[CQ-Contest] Another LoTW gotcha
Dick Green WC1M
wc1m at msn.com
Fri Feb 11 13:38:57 EST 2005
AA4LR wrote:
> If you can log into the web site, you can download your active
> certificates, if you happen to misplace one. Although they do
> encourage you to save your p12 file and back it up.
Bill,
This is not correct. While you can download your certificate from the LoTW
website, the certificate does not contain an essential item: the private
key, which is used to digitally sign your log submissions (see below for a
more detailed explanation.) For security reasons, the private key is stored
on your computer, and only on your computer. ARRL does not have a copy of
your private key. This is why it is imperative to backup each and every
certificate by using the TQSLCert Save command to create a .p12 file and
storing copies of your .p12 files in a safe place (floppy disk, tape,
external hard drive, thumb drive, etc.)
More detail: LoTW uses a highly secure and flexible security scheme known as
public-key/private-key or PKI. The two keys are mathematically related. The
private key is used by TQSL to digitally sign your log submissions and the
public key is used to verify the signature. As the names suggest, the
private key is something you keep secret, while the public key is something
that can be safely disclosed to anyone. The certificate contains the public
key (and other information about you and your callsign), while the private
key is stored separately on your computer. The .p12 file contains a copy of
the certificate *and* the private key, so it can be used to backup or
export/import both keys.
Some have argued that LoTW doesn't need to be as secure as it is. Perhaps.
But many would be surprised at the number of potential threats to the
integrity of LoTW (and, by association, DXCC) there are. Probably no one
would be surprised by the fact that there are plenty of people out there who
would be willing to attack the system maliciously, just for fun, or to prove
a point. Every security system has an inherent tradeoff between security and
convenience. While storing the private key only on your computer requires
backing it up with a .p12 file, this architecture prevents the private keys
of all LoTW users from falling into the hands of someone who hacks the ARRL
LoTW server from the outside or inside. If someone obtained all of the LoTW
private keys undetected, the LoTW and DXCC programs would be hopelessly
compromised.
LoTW has been remarkably effective for a major new software system. As with
any new software system, there have been some usabity issues. Probably the
most important of these is the .p12 file, which is why there have been
several posts by ARRL urging users to create these files. Other issues have
become more apparent with time, such as certificate renewal. Some of the
issues can be addressed simply by changing terminology, others can be
resolved with changes to the software, and still others can be resolved with
changes in policy or procedure. With so many users depending on LoTW, each
problem and solution must be thoroughly evaluated for its impact on
functionality and security. I don't speak for ARRL, but I'm confident that
they are fully aware of these issues and will gradually enhance the system
to address them.
73, Dick WC1M
More information about the CQ-Contest
mailing list