Re: [44net] Test New Tool - APRS Code Recovery

That's not quite true. The FCC regulates how you use the spectrum. The OSI model is just an explanation of how different pieces interact with each other. At the end of the day, it still travels over licensed spectrum. Which is why you can't use ham bands for news gathering. Or the spectrum itself for profitable pursuits. Or for broadcasting music programs. Certainly you can argue that streaming digital copies of Metallica over amateur licensed bands doesn't constitute broadcasting nor music but that doesn't change the meaning of the law. I'm sure the NAB and the RIAA would want the pounds of flesh from those who dare them... and they have alot of *money*pull*money* with the FCC. So to say that the FCC doesn't have power to regulate communication content is a falsehood. Back to encryption: "No amateur station shall transmit [...] messages encoded for the purpose of obscuring their meaning, except as otherwise provided herein; obscene or indecent words or language; or false or deceptive messages, signals or identification." Part 97.113 The argument of SSL is that it is necessary for identification (authentication) of the user. Well, it already says that saying I'm someone else is already illegal. But it also says that it's illegal to obscure the message that identifies me. This comes from the line of thinking that people need to be able to identify who is making the transmission. IP addressing already accomplishes this. Anything extra layer of authentication becomes an obscure message as you've already accomplished it at the 44.x.x.x level. But let's take it to a lower level. Let's say I hop on HamWAN and instead of using my assigned IP space, I use one of the IP's in the pool. At which point I'm using the HamWAN's ip space and their callsign. But if I was unlicensed, I would be a pirate. The way to mitigate this is to use WEP or even take it to the layer of WPA with TKIP or even WPA with certificates (Enterprise TKIP). Then I would be identifying myself by using an PKI certificate as well as potentially handshaking with my callsign to the HamWAN callsign. The reason for this is to keep within the rules for maintaining proper access and control of your station (in this case HamWAN's). Kerberos could certainly be used as part of the authentication scheme (similar to remote management of a satellite or repeater system) but there should be no need for any kind of authentication or encryption at any higher level except for remote management of the network hardware. SSL being layer 5 and up would still be considered content and thusly against the rules. But one can also argue that using even WEP constitutes a violation. It's one thing to say it's a grey area. It's another to try and bend the law's plain meaning into your own advantage because you don't want to do the legwork. Personally, I think it will take another RM similar to the EMCOMM one last year to change this properly as in the end I do agree with all of you that in the digital age there should be authentication of transmissions at all layers of the model. But the rules, as written today, only provides for the most basic means of identification. On Thu, Apr 17, 2014 at 5:45 PM, <lleachii(a)aol.com> wrote: