Re: [CQ-Contest] L.O.T.W.

To:	<cq-contest@contesting.com>
Subject:	Re: [CQ-Contest] L.O.T.W.
From:	"David Robbins K1TTT" <k1ttt@arrl.net>
Date:	Thu, 28 Jul 2005 21:58:10 -0000
List-post:	<mailto:cq-contest@contesting.com>

> The simple answer is that doing security at the ARRL end would not change
> or
> eliminate the registration requirements. Further, such a system would have
> to rely on password logon, which is not secure.\

it is secure enough for me to handle my personal finances which are much
more important to me than any number of qsl cards.  If it really were so
insecure why aren't there daily reports of banks getting hacked into and
peoples accounts wipe out?



> Where Security is Done -- A somewhat more complicated reason for doing
> security at the user end is that one of the goals was for each log record
> to
> be permanently associated with its authenticated owner. This provides
> long-term assurance that the log records upon which DXCC and other awards
> programs are based have not been altered, and any records found to be
> fraudulent can be easily eliminated. The only secure way to do this is to
> use a cryptographic digital signature system. In theory, this could be
> done
> at the ARRL end, but the above-mentioned password-based logon leads to
> numerous security holes beyond just the inherent vulnerability of the
> password itself. Further, doing digital signatures at the ARRL end would
> potentially require enormous amounts of CPU power when large numbers of
> users upload logs at the same time, resulting in unacceptably slow
> response
> time for uploads and queries.

Ah, here is the real reason!  The arrl doesn't trust it's own database!  The
only reason to keep records digitally signed by the originator is so they
could not be forged in the database.  So apparently the dxcc administrators
do not have a system they can use to securely store their data.  That is a
real shame that the whole world has to jump through hoops to digitally sign
every qso because the administrators are afraid of someone getting into
their database.




David Robbins K1TTT
e-mail: mailto:k1ttt@arrl.net
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net
 


_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [CQ-Contest] L.O.T.W., (continued) Re: [CQ-Contest] L.O.T.W., Bill Turner Re: [CQ-Contest] L.O.T.W., Bill Turner Re: [CQ-Contest] L.O.T.W., Joe Subich, W4TV Re: [CQ-Contest] L.O.T.W., Bill Turner Re: [CQ-Contest] L.O.T.W., Lyndon Nerenberg Re: [CQ-Contest] L.O.T.W., Igor Sokolov Re: [CQ-Contest] L.O.T.W., Dick Green WC1M Re: [CQ-Contest] L.O.T.W., Bill Turner Re: [CQ-Contest] L.O.T.W., Joe Subich, W4TV Re: [CQ-Contest] L.O.T.W., Dick Green WC1M Re: [CQ-Contest] L.O.T.W., David Robbins K1TTT <= Re: [CQ-Contest] L.O.T.W., Dick Green WC1M Re: [CQ-Contest] L.O.T.W., Shelby Summerville Re: [CQ-Contest] L.O.T.W., steve.root Re: [CQ-Contest] L.O.T.W., Ron Notarius Re: [CQ-Contest] L.O.T.W., Ron Notarius Re: [CQ-Contest] L.O.T.W., Frank Hurlbut KL7FH Re: [CQ-Contest] L.O.T.W., KI9A

Previous by Date:	Re: [CQ-Contest] L.O.T.W., Bill Turner
Next by Date:	[CQ-Contest] WRTC 1990, George Fremin III
Previous by Thread:	Re: [CQ-Contest] L.O.T.W., Dick Green WC1M
Next by Thread:	Re: [CQ-Contest] L.O.T.W., Dick Green WC1M
Indexes:	[Date] [Thread] [Top] [All Lists]