15 Sep
2017
15 Sep
'17
8:20 a.m.
/A good project
on AMPRNet would be to setup a user authentication /> >/system that can be />
>/used for our services without running the risk that some (ab)used /> >/party
suddenly /> >/draws back the support, or delays validation of new applicants (if
/> >/only due to lack /> >/of volunteers to do the validation). /> Now,
this is a great idea. Could also be used for IPv6 netblock
validation. 
15 Sep
15 Sep
11:51 a.m.
New subject: USENET news on AMPRNet
I am interested in putting some effort into such a project, it would be of benefit not
only to the AMPRNet Portal, but has wider benefits to other areas of Amateur Radio I'm
involved in. I was looking a while back at how to validate a user for the Portal with the
ultimate goal of issuing certificates similar to LOTW.
It's not directly relevant to this mailing list, so if anyone is interested in
discussing this further, please email me direct.
Thanks
Chris
On 15 Sep 2017, at 13:20, Rob Janssen <pe1chl(a)amsat.org> wrote:
>> >/A good project on AMPRNet would be to setup a user authentication />
>/system that can be /> >/used for our services without running the risk that
some (ab)used /> >/party suddenly /> >/draws back the support, or delays
validation of new applicants (if /> >/only due to lack /> >/of volunteers to
do the validation). /> Now, this is a great idea. Could also be used for IPv6
netblock
>> validation.
>
> Yes, although a more dynamic method like BGP appears to be more suitable for that.
>
> Such an authentication system should offer a method to authenticate users that want
> to log on to some service and it should have some attributes for each user that
> can be used in queries for authentication.
> Things that come to mind:
>
> - does the user have a (verified) amateur radio license
> - category of the license (preferably with allowed band ranges)
> - client certificate(s)
> - password(s)
>
> Probably more can be added.
> The problem of course is the manual work required for license validation.
> We could devise some method to use earlier validations by Echolink and LOTW,
> but when we want to do our own validation we require the volunteers that look
> at scanned license documents and accept/reject them.
>
> An issue is the storage of so much personal information in a database, which
> requires compliance to rules for personal data protection that are (or are
> becoming) quite strict in many countries.
>
> When we would have such a system on AMPRNet (preferably also usable from internet)
> it could be used for many purposes where we are now limited in practice.
> E.g. to set up a next-generation Echolink-like system that is open/free.
>
> Rob
>
>
10:02 p.m.
New subject: Validating users
On 15.09.2017 17:51, Chris via 44Net wrote:
I am interested in putting some effort into such a
project, it would be of benefit not only to the AMPRNet Portal, but has wider benefits to
other areas of Amateur Radio I'm involved in. I was looking a while back at how to
validate a user for the Portal with the ultimate goal of issuing certificates similar to
LOTW.
I guess that would be far to much work for small population it would target.
If you want certification use LOTW. It is meant just for that purpose
and they already did all the job. LOTW certification is not complicated
because they made it so. It is just if you use certificates, it gets
complicated. And LOTW managed to make it as simple as possible.
--
Pedja YT9TP
16 Sep
16 Sep
3:50 a.m.
New subject: Validating users
On 16 Sep 2017, at 03:02, Pedja YT9TP
<yt9tp(a)uzice.net> wrote:
On 15.09.2017 17:51, Chris via 44Net wrote:
It has other uses in other areas of Amateur Radio, but yes, when I looked into the
possibilities previously it would take some effort, which is why I wouldn’t take it on on
my own.
I am interested in putting some effort into such
a project, it would be of benefit not only to the AMPRNet Portal, but has wider benefits
to other areas of Amateur Radio I'm involved in. I was looking a while back at how to
validate a user for the Portal with the ultimate goal of issuing certificates similar to
LOTW.
I guess that would be far to much work for small population it would target. If you want certification use LOTW. It is meant just
for that purpose and they already did all the job. LOTW certification is not complicated
because they made it so. It is just if you use certificates, it gets complicated. And LOTW
managed to make it as simple as possible.
It may be possible to link to LOTW if they were willing, but setting up our own CA and
issuing certificates is not difficult and doesn’t need to be complicated.
It’s the validation bit that’s difficult, for most countries you can’t automate the
process, it would need a human being to validate the request. My thoughts were along the
lines of establishing and building a web of trust to delegate the work. It’s not just
coding effort, it’s social engineering as well.
