[Dx-qsl] Secure, open electronic e-QSLing (was SSL....)

Tue Dec 18 14:20:21 EST 2007

This is a problem that I've been giving some on-again, off-again thought 
to. It is not as easy as it looks.
1. We are not a large group, world-wide. This is not an issue of 
millions but of thousands. That may actually help a bit, but it is a 
factor.
2. We do not need three or four eQSL solutions, but at current course 
and speed, that's what we'll end up with. LOTW is one, eQSL is another, 
I believe I read that the RSGB is implementing a third one for IOTA, 
and, if so, we would now just need CQ magazine to implement yet another 
one to be about as fully balkanized as possible. For a group our size, 
that's really not a good result.
But, "any old" system won't really work if we want to actually do what 
the humble QSL card does.
QSLs may look easy to fake and forge, but for the most part, there are 
many practical problems with reliably doing so.
1. The only motivation to fake one is to get a major award (or, at 
least, the only reason we need to worry about here).
2. Nearly all major awards require some "rare ones" of one kind or 
another (even any sort of serious WAS award). One could imaginably 
claim a 5BDXCC without any rare countries, for instance, but having done 
one myself, if I were an awards manager and got an application with no 
rare ones, I'd be suspicious for that reason alone and inquire very 
strongly into the application involved. Truth is, we all get some rare 
ones even on the way to 100 countries or forty zones.
3. Hams hoard cards for years sometimes before cashing them in for awards.
What that all boils down to is that major awards managers are going to 
be very familiar with cards from a handful of key operators, even cards 
twenty and more years old. They will be able to spot "funny" changes in 
the card, wrong dimensions, wrong card stock, wrong "color cast" and a 
hundred other things one won't get right if one tries to make one up 
from an on-line scan of a card.
Therefore, possession of a physical card is a good and practical clue 
that you actually got the card from the DX and/or the DX's manager. A 
strong clue. It's not for nothing we've relied upon it all this while.
Any fully electronically QSL system needs to be as good as this and 
that's not so easy.
And, unlike physical QSL card systems, it has to worry about added 
problems like some sort of "general" break where an attacker can fake 
not just one electronic card, but all of them. But, that's a lesser issue.
The LOTW system is, as far as I can make out, a very good system. It's 
main defect is that people don't like the setup. It is probably more 
complicated than it has to be. It also is adding new awards (even ARRL 
awards) at a glacier's pace.
Many hams probably think the secret and proprietary nature of it is an 
advantage, but a quick scan of computer security literature ought to 
convince one that this is a marginal feature at best and, in any case, 
not a feature one should rely upon.
The ultimate solution, then, can and should be:
1. Simpler than LOTW, but probably by not very much.
2. Completely open. The only thing that would be a secret is some sort 
of individual "password" or "certificate" in your own personal, physical 
possession. (This is not a weakness or at least not one that can be 
avoided -- even in LOTW, if you are careless with your password(s) and 
certificates, someone else can impersonate you and give out contacts 
willy-nilly on your behalf).
If we could get there, then it would be the system everyone would use, 
because it would be both workable and universal. It also means that all 
awards programs would use it and practically from its inception.
The hardest snag is authentication. You have to prove to someone, 
somewhere that "you" are really the "you" you claim to be. That is, you 
need to prove, somehow, that you actually hold the callsign you claim to 
hold. On the internet, we can all claim to be Elton John. Who can 
impeach the claim?
Thus, authentication is, by far, the hardest part. What would be 
needful for a single, open, system is for some suitable document, using 
ordinary mail, sent to some suitable, agreed-to entity (ARRL, RSGB, 
NCDX, someone new but deemed trustworthy, etc.). With an open system, 
we might even be able to have more than one as long as we all could 
"see" the authenticated members of each as needful. But, regretfully, 
it will not be just any old ham frustrated with the real world 
difficulties of getting cards back. The rest of us will have to accept 
whatever entity or entities it is, and that list is already known and 
short, at least for a given set of awards.
After that physical documentation is done, using an ordinary password to 
protect the QSO upload can be solved several ways. We would pick one 
and use it.
Hams being what they are, ham organizations being what they are, this 
may never happen. If it could, however, it would be possible for all 
awards organizations to implement it, which would be a great boon.
And, by the way, that is why ordinary mail is involved in LOTW.
Larry Wo0Z