While using LOTW certificates is quite ingenious, I think the whole
process to extract the keys will be a big hangup for the less
technical folks.
It really needs to be as easy as possible, like how you can use you
facebook login (oauth token) to log into other sites.
Basically it your ARRL login should work like that, so you can login
to the ampr portal, qrz, etc.
> Subject:
> Re: [44net] Verifying the identities of IP coordinators
> From:
> "Marius Petrescu" <marius(a)yo2loj.ro>
> Date:
> 01/14/2016 08:10 AM
>
> To:
> "AMPRNet working group" <44net(a)hamradio.ucsd.edu>
>
>
> The reason is simple why not to allow automatic requests:
> The coordinators may have a certain IP allocation scheme in there minds. Maybe regional, maybe some other criteria.
> That means that not every request out of the blue fits that scheme.
> So an IP range may be unallocated, but it does not fit the allocation scheme.
> An coordinator would change the requested one allocate the right one, which would not happen in an automated system.
>
> e.g. in YO, I allocate IP ranges based on regions, so that the first number in the block fits the requestors region number (the same as in the callsign).
> I had requests like "please allocate 44.182.35.xx to me", the user being in region 8.
> It resulted in allocating the first unused 44.182.8x.xx /24 subnet to him, and not the original requested one.
> This would not have been possible in an automated system.
>
> Marius, YO2LOJ
It is the same here, Marius.
When someone applies for an address I need to know where they are located, if applicable to which
access point they want to link, if they want a single address or a subnet, what size of subnet they need,
a motivation when that is larger than the default /28, etc.
Once I have that information I look at the already assigned addresses, and assign them one that fits.
(there is a different area in each subnet where single addresses and subnets are allocated)
Sure it could all be catered for in input forms, but the amprnet portal currently doesn't, and upgrades
to its functionality appear to occur only very infrequently. I don't think it is worthwile to spec out everything
and have someone spend time on implementing it, only to find ourselves locked into that system which may
not be optimal once some decision is made to handle things differently.
Furthermore, many applicants really need some guidance and make requests that are incomplete or not
justified (e.g. request allocation of a /22 network for a single station).
The semi-automatic mechanism appears to work well and makes it easy to ask for more information.
Rob
On Wed, Jan 13, 2016 at 6:25 AM, Brian Kantor <Brian(a)ucsd.edu> wrote:
> The existing portal works fairly
> well for a first cut at making one. Undoubtedly we'll refine it but that
> depends on volunteers to do the design and programming (PHP, Javascript),
> and so far several calls for volunteers have fallen on deaf ears.
This isn't completely true. You can grep the archives for "I'll be
happy to help with the programming" to find at least one offer.
Alternatively, my opinion is that Chris would get more help if the
project were open sourced. Now instead of recruiting volunteers, he
will have contributors. This allows for a lot more flexibility. For
example, a ham in one part of the world is stuck at home on a rainy
weekend is setting up an AMPR system and encounters a bug. Meanwhile,
Chris is enjoying a weekend away from the computer in a part of the
world with more favorable weather. With an open source project, the
first ham can dig around for the bug and send Chris a patch without
any pre-approval. When Chris returns, he can vet the patch before
applying it to the SVN [or whatever technology] repo. This
significantly lowers the bar for volunteers and administration.
If the portal is open sourced, expect a patch from me within the first week.
Tom KD7LXL
Re-validating on a regular/annual basis should be for everyone not
just coordinators and gateway ops. It keeps contact information
current and could also confirm if they wish to keep their netblock
allocation.
Think of it as a subtle reminder to maybe get back on board with
something they may have put off. :
And allows address space to be returned to the pool, and any
associated DNS entries in that address space to be removed as well as
any associated gateways.
I think I might have been the first to ask of the portal project was
going to be open source. My thoughts at the time was it seemed like a
number of regional BGP connected chucks where breaking off and I
figured they may also want to implement a user end kind of portal.
If there are some security by obscurity concerns in its design, then
we just need a github type of thing hosted on 44net so that non hams
are restricted from viewing and submitting to the project.
And even if that doesn't happen for the portal, I think a ham only
github type of thing might be a good idea. A number of ham projects
get picked up and spun by commercial folks. The earliest example is
probably Phil Karn's NOS code. And now a present day example would be
about non licensed folks getting access to modified atheros drivers or
the CS7000 firmware, etc.
