In article <firstname.lastname@example.org>,
"Dick Green WC1M" <email@example.com> wrote,
on "Tue, 5 Jun 2012 13:40:46 -0400";
} Don, you are a man after my own heart! I'm totally paranoid about security
} scenarios, which is one reason LoTW security is so tight.
Thank you very much for your comment. It makes sense to me.
} So, I don't think it would work. However, if there is a scenario that would
} work, the best solution would be to use the LoTW authentication system for
} log submissions. That would have the dual advantage of verifying the call
} sign in the log and allowing automatic submission of the log to the LoTW QSL
} system (something many have asked for.)
There are several scenarios that the malicious person, I'm not sure if
(s)he really exists, may do;
- submitting a NULL log by the cheater before submission by real station,
and resubmission of the NULL log by the cheater after that
-> I don't think this would not work, since the problem gets noticed
by QSO matching as you explained
- submitting an actual log, but the related category headers in cabrillo
file are fabricated
-> In this case, QSO matching does not work. So the station may be
categorized as unwanted entry. But still there is a question how
he gets the original log
- something like DoS attack
-> The log checking related to a prize at least seems to have the
check point by human also. Does it still work if the cheater
submits each fabricated log for all stations related to a prize?
I don't want us to waste much time and effort to fix the less probable
security risks, but also I don't want them to be avoided if possible.
Katsuhiro "Don" Kondou, JH5GHM
CQ-Contest mailing list