Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
On 7/21/14, Iain R. Learmonth <firstname.lastname@example.org> wrote:
> Hi Jacob,
> On Mon, Jul 21, 2014 at 01:14:14PM +0000, Jacob Appelbaum wrote:
>> I believe you are mistaken. My understanding is that you're not
>> supposed to use crypto on the radio layer and IP packets are already
>> several layers away from that concern. It would be great to hear from
>> a HAM radio literate lawyer on this topic. Perhaps someone can ask the
>> EFF if it is actually an important sticking point?
> I am not a lawyer but I am a radio amateur. Here is a link to the Ofcom
> Amateur Radio terms:
> "11(2) The Licensee shall only address Messages to other Amateurs or to the
> stations of those Amateurs and shall not encrypt these Messages for the
> purpose of rendering the Message unintelligible to other radio spectrum
It sounds like it would be good to call and clarify things with a
technologically literate lawyer.
> I would take this to mean that no part of the message can be encrypted.
By that reasoning, we may not authenticate except by sending plaintext
passwords over such a network. That seems to either be an old policy,
a mistake or a network that is simply hostile towards modern security
requirements for individuals.
This seems to be relevant:
>> More importantly, I suspect would be to first ask if anyone in the UK
>> uses IPv4 over AX.25 to access people.debian.org?
> This is not beyond the realm of possibility.
I acknowledge the possibility and was inquring about *actuality*
rather than mere possibility. Is anyone actually using IPv4 over AX.25
to access people.debian.org?
> It would be permitted by the
> Ofcom terms to download Amateur Radio software from p.d.o and also to
> Amateur Radio software documentation hosted there, which are both things
> that the Debian policy would permit to be hosted.
Is anyone hosting software on p.d.o and actually having it downloaded
over a radio link? That sounds like a good project but I wonder if
practically it happens in the wild?
> There are likely also other cases, which granted are likely edge cases,
> where encryption cannot be used.
We should not be beholden to the lowest common denominator. This seems
especially so when it is a matter of theory and without practical
All the best,