HamBSD HamPKI


To build robust and resilient amateur packet networks, they need to be able to resist attack. As with other systems with poor or non-existent authentication, over time the probability that they will be attacked approaches certainty.

We have seen this happen again and again, and in some cases it has removed applications from existence. Example range from guestbooks on personal websites filled with spam to attacks on communications signalling systems (e.g. BGP, SS7). Another recent example is the certificate flooding attacks on OpenPGP key servers. Personal guestbooks and the OpenPGP key servers have drifted into the past, replaced by comments sections authenticated by Facebook accounts and new key distribution systems. Even where applications have survived, they are no longer as easy to use.

HamPKI aims to prevent amateur radio services from falling to the same fate by providing a framework for authenticating radio amateurs using packet radio systems.

Root Certificate Bundle

HamBSD includes an additional CA bundle found at /etc/hamcert.pem. This bundle can be used to authenticate servers and clients as licensed radio amateurs. Callsigns are found in issued certificates as OID.1.3.6.1.4.1.12348.1.1.

Future Goals