It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https. TLS etc.) over the 44. IP network.
This email list is used for communications regarding the use of the IP address space. I'm not asking about the use of encryption over part 97 RF radio, just the 44 network IP address space. I am not aware of any portion of the Part 97 rules that apply to the wired internet at large.
Everyone has an opinion, but it's time for the amprnet Board to clarify the muddy waters around the use of the amprnet IP space and publish those rules.
Please!
73, Kevin Walsh W8KHW
On 4/12/21 6:22 am, Kevin Walsh via 44Net wrote:
It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https. TLS etc.) over the 44. IP network.
This email list is used for communications regarding the use of the IP address space. I'm not asking about the use of encryption over part 97 RF radio, just the 44 network IP address space. I am not aware of any portion of the Part 97 rules that apply to the wired internet at large.
Everyone has an opinion, but it's time for the amprnet Board to clarify the muddy waters around the use of the amprnet IP space and publish those rules.
I don't see a problem. Just follow the rules and best practice.
When transiting over the Internet, best practice includes using encryption where possible. When transiting over the amateur bands, follow your country's rules. I don't see why a policy for encryption needs to be developed for 44net space.
The BoD are not lawyers and ARDC's purpose doesn't include commenting on encryption under part 97. I suggest you contact a telecom lawyer or try reaching out to the lawyers at ARRL.
Tim
On 12/3/21 11:22 AM, Kevin Walsh via 44Net wrote:
It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https. TLS etc.) over the 44. IP network.
This email list is used for communications regarding the use of the IP address space. I'm not asking about the use of encryption over part 97 RF radio, just the 44 network IP address space. I am not aware of any portion of the Part 97 rules that apply to the wired internet at large.
Everyone has an opinion, but it's time for the amprnet Board to clarify the muddy waters around the use of the amprnet IP space and publish those rules.
Please!
73, Kevin Walsh W8KHW _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
On 12/3/21 8:22 PM, Kevin Walsh via 44Net wrote:
It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https. TLS etc.) over the 44. IP network.
Why? That would be a matter for each individual operator to decide, based on their local laws and regulations, and the extend to which those are enforced in practice. I don't see a need for any centralized statement about that, especially as this is a worldwide network and regulations of all participating countries, as well as the technologies used in the network, can impossibly be overseen by the ARDC.
Rob
In the US if it is OTA ham then it would require published key, if it is on the internet it would be up to ampr, if ampr is saying up to the operator and that seems lodgical to me. Lin NI4Y
On Fri, Dec 3, 2021 at 4:15 PM Rob PE1CHL via 44Net 44net@mailman.ampr.org wrote:
On 12/3/21 8:22 PM, Kevin Walsh via 44Net wrote:
It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https.
TLS
etc.) over the 44. IP network.
Why? That would be a matter for each individual operator to decide, based on their local laws and regulations, and the extend to which those are enforced in practice. I don't see a need for any centralized statement about that, especially as this is a worldwide network and regulations of all participating countries, as well as the technologies used in the network, can impossibly be overseen by the ARDC.
Rob _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi Kevin,
You seem to be conflating the addresses used (which are controlled by ARDC) with the network used (which could be controlled by anyone). There are no muddy waters here. My understanding is that you should use the addresses for amateur radio purposes, which could well include purposes that require or benefit from encryption. There is no assumption made that all traffic originated by hosts using 44net addresses is suitable for transmission by an amateur station in all jurisdictions internationally.
In the IETF I am working on this document: https://datatracker.ietf.org/doc/html/draft-learmonth-rfc1226-bis-03 where I am working to update the standard for carrying AX.25 packets over IP links, I specifically talk about places where encryption should be used in relation to amateur radio links. I’d be interested in feedback on that if you have any. The concepts map onto 44net traffic almost directly where you might have IP traffic encapsulated in IP (i.e. the IPIP mesh) or simply have hosts accessible from the Internet.
If there was interest in an informational document to be put together for the general case of encryption of amateur radio transmissions and Internet linking then that’s something I could kick off.
Thanks, Iain.
From: 44Net 44net-bounces+irl=hambsd.org@mailman.ampr.org on behalf of Kevin Walsh via 44Net 44net@mailman.ampr.org Date: Friday, 3 December 2021 at 19:23 To: 44Net 44net@mailman.ampr.org Cc: Kevin Walsh w8khw1@gmail.com Subject: [44net] Request for official clarification from ampr.net BOD It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https. TLS etc.) over the 44. IP network.
