There's no problem with a shared secret. It's encryption that obscures the
content of the communication that is a problem. HMAC would be fine. However, I
am also thinking about some form of 802.1x using a shared secret to
authenticate a client to an access point.
The HSMM committee disbanded around 2006 with half of the members walking off
over encryption issues. Perhaps that is why they call for WEP, WPA, and
WPA2-PSK, which one would consider naive today. A WPA2-PSK password on a wide
area radio LAN would not survive long.
Thanks
Bruce
Thomas <thomas.sprinkme...@gmail.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>De-lurking.
>
>I'm not a HAM but I know a little about crypto.
>
>On 11/03/13 11:03, Bruce Perens wrote:
>> Hi Folks,
>[...]
>> First, the network authentication problem can be solved without
>> encryption and without any rule changes by using the
>> zero-knowledge proof, which nobody involved seems to have
>> understood. We thus need to explain this to ARRL and make sure that
>> any proposals regarding authentication provide the zero-knowledge
>> proof rather than encryption as their technical means.
>
>This HSMM:
> https://en.wikipedia.org/wiki/High-speed_multimedia_radio#Security
>
>I assume the resource you're protecting are the repeaters which
>forward messages.
>
>Zero-knowledge proofs are usually used within a secure session, i.e
>establish a secure link with someone and then get them to prove
>knowledge of a shared secret. The session is then authenticated.
>
>Setting up a secure session over wireless would require something like
>TLS, i.e. lots of encryption i.e. unacceptable(?).
>
>Without a secure session the authentication must be packet-by-packet,
>i.e. Digitally sign packets (or sets of packets) and verify these
>signatures before forwarding the packets.
>Repeater operators would need a way to verify certificates
>("encryption is easy, key management is hard").
>
>HMAC ( https://en.wikipedia.org/wiki/HMAC ) would be less overhead
>than digital signatures, but relies on a shared secret which might not
>be permissible. Perhaps you could publish the shared key after the
>conversation to appease the regulations, but then great care must be
>taken to avoid additional attacks.
>
>
>
>Thomas
>
>> Thanks
>>
>> Bruce
>>
>>
>>
>------------------------------------------------------------------------------
>>
>>
>Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
>> Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in
>> the endpoint security space. For insight on selecting the right
>> partner to tackle endpoint security challenges, access the full
>> report. http://p.sf.net/sfu/symantec-dev2dev
>>
>>
>>
>> _______________________________________________ Freetel-codec2
>> mailing list Freetel-codec2@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/freetel-codec2
>>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.11 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iQIcBAEBAgAGBQJRPVimAAoJEHqA0UHc+pSD/SUP+gPPxs/QLNWocg2+6tzb3RvR
>9dTO4C+Ak+iFOksCitGtoo4Gzj//p+fTPfTx8TJ9OkeeNjpiqeBUAnj9D++gG6Wl
>XHXrH6Eh0wY1RFzyS4amr/96Izs6IrgVnHsShZzsFtHD+A2ycFPfTaVdaQQAPZWj
>1T08PrZuDR/Wd3AfrkYcZSnkUU4Nbk+pkjy1jfg/IaKJaQZaN59rn7No7JXqy1/R
>/6PR2cqZPbKll8crYnGCPDlE3hxq0vKdGFkoDF4E7SAHyxjByDR/Rue0GnNYnifm
>USEiF1famCB+p+/EnQGvUo+FJ1NI5MdsLZ8f28zJMy1d7E1X314TPAyeMzlM9YVU
>PUV3DIYBKIw7anWfa2Ex8xHOY2qIjO1xOci0SGdCmAM88q8g1HcuIrquUBNYhdbr
>BKULT6k3fhPJRvUuzJt8GjZ93R4gSobtuvLXGEV3EQn5FzLyEDcpiEMo1RDYhs8h
>1sLfR8BiZPBhtQmO/CJLWCp8o/ylz1Ub6MYYCTV/SqEtCcad6e/0yRG59jVTgegR
>WRyDOfRVBjNAwi5DBIxzsHwZddiECveVDVHagpKGMHIh6jh7WL/AOiJO8yj5BYig
>oDd9Tc5OEori2zaq+WU7T1Df6Fmyd5hVl3zt3ghFN0mcfbW5mMNweA9DIRbzr4gR
>aiRSAOpdBpwxtNB/Gskm
>=RU2Z
>-----END PGP SIGNATURE-----
>
>------------------------------------------------------------------------------
>Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
>
>Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
>
>endpoint security space. For insight on selecting the right partner to
>tackle endpoint security challenges, access the full report.
>http://p.sf.net/sfu/symantec-dev2dev
>_______________________________________________
>Freetel-codec2 mailing list
>Freetel-codec2@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/freetel-codec2
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Freetel-codec2 mailing list
Freetel-codec2@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freetel-codec2
