[HamWAN PSDR] Traffic protection without encryption
Bart Kus
me at bartk.us
Thu Feb 21 19:46:12 PST 2013
Good direction, but I'd drop the requirement for policing the network by
actively preventing hams from using crypto. Hams are supposed to be
self-policing, and we'll be engaging a losing battle, and inviting
exploits. Let's just provide the tools to play nice. If people wanna
run astray of rules, HamWAN as repeater operator, is not ultimately
responsible.
Let us know how the infonerd thing goes. :)
--Bart
On 2/21/2013 7:21 PM, Benjamin Krueger wrote:
> I think we can solve a lot of our crypto-regulation problems if we
> explore IPSec in Authentication Header Transport mode. This signs
> every IP packet which gets us connection integrity, origin
> authentication, and replay protection without encrypting anything.
> Then we only have to take very basic measures to ensure folks don't
> intentionally or unintentionally make encrypted connections (over SSL,
> SSH, or other commonly encrypted protocols). The only outstanding
> question then is how to handle IKE (key exchange) in an automated way
> with certificates.
>
> I'm going to speak to some infosec geeks about this tonight
>
> NB: This doesn't handle initial network access authentication. That's
> still a problem to be solved, possibly with 802.1X, though that has
> its own problem since RouterOS only supports TLS-EAP which
> incorporates crypto.
>
> --
> Benjamin
>
>
> _______________________________________________
> PSDR mailing list
> PSDR at hamwan.org
> http://mail.hamwan.org/mailman/listinfo/psdr_hamwan.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.hamwan.net/pipermail/psdr/attachments/20130221/0bb1e581/attachment.html>
More information about the PSDR
mailing list