If LOTW submissions weren't authenticated by some means, just imagine how
tempting it would be for someone, frustrated by the pileups, to send in an
addendum to the 7O6T log containing those two or three QSOs that were surely
just accidentally left off...
I'm not saying that going to full crypto signatures is the right way to address
those concerns, but some level of authentication seems in line with a system
that requires so much paperwork before accepting DXpeditions for DXCC credit.
Michael D. Adams (AB1OD) | Poquonock, Connecticut | email@example.com
On Jun 6, 2012, at 8:00 PM, David Gilbert <firstname.lastname@example.org> wrote:
> There's an old engineering principle that says you shouldn't carry
> calculations out to a precision beyond that of the input data itself.
> That's exactly how I view the LoTW authentication process relative to
> DXCC, and the fact that there hasn't been a single reported case of a
> spoofed log for any contest I know of makes it even less appropriate for
> contesting. Howitzers for unicorns ...
> Dave AB7E
> On 6/6/2012 4:17 AM, Dick Green WC1M wrote:
>> It's not as easy to cheat in DXCC as you think. You might be able to get
>> away with a faked QSL or two with non-rare countries, which is pretty
>> meaningless, but it's very difficult to cheat on a semi-rare or rare
>> country. But do prove me wrong: let's hear some of the many ways you can
>> cheat. I'm not talking about cheating at the DX end, like Don Miller or
>> Romeo, which is supremely difficult to do and very uncommon, but cheating
>> that would result in awards that are not deserverd.
>> And just because it may be possible for some minor cheating to occur, that
>> doesn't mean we should leave the door wide open. I don't see the logic in
>> that. If QSLs submitted to LoTW were not authenticated, it would be possible
>> to completely corrupt the DXCC program, making a mockery of it. If you're
>> interested in how that might occur, read the threat analysis in the original
>> LoTW specifications:
>> Yes, the security is strong, which requires a slight inconvenience and delay
>> when you sign up, and running a program on your log when you use it, but I
>> feel the security of this venerable program is well worth the trouble.
>> 73, Dick WC1M
>>> -----Original Message-----
>>> From: David Gilbert [mailto:email@example.com]
>>> Sent: Tuesday, June 05, 2012 6:06 PM
>>> To: firstname.lastname@example.org
>>> Subject: Re: [CQ-Contest] authentication for log submission
>>> I've always thought that such an extreme level of security for LoTW was
>>> wildly inappropriate given the numerous ways that people can and do
>>> cheat in DXCC. It's like installing a bombproof door on the entrance to
>>> a tar paper shanty, and the day that sort of thing shows up in
>>> contesting is the day I no longer bother to contest. I can manage my
>>> online IRA more simply than I can a hobby ... where's the sense in that?
>>> Besides, I've yet to hear of a single case of anyone actually being able
>>> to alter someone else's log submission, so at this point incorporating
>>> LoTW authentication for contest logs sounds to me like setting up a
>>> Howitzer to kill a unicorn in case one should ever show up.
>>> Dave AB7E
>>> On 6/5/2012 10:40 AM, Dick Green WC1M wrote:
>>>> Don, you are a man after my own heart! I'm totally paranoid about
>>>> security scenarios, which is one reason LoTW security is so tight.
>>>> So, I don't think it would work. However, if there is a scenario that
>>>> would work, the best solution would be to use the LoTW authentication
>>>> system for log submissions. That would have the dual advantage of
>>>> verifying the call sign in the log and allowing automatic submission
>>>> of the log to the LoTW QSL system (something many have asked for.)
>>>> 73, Dick WC1M
> CQ-Contest mailing list
CQ-Contest mailing list