Chris
5:33 a.m.
New subject: Validating users
On 16/09/2017 5:50 PM, G1FEF via 44Net wrote:
It may be possible to link to LOTW if they were
willing, but setting up our own CA and issuing certificates is not difficult and doesn’t
need to be complicated.
Yep, done it for the likes of OpenVPN networks, where I was
the sole CA
for all links. That meant I could personally validate every connection
as being authorised to access our network. The issuing of certificates
is a dead simple process.
It’s the validation bit that’s difficult, for most countries you can’t automate the
process, it would need a human being to validate the request. My thoughts were along the
lines of establishing and building a web of trust to delegate the work. It’s not just
coding effort, it’s social engineering as well.
Yep, it's deciding how much
trust you need, then ensuring you have a web
that provides the level of trust appropriate. And each country is
different. Australia no longer issues paper licenses by default, would
a PDF downloaded off the Internet be acceptable? These are the
questions that must be resolved by the validating CA. I do like the way
the US hams are validated by LoTW (by mail to the registered contact
address), I think that would work here too now. But you've hit the nail
on the head, it's the human/social stuff that is very hard when it comes
to setting up validation. The technology is simple. :)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
5:57 a.m.
New subject: Validating users
I think LDAP would be a good fit for most if not all of the use cases
mentioned recently, and would greatly simplify the design.
As for initial user validation, I was going to suggest something like a
WoT too.
It would be easy enough to integrate both PKI (LOTW and any other CAs
deemed trustworthy) as well as a PGP web of trust, with mandated minimum
trust levels set by the community.
I think that the development of this sort of system needs to be open and
transparent to the ham community, not just a small closed group.
Without transparency, I wouldn't be too keen to point any of my systems
at it for authorization.
I'd be interested in being involved in the development if it was to
happen - even though it sounds far too much like my 9-5 job :(
Josh
On 16/09/2017 5:50 PM, G1FEF via 44Net wrote:
It’s the validation bit that’s difficult, for most
countries you can’t
automate the process, it would need a human being to validate the
request. My thoughts were along the lines of establishing and building
a web of trust to delegate the work. It’s not just coding effort, it’s
social engineering as well.
3:02 p.m.
New subject: Validating users
On 9/16/17 8:25 AM, G1FEF via 44Net wrote:
How ironic.
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
On 16 Sep 2017, at 10:57, Josh
<josh(a)festy.org> wrote:
I think that the development of this sort of system needs to be open and
transparent to the ham community, not just a small closed group.
Totally agree.
Chris
17 Sep
17 Sep
7:42 a.m.
New subject: Validating users
On 16.09.2017 14:25, G1FEF via 44Net wrote:
It also should be backed up and supported by large amateur radio
organizations starting with IARU.
--
Pedja YT9TP
On 16 Sep 2017, at 10:57, Josh
<josh(a)festy.org> wrote:
I think that the development of this sort of system needs to be open and
transparent to the ham community, not just a small closed group.
Totally agree. 
20 Sep
20 Sep
11:47 a.m.
New subject: Validating users
I like the concept of setting up an OpenID system. I also believe this
is a role that the larger AMPR group could do for the global amateur
radio community and give the group a larger purpose. Stepping into the
details a bit, I believe that OpenID requires an active network
connection to function. I don't think that will work in supporting
isolated networks, slow networks, or partially broken networks. Compare
that to say an X.509 certificate system (like what LOTW uses) which can
support offline validation. If we were to approach this project, I
think we'd need:
- Identify the use cases we want to solve : access to networks,
access to hosts/applications (BBSes, maybe Echolink, Dstar, whatever)
that are online, occasionally offline, completely offline. Are any of
these networks using amateur radio frequencies that cannot support
encryption. How do we solve that situation? Can it we exceptions to the
various governing bodies to allow it (ITU, FCC, etc)? Are there any
options here to provide strong and secure authentication over amateur RF
networks or must we only use the Internet?
- Identify a working community of people who are interested either
in working on the technical aspects or the validation aspects of the
solution. I do agree we should try to get the larger amateur radio
bodies involved (IARU, RSGB, ARRL, etc -
https://en.wikipedia.org/wiki/List_of_amateur_radio_organizations ).
That will take a LOT of time but I don't think it will block any
specific progress.
