Nice idea. BTW, the LoTW key pair could be used for this application. It's
already authenticated by ARRL, so most of the first three steps would be
unnecessary. You would, however, have to send the LoTW certificate
containing your public key to the SYSOPS unless ARRL agreed to make the LoTW
certs available to the SYSOPS. Of course, your friendly contest logging
program author would have to implement the digital signature code in order
to send signed packet spots and the Packet Cluster software would need
digital signature verification code and certificate database management
code. This is not as huge as it sounds -- hopefully all contest and log
program authors will implement LoTW interfaces, so their code will already
contain all the subroutines needed for the task.
Minor point: PKI digital signatures don't use checksums. That's a different
technology. There is an analog in that the data (spot) is encoded using a
one-way hash, which bears a slight resemblance to a checksum. The hash is a
unique fingerprint of the data. The hash is then encrypted with the private
key and the result is the digital signature. Verification consists of
decrypting the hash using the public key and comparing the result to a hash
computed from the data. If the decryption fails (usually known from header
information included with the hash prior to encryption) then you know the
signature is fake. If the encryption succeeds but the hashes don't match,
then you know the data was altered after signature.
73, Dick WC1M
> -----Original Message-----
> From: Spederson [mailto:spederson@yahoo.com]
> Sent: Tuesday, May 27, 2003 9:57 PM
> To: cq-contest@contesting.com
> Subject: Re: [CQ-Contest] self spotting vs other cheating
>
>
> All,
>
> There's only one solution to verifying the identity of the sender -
>
> We could use the same process that the ARRL implemented
> within their LOTW - that of Public / Private key encryption.
>
> - You create a private key / public key combo.
> - You keep your private key, and submit your public key to
> the SYSOPS.
> - The sysops validate the key through email verification.
> - When you send a Spot, you digitally sign the data with
> your private key.
> - When the Sysops receive your spot, either through the Web,
> or Telnet or RF, they must check the data against the public
> key CHECKSUM to validate it was truly sent by you.
> - If there is a mismatch, the spot is deleted. If it
> matches, the spot goes through.
>
> Only then will the originating station be authenticated.
>
> Otherwise, there is no way to the sending address is valid.
>
> 73,
> Scott - KI5DR
>
> ----- Original Message -----
> From: <ve4xt@mb.sympatico.ca>
> To: "K4SB" <k4sb@earthlink.net>
> Cc: <cq-contest@contesting.com>
> Sent: Tuesday, May 27, 2003 3:56 PM
> Subject: Re: [CQ-Contest] self spotting vs other cheating
>
>
> > Hi Ed,
> > Your logic is OK except for one thing: this isn't as much about
> > watching spots as placing them.
> >
> > The majority of these self spots don't go in from the main running
> > computer, they would be sent in from another computer on site using
> > the
> Web
> > and DX Cluster Web interface.
>
>
|