These types of changes have been discussed for many years now in various
forums and there has never been a consensus on how to implement it... even
in the beginning when there was only one type of software and only packet
access it was determined that there could be no practical authentication
system in the network without unduly burdening every sysop with maintenance
of some kind of user authentication system... and because of anti-encryption
rules for amateur radio at least in the u.s. it would be extremely hard to
generate a system that would be immune to snooping on rf links. There were
some attempts that used query/response systems for authenticating remote
control operators for digipeaters and such that kind of worked, but over
time could have been snooped and broken fairly easily. Authentication via
the internet without some kind of secure server connection and login for
EVERY user on EVERY node would be worthless, it only takes one hole for the
whole thing to break down... and by design this would break ALL the existing
telnet software since telnet is by design not secure... so not only would
EVERY node have to change, but EVERY user program would have to change. And
NO rf user access could be allowed, nor RF node links, unless it were
permissible to encrypt all the links.
My only suggestion on how this could be done would be to design a brand new
spotting system from scratch with all the built in security necessary to
uniquely identify connected spotters, prevent rf snooping or unidentified
receive only users, and provide secure server to server connections, etc,
etc, etc... Oh, and the software itself would have to be distributed only
to authenticated sysops, probably with a unique security certificate so no
one could build a fake or 3rd party server that would allow lower security
access... Oh, and user access software would also require something that
would prevent user software from getting or injecting un-encrypted data or
any user with access to the non-encrypted data stream could inject bogus
spots and distribute received spots to non-registered users... kind of like
pirating music, once the stream is decrypted and available from the speakers
anyone can make another recording. Anyone who really wanted to cheat by
stealing spots would just need to have a friend register then feed them the
spots just like today... or anyone who found a sysop who wasn't diligent in
verifying identity before issuing access certificates could get bogus access
to post junk just like today.... I would say, 'build it and they will come',
but first, it would be too expensive to build, too hard to maintain, and in
the long run would just slow down the cheaters and malcontents for a little
while anyway and end up with fewer users, less good information, and a bunch
of sysops who would hate it.
David Robbins K1TTT
e-mail: mailto:k1ttt@arrl.net
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net
> -----Original Message-----
> From: cq-contest-bounces@contesting.com [mailto:cq-contest-
> bounces@contesting.com] On Behalf Of Felipe Ceglia - PY1NB
> Sent: Sunday, March 16, 2008 12:08
> To: cq-contest@contesting.com
> Subject: [CQ-Contest] spotting game, changes proposal
>
> Hello folks,
>
> I've been watching these threads about spotting and not spotting and all.
>
> What do you think about proposing some changes in the packet cluster
> network?
>
> The packet cluster network has been designed maybe more than 20 years
> ago, and probably restricted to packet radio use. These days there
> werent all those security problems and cheating in mind.
> Nowadays I cant know for sure, but probably more than 90% of cluster
> access are from internet.
>
>
> Somethings that it seems (to me) urgent to deploy:
>
> - exchanging of origin (TCP/IP address, radio frequency, port, home
> node) for users between cluster nodes;
>
> - limiting user logins, so a user would not be able to login with the
> same callsign to more than one cluster, unless he connects as CALL-1,
> CALL-2 (sometimes the user opens a log software, a webcluster and other
> aid software that also connects to the cluster);
>
> - think about authentication... at most of the clusters now, one can
> simply login as wish, no passwd, no control. we could think of using a
> couple of centralized servers for controlling authentication (ISPs and
> TI industry already do that with a software called radius), or using
> some key exchange like lotw does.
>
> I know these are not trivial changes, and probably there are more
> changes needed that didn't come to my mind.
> This would require upgrading all the servers, but could be scheduled to
> do in a couple of years.
>
> At least this would let us keep closer attention to cheaters, and
> probably after getting identified, the cheaters wont behave badly again,
> right?
>
>
> 73,
>
> Felipe Ceglia - PY1NB
> http://www.dxwatch.com
> _______________________________________________
> CQ-Contest mailing list
> CQ-Contest@contesting.com
> http://lists.contesting.com/mailman/listinfo/cq-contest
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|