44net January 2016

44net@mailman.ampr.org

62 participants
47 discussions

Re: [44net] Verifying the identities of IP coordinators
by Steve L 15 Jan '16

15 Jan '16

While using LOTW certificates is quite ingenious, I think the whole process to extract the keys will be a big hangup for the less technical folks. It really needs to be as easy as possible, like how you can use you facebook login (oauth token) to log into other sites. Basically it your ARRL login should work like that, so you can login to the ampr portal, qrz, etc.

24 38

Re: [44net] Verifying the identities of IP coordinators
by Rob Janssen 15 Jan '16

15 Jan '16

> Subject: > Re: [44net] Verifying the identities of IP coordinators > From: > "Marius Petrescu" <marius(a)yo2loj.ro> > Date: > 01/14/2016 08:10 AM > > To: > "AMPRNet working group" <44net(a)hamradio.ucsd.edu> > > > The reason is simple why not to allow automatic requests: > The coordinators may have a certain IP allocation scheme in there minds. Maybe regional, maybe some other criteria. > That means that not every request out of the blue fits that scheme. > So an IP range may be unallocated, but it does not fit the allocation scheme. > An coordinator would change the requested one allocate the right one, which would not happen in an automated system. > > e.g. in YO, I allocate IP ranges based on regions, so that the first number in the block fits the requestors region number (the same as in the callsign). > I had requests like "please allocate 44.182.35.xx to me", the user being in region 8. > It resulted in allocating the first unused 44.182.8x.xx /24 subnet to him, and not the original requested one. > This would not have been possible in an automated system. > > Marius, YO2LOJ It is the same here, Marius. When someone applies for an address I need to know where they are located, if applicable to which access point they want to link, if they want a single address or a subnet, what size of subnet they need, a motivation when that is larger than the default /28, etc. Once I have that information I look at the already assigned addresses, and assign them one that fits. (there is a different area in each subnet where single addresses and subnets are allocated) Sure it could all be catered for in input forms, but the amprnet portal currently doesn't, and upgrades to its functionality appear to occur only very infrequently. I don't think it is worthwile to spec out everything and have someone spend time on implementing it, only to find ourselves locked into that system which may not be optimal once some decision is made to handle things differently. Furthermore, many applicants really need some guidance and make requests that are incomplete or not justified (e.g. request allocation of a /22 network for a single station). The semi-automatic mechanism appears to work well and makes it easy to ask for more information. Rob

3 2

Portal volunteers [was: Verifying the identities of IP coordinators]
by Tom Hayward 14 Jan '16

14 Jan '16

On Wed, Jan 13, 2016 at 6:25 AM, Brian Kantor <Brian(a)ucsd.edu> wrote: > The existing portal works fairly > well for a first cut at making one. Undoubtedly we'll refine it but that > depends on volunteers to do the design and programming (PHP, Javascript), > and so far several calls for volunteers have fallen on deaf ears. This isn't completely true. You can grep the archives for "I'll be happy to help with the programming" to find at least one offer. Alternatively, my opinion is that Chris would get more help if the project were open sourced. Now instead of recruiting volunteers, he will have contributors. This allows for a lot more flexibility. For example, a ham in one part of the world is stuck at home on a rainy weekend is setting up an AMPR system and encounters a bug. Meanwhile, Chris is enjoying a weekend away from the computer in a part of the world with more favorable weather. With an open source project, the first ham can dig around for the bug and send Chris a patch without any pre-approval. When Chris returns, he can vet the patch before applying it to the SVN [or whatever technology] repo. This significantly lowers the bar for volunteers and administration. If the portal is open sourced, expect a patch from me within the first week. Tom KD7LXL

4 3

Re: [44net] Verifying the identities of IP coordinators
by Steve L 13 Jan '16

13 Jan '16

Re-validating on a regular/annual basis should be for everyone not just coordinators and gateway ops. It keeps contact information current and could also confirm if they wish to keep their netblock allocation. Think of it as a subtle reminder to maybe get back on board with something they may have put off. : And allows address space to be returned to the pool, and any associated DNS entries in that address space to be removed as well as any associated gateways. I think I might have been the first to ask of the portal project was going to be open source. My thoughts at the time was it seemed like a number of regional BGP connected chucks where breaking off and I figured they may also want to implement a user end kind of portal. If there are some security by obscurity concerns in its design, then we just need a github type of thing hosted on 44net so that non hams are restricted from viewing and submitting to the project. And even if that doesn't happen for the portal, I think a ham only github type of thing might be a good idea. A number of ham projects get picked up and spun by commercial folks. The earliest example is probably Phil Karn's NOS code. And now a present day example would be about non licensed folks getting access to modified atheros drivers or the CS7000 firmware, etc.

