There as been multiple discussion about ham only 44 net, and open to the world ham net. If you build a network with IPv4 Private Address Space, and prevent people from entering into that private adress space unless they show a kind of auth you have a nice secure network and you are calm about the traffic being sent to and from your ham project. But that is not 44net. 44 net is a routable network and many ham want it to be exposed to the whole internet so that the service they offer to the community can be accessible and they deal with the auth at the service level. Like repeater linking voip server, file server. Name it.
Yes we can have a part of the 44 net that is close to non-ham. that is all ok. But I think this is a loss of a scare resources that is an ipv4 adress space. But I am not against that idea.
The main thing about the amprnet is that we need to offer it for all ham to use in an easy way. We need to have a way for people to join into the adress space easily and reliably with enoug bandwith and low latency so that any project can work on it. THEN people will start using it a lot more. Could there be a way that we can have some block of 16 or 32 adress accessible from a simple wireguard link that would be created by a request to the portal, and that block of adress be accessible only to 44 net or to the whole internet. I dont know if it is manageable or even doable. We surely need more programmer and more network guru to come to that level of integration.
Me on my side I like to dream. (start the Supertramp dreamer song here)
Pierre VE2PF
________________________________________ De : 44Net 44net-bounces+petem001=hotmail.com@mailman.ampr.org de la part de Toussaint OTTAVI via 44Net 44net@mailman.ampr.org Envoyé : 17 février 2021 11:34 À : AMPRNet working group Cc : Toussaint OTTAVI Objet : Re: [44net] ASN # and Network Service Provider (NSP)
Le 17/02/2021 à 11:16, Rob PE1CHL via 44Net a écrit :
When I get a request like "I am Rob PE1CHL and I want some addresses to use on 44Net" there is no way for me to really verify that this mail is really coming from a licensed operator, and even less to verify that he keeps that license during the time he can still use that address.
Maybe it's just a scale problem ? I don't have this one, because I'm living on a tiny island, and I do know every ham involved in TKNet. Maybe there should be more delegation, f/ex national coordinator delegating sub-tasks to trusted local radio-clubs ? Not sure it would be feasible everywhere, anyway...
If we setup a CA managed by ARDC, then ARDC would be in charge of identity verification, and would deliver a (multi-purpose) certificate directly to the end-user. Then, if someone gives you a trusted certificate, you won't have to do further verification.
Sure, the admittance of only 44Net traffic (44.0.0.0/9 and 44.128.0.0/10) is a first step when guarding a system from access by just everyone, and try to limit it to mostly radio amateurs with hopefully good intentions.
That's exactly what I meant. :-)
But I never would use it as a method to allow e.g. to operate a transmitter (as was the example use case).
Of course, it does not replace application-level user authentication. It's just a first level of filtering for applications that do not support user authentication (yet).
73 de TK1B1
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net