17 Dec
2021
17 Dec
'21
4:24 a.m.
Hi Don
MITM of HTTPS is no longer really a possibility with modern browsers
through Certificate Transparency, at least not without triggering dire
warnings to the end user. This is even with a rogue CA certificate
voluntarily installed.
See https://certificate.transparency.dev/
Cheers
Tom
On Fri, 17 Dec 2021 at 04:39, Don Fanning via 44Net <44net(a)mailman.ampr.org>
wrote:
Frankly speaking, one should proxy between
"on-air" interfaces and the
"Internet/ISP" interface at large. This can still be a 1-to-1 NAT mapping
so to keep IP use within a given 44/8 subnet. But utilizing a proxy
ensures that you as the network operator and licensed operator have the
ability to inspect traffic which when we're talking about public
interconnection *is* necessary as you cannot predict what the public in
this case will do in terms of reply that may be out-of-bounds for the radio
service. This way you can take requests that are HTTPS and by using a MITM
proxy or similar, can inspect or encrypt and if needed, re-encode traffic
going in and out of the radio interface.
On Thu, Dec 16, 2021 at 8:35 AM Borja Marcos via 44Net <
44net(a)mailman.ampr.org> wrote:
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
On 15 Dec 2021, at 22:09, vk2tv via 44Net
<44net(a)mailman.ampr.org>
wrote:
(c) intercommunications when
participating in
emergency services operations or training exercises related to
emergency
services.
Cool! We don’t have this one and I was actually considering making a
proposal to add it.
I can imagine all kind of nefarious consequences if during a serious
emergency miscreants can take hold
of supplies thanks to communications snooping.
73,
Borja / EA2EKH
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net