[CQ-Contest] LoTW and security
Mike Gilmer - N2MG
n2mg at contesting.com
Tue Sep 30 07:51:20 EDT 2003
I have to explain this to eHam users on a regular
basis. Without first snail mailing each new user
using his FCC address to verify the individual (which
we obviously do not do), we have no way to know that
W1ABC or N2MG or anyone else is whom they say they
are. Anyone can go to yahoo or hotmail and register
an email address (and one that looks like a ham call
to boot) and register as a user practically
anonymously. Same goes for the reflectors.
Like it or not, if the ARRL wishes to maintain the
DXCC's stature that they have worked hard to maintain,
they need to err on the side of paranoia.
I'm sure they considered their options carefully.
Mike N2MG
--- Lyndon Nerenberg <lyndon at orthanc.ca> wrote:
>
> > Their idiotic rules for registering are hurting a
> lot of DX stations.
> > I simply fail to understand why a key could not be
> obtained by a robot
> > reply to the station sending the
> > request.
>
> Because that does not provide any proof that the
> originator of the
> request is who they claim to be. No form of email or
> web sign-up can do
> this. This is one of the fundamental concepts of
> security. Any (good)
> introductory text on computer security will explain
> this.
>
> > After all, we do that with our reflectors.
>
> No, that's not what's happening. Mailing list
> subscription validation is
> a weak attempt to prevent simple subscription
> spoofing using third-party
> addresses. It in no way authenticates the originator
> of the message.
________________________________________________
PeoplePC: It's for people. And it's just smart.
http://www.peoplepc.com
More information about the CQ-Contest
mailing list