[Dxspider-support] Secure node to node connection proposal

Rob Hardenberg rob at pe1itr.com
Sun Feb 26 18:55:12 GMT 2023 

I have thought about the proposals

I think that proposals for further security of the connections are a
waste of time. They are technological solutions to problems we don't
have. I don't believe there are any hackers or criminals interested in
disrupting dxcluster spots. It is amateur radio and nothing secret
about it.

The problems we have now come from the amateur radio community itself.
Probably ordinary amateur radio operators but with a mental problem.
Despite all the authorization measures, they still will end up on the
dxcluster. Measures to deal with this lie more in the field of
moderation. 
I still think our resources like badspotter, baddx and badip are fine.
We just need to improve this means. For example, by automatically
collecting all badspotter reports and including them in a global list
when a limit has been exceeded. In this way, as a sysop, you are not
alone.

I think we need to spend our energy differently. I foresee that in a
few years the percentage of manual cluster spots will drop to a very
low percentage. I foresee that, especially for VHF-UHF, the automatic
spots from reverse beacon network or pskreporter are much more valuable
to look up the DX than those few manual cluster reports. 
However, theze automatic cluster spots certainly also have challenges
such as "wrong band" spotters or operators who cannot type their
locator correctly. I think we should invest more energy in such
developments and in the validation of dxcluster spots before passing.

73 Rob PE1ITR



> -----Mensaje original-----
> De: Dxspider-support [mailto:dxspider-support-bounces at tobit.co.uk] En
> nombre de Mikel EA2CW via Dxspider-support
> Enviado el: domingo, 26 de febrero de 2023 06:36
> Para: Keith Maton via Dxspider-support
> CC: Mikel EA2CW
> Asunto: [Dxspider-support] Secure node to node connection proposal
> 
> After a lot of hours with some sysops already here, I have wrote down a
> first proposal of the first -small- step we could take, rising a bit
> the 
> node 2 node connections. Again, this is only a basic document to start,
> not an absolute and unique true.
> I expect to have an good open discussion among all us to define and 
> agree the path to a better dx-cluster net.
> 
> NODE<>NODE SECURE CONNECTION CRITERIA:
> 
> 1. Unregistered users can connect and view spots, they cannot upload
> any 
> info into the network.
> 
> 2. Registered users can login, view and also upload spots, anns, etc.
> 
> 3. All registered users must have a password. Registered users without 
> password would not be acceptable.
> 
> 4. All nodes to which the node is connected must meet the same
> requirements.
> 
> 5. The connection between nodes must be between registered nodes and 
> with password, that is:
>      - set/spider [node]
>      - set/reg <node>
>      - set/password <node>
>      - set/password <node> <password>.
> password is used).
> 
> 6. If possible, the connection between nodes should be made via ssh or 
> other secure mechanism. (Already testing a ssh tunneling protocol with 
> success)
> 
> 7. The connection to the RBN servers is optional from each server, but 
> the received RBN spots will not be forwarded to other nodes.
> 
> After -I hope- achieving an agreement, I would want to start a net
> where 
> all the clusters connected meet the agreed conditions.
> I ask you the sysops whom already meet them or with this aim, to
> contact 
> me and other partners in the same position for a -probably- slow but 
> firm evolution.
> 
> 
> POSSIBLE NEXT STEPS IN THE FUTURE
> 
> * A protocol should be designed within the dx-cluster standard to share
> hashed passwords between nodes, avoiding the need to register multiple 
> times the same user in different nodes and reducing the maintenance 
> tasks of each sysop. This information, i.e. (user:hash:origin_cluster) 
> could be later be broadcasted around the net and/or being also 
> stored on each node.
> 
> * The connections of identified nodes / users to any node should be
> made 
> always using secured connections. No more telnet usr/pwd open 
> transmissions should be allowed.
> 
> server programs (as telnet is now) avoiding the added complexity of 
> creating tunnels between each pair of servers. This system could be
> used 
> for secure connection between nodes as well as for connection and 
> identification of users, who could continue to access in an insecure
> way 
> -without the ability to upload information to the network. It would
> keep 
> the connection system of the current client softwares unchanged.
> 
> 
> 
> Hope we can discuss all this among us, securing the future of an open, 
> safe and not hierarchically structured. This philosophy is IMHO the one
> that has kept alive the dxcluster network during so many years/decades.
> 
> Thank you and 73 de Mikel EA2CW
> 
> 
> 
>

More information about the Dxspider-support mailing list