17 Apr
2014
17 Apr
'14
5:47 p.m.
On Thu, 17 Apr 2014, Don Fanning wrote:
One problem that comes to mind is SSL wouldn't be
allowed on 44net unless
everyone has the private key and I doubt ARRL will release that.
Humm, why?
The private keys of the ARRL CA are only needed by ARRL to sign the
certificates they give to the users. And they don't need to give those
away (actually, they must not give those away) - that would allow others
to impersonate ARRL and sign certificates on their behalf.
What everyone needs is their CA's certificate, which is public by
definition. That can then be used to verify certificates of individual
users - to confirm that those individual users have a good amateur radio
certificate given by a CA such as ARRL, and that CA has looked at the
license papers of that individual before giving him a certificate.
By the way, have to mention this again: SSL/TLS can run in a mode where
data is not encrypted (NULL cipher), it's just authenticated. You'll know
it came from me and nobody modified it on the way, but it's not encrypted.
- Hessu