PDA

View Full Version : Proof positive LoTW is overengineered



KC2UGV
05-18-2014, 11:57 AM
I did get a small chuckle from this:
http://forums.qrz.com/showthread.php?436528-QRZ-Announces-Secondary-Callsign-and-LoTW-Support

Everyone over there is willing to hand over their private keys to another individual, thereby breaking down any semblance of identification guarantee the signing key might have granted.

But, IMO, it's not even needed for amateur logs. It's downright silly, as I don't need a private key to upload transactions to my bank. I'm glad QRZ stepped in, and fixed the LoTW interface. I might actually start using LoTW now.

KJ3N
05-18-2014, 12:19 PM
This is why I've been on eQSL, almost from the start. Easy process, not much fuss.

This much security for ham radio logs? They take themselves too seriously.

http://cdn.memegenerator.net/instances/500x/49967888.jpg

W3WN
05-18-2014, 02:13 PM
Ok. You've proved once again that security is only good as the individuals using it. If an induhvidual does something stupid, security... well, isn't.

Big deal. So what else is new?

Hey, if you don't want to use LotW, don't. No one is forcing you to. Simple solution to a simple problem. Done.

KC2UGV
05-18-2014, 02:52 PM
Ok. You've proved once again that security is only good as the individuals using it. If an induhvidual does something stupid, security... well, isn't.

Big deal. So what else is new?

Hey, if you don't want to use LotW, don't. No one is forcing you to. Simple solution to a simple problem. Done.

I might actually start since the main pain in the ass is taken care of by a third party. I never have to worry about losing a cert again.

The cert process added nothing of value to LoTW, and was merely a detriment to uptake. And, certs did nothing to add to the "security" of LoTW, only added a signer for logs which was superfluous.

W3WN
05-18-2014, 04:44 PM
< snip >
The cert process added nothing of value to LoTW, and was merely a detriment to uptake. And, certs did nothing to add to the "security" of LoTW, only added a signer for logs which was superfluous.The cert process is why the ARRL DXCC desk signed off on LotW. So I'd hardly call it superfluous.

It is what it is. Is it tedious to set up? Yes. Is the security more that what is most likely needed? Yes. Is it more secure than most banking, credit card, and related financial sites? Yes, which makes me worry more about the security of those sites -- and over the last 15 years, the "gap" has been closing as the financial institutions catch up.

Is it going away? No. Is the security going to be made less restrictive? Unlikely.

That's the way it is. Kvetching about it won't change anything.

KC2UGV
05-18-2014, 05:10 PM
The cert process is why the ARRL DXCC desk signed off on LotW. So I'd hardly call it superfluous.


They signed off b/c it's the ARRL approved method lol, not because of perceived security.



It is what it is. Is it tedious to set up? Yes. Is the security more that what is most likely needed? Yes. Is it more secure than most banking, credit card, and related financial sites? Yes, which makes me worry more about the security of those sites -- and over the last 15 years, the "gap" has been closing as the financial institutions catch up.

Is it going away? No. Is the security going to be made less restrictive? Unlikely.

That's the way it is. Kvetching about it won't change anything.

It's already gone away. I upload my cert to QRZ, and then QRZ keeps it nice and safe forever. I never worry about it again. I don't bother dealing with the shite that TQSL is. I just upload, and VOILA! It's done.

And, it's exactly how the ARRL needs to (Well, doesn't need to anymore, since someone else fixed it) fix their system to do.

WN9HJW
05-18-2014, 05:50 PM
The certificates are just for show. The real security as far as QSO integrity is concerned is the double-blind QSO matching. Don't need certificates for that.

KC2UGV
05-18-2014, 06:24 PM
The certificates are just for show. The real security as far as QSO integrity is concerned is the double-blind QSO matching. Don't need certificates for that.

Eggzactly.