[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only

On 7/21/14, Iain R. Learmonth <irl@fsfe.org> wrote:
> Hi Jacob,
> On Mon, Jul 21, 2014 at 01:14:14PM +0000, Jacob Appelbaum wrote:
>> I believe you are mistaken. My understanding is that you're not
>> supposed to use crypto on the radio layer and IP packets are already
>> several layers away from that concern. It would be great to hear from
>> a HAM radio literate lawyer on this topic. Perhaps someone can ask the
>> EFF if it is actually an important sticking point?
> I am not a lawyer but I am a radio amateur. Here is a link to the Ofcom
> Amateur Radio terms:
> https://services.ofcom.org.uk/amateur-terms.pdf
> "11(2) The Licensee shall only address Messages to other Amateurs or to the
> stations of those Amateurs and shall not encrypt these Messages for the
> purpose of rendering the Message unintelligible to other radio spectrum
> users."

It sounds like it would be good to call and clarify things with a
technologically literate lawyer.

> I would take this to mean that no part of the message can be encrypted.

By that reasoning, we may not authenticate except by sending plaintext
passwords over such a network. That seems to either be an old policy,
a mistake or a network that is simply hostile towards modern security
requirements for individuals.

This seems to be relevant:


>> More importantly, I suspect would be to first ask if anyone in the UK
>> uses IPv4 over AX.25 to access people.debian.org?
> This is not beyond the realm of possibility.

I acknowledge the possibility and was inquring about *actuality*
rather than mere possibility. Is anyone actually using IPv4 over AX.25
to access people.debian.org?

> It would be permitted by the
> Ofcom terms to download Amateur Radio software from p.d.o and also to
> browse
> Amateur Radio software documentation hosted there, which are both things
> that the Debian policy would permit to be hosted.

Is anyone hosting software on p.d.o and actually having it downloaded
over a radio link? That sounds like a good project but I wonder if
practically it happens in the wild?

> There are likely also other cases, which granted are likely edge cases,
> where encryption cannot be used.

We should not be beholden to the lowest common denominator. This seems
especially so when it is a matter of theory and without practical

All the best,

Reply to: