On Thu, 17 Apr 2014, Don Fanning wrote:
One problem that comes to mind is SSL wouldn't be allowed on 44net unless everyone has the private key and I doubt ARRL will release that.
Humm, why?
The private keys of the ARRL CA are only needed by ARRL to sign the certificates they give to the users. And they don't need to give those away (actually, they must not give those away) - that would allow others to impersonate ARRL and sign certificates on their behalf.
What everyone needs is their CA's certificate, which is public by definition. That can then be used to verify certificates of individual users - to confirm that those individual users have a good amateur radio certificate given by a CA such as ARRL, and that CA has looked at the license papers of that individual before giving him a certificate.
By the way, have to mention this again: SSL/TLS can run in a mode where data is not encrypted (NULL cipher), it's just authenticated. You'll know it came from me and nobody modified it on the way, but it's not encrypted.
- Hessu