- Identify the workflows for each of those use cases - would be best
to delegate different use cases to those people who both need them and
have a passion to get them solved.
- Determine how to securely create a mesh of authentication nodes
worldwide
- Create some policies around these nodes on creation, maintenance,
security, auditing policies, etc.
I imagine some people might think there is a lot of bureaucratic steps
in there and I agree. The reality is that we need to find a common
point where everyone can both agree and maybe leverage existing systems
(LOTW, etc) if deemed acceptable. HAM radio seems to naturally gather
into little fiefdoms which would dilute and/or break the utility of a
global authentication system like this. This team will have to
constantly work to keep it cohesive and functional.
--David
KI6ZHD
2:21 p.m.
New subject: Validating users
I believe that OpenID requires an active network
connection to function.
[...] Compare that to [...] LOTW [...] which can support
offline validation.
Identify a working community of people who are
interested either in
working on the technical aspects or the validation aspects of
the solution.
The ideas I had spelled out in one of the other threads can essentially be
broken down like this:
1. Create a shared online authentication service for convenience of the
many Internet connected amateur related systems out there, including
validation using LotW and potentially other means.
2. Simplify and document the service in a way that would allow it to be
easily recreated in a standard way by isolated networks or those who must
only trust their own validations.
We tried broaching this subject on the new ARETF message boards a couple
years ago, but they haven't had any traffic other than spambots since then.
:(
As mentioned in the other thread here last week, I'm thrilled to have
finally found others who are also interested in this topic, so I had
started a new public mailing list devoted to it. I encourage you and
others to join us there so we can return the AMPRNet mailing list to being
an ICMP traffic alerting service. hihi ;)
Join here: https://groups.io/g/hamauth
-or- join by sending an email to: hamauth+subscribe(a)groups.io
Cory, NQ1E
Seattle
16 Sep
16 Sep
8:05 a.m.
New subject: Validating users
Chris;
If you need a liason for LoTW...
W1ZFG is a good friend of mine who I assist when he gets stuck.
He's our local repeater club's secretary AND works for ARRL in LoTW.
I'll be speaking with him tonight on the local VHF nets.
If you need a human to bridge this project to LoTW, let me know.
In the interim look at:
http://www.arrl.org/developer
On Sat, 2017-09-16 at 08:50 +0100, G1FEF via 44Net wrote:
--
I used to be a heavy gambler. But now I just make mental bets.
That's how I lost my mind.
--------
73 de Brian - N1URO/AFT1BR,
President - EastNet Packet Network
https://www.eastnetpacket.org
email: (see above)
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/ (ipv4 AND ipv6)
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
http://uronode.sourceforge.net
http://axmail.sourceforge.net
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts,
New Hampshire, New Jersey, Pennsylvania,
Rhode Island, and Vermont.
On 16 Sep
2017, at 03:02, Pedja YT9TP <yt9tp(a)uzice.net> wrote:
On 15.09.2017 17:51, Chris via 44Net wrote:
It has other uses in other areas of Amateur Radio, but yes, when I looked into the
possibilities previously it would take some effort, which is why I wouldn’t take it on on
my own.
I am interested in putting some effort into such
a project, it would be of benefit not only to the AMPRNet Portal, but has wider benefits
to other areas of Amateur Radio I'm involved in. I was looking a while back at how to
validate a user for the Portal with the ultimate goal of issuing certificates similar to
LOTW.
I guess that would be far to much work for small population it would target. If you want certification use LOTW. It is meant
just for that purpose and they already did all the job. LOTW certification is not
complicated because they made it so. It is just if you use certificates, it gets
complicated. And LOTW managed to make it as simple as possible.
It may be possible to link to LOTW if they were willing, but setting up our own CA and
issuing certificates is not difficult and doesn’t need to be complicated.
It’s the validation bit that’s difficult, for most countries you can’t automate the
process, it would need a human being to validate the request. My thoughts were along the
lines of establishing and building a web of trust to delegate the work. It’s not just
coding effort, it’s social engineering as well.
Chris
_________________________________________
44Net mailing list
44Net(a)hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
8:24 a.m.
New subject: Validating users
Thanks Brian, that’s good to know.
> On 16 Sep 2017, at 13:05, Brian <n1uro(a)n1uro.ampr.org> wrote:
>
> Chris;
>
> If you need a liason for LoTW...