This email list is used for communications regarding the use of the IP address space. I'm not asking about the use of encryption over part 97 RF radio, just the 44 network IP address space. I am not aware of any portion of the Part 97 rules that apply to the wired internet at large.
Everyone has an opinion, but it's time for the amprnet Board to clarify the muddy waters around the use of the amprnet IP space and publish those rules.
Please!
73, Kevin Walsh W8KHW _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
I am not aware of any portion of the Part 97 rules that apply to the wired
internet at large.
Part 97 rules only apply to RF transmissions made from US territory on amateur radio bands. Full stop.
The Internet at large does not operate on the ham bands, and most of it does not operate from US territory. And 44net/AMPRnet, while reserved for ham radio users and purposes, is technically not ham radio territory unless you are using AX.25, or carrying it on say WiFi links that exceed the restrictions of unlicensed uses of WiFi bands but are still within what is permitted as amateur radio use (e.g. licensed use of 2.4 GHz spectrum). And any Part 97 restrictions *would* apply in these latter cases whether or not an AMPRnet IP address is used, if transmitters located within US territory are used.
As soon as you get rid of ham radio transmission, or anything that's happening is happening in any of the other countries of the world, Part 97 is completely inapplicable.
73 Jim VE5EV
On 6 Dec 2021, at 16:50, Jim MacKenzie via 44Net 44net@mailman.ampr.org wrote:
I am not aware of any portion of the Part 97 rules that apply to the wired
internet at large.
Part 97 rules only apply to RF transmissions made from US territory on amateur radio bands. Full stop.
Indeed. I don’t think any national regulation at all considers any IP address space as “amateur radio”. Amateur radio is transmitted by radio and of course using ham spectrum.
I think other national regulations are quite similar. At least in Spain/Europe it is legal to use encryption *only* for equipment control purposes. Originally it was intended for repeater control, nowadays it should be possible to use ssh, for example, to manage AREDN equipment.
73,
Borja / EA2EKH
On 15/12/21 7:55 pm, Borja Marcos via 44Net wrote:
On 6 Dec 2021, at 16:50, Jim MacKenzie via 44Net 44net@mailman.ampr.org wrote:
I am not aware of any portion of the Part 97 rules that apply to the wired
internet at large.
Part 97 rules only apply to RF transmissions made from US territory on amateur radio bands. Full stop.
Indeed. I don’t think any national regulation at all considers any IP address space as “amateur radio”. Amateur radio is transmitted by radio and of course using ham spectrum.
I think other national regulations are quite similar. At least in Spain/Europe it is legal to use encryption *only* for equipment control purposes. Originally it was intended for repeater control, nowadays it should be possible to use ssh, for example, to manage AREDN equipment.
73,
Borja / EA2EKH
All,
This is the situation in Australia, taken from this document https://www.legislation.gov.au/Details/F2020C00376
(3A) The licensee must not operate an amateur station to transmit signals that are encoded for the purpose of obscuring the meaning of the signals, except for:
(a) signals exchanged between an amateur station and a space station in an amateur-satellite service for the purpose of controlling the operation of the space station; and
(b) signals exchanged between an amateur station and an unattended amateur station for the purpose of controlling the operation of the unattended amateur station; and
(c) intercommunications when participating in emergency services operations or training exercises related to emergency services.
Let the bush lawyers have fun!!
Ray vk2tv
On 15 Dec 2021, at 22:09, vk2tv via 44Net 44net@mailman.ampr.org wrote: (c) intercommunications when participating in emergency services operations or training exercises related to emergency services.
Cool! We don’t have this one and I was actually considering making a proposal to add it.
I can imagine all kind of nefarious consequences if during a serious emergency miscreants can take hold of supplies thanks to communications snooping.
73,
Borja / EA2EKH
Frankly speaking, one should proxy between "on-air" interfaces and the "Internet/ISP" interface at large. This can still be a 1-to-1 NAT mapping so to keep IP use within a given 44/8 subnet. But utilizing a proxy ensures that you as the network operator and licensed operator have the ability to inspect traffic which when we're talking about public interconnection *is* necessary as you cannot predict what the public in this case will do in terms of reply that may be out-of-bounds for the radio service. This way you can take requests that are HTTPS and by using a MITM proxy or similar, can inspect or encrypt and if needed, re-encode traffic going in and out of the radio interface.
On Thu, Dec 16, 2021 at 8:35 AM Borja Marcos via 44Net < 44net@mailman.ampr.org> wrote:
On 15 Dec 2021, at 22:09, vk2tv via 44Net 44net@mailman.ampr.org
wrote:
(c) intercommunications when participating inemergency services operations or training exercises related to emergency services.
