I correct myself. 802.1X would be the lower level protocol/standard and
Radius/Diameter is the layer 7 application. Again this could be intertied
to LDAP or Active Directory for seamless authentication and the potential
to have single sign-on.
On Thu, Apr 17, 2014 at 11:29 PM, Don Fanning <don(a)00100100.net> wrote:
No, the communication is the entire content of the
packet. Again, you
can't pick and choose what parts of the law apply and what doesn't. It
would be like saying you can do Phone transmissions in the CW portion of
the band because it's digital. Your argument continues to try and warp the
law as written when it clearly states otherwise.
The ARRL has already dropped their argument regarding link layer
encryption by using the following overarching rule:
*Part 97 : Sec. 97.105 Control operator duties (a) The control operator
must ensure the immediate proper operation of the station, regardless of
the type of control*
This overrides 97.113 as .113 has one of those "except as otherwise
specified under this part..." sentences in the subsection preamble.
And I've already described a method of authentication using WPA and PKI...
some people know it as RADIUS authentication which is good enough for many
corporations to authenticate users to their networks. This occurs at a
lower level than SSL but higher than link level. This would be just to
validate that you are legitimate to access the network.
SSL is not a magic bullet. Last week that was proven apparent as many of
us have had to patch millions of servers against the Heartbleed
vulnerability which involved certain versions of OpenSSL. And if that
doesn't scare you, there is always Firesheep.
Since authentication should start at the network level and not the session
layer due to 97.105 to ensure that you are authorized to transmit and I am
authorized to relay your traffic, using LOTW or other higher level means of
security does fall subject to 97.113.
On Thu, Apr 17, 2014 at 8:38 PM, <lleachii(a)aol.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Don,
You mentioned a sernario where 802.11 itself is encrypted, I disagree
that's legal (see below). I'm also under the impression that, in some
cases, the return packet may be a 3rd party communication (if you want to
discuss this from Layer 3); but I won't get into that, since I purposely
stuck to Layer 1 to formulate my theory.
The "communication" here is an 802.11 frame (which happens to contain an
Ethernet [802.3] frame, which contains an TCP/IP packet). So, at the
'nitty-gritty' of RF, I'm sending you an 802.11 frame by DSSS or OFDM - by
Part 97, I can't obfuscate the 802.11 WLAN frames (so encrypted access
points may be a no-no here, but ARRL even says that the code can be
'published' and they believe that solves the closed access point issue - I
suppose analogous to someone not knowing the PL tone to transmit, if you
will; but I don't 100% agree).
I'm 100% aware some stations may disagree with that notion; but as far as
I'm concerned, I can sniff 802.11 frames all day, if I can determine the
callsign somewhere, tell if it's 802.11, tell the device MACs and that it's
an Ethernet frame (even even more, that it's ICMP/TCP/UDP/GRE/IPENCAP/etc.),
we're within the scope of the Part 97.
-KB3VWG
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net