[CQ-Contest] Contesters and LOTW

Charles Gallo Charlie at TheGallos.com
Wed Aug 8 21:20:18 EDT 2007 


On 8/8/2007 Bill Parry wrote:

> Honestly, I think that you are right.  Some more detailed instructions would
> be helpful. When I ran into a problem, I called and got help immediately.
> These help files that the computer types love to refer to are not helpful to
> an old guy like me. I like to have someone that I can ask. (Hopefully that
> doesn't have too much of an accent...although those Yankees do talk funny
> :-))

> Bill, W5VX

I'm a computer programmer, who KNOWS (or at least mostly knows) how LOTW and the "signing" process works (ask me for MY PGP key)

LOTW is VERY poorly explained, and is VERY VERY secure, but perhaps, overly secure (If they are doing what I'm 90% sure they are doing, that signature you put on your log is secure enough for banking/legal documents)

The problem is, how do you explain how "Public Key Cryptography/Digital signatures" works?  NOT real easy

The BIG issue is that in trying to make the system flexible (you can have a key to sign your current call, your old call, your call for the DX you went on, etc) it ends up being very very complex

The general idea of what is happening is - your "key" was sent to you by the ARRL (the TQ12 if I remember right - or was it the TQ5 - whatever)

You pick a file that you want to "sign" with your key - you then pick WHICH key you want to use.  It then asks for a password that "unlocks" the key, then uses the key to sign the file, and then locks the key back up

Picture one of those old Key lock boxes like you probably saw back in school - in the office, they have a metal box with dozens (hundreds?) of keys - but there is ONE key that opens that box - and allows you at the keys

That password you enter opens the metal box, and allows you to use the keys within


off topic - and makes it more confusing
What really bugs me, once they have gone as far as they have, there is a way to have Hams issue "keys" to other hams, and "sign" that key saying "KG2V says W5VXs key is valid" and "K1TTT says W5VX's key is valid" etc etc - once you have enough signatures - other folks (like the ARRL can say "we trust that the key is valid" - and in fact, what they have done right now is setup a system where there is one key signer  "the arrl says this key is valid")



--  
73 de KG2V

For the Children - RKBA!

Be wary of strong drink. 
 It can make you shoot at tax collectors -- and miss.
 --R.A.H.

More information about the CQ-Contest mailing list