Cool! We don’t have this one and I was actually considering making a proposal to add it.
I can imagine all kind of nefarious consequences if during a serious emergency miscreants can take hold of supplies thanks to communications snooping.
73,
Borja / EA2EKH
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Hi Don
MITM of HTTPS is no longer really a possibility with modern browsers through Certificate Transparency, at least not without triggering dire warnings to the end user. This is even with a rogue CA certificate voluntarily installed.
See https://certificate.transparency.dev/
Cheers Tom
On Fri, 17 Dec 2021 at 04:39, Don Fanning via 44Net 44net@mailman.ampr.org wrote:
Frankly speaking, one should proxy between "on-air" interfaces and the "Internet/ISP" interface at large. This can still be a 1-to-1 NAT mapping so to keep IP use within a given 44/8 subnet. But utilizing a proxy ensures that you as the network operator and licensed operator have the ability to inspect traffic which when we're talking about public interconnection *is* necessary as you cannot predict what the public in this case will do in terms of reply that may be out-of-bounds for the radio service. This way you can take requests that are HTTPS and by using a MITM proxy or similar, can inspect or encrypt and if needed, re-encode traffic going in and out of the radio interface.
On Thu, Dec 16, 2021 at 8:35 AM Borja Marcos via 44Net < 44net@mailman.ampr.org> wrote:
On 15 Dec 2021, at 22:09, vk2tv via 44Net 44net@mailman.ampr.org
wrote:
(c) intercommunications when participating inemergency services operations or training exercises related to emergency services.
Cool! We don’t have this one and I was actually considering making a proposal to add it.
I can imagine all kind of nefarious consequences if during a serious emergency miscreants can take hold of supplies thanks to communications snooping.
73,
Borja / EA2EKH
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Okay so we will leave the over the air regulations part out of the discussion.
What I see is that "secure communications" are mostly dictated by the user end applications. So I don't feel that it really has anything to do with ARDC, as technically they just administer the IP space (not really even the networks). However if you are suggesting best (secure) practices for interconnecting the proposed points of presence, then that could be a valid discussion topic, and that would be best discussed with those on that committee.
There was a good idea, basically an IETF for ham radio a while back, and it's website or formal name escapes me ( I am sure someone will chime in). That would likely be a good way to address your concerns. I feel your idea has to be a concept presented to a number of user and application software developers.
Steve
On Fri, Dec 3, 2021 at 1:23 PM Kevin Walsh via 44Net 44net@mailman.ampr.org wrote:
It would be most helpful if the amprnet BOD could post in writing an official statement regarding using common secure communications (https. TLS etc.) over the 44. IP network.
This email list is used for communications regarding the use of the IP address space. I'm not asking about the use of encryption over part 97 RF radio, just the 44 network IP address space. I am not aware of any portion of the Part 97 rules that apply to the wired internet at large.
Everyone has an opinion, but it's time for the amprnet Board to clarify the muddy waters around the use of the amprnet IP space and publish those rules.
Please!
73, Kevin Walsh W8KHW _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net
Security has many facets - encryption is only one.
For instance, it should be perfectly fine to use one-time passwords to authenticate and authorise access over-the-air, as there is no information that is being encrypted or obscured, as long as the actual information being exchanged is in the clear.
At least this is how I understand it for Canada and the US - I do not know if this is acceptable world-wide.
We all have to be aware of our local laws and only transmit data that fits those. This is not easy when interconnecting with the internet, where most everything is going encrypted these days - and increasing.
- Richard, VE7CVS
On 12/8/21 8:00 PM, Steve L via 44Net wrote:
Okay so we will leave the over the air regulations part out of the discussion.
What I see is that "secure communications" are mostly dictated by the user end applications. So I don't feel that it really has anything to do with ARDC, as technically they just administer the IP space (not really even the networks). However if you are suggesting best (secure) practices for interconnecting the proposed points of presence, then that could be a valid discussion topic, and that would be best discussed with those on that committee.
There was a good idea, basically an IETF for ham radio a while back, and it's website or formal name escapes me ( I am sure someone will chime in). That would likely be a good way to address your concerns. I feel your idea has to be a concept presented to a number of user and application software developers.
Steve
-
Borja Marcos -
Don Fanning -
irl@hambsd.org -
Jim MacKenzie -
Kevin Walsh -
Lin Holcomb -
Richard Chycoski -
Rob PE1CHL -
Steve L -
Tim Požar -
Tom M0LTE -
Tony Langdon -
vk2tv