[CQ-Contest] authentication for log submission

[Katsuhiro Kondou]

Dick,

In article <000601cd4342$5780e520$0682af60$@gmail.com>,
	"Dick Green WC1M" <wc1m73 at gmail.com> wrote,
	on "Tue, 5 Jun 2012 13:40:46 -0400";

} Don, you are a man after my own heart! I'm totally paranoid about security
} scenarios, which is one reason LoTW security is so tight.

Thank you very much for your comment.  It makes sense to me.

} So, I don't think it would work. However, if there is a scenario that would
} work, the best solution would be to use the LoTW authentication system for
} log submissions. That would have the dual advantage of verifying the call
} sign in the log and allowing automatic submission of the log to the LoTW QSL
} system (something many have asked for.)

There are several scenarios that the malicious person, I'm not sure if
(s)he really exists, may do;

- submitting a NULL log by the cheater before submission by real station,
  and resubmission of the NULL log by the cheater after that
    -> I don't think this would not work, since the problem gets noticed
       by QSO matching as you explained
- submitting an actual log, but the related category headers in cabrillo
  file are fabricated
    -> In this case, QSO matching does not work.  So the station may be
       categorized as unwanted entry.  But still there is a question how
       he gets the original log
- something like DoS attack 
    -> The log checking related to a prize at least seems to have the
       check point by human also.  Does it still work if the cheater
       submits each fabricated log for all stations related to a prize?

I don't want us to waste much time and effort to fix the less probable
security risks, but also I don't want them to be avoided if possible.
-- 
Katsuhiro "Don" Kondou, JH5GHM
Tokyo, JAPAN