On 7/21/14, Iain R. Learmonth <i...@fsfe.org> wrote: > Hi Jacob, > > On Mon, Jul 21, 2014 at 01:14:14PM +0000, Jacob Appelbaum wrote: >> I believe you are mistaken. My understanding is that you're not >> supposed to use crypto on the radio layer and IP packets are already >> several layers away from that concern. It would be great to hear from >> a HAM radio literate lawyer on this topic. Perhaps someone can ask the >> EFF if it is actually an important sticking point? > > I am not a lawyer but I am a radio amateur. Here is a link to the Ofcom > Amateur Radio terms: > > https://services.ofcom.org.uk/amateur-terms.pdf > > "11(2) The Licensee shall only address Messages to other Amateurs or to the > stations of those Amateurs and shall not encrypt these Messages for the > purpose of rendering the Message unintelligible to other radio spectrum > users." >
It sounds like it would be good to call and clarify things with a technologically literate lawyer. > I would take this to mean that no part of the message can be encrypted. > By that reasoning, we may not authenticate except by sending plaintext passwords over such a network. That seems to either be an old policy, a mistake or a network that is simply hostile towards modern security requirements for individuals. This seems to be relevant: https://www.tapr.org/pdf/DCC2010-AX.25-AuthenticationEffects-KE5LKY.pdf >> More importantly, I suspect would be to first ask if anyone in the UK >> uses IPv4 over AX.25 to access people.debian.org? > > This is not beyond the realm of possibility. I acknowledge the possibility and was inquring about *actuality* rather than mere possibility. Is anyone actually using IPv4 over AX.25 to access people.debian.org? > It would be permitted by the > Ofcom terms to download Amateur Radio software from p.d.o and also to > browse > Amateur Radio software documentation hosted there, which are both things > that the Debian policy would permit to be hosted. > Is anyone hosting software on p.d.o and actually having it downloaded over a radio link? That sounds like a good project but I wonder if practically it happens in the wild? > There are likely also other cases, which granted are likely edge cases, > where encryption cannot be used. We should not be beholden to the lowest common denominator. This seems especially so when it is a matter of theory and without practical issue. All the best, Jacob -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cafggdf0ob2hulvncvwy_u8pf_rdbz9ynstjl5oyiwsce0ix...@mail.gmail.com
