[HamWAN PSDR] Encryption on HamWAN
bernard at littau.org
Fri Jul 19 13:43:53 PDT 2019
So another thought, or two...
Winlink appears to avoid this issue with PACTOR and VARA by enabling individuals to read all email traffic on the Winlink network. See:
So one possible solution for HAMWAN would be to do some sort of man-in-the-middle decrypt, log, and re-encrypt of HTTPS traffic after the RF stage (the sectors), and make that log available to the "public". This would mean it would be stupid to use a credit card on HAMWAN, but not so for weather or fcc. Would this be acceptable to HAMWAN users? Clearly, this is the de facto case for Winlink.
From: Bart Kus <me at bartk.us>
Sent: Friday, July 19, 2019 13:21
To: Puget Sound Data Ring <psdr at hamwan.org>; Bernard Littau <bernard at littau.org>; Nigel Vander Houwen <nigel at nigelvh.com>
Subject: Re: [HamWAN PSDR] Encryption on HamWAN
I'll add more data for those wishing to think about these things:
1) HamWAN only relies on Part 97 spectrum for the very last hop (the sectors). Everything before that can be considered P15 or ISM, and can run crypto.
2) If the FCC passed U-NII-4 rules, our tiny sliver of P97 space would become usable for crypto, without changing frequencies.
3) The EOCs and repeater sites on HamWAN are typically fed directly from the backbone (P15/ISM) and not from sectors, so they're fine to use crypto.
I often wonder if HamWAN should have been defined as "Created by hams, for hammy + emcomm purposes, but on freqs not exclusively P97 licensed." We'd probably lose access to a site or 2 if we did that switch, but perhaps the project overall would offer more utility.
On 7/19/2019 12:56 PM, Bernard Littau wrote:
> What would it take to keep from running afoul of the Part 97 encryption restrictions? Everyone put on their thinking caps. Would it be feasible to set up some sort of proxy after the RF stage but before the internet that keeps the HTTPS stuff unencrypted over the Part 97 RF. Like Thom said, there is not much left on the web that is HTTP. The goal is zero HTTP. I can't even go to weather.gov to check my forecast, or to the FCC to check my license status (https://wireless2.fcc.gov/UlsApp/UlsSearch/searchLicense.jsp), without running afoul of the HTTPS issues.
> This seems to me a classic case where the Rule and the Reason have diverged, and it needs addressing.
> Personal beef: I can't see how PACTOR, and now VARA, can steer clear of the Part 97 rules when they are "encrypyted" and clearly derive a pecuniary benefit by charging for their "compression/encryption". I do not want to get into a debate about this, BUT, can such exemption be parlayed into something similar as an exemption for HTTPS. Remember, thinking caps, not debate. I can live with PACTOR et al, I don't have to like it, it's just the way it is. Can this help HTTPS?
> -----Original Message-----
> From: PSDR <psdr-bounces at hamwan.org> On Behalf Of Bart Kus
> Sent: Friday, July 19, 2019 12:55
> To: Puget Sound Data Ring <psdr at hamwan.org>; Nigel Vander Houwen
> <nigel at nigelvh.com>
> Subject: Re: [HamWAN PSDR] Encryption on HamWAN
> I think it's important to recognize that the Internet has changed significantly since the project's inception in 2012. Two very important things came to pass, that impact the HamWAN use case arguments in 2012:
> 1) HTTPS became universally deployed, instead of being reserved for specific pages.
> 2) Browsers have removed support for null-cipher HTTPS.
> Even the use case of surfing Wikipedia can't be done on HamWAN these days. Heck, you can't even do a Google search for anything.
> Is there a point to powering a network that's so useless? As Thom points out, it can't even be used for WebEOC emcomm either. People need to regularly test + practice emcomm tools for them to be usable in a real emergency. This is not allowed right now.
> Part97 is incompatible with modern computing life, and we might be better off having a smaller footprint that offers actual utility.
> Or we can just wait a couple years for StarLink / OneWeb.
> On 7/19/2019 12:27 PM, Nigel Vander Houwen wrote:
>> This is something we’ve thought about as well. The FCC is explicitly permissive in the case of a real emergency, though that doesn’t really cover the use case during the rest of the time. This is one of a number of reasons why we (the network admins) have specifically avoided blocking anything but blatant abuse (mostly virus type stuff). We want to leave the possibility open in terms of the network for these sorts of cases, but that comes with users needing to take on the responsibility to maintain their own compliance.
>> The team is discussing ways we can help with this, while leaving things as flexible as possible. One of the current front running ideas is adding instructions to the client node configuration page that everyone uses to set up their modems, to block HTTPS at your modem. That leaves you the option to disable it if required (unlike if we implemented the block on the network side), but helps to maintain compliance during regular activities. It’s still very much an active discussion at this point, but if folks have ideas we’ll certainly welcome them.
>>> On Jul 19, 2019, at 12:17, Thom Wescott <thom.wescott at gmail.com> wrote:
>>> Thanks for the reminder, I'm not one to argue that, but it does bring up a question. There is not much of the web left that is not HTTPS, I'm thinking particularly of emergency management sites such as WebEOC. Is this violation likely to be excused when providing communications support in a real public emergency?
>>> Thom Wescott
>>> PSDR mailing list
>>> PSDR at hamwan.org
>> PSDR mailing list
>> PSDR at hamwan.org
> PSDR mailing list
> PSDR at hamwan.org
> PSDR mailing list
> PSDR at hamwan.org
More information about the PSDR