- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Thu, 14 Nov 2013 09:56:04 +0000
- To: Bruce Perens <bruce@perens.com>, ietf-http-wg@w3.org
Hi Bruce, On 11/14/2013 05:07 AM, Bruce Perens wrote: > Amateur radio, commonly referred to as "ham radio", is prohibited from using > encryption to obscure the message content by both international law (an ITU > treaty) and its implementations in the national law of most nations. However, we > can use encryption that /doesn't/ obscure message content for the purposes of > authentication. Use of an https URL over an Amateur Radio connection would be a > rule violation. > > Although I am well able to discuss the rationale for the prohibition of > encryption, that's probably off-topic for this list. Please take it as a given > that it's necessary and we like it this way. Anyone who wishes to know more can > email me directly. Well, I don't think its that simple to be honest. If there are good reasons to prefer the status quo that's fine, but that treaty is a fairly old thing and I think the argument that we should hold up security improvements in the web on that basis is not at all compelling. One could equally argue that today's common use of crypto for communication on the Internet and the web indicates that that treaty is now past its sell-by date. (I do realise that's not a usefully actionable argument for ham radio users.) Occasionally we're told that there are places in the world where current crypto is illegal (usually without reference to specific laws), but we nonetheless use strong crytpo in our protocols, going all the way back to RFC 1984. And we're right to do that. So your argument would also apply to an IPsec VPN but yet I don't see an argument that such VPNs ought only use AH and not ESP. > Radio Amateurs use wifi-like networks, using 802.11 equipment on its usual > frequencies or transverting it to other frequencies, and sometimes with a lot > more power than non-licensed users are allowed. There could be an interesting workshop paper on how HTTP/2.0 would run over AX.25 for sure. Has anyone done that? I'd wonder if there are other non-security features of HTTP/2.0 (as currently proposed) that would make it more or less well suited for use in such networks. > Although our routers often run OpenWRT or something similar so that we can add > ham-specific protcols, we use off-the-shelf computing equipment, operating > systems, and web browsers. > > It would cause us some significant pain if web browsers stopped enabling > unencrypted http connections. We'd have to proxy https to http before we allowed > the signal on to Amateur frequencies, in order to remain in legal compliance. Yes, that's true. The same is true for people who do DTN experiments (like me) where we have tried out various ways to get HTTP traffic to very odd places using RFC 5050. Now while ham radio is a much more real use-case than DTN, personally I think that the good for the billions of users of the web should outweigh the needs of such tiny communities in general. Cheers, S. > I doubt we're the only people in the world who must, or would rather, have their > communications in the clear. > > Thanks > > Bruce Perens K6BP >
Received on Thursday, 14 November 2013 09:56:28 UTC