Regarding key exchange, it turns out that the ARRL already has a PKI trust infrastructure in place.  The ARRL Logbook of the World service requires that hams jump though hoops to prove their licence identity and it issues them a certificate with their call sign when they do.

The certificates are intended to be used for signing logbook entries, but if you know what you're doing, there's nothing that would prevent you from exporting the key pair and using it for other things.  A server that trusts the ARRL root CA certificate would be able to prove the identity and call sign of any user connecting to it with such a user cert.  I setup a test server for this a while back and it's still up and running at https://mutual.hamauth.com/  If you have such a cert and imported it into your browser, you could try it out.  I also have one running at https://tls-test.nq1e.hm/ that you may not be able to connect to because it's also using the little known null (no) encryption cipher spec in SSL which browsers don't support by default (it can be enabled in firefox or opera).  This means that if the client was properly configured, we could use SSL servers for specific services on the wireless network for authentication, authorization and integrity without encryption.

The same rsa key pair can use used for SSH auth as well, but from my investigations, it would require custom binaries on both the client and server side to disable the encryption.

It's a cumbersome hurdle that we wouldn't want to make people jump through, but if it were more popular, it could be used for just about anything.  You should all definitely sign up for LotW just in case (since it can take a week or two to get verified).  ;)

-Cory

*infosec geek*