Topics

Some Error all of a Sudden

Charles Gallo
 

It has to do with the LOTW taking credit cards, and what the credit card processors are saying is minimum standard

73 de KG2V

On Oct 15, 2018, at 5:44 PM, Gilbert Baron <w0mn00@...> wrote:

But are they really needed for Amateur Radio. How many years we lived without them.

 

Outlook Desktop Gil W0MN

Hierro Candente Batir de Repente

44.08226 N 92.51265 W EN34rb

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Chuck Milam
Sent: Monday, October 15, 2018 16:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <aa6yq@...> wrote:

+ Applications that employ the internet must stay current with security standards.

 

 Corollary:  People who use the Internet must stay current with security standards.

 

---

Chuck Milam, N9KY

iain macdonnell - N6ML
 

IMO, *YES*. LoTW requires you to authenticate over the internet with a
password. Many people (hopefully) are diligent about not using the
same password for services of varying sensitivity, but I'd be willing
to bet that there are many who use the same password for LotW as for
other things. The ARRL has a responsibility to maintain reasonable
security levels. TLS is a ubiquitous standard for HTTP security -
basically anything web-based. The ARRL must keep current with TLS
standards.

73,

~iain / N6ML

On Mon, Oct 15, 2018 at 2:44 PM Gilbert Baron <w0mn00@...> wrote:

But are they really needed for Amateur Radio. How many years we lived without them.



Outlook Desktop Gil W0MN

Hierro Candente Batir de Repente

44.08226 N 92.51265 W EN34rb



From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Chuck Milam
Sent: Monday, October 15, 2018 16:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden



On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <@AA6YQ> wrote:

+ Applications that employ the internet must stay current with security standards.



Corollary: People who use the Internet must stay current with security standards.



---

Chuck Milam, N9KY

@chuckmilam

Gilbert Baron
 

YES for payments then HTTPS and even better 2 factor authentication but not for QSL logging. , I just do not think the minimal cheating avoidance is even close to worth the problems of the Public Key Cryptography used by LoTW, especially outside of highly developed countries.

Outlook Desktop Gil W0MN
Hierro Candente Batir de Repente
44.08226 N 92.51265 W EN34rb

-----Original Message-----
From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of iain macdonnell - N6ML
Sent: Monday, October 15, 2018 17:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

IMO, *YES*. LoTW requires you to authenticate over the internet with a password. Many people (hopefully) are diligent about not using the same password for services of varying sensitivity, but I'd be willing to bet that there are many who use the same password for LotW as for other things. The ARRL has a responsibility to maintain reasonable security levels. TLS is a ubiquitous standard for HTTP security - basically anything web-based. The ARRL must keep current with TLS standards.

73,

~iain / N6ML


On Mon, Oct 15, 2018 at 2:44 PM Gilbert Baron <w0mn00@...> wrote:

But are they really needed for Amateur Radio. How many years we lived without them.



Outlook Desktop Gil W0MN

Hierro Candente Batir de Repente

44.08226 N 92.51265 W EN34rb



From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Chuck
Milam
Sent: Monday, October 15, 2018 16:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden



On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <@AA6YQ> wrote:

+ Applications that employ the internet must stay current with security standards.



Corollary: People who use the Internet must stay current with security standards.



---

Chuck Milam, N9KY

@chuckmilam

iain macdonnell - N6ML
 

On Mon, Oct 15, 2018 at 3:43 PM Gilbert Baron <w0mn00@...> wrote:

YES for payments then HTTPS and even better 2 factor authentication but not for QSL logging. , I just do not think the minimal cheating avoidance is even close to worth the problems of the Public Key Cryptography used by LoTW, especially outside of highly developed countries.
You completely missed my point (about the responsibility to maintain
reasonable security levels for any service involving authentication
with a password over the internet, because passwords may or many not
be dedicated).

LoTW uses PKI in two different contexts:

1) For digitally signing QSOs records, which is intended to reasonably
authenticate the source of the data. We can argue for the rest of time
whether or not this is overkill for an online QSL system.

2) For basic security of the web-based service, using TLS. This is the
standard for *every web service*, *everywhere*.

The current discussion is about the latter. Let's not confuse it with
the former.

73,

~iain / N6ML



-----Original Message-----
From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of iain macdonnell - N6ML
Sent: Monday, October 15, 2018 17:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

IMO, *YES*. LoTW requires you to authenticate over the internet with a password. Many people (hopefully) are diligent about not using the same password for services of varying sensitivity, but I'd be willing to bet that there are many who use the same password for LotW as for other things. The ARRL has a responsibility to maintain reasonable security levels. TLS is a ubiquitous standard for HTTP security - basically anything web-based. The ARRL must keep current with TLS standards.

