Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only

To: "Iain R. Learmonth" <irl@fsfe.org>
Cc: debian-devel@lists.debian.org
Subject: Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Mon, 21 Jul 2014 14:38:14 +0000
Message-id: <[🔎] CAFggDF0Ob2HuLVNcvwy_U8pF_RDbz9ynstJL5OYiwSCE0ixaAw@mail.gmail.com>
In-reply-to: <[🔎] 20140721133941.GA9827@orbiter>
References: <20140713201310.GA27144@ftbfs.de> <[🔎] 20140720100359.GA6420@jwilk.net> <[🔎] 20140720122040.GB4196@orbiter> <[🔎] 201407211312.44966.holger@layer-acht.org> <[🔎] 20140721114231.GA4755@orbiter> <[🔎] CAFggDF0P5NqVJVmkHysRpR81KuURhsVsVAs_d22WPVwEWrP5tA@mail.gmail.com> <[🔎] 20140721133941.GA9827@orbiter>

On 7/21/14, Iain R. Learmonth <irl@fsfe.org> wrote:
> Hi Jacob,
>
> On Mon, Jul 21, 2014 at 01:14:14PM +0000, Jacob Appelbaum wrote:
>> I believe you are mistaken. My understanding is that you're not
>> supposed to use crypto on the radio layer and IP packets are already
>> several layers away from that concern. It would be great to hear from
>> a HAM radio literate lawyer on this topic. Perhaps someone can ask the
>> EFF if it is actually an important sticking point?
>
> I am not a lawyer but I am a radio amateur. Here is a link to the Ofcom
> Amateur Radio terms:
>
> https://services.ofcom.org.uk/amateur-terms.pdf
>
> "11(2) The Licensee shall only address Messages to other Amateurs or to the
> stations of those Amateurs and shall not encrypt these Messages for the
> purpose of rendering the Message unintelligible to other radio spectrum
> users."
>

It sounds like it would be good to call and clarify things with a
technologically literate lawyer.

> I would take this to mean that no part of the message can be encrypted.
>

By that reasoning, we may not authenticate except by sending plaintext
passwords over such a network. That seems to either be an old policy,
a mistake or a network that is simply hostile towards modern security
requirements for individuals.

This seems to be relevant:

  https://www.tapr.org/pdf/DCC2010-AX.25-AuthenticationEffects-KE5LKY.pdf

>> More importantly, I suspect would be to first ask if anyone in the UK
>> uses IPv4 over AX.25 to access people.debian.org?
>
> This is not beyond the realm of possibility.

I acknowledge the possibility and was inquring about *actuality*
rather than mere possibility. Is anyone actually using IPv4 over AX.25
to access people.debian.org?

> It would be permitted by the
> Ofcom terms to download Amateur Radio software from p.d.o and also to
> browse
> Amateur Radio software documentation hosted there, which are both things
> that the Debian policy would permit to be hosted.
>

Is anyone hosting software on p.d.o and actually having it downloaded
over a radio link? That sounds like a good project but I wonder if
practically it happens in the wild?

> There are likely also other cases, which granted are likely edge cases,
> where encryption cannot be used.

We should not be beholden to the lowest common denominator. This seems
especially so when it is a matter of theory and without practical
issue.

All the best,
Jacob

Reply to:

Follow-Ups:
- Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: "Iain R. Learmonth" <irl@fsfe.org>

References:
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Jakub Wilk <jwilk@debian.org>
- Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: "Iain R. Learmonth" <irl@fsfe.org>
- myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Holger Levsen <holger@layer-acht.org>
- Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: "Iain R. Learmonth" <irl@fsfe.org>
- Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: Jacob Appelbaum <jacob@appelbaum.net>
- Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
  - From: "Iain R. Learmonth" <irl@fsfe.org>

Prev by Date: Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by Date: Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
Previous by thread: Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
Next by thread: Re: myth(?): places in the world where https is illegal? Re: people.debian.org will move from ravel to paradis and become HTTPS only
Index(es):
- Date
- Thread