Le 12/01/2016 20:00, 44net-request(a)hamradio.ucsd.edu a écrit :
> The original suggestion was that there was a way to bypass simple
> address assignment by automating the process.
No possible i think, because we must verify the real identity of
the persons requesting IPand if this verification is automatic
it will be very easy to pirat the system...
For example if I have a doubt about the person, I phone him to check
the identity. An automatic system can do this.
;o)
Best regards,
Ludovic - F5PBG.
Third ed it..
--Ted Gervais 1464 luxury aveWindsor OntarioN8p0a9
-------- Original message --------
From: ve1jot <ve1jot(a)eastlink.ca>
Date: 2016-01-12 12:00 AM (GMT-05:00)
To: AMPRNet working group <44net(a)hamradio.ucsd.edu>
Subject: Re: [44net] Verifying the identities of IP coordinators
(Please trim inclusions from previous messages)
_______________________________________________
seconded!
On 16-01-10 01:40 PM, Paul Lewis wrote:
> (Please trim inclusions from previous messages)
> _______________________________________________
> Thank you Brian for those kind words
> and also for the work you do and your team in the background support
> for the past 25+ years
> paul g4apl
> In message <20160110145927.GA32116(a)UCSD.Edu>, Brian Kantor
> <Brian(a)UCSD.Edu> writes
>> (Please trim inclusions from previous messages)
>> _______________________________________________
>> There seems to be some confusion here. The discussion was never about
>> verifying the identities of coordinators.
>>
>> The original suggestion was that there was a way to bypass simple
>> address assignment by automating the process.
>>
>> I explained at the time that the coordinators perform a valuable service
>> that can't be automated in any practical way.
>>
>> In fact, many coordinators do far more than assign addresses - they
>> consult with users and provide assistance in getting their stations on
>> the net. Many of the people currently using AMPRNet would not have been
>> able to do so without the help of their local coordinator.
>>
>> I think the coordinators, many of whom have been performing that service
>> for years, deserve a round of thanks from the community. They certainly
>> have my appreciation for their hard work and dedication.
>> - Brian
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)hamradio.ucsd.edu
>> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
Id there any SMTP server (mail relay) that can pickup any from
*.ampr.org email adrss or any 44.** IP adtress and can send it to the
outside world ?
If yes what its ip adress ?
Thanks Forward
Ronen - 4Z4ZQ
http://www.ronen.org
> The question of automating address assignment has been looked into;
> about the only way it could be done would be if we had a secure method
> of making sure that the applicant is a bona fide ham radio operator.
> At the moment, the only known automated way of doing this is to use
> Logbook of the World certificates, which greatly restricts the number
> of people who could prove their eligibility and has its own set of
> problems.
Brian,
The problem of knowing who we're corresponding with is as old as the
written word. I feel that PKI provides the best solution available.
I'm not familiar with LOTW, but I know the PKI process well, and I'm
confident that it provides a simpler and more robust solution.
There are, of course, many different ways to implement a secure
process: for the moment, I'll ask that we leave aside the
implementation details and talk about the idea. We could use a secure
web site to give access to coordinators, or restrict ssh access to key
holders, or accept only signed emails: the process is essentially the
same for all.
It boils down to authentication: we can issue private keys to every
coordinator who seeks to use an automated process to issue IP
addresses.
* PGP/GPG users have access to "Keysigning parties" where other
keyholders will verify their meatspace identities by inspecting
their drivers license, passport, etc.
* SSH and SSL users could, in theory, employ the keysigning process to
verify their identity, even though it's not customary. They could
also provide letters from attorneys or ministers or other public
figures, attesting to their identities, in the same manner that
Thawte used to verify X.509 certificates.
Long story short, LOTW isn't the only way to verify an identity. There
are other methods, already implemented and available, which can be
used instead.
Bill, KW4OC
Le 08/01/2016 20:00, 44net-request(a)hamradio.ucsd.edu a écrit :
> Delays of months and years by coordinators continues to be heard
Some coordinators works very slow... For me i validate IP ask in few hours
and sometimes few days (week-end...).
I create a subnet for some friends in order to have an IP more faster
for them
because the coord does not validate the IP.
It will be nice to have an alert to the big admin of ampr.org when a
IP ask
is not validate after two weeks (for example). Then, itwill be nice to
change
the local coordif he does not do his job in ham'spirits conditions...
;o)
Best regards,
Ludovic - Coord 44.151
