KB8PMY
/
FreeDMR
mirror of http://gitlab.hacknix.net/hacknix/FreeDMR.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c2c7e654cb'
${ noResults }
FreeDMR/docs/freedmr-2/adr/0009-mesh-authentication-wi...

1.0 KiB
Raw Blame History

ADR 0009: Mesh Authentication Without Default Encryption

Status

Proposed

Context

FreeDMR is an amateur-radio network. In many jurisdictions amateur-radio traffic must not be encrypted, and IP backhaul may itself use amateur-radio links.

Decision

Use authenticity, integrity, membership validation, and local policy; do not encrypt amateur-radio mesh traffic by default.

Rationale

Signing and authentication protect the mesh from impersonation and unauthorized traffic while preserving FreeDMR's open, inspectable, amateur-radio character.

Consequences

Traffic remains visible. Security focuses on who is allowed to inject or carry traffic, not secrecy.

Compatibility

Existing cleartext FBP/OBP interop remains possible. New authenticated admission can be introduced through bridge-control mechanisms and cached session state.

Testing Requirements

Tests must cover valid identity, invalid signature, revocation, endpoint change requiring re-authentication, grace expiry, and local policy overriding signed membership.

Powered by TurnKey Linux.