73,

~iain / N6ML


On Mon, Oct 15, 2018 at 2:44 PM Gilbert Baron <w0mn00@...> wrote:

But are they really needed for Amateur Radio. How many years we lived without them.



Outlook Desktop Gil W0MN

Hierro Candente Batir de Repente

44.08226 N 92.51265 W EN34rb



From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Chuck
Milam
Sent: Monday, October 15, 2018 16:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden



On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <@AA6YQ> wrote:

+ Applications that employ the internet must stay current with security standards.



Corollary: People who use the Internet must stay current with security standards.



---

Chuck Milam, N9KY

@chuckmilam






Dave AA6YQ
 

AA6YQ comments below

On Mon, Oct 15, 2018 at 03:52 PM, iain macdonnell - N6ML wrote:

1) For digitally signing QSOs records, which is intended to reasonably
authenticate the source of the data. We can argue for the rest of time
whether or not this is overkill for an online QSL system.

If the original LoTW designers had optimized for user convenience over authentication, and tens of thousands of bogus confirmations valid for DXCC were later found to have been silently inserted into the LoTW database over multiple years, everyone would then agree that LoTW's security was too weak. Unfortunately, DXCC and the other ARRL-sponsored awards would be considered dead by the many DXers for whom standings matter.

The risk of too little security is much greater than the risk of too much security. Had the original LoTW development team not been skeletal, more of the complexity associated with the current security implementation could have been hidden or automated away. There's still an opportunity to do some of that.

       73,

              Dave, AA6YQ

 

Monty
 

I am having the same issue with HRD Log.  This morning I attempted to download LOTW data to update my HRD Log.  It worked OK last night.

 

I understand the need for the security changes.  The programmers will need to work through the issues.

 

Meanwhile, anyone know of a work around?

 

John L. “Monty” Wilson, NR0A

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Bill
Sent: Monday, October 15, 2018 12:04 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

I have notified my vendor about this issue.

Hopefully it is an easy fix.

Bill
K2WH

roamer
 

In a word YES!

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Gilbert Baron
Sent: Monday, October 15, 2018 2:45 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

But are they really needed for Amateur Radio. How many years we lived without them.

 

Outlook Desktop Gil W0MN

Hierro Candente Batir de Repente

44.08226 N 92.51265 W EN34rb

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Chuck Milam
Sent: Monday, October 15, 2018 16:33
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

On Mon, Oct 15, 2018 at 4:10 PM Dave AA6YQ <aa6yq@...> wrote:

+ Applications that employ the internet must stay current with security standards.

 

 Corollary:  People who use the Internet must stay current with security standards.

 

---

Chuck Milam, N9KY

Rick Murphy
 

On Mon, Oct 15, 2018 at 10:17 PM Monty <jwilson16@...> wrote:

I am having the same issue with HRD Log.  This morning I attempted to download LOTW data to update my HRD Log.  It worked OK last night.

 

I understand the need for the security changes.  The programmers will need to work through the issues.

 

Meanwhile, anyone know of a work around?


There's probably some way to download your QSOs using a web browser and import them offline into HRD. 
I'd expect directions to do that to come from the HRD maintainers.
73,
    -Rick
 

 

John L. “Monty” Wilson, NR0A

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Bill
Sent: Monday, October 15, 2018 12:04 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

I have notified my vendor about this issue.

Hopefully it is an easy fix.

Bill
K2WH



--
Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA

Monty
 

Thanks….I found a solution.  Download the confirmation data from LOTW which save an ADIF file on my computer.  Then HRD Logbook has the capability to IMPORT a LOTW file.  That will work until HRD gets their security programming updated.  I did submit a ticket to HRD to let them know of the issue.

 

cheers

 

John L. “Monty” Wilson, NR0A

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Rick Murphy
Sent: Monday, October 15, 2018 9:47 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

On Mon, Oct 15, 2018 at 10:17 PM Monty <jwilson16@...> wrote:

I am having the same issue with HRD Log.  This morning I attempted to download LOTW data to update my HRD Log.  It worked OK last night.

 

I understand the need for the security changes.  The programmers will need to work through the issues.

 

Meanwhile, anyone know of a work around?

 

There's probably some way to download your QSOs using a web browser and import them offline into HRD. 

I'd expect directions to do that to come from the HRD maintainers.

73,

    -Rick

 

 

John L. “Monty” Wilson, NR0A

 

From: ARRL-LoTW@groups.io <ARRL-LoTW@groups.io> On Behalf Of Bill
Sent: Monday, October 15, 2018 12:04 PM
To: ARRL-LoTW@groups.io
Subject: Re: [ARRL-LoTW] Some Error all of a Sudden

 

I have notified my vendor about this issue.

Hopefully it is an easy fix.

Bill
K2WH


 

--

Rick Murphy, CISSP-ISSAP, K1MU/4, Annandale VA USA