> > * The secure connection system should be implemented as a part of the
> server programs (as telnet is now) avoiding the added complexity of
> creating tunnels between each pair of servers. This system could be used
> for secure connection between nodes as well as for connection and
> identification of users, who could continue to access in an insecure way
> -without the ability to upload information to the network. It would keep
> the connection system of the current client softwares unchanged.
> >
> >
> >
> > Hope we can discuss all this among us, securing the future of an open,
> safe and not hierarchically structured. This philosophy is IMHO the one
> that has kept alive the dxcluster network during so many years/decades.
> >
> > Thank you and 73 de Mikel EA2CW
> >
> >
> >
> >
> > --
> > ea2cw at gautxori.com
> > Bilbao, Bizkaia. IN83MG
> > http://radio.gautxori.com
> > http://qrz.com/db/ea2cw
> > https://t.me/EA2CW
> >
> >
> > _______________________________________________
> > Dxspider-support mailing list
> > Dxspider-support at tobit.co.uk
> > https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
>
>
>
> *The content of this email is confidential and intended for the recipient
> specified in message only. It is strictly forbidden to share any part of
> this message with any third party, without a written consent of the sender.
> If you received this message by mistake, please reply to this message and
> follow with its deletion, so that we can ensure such a mistake does not
> occur in the future.*
>
>
> *Please do not print this email unless it is necessary. Every unprinted
> email helps the environment.*
>

-- 
The content of this email is confidential and intended for the 
recipient 
specified in message only. It is strictly forbidden to share 
any part of 
this message with any third party, without a written consent
 of the 
sender. If you received this message by mistake, please reply to
 this 
message and follow with its deletion, so that we can ensure such a
 mistake 
does not occur in the future.

Please do not print this email unless it is 
necessary. Every unprinted email helps the environment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.tobit.co.uk/pipermail/dxspider-support/attachments/20230226/8df284af/attachment-0001.htm>

More information about the Dxspider-support mailing list