At 06:36 AM 6/25/2010, you wrote: >All, > >thanks for your replies and arguments. > >Authentication subject has been raised in connection with negative >examples in analog repeater networks and AMPR in the past. >Until then while the repeater works locally - security is a problem of >repeater's owner.
I still disagree that on air security is warranted. It goes against the open, experimental nature of ham radio. And I'm sure it could be circumvented. As others have pointed out, the best approach is: 1. Assume the other person is genuine, unless you have reason to suspect otherwise (innocent until proven guilty). 2. If there is a problem with pirate or antisocial operation, locals in the area work with the repeater/gateway owner (who can take action, such as turning their system off) and local authorities (who have the power to prosecute). If we have a problem in our local area, and it becomes persistent, the first step is to DF the problem. At the same time, gather as much data, such as on air recordings, log of times, etc. Then pass all this to the authorities for them to deal with. I believe authentication has too many problems for the amateur world. It reduced the implicit trust we have on air. It creates administrative headaches and reduces flexibility. There is one area that strong authentication does have a place, and that is for the interfaces between amateurs (i.e. individuals accessing the amateur networks directly from their PC or phone) or amateur systems (e.g. a repeater) and the Internet. Strong authentication is needed here to limit access to amateurs. This essentially creates a global virtual amateur network on top of the Internet. >We can assume that a weak place in security is an air interface of local >repeater (at confidence links between Gateways). The On air will always be the weakest link, but it's also the one that's (supposedly) policed locally. >Therefore: >- authentication can work locally on a concrete repeater >- authentication takes place only at process of registration >- It is not required distribute authentication data base on all network >- It is not required send keys over the air. However, it is not needed and serves to create more problems than it solves. This sort of authentication belongs on commercial or public service networks, where there is a closed user base. It is not appropriate for an open amateur network, in my opnion. 73 de VK3JED / VK3IRL http://vkradio.com