>
> W1ZFG is a good friend of mine who I assist when he gets stuck.
> He's our local repeater club's secretary AND works for ARRL in LoTW.
> I'll be speaking with him tonight on the local VHF nets.
>
> If you need a human to bridge this project to LoTW, let me know.
> In the interim look at:
> http://www.arrl.org/developer
>
>
>
> On Sat, 2017-09-16 at 08:50 +0100, G1FEF via 44Net wrote:
>>> On 16 Sep 2017, at 03:02, Pedja YT9TP <yt9tp(a)uzice.net> wrote:
>>>
>>>
>>> On 15.09.2017 17:51, Chris via 44Net wrote:
>>>> I am interested in putting some effort into such a project, it would be
of benefit not only to the AMPRNet Portal, but has wider benefits to other areas of
Amateur Radio I'm involved in. I was looking a while back at how to validate a user
for the Portal with the ultimate goal of issuing certificates similar to LOTW.
>>>
>>> I guess that would be far to much work for small population it would target.
>>
>> It has other uses in other areas of Amateur Radio, but yes, when I looked into
the possibilities previously it would take some effort, which is why I wouldn’t take it on
on my own.
>>
>>> If you want certification use LOTW. It is meant just for that purpose and
they already did all the job. LOTW certification is not complicated because they made it
so. It is just if you use certificates, it gets complicated. And LOTW managed to make it
as simple as possible.
>>
>> It may be possible to link to LOTW if they were willing, but setting up our own
CA and issuing certificates is not difficult and doesn’t need to be complicated.
>>
>> It’s the validation bit that’s difficult, for most countries you can’t automate
the process, it would need a human being to validate the request. My thoughts were along
the lines of establishing and building a web of trust to delegate the work. It’s not just
coding effort, it’s social engineering as well.
>>
>> Chris
>>
>>
>> _________________________________________
>> 44Net mailing list
>> 44Net(a)hamradio.ucsd.edu
>> http://hamradio.ucsd.edu/mailman/listinfo/44net
>
> --
> I used to be a heavy gambler. But now I just make mental bets.
> That's how I lost my mind.
> --------
> 73 de Brian - N1URO/AFT1BR,
> President - EastNet Packet Network
> https://www.eastnetpacket.org
> email: (see above)
> Web: http://www.n1uro.net/
> Ampr1: http://n1uro.ampr.org/ (ipv4 AND ipv6)
> Ampr2: http://nos.n1uro.ampr.org
> Linux Amateur Radio Services
> axMail-Fax & URONode
> http://uronode.sourceforge.net
> http://axmail.sourceforge.net
> AmprNet coordinator for:
> Connecticut, Delaware, Maine,
> Maryland, Massachusetts,
> New Hampshire, New Jersey, Pennsylvania,
> Rhode Island, and Vermont.
>
17 Sep
17 Sep
6:14 a.m.
New subject: Validating users
On 16.09.2017 09:50, G1FEF via 44Net wrote:
It’s the validation bit that’s difficult, for most
countries you can’t automate the process, it would need a human being to validate the
request. My thoughts were along the lines of establishing and building a web of trust to
delegate the work. It’s not just coding effort, it’s social engineering as well.
That was my point. Technical part is not problem, but administration. I
am quite certain that it will never be possible to get worldwide
call-sign validation working beyond manual documents inspection.
I do agree that having one global validation service that offers API's
for various purposes and platforms would be great, even if that means
that manual paperwork is involved.
--
Pedja YT9TP
6:27 a.m.
New subject: Validating users
On 17/09/2017 8:14 PM, Pedja YT9TP wrote:
That was my point. Technical part is not problem, but
administration.
I am quite certain that it will never be possible to get worldwide
call-sign validation working beyond manual documents inspection.
I do agree that having one global validation service that offers API's
for various purposes and platforms would be great, even if that means
that manual paperwork is involved.
Perhaps a federated web of trust is the way to
go? Each country or
region looks after its own users, and then trust is shared with other
entities.
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
16 Sep
16 Sep
5:27 a.m.
New subject: Validating users
On 16/09/2017 12:02 PM, Pedja YT9TP wrote:
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
If you want certification use LOTW. It is meant just
for that purpose
and they already did all the job. LOTW certification is not complicated
because they made it so. It is just if you use certificates, it gets
complicated. And LOTW managed to make it as simple as possible.
