v2 WAN question

DrTeeth

I know it is early days yet, but is a facility planned whereby another ham could operate my Flex using randomly generated login details (a-la TeamViewer)? A friend of mine is looking at ANANs and I am trying to steer him to Flex; it occurred that it would have been handy to let him have a test drive in the comfort of his own home..

Walt - KZ1F

Or better, in the comfort of your own home. In the absence of FRS saying "We're not gonna tell you" to the tune of a 7 yr old, I'll speculate, if you are going to hear anything about how 2.x is going to work it will be at Dayton, during their dinner presentation. For those not present I am certain it will be leaked out by those elite few given special secret insider Flex, because they were such good children this past year people, but only after announcing the special nature of their relationship with their boyfriend...er.. I mean FRS.

My take, it will be certificate based which  means no, unless one is foolish enough to give out their private key.

DrTeeth

Maybe should have posted it as an idea?

The pal in question is somebody I was at school with who introduced me to ham radio - so it is HIS fault I am here, hi hi. Seriously, he is too far away to schlep to my QTH and it will take military-style logistical planning for us to arrange a physical meet after 40 years.

Walt - KZ1F

Personally, my thought is if FRS is going to discuss something in Dayton, it should be announced to all owners simultaneously. There are analogies to the business world regarding when and how otherwise insider information is disseminated. Too many people on here have a very personal and private love relationship with FRS, which is fuelled intentionally or otherwise by FRS themselves. This leads to an inner circle sanctum sanatorium sort of environment. Those that can't or chose not to go to Dayton paid every bit as much for their radio as those that choose to do the annual pilgrimage.

However, I do recall Steve talking about certificates after I had mentioned PKI to him over a year ago. Should that hold true, your public key would get loaded into the radio and logon information would be encrypted with your private key and decrypted and validated in the radio with your public key. That would, most likely preclude handing out keys. One should never ever divulge their private key half of a key pair.

Walt - KZ1F

Guy, you could do that today with RDP, let him get access to your desktop via a vpn and play with it with you on the phone. The other consideration is, running a flex remotely, same as running a K3 remotely (via RHR) isn't exactly a marketing ploy to sell units.  Over remote connection will never be the same as live getting audio straight from the line out speaker connection and a mic or keyer directly plugged into the unit. If someone wants to 'sell' a 6000 they'd really need to do it in person. remotely, aside from the UI, the difference between a 6700 and a K3 or Anan would be imperceptible.

DrTeeth

Fully agree Walt. I am very security conscious here with a couple of teenagers and a wife who can just about browse the net and do email. Maybe something for FRS to possibly consider? THough I am not a programmer by any means, AIUI it should not be too difficult to generate a strong and cryptic password with a limited life span. It would be no more risky than allowing a stranger onto one's PC via TeamViewer for support.

Update:- posted before comment above this one appeared. Good points well made Walt.

Walt - KZ1F

Thank you Guy. actually yes you are correct. When you create a certificate you specify it's expiration. So as long as the radio can hold multiple public keys and there is an app to manage them you could create a keypair that expires in 2 days, load the public key into the radio and send your friend the private key. When the key expires so does their access to your radio. If someone else intercepted the private key they too would have access to your radio for a couple of days. So the question becomes are they going to do a full blown PKI with management system. Yes, technically it is doable. I think it would cause more harm than good though. From a support perspective it would make more sense for them to not provide that, simply as a function of installing place your private key into a keystore (the NT registry) and write a stub that will access it for your own logon. To put it politely as possible, there are many on here that managing that would be beyond their ability. They would need to hire more CSRs. I suspect we may well know in a couple of weeks.