3 2

Re: [44net] 44Net Digest, Vol 5, Issue 12
by f5pbg＠free.fr 12 Jan '16

12 Jan '16

Le 12/01/2016 20:00, 44net-request(a)hamradio.ucsd.edu a écrit : > The original suggestion was that there was a way to bypass simple > address assignment by automating the process. No possible i think, because we must verify the real identity of the persons requesting IPand if this verification is automatic it will be very easy to pirat the system... For example if I have a doubt about the person, I phone him to check the identity. An automatic system can do this. ;o) Best regards, Ludovic - F5PBG.

1 0

Re: [44net] Verifying the identities of IP coordinators
by ve1drg 12 Jan '16

12 Jan '16

Third ed it.. --Ted Gervais 1464 luxury aveWindsor OntarioN8p0a9 -------- Original message -------- From: ve1jot <ve1jot(a)eastlink.ca> Date: 2016-01-12 12:00 AM (GMT-05:00) To: AMPRNet working group <44net(a)hamradio.ucsd.edu> Subject: Re: [44net] Verifying the identities of IP coordinators (Please trim inclusions from previous messages) _______________________________________________ seconded! On 16-01-10 01:40 PM, Paul Lewis wrote: > (Please trim inclusions from previous messages) > _______________________________________________ > Thank you Brian for those kind words > and also for the work you do and your team in the background support > for the past 25+ years > paul g4apl > In message <20160110145927.GA32116(a)UCSD.Edu>, Brian Kantor > <Brian(a)UCSD.Edu> writes >> (Please trim inclusions from previous messages) >> _______________________________________________ >> There seems to be some confusion here. The discussion was never about >> verifying the identities of coordinators. >> >> The original suggestion was that there was a way to bypass simple >> address assignment by automating the process. >> >> I explained at the time that the coordinators perform a valuable service >> that can't be automated in any practical way. >> >> In fact, many coordinators do far more than assign addresses - they >> consult with users and provide assistance in getting their stations on >> the net. Many of the people currently using AMPRNet would not have been >> able to do so without the help of their local coordinator. >> >> I think the coordinators, many of whom have been performing that service >> for years, deserve a round of thanks from the community. They certainly >> have my appreciation for their hard work and dedication. >> - Brian >> >> _________________________________________ >> 44Net mailing list >> 44Net(a)hamradio.ucsd.edu >> http://hamradio.ucsd.edu/mailman/listinfo/44net > _________________________________________ 44Net mailing list 44Net(a)hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net

1 0

mail relay for *.ampr.org adress or IP ?
by R P 10 Jan '16

10 Jan '16

Id there any SMTP server (mail relay) that can pickup any from *.ampr.org email adrss or any 44.** IP adtress and can send it to the outside world ? If yes what its ip adress ? Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org

1 0

Verifying the identities of IP coordinators
by Bill Horne 10 Jan '16

10 Jan '16

> The question of automating address assignment has been looked into; > about the only way it could be done would be if we had a secure method > of making sure that the applicant is a bona fide ham radio operator. > At the moment, the only known automated way of doing this is to use > Logbook of the World certificates, which greatly restricts the number > of people who could prove their eligibility and has its own set of > problems. Brian, The problem of knowing who we're corresponding with is as old as the written word. I feel that PKI provides the best solution available. I'm not familiar with LOTW, but I know the PKI process well, and I'm confident that it provides a simpler and more robust solution. There are, of course, many different ways to implement a secure process: for the moment, I'll ask that we leave aside the implementation details and talk about the idea. We could use a secure web site to give access to coordinators, or restrict ssh access to key holders, or accept only signed emails: the process is essentially the same for all. It boils down to authentication: we can issue private keys to every coordinator who seeks to use an automated process to issue IP addresses. * PGP/GPG users have access to "Keysigning parties" where other keyholders will verify their meatspace identities by inspecting their drivers license, passport, etc. * SSH and SSL users could, in theory, employ the keysigning process to verify their identity, even though it's not customary. They could also provide letters from attorneys or ministers or other public figures, attesting to their identities, in the same manner that Thawte used to verify X.509 certificates. Long story short, LOTW isn't the only way to verify an identity. There are other methods, already implemented and available, which can be used instead. Bill, KW4OC

2 1

Re: [44net] Coord delay
by f5pbg＠free.fr 09 Jan '16

09 Jan '16

Le 08/01/2016 20:00, 44net-request(a)hamradio.ucsd.edu a écrit : > Delays of months and years by coordinators continues to be heard Some coordinators works very slow... For me i validate IP ask in few hours and sometimes few days (week-end...). I create a subnet for some friends in order to have an IP more faster for them because the coord does not validate the IP. It will be nice to have an alert to the big admin of ampr.org when a IP ask is not validate after two weeks (for example). Then, itwill be nice to change the local coordif he does not do his job in ham'spirits conditions... ;o) Best regards, Ludovic - Coord 44.151

1 0

locked
by Dale Yanz 08 Jan '16

08 Jan '16

Hi All Question is that am I being locked out ? 44.125.10.0/24 0 0.0.0.0 E 0 0 Locked Dale KJ6IX

8 13

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

44net January 2016