[CQ-Contest] L.O.T.W.

David Robbins K1TTT k1ttt at arrl.net
Thu Jul 28 17:58:10 EDT 2005


> The simple answer is that doing security at the ARRL end would not change
> or
> eliminate the registration requirements. Further, such a system would have
> to rely on password logon, which is not secure.\

it is secure enough for me to handle my personal finances which are much
more important to me than any number of qsl cards.  If it really were so
insecure why aren't there daily reports of banks getting hacked into and
peoples accounts wipe out?



> Where Security is Done -- A somewhat more complicated reason for doing
> security at the user end is that one of the goals was for each log record
> to
> be permanently associated with its authenticated owner. This provides
> long-term assurance that the log records upon which DXCC and other awards
> programs are based have not been altered, and any records found to be
> fraudulent can be easily eliminated. The only secure way to do this is to
> use a cryptographic digital signature system. In theory, this could be
> done
> at the ARRL end, but the above-mentioned password-based logon leads to
> numerous security holes beyond just the inherent vulnerability of the
> password itself. Further, doing digital signatures at the ARRL end would
> potentially require enormous amounts of CPU power when large numbers of
> users upload logs at the same time, resulting in unacceptably slow
> response
> time for uploads and queries.

Ah, here is the real reason!  The arrl doesn't trust it's own database!  The
only reason to keep records digitally signed by the originator is so they
could not be forged in the database.  So apparently the dxcc administrators
do not have a system they can use to securely store their data.  That is a
real shame that the whole world has to jump through hoops to digitally sign
every qso because the administrators are afraid of someone getting into
their database.




David Robbins K1TTT
e-mail: mailto:k1ttt at arrl.net
web: http://www.k1ttt.net
AR-Cluster node: 145.69MHz or telnet://dxc.k1ttt.net
 




More information about the CQ-Contest mailing list