I correct myself. 802.1X would be the lower level protocol/standard and Radius/Diameter is the layer 7 application. Again this could be intertied to LDAP or Active Directory for seamless authentication and the potential to have single sign-on.
On Thu, Apr 17, 2014 at 11:29 PM, Don Fanning don@00100100.net wrote:
No, the communication is the entire content of the packet. Again, you can't pick and choose what parts of the law apply and what doesn't. It would be like saying you can do Phone transmissions in the CW portion of the band because it's digital. Your argument continues to try and warp the law as written when it clearly states otherwise.
The ARRL has already dropped their argument regarding link layer encryption by using the following overarching rule:
*Part 97 : Sec. 97.105 Control operator duties (a) The control operator must ensure the immediate proper operation of the station, regardless of the type of control*
This overrides 97.113 as .113 has one of those "except as otherwise specified under this part..." sentences in the subsection preamble.
And I've already described a method of authentication using WPA and PKI... some people know it as RADIUS authentication which is good enough for many corporations to authenticate users to their networks. This occurs at a lower level than SSL but higher than link level. This would be just to validate that you are legitimate to access the network.
SSL is not a magic bullet. Last week that was proven apparent as many of us have had to patch millions of servers against the Heartbleed vulnerability which involved certain versions of OpenSSL. And if that doesn't scare you, there is always Firesheep.
Since authentication should start at the network level and not the session layer due to 97.105 to ensure that you are authorized to transmit and I am authorized to relay your traffic, using LOTW or other higher level means of security does fall subject to 97.113.
On Thu, Apr 17, 2014 at 8:38 PM, lleachii@aol.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ Don,
You mentioned a sernario where 802.11 itself is encrypted, I disagree that's legal (see below). I'm also under the impression that, in some cases, the return packet may be a 3rd party communication (if you want to discuss this from Layer 3); but I won't get into that, since I purposely stuck to Layer 1 to formulate my theory.
The "communication" here is an 802.11 frame (which happens to contain an Ethernet [802.3] frame, which contains an TCP/IP packet). So, at the 'nitty-gritty' of RF, I'm sending you an 802.11 frame by DSSS or OFDM - by Part 97, I can't obfuscate the 802.11 WLAN frames (so encrypted access points may be a no-no here, but ARRL even says that the code can be 'published' and they believe that solves the closed access point issue - I suppose analogous to someone not knowing the PL tone to transmit, if you will; but I don't 100% agree).
I'm 100% aware some stations may disagree with that notion; but as far as I'm concerned, I can sniff 802.11 frames all day, if I can determine the callsign somewhere, tell if it's 802.11, tell the device MACs and that it's an Ethernet frame (even even more, that it's ICMP/TCP/UDP/GRE/IPENCAP/etc.), we're within the scope of the Part 97.
-KB3VWG
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net