[CQ-Contest] Contesters and LOTW

Rick Tavan N6XI rtavan at gmail.com
Wed Aug 15 00:14:50 EDT 2007


You can conduct million dollar banking and brokerage transactions every day
with far less ritual than LOTW. Hell, you can set up your own Delaware
corporation more easily. After lots of agony, I did get signed up for LOTW a
few years ago and uploaded some logs. But after a year, my stuff (whatever
they call it) expired and I have been unable to get it renewed. I've tried
twice, each attempt of necessity lasting a week or two. The problem, they
tell me, is that as a computer professional I expect it to be easy, simple
or straight-forward. I should be a security professional who is deathly
afraid of the consequences of someone earning a certificate based on an
illegitimate confirmation (horrors!) and who can appreciate the beauty,
elegance and vault-like impermeability of LOTW. The problem, I fear, is that
each step in the setup/renewal/log submission/award application processes
lasts longer than my own memory of what I'm trying to do. I can't even
remember all the acronyms, file extensions and phases of the various steps
and functions. It was much easier to pass the Extra class exam (of course, I
was much younger then). So I have to start the research over every few days
during each attempt as the emails, postcards and Web transactions proceed
dismally, inexorably, step by fetid step through the virtual muck.
Ultimately, something goes wrong and the robots and AntiHelp files don't use
the same vocabulary as the error messages. So I'm out in the cold. It's a
lot of nonsense that I'm not willing to endure every year. Some day a friend
will volunteer to masquerade as me and get it all set up. Say,... there's a
business idea! Anyone want to renew my LOTW membership for me? What's your
price?

/Rick N6XI

On 8/8/07, Charles Gallo <Charlie at thegallos.com> wrote:
>
>
>
>
> I'm a computer programmer, who KNOWS (or at least mostly knows) how LOTW
> and the "signing" process works (ask me for MY PGP key)
>
> LOTW is VERY poorly explained, and is VERY VERY secure, but perhaps,
> overly secure (If they are doing what I'm 90% sure they are doing, that
> signature you put on your log is secure enough for banking/legal documents)
>
> The problem is, how do you explain how "Public Key Cryptography/Digital
> signatures" works?  NOT real easy
>
> The BIG issue is that in trying to make the system flexible (you can have
> a key to sign your current call, your old call, your call for the DX you
> went on, etc) it ends up being very very complex
>
> The general idea of what is happening is - your "key" was sent to you by
> the ARRL (the TQ12 if I remember right - or was it the TQ5 - whatever)
>
> You pick a file that you want to "sign" with your key - you then pick
> WHICH key you want to use.  It then asks for a password that "unlocks" the
> key, then uses the key to sign the file, and then locks the key back up
>
> Picture one of those old Key lock boxes like you probably saw back in
> school - in the office, they have a metal box with dozens (hundreds?) of
> keys - but there is ONE key that opens that box - and allows you at the keys
>
> That password you enter opens the metal box, and allows you to use the
> keys within
>
>
>


More information about the CQ-Contest mailing list