Some slight issues for me: (from the LoTW website)
If your primary callsign was not issued in the United States, you have
two options:
A. Mail a copy of your Amateur Radio operating authorization and a
copy of one other official document that shows your name (for example, a
driver's license) to the ARRL. When the ARRL receives your
documentation, it will send you an email message containing your LoTW
Account Password, with your Callsign Certificate attached.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
in Australia, they don't normally issue paper licenses anymore. And the
electronic one can be accessed by anyone online. It's been 2 years
since I've had a paper licence (but mine are valid).
B. Present your documents in person to an in-country ARRL DXCC Card
Checker, The Card Checker will inspect your documents and, if accepted,
inform ARRL’s LoTW staff that that the applicant’s identity and license
have been verified. The ARRL will then send you an email message
containing your LoTW Account Password, with your Callsign Certificate
attached.
Not every DXCC entity has DXCC Card Checkers, and Card Checkers are not
required to participate in this verification process. Thus you should
contact an in-country Card Checker in advance to ask if they are willing
to check your identity and license documents. A list of DXCC Card
Checkers is here.
5:38 a.m.
New subject: Validating users
Le 16/09/2017 à 04:02, Pedja YT9TP a écrit :
LOTW certification is not complicated
LoTW, for some OM, it is complicated...
Echolink, no verification if the person is deceased or no more amateur...
Amateur radio registered of 44.151 are all alive.
;)
Anyway aperson who wants to hack Network 44 will be able to.
Even the password of the script is recoverable by any linuxien by a
simple Linux command ...
One thing certain is that if there is evolution to a forum, I would
not follow this very closely.
Proverb: why change a winning team.
Best regards,
Ludovic - F5PBG
(Coord 44.151)
5:46 a.m.
New subject: Validating users
On 16/09/2017 7:38 PM, f5pbg(a)free.fr wrote:
LoTW, for some OM, it is complicated...
Looks a
little simpler than I recall, I know there was a reason I never
got around to doing it. Now, the biggest complication is actually
getting a paper licence!
Echolink, no verification if the person is deceased or
no more amateur...
Not necessarily reliable.
Amateur radio registered of 44.151 are all alive.
;)
Anyway aperson who wants to hack Network 44 will be able to.
Even the password of the script is recoverable by any linuxien by a
simple Linux command ...
One thing certain is that if there is evolution to a forum, I would
not follow this very closely.
Proverb: why change a winning team.
Or as we say here "If it ain't broke,
don't fix it" ;)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
4:45 a.m.
New subject: USENET news on AMPRNet
On 16/09/2017 1:51 AM, Chris via 44Net wrote:
I am interested in putting some effort into such a
project, it would be of benefit not only to the AMPRNet Portal, but has wider benefits to
other areas of Amateur Radio I'm involved in. I was looking a while back at how to
validate a user for the Portal with the ultimate goal of issuing certificates similar to
LOTW.
It's not directly relevant to this mailing list, so if anyone is interested in
discussing this further, please email me direct.
I'm interested to play, both to
try the concept, as well as see if I can
integrate it with my other systems. I have Linux boxes to run INN on,
mostly R-Pi, but not all, there's a couple of small x86 machines here,
as well as a VPS that I've been subscribed to for years, that runs a lot
of ham radio services. I would have to give it a 44/8 address from my
netblock (point to point over a tunnel perhaps), might be an opportunity
to try an IPv4 VPN over an IPv6 network. :)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
4:45 a.m.
New subject: USENET news on AMPRNet
On 16/09/2017 1:51 AM, Chris via 44Net wrote:
I am interested in putting some effort into such a
project, it would be of benefit not only to the AMPRNet Portal, but has wider benefits to
other areas of Amateur Radio I'm involved in. I was looking a while back at how to
validate a user for the Portal with the ultimate goal of issuing certificates similar to
LOTW.
It's not directly relevant to this mailing list, so if anyone is interested in
discussing this further, please email me direct.
Private email sent. :)
--
73 de Tony VK3JED/VK3IRL
http://vkradio.com
2432
days inactive
2437
days old
19 comments
11 participants
participants (11)
-
Brian -
Bryan Fields -
Chris -
Cory (NQ1E) -
David Ranch -
f5pbg@free.fr -
G1FEF
-
Josh -
Pedja YT9TP -
Rob Janssen -
Tony Langdon