[CQ-Contest] Contesters and LOTW

Wed Aug 15 21:40:50 EDT 2007

Oh, c'mon.

I'm sorry, but the most tedious part of signing up for Logbook of the World
was waiting for the post card to come in the mail.

And renewing my certificate was a piece of cake.  The most tedious part of
that was waiting for the reply email from the server with the renewal file
attached.

The only person I know of who's had trouble with getting set up for Logbook
is trying to do it through a 3rd party software package, and I think the
problem there is more related to that software than obtaining the
certificate.  And the next time I'm over at his shack, I'm just going to
bypass his software application and do everything directly, like I should
have in the first place.

Hype and hyperbole aside... if you don't want to bother with Logbook, don't.
But really... these stories of how horrible it is, c'mon.

...and if it is indeed true that Logbook is more secure than most financial
transactions and web interfaces on the financial institutions -- and I think
it is after seeing my horror of a security system my bank has in place -- I
think that's more a commentary on the lack of security in the financial
world, not of over security in Logbook.  No wonder hackers are allegededly
stealing the banking system blind... but that's another thread for another
reflector.

73, ron w3wn

-----Original Message-----
Date: Tue, 14 Aug 2007 21:14:50 -0700
From: "Rick Tavan N6XI" <rtavan at gmail.com>
Subject: Re: [CQ-Contest] Contesters and LOTW
To: cq-contest at contesting.com

You can conduct million dollar banking and brokerage transactions every day
with far less ritual than LOTW. Hell, you can set up your own Delaware
corporation more easily. After lots of agony, I did get signed up for LOTW a
few years ago and uploaded some logs. But after a year, my stuff (whatever
they call it) expired and I have been unable to get it renewed. I've tried
twice, each attempt of necessity lasting a week or two. The problem, they
tell me, is that as a computer professional I expect it to be easy, simple
or straight-forward. I should be a security professional who is deathly
afraid of the consequences of someone earning a certificate based on an
illegitimate confirmation (horrors!) and who can appreciate the beauty,
elegance and vault-like impermeability of LOTW. The problem, I fear, is that
each step in the setup/renewal/log submission/award application processes
lasts longer than my own memory of what I'm trying to do. I can't even
remember all the acronyms, file extensions and phases of the various steps
and functions. It was much easier to pass the Extra class exam (of course, I
was much younger then). So I have to start the research over every few days
during each attempt as the emails, postcards and Web transactions proceed
dismally, inexorably, step by fetid step through the virtual muck.
Ultimately, something goes wrong and the robots and AntiHelp files don't use
the same vocabulary as the error messages. So I'm out in the cold. It's a
lot of nonsense that I'm not willing to endure every year. Some day a friend
will volunteer to masquerade as me and get it all set up. Say,... there's a
business idea! Anyone want to renew my LOTW membership for me? What's your
price?

/Rick N6XI

On 8/8/07, Charles Gallo <Charlie at thegallos.com> wrote:
>
>
>
>
> I'm a computer programmer, who KNOWS (or at least mostly knows) how LOTW
> and the "signing" process works (ask me for MY PGP key)
>
> LOTW is VERY poorly explained, and is VERY VERY secure, but perhaps,
> overly secure (If they are doing what I'm 90% sure they are doing, that
> signature you put on your log is secure enough for banking/legal
documents)
>
> The problem is, how do you explain how "Public Key Cryptography/Digital
> signatures" works?  NOT real easy
>
> The BIG issue is that in trying to make the system flexible (you can have
> a key to sign your current call, your old call, your call for the DX you
> went on, etc) it ends up being very very complex
>
> The general idea of what is happening is - your "key" was sent to you by
> the ARRL (the TQ12 if I remember right - or was it the TQ5 - whatever)
>
> You pick a file that you want to "sign" with your key - you then pick
> WHICH key you want to use.  It then asks for a password that "unlocks" the
> key, then uses the key to sign the file, and then locks the key back up
>
> Picture one of those old Key lock boxes like you probably saw back in
> school - in the office, they have a metal box with dozens (hundreds?) of
> keys - but there is ONE key that opens that box - and allows you at the
keys
>
> That password you enter opens the metal box, and allows you to use the
> keys within