# ADR 0009: Mesh Authentication Without Default Encryption

## Status
Proposed

## Context
FreeDMR is an amateur-radio network. In many jurisdictions amateur-radio traffic must not be encrypted, and IP backhaul may itself use amateur-radio links.

## Decision
Use authenticity, integrity, membership validation, and local policy; do not encrypt amateur-radio mesh traffic by default.

## Rationale
Signing and authentication protect the mesh from impersonation and unauthorized traffic while preserving FreeDMR's open, inspectable, amateur-radio character.

## Consequences
Traffic remains visible. Security focuses on who is allowed to inject or carry traffic, not secrecy.

## Compatibility
Existing cleartext FBP/OBP interop remains possible. New authenticated admission can be introduced through bridge-control mechanisms and cached session state.

## Testing Requirements
Tests must cover valid identity, invalid signature, revocation, endpoint change requiring re-authentication, grace expiry, and local policy overriding signed membership.