[CQ-Contest] L.O.T.W.

Ron Notarius wn3vaw at verizon.net
Mon Jul 25 19:35:55 EDT 2005


*sigh*

All that time crafting a reply, and all that gets answered are two small
nits to pick over.  So it goes.

Still, I think I see what the real problem is here.

The crux of the complaint seems to be that Logbook isn't as simple as it
could be.  After all, what could be simpler than just uploading your log?
Why shouldn't the Logbook server just trust you for being who you say you
are?

And the answer is... because we have too many jokers in the deck who'd
upload false data just for the fun of it (or because they hate the League,
or they hate DX'ers and/or contesters, or they haven't taken their meds
lately... you get the idea).  You think someone hasn't tried yet?  You think
they wouldn't hesitate to crow about it if they ever succeeded?

So, you have to preregister with Logbook, and verify your identity.  You're
issued an electronic "certificate" to indicate that you are who you say you
are.  And to verify that your logs are indeed yours, you encrypt or "sign"
them with your certificate key.  This is the situation we have today.

Therefore:  Uploading to Logbook isn't as simple as it COULD be, but it IS
as simple as it HAS to be.

And as a result, even if some joker tells Logbook that he's P5SLIM or
something equally obnoxious, since my log never matches it, it's just a
wasted effort on said joker's part.  Unlike another service which
automatically puts such phony entries in my "inbox," thus creating the
temptation to accept them.  (Oh yes, they now have an "authenticity
guaranteed" on some entries -- if you send them a copy of your license.
Sounds familiar... and it still doesn't prevent me from logging in as you if
I ever figure out or otherwise finagle your password)

Finally... since more and more major logging (etc) software vendors are
incorporating the Logbook signing into their systems, it is already possible
to have the software extract the neccesary parts of the log, "sign" them,
and automatically email them to the Logbook server.  (And how does the
server know who sent the file?  The encryption -- the "signing" -- tells
it).  So now, at the end of a contest, you not only generate your Cabrillo
or ADIF or whatever files to email to the sponsor, you can automatically
generate and send your Logbook entry.

It doesn't get much simpler than this gang.

So where's the beef?

73

----- Original Message ----- 
From: "Bill Turner" <dezrat1242 at ispwest.com>
To: "Ron Notarius" <wn3vaw at verizon.net>; <cq-contest at contesting.com>
Sent: Monday, July 25, 2005 12:09 PM
Subject: Re: [CQ-Contest] L.O.T.W.


> At 07:24 PM 7/24/2005, Ron Notarius wrote:
> >Now... would it be nice to be able to upload an ADIF file without signing
> >it?  Sure.  Could you make the argument that they've taken security about
> >one level further than might be neccesary?  Sure.  Such is life.
>
> "Such is life". Sigh. With that attitude, we'd still be using spark.
>
>
> >And I just
> >think of the alternative, another system out there that has given me
> >"credit" for North Korea -- a "QSO" on the 1 mm band with P5SLIM.  A hoax
> >perpetuated about 5 years ago, yet it's still out there, unpurged by the
> >system.  Could this be perpetuated on LotW?  Maybe.  But I'd bet it'd be
a
> >LOT harder!)
>
> LoTW only gives credit when two stations submit the same info. Did you
> submit the above QSO? Of course not, so what is your complaint?
>
> Bill, W6WRT
>
>
>



More information about the CQ-Contest mailing list