Re: difficulty with LOTW upload

Gene W3UA
 

It all goes to the authentication of the applicant. These days anyone can fake any electronic image, and send it from any fake e-mail address. Amazon and e-bay verify you through relying on the credit card issuer; medical appointment also can not be faked -- it's YOU who will be treated at the end of the day. But how LOTW would know, that some stranger is indeed the operator of that sacred Mount Athos station? LOTW system was built around PKI (Public Key Infrastructure), and initially was designed pretty secure (and thus hardly useable). Strong PKI expects that your private key is in YOUR possession, and can not be stolen. Apparently, ham radio world can not accept this level of security (who actually is willing to carry a smartcard, and connect it to your computer using a reader?). So, they allowed to store the private key on the computer... but they at least try to issue these private keys (which that call "certificates" -- I would not go into cryptographic details here). Long story short -- the verification procedure established by LoTW is not perfect, not very secure, but reasonable. If one wants LoTW services -- follow their rules. If you don't like their rules -- don't use them. eQSL uses less secure verification procedure -- that's why some don't like it and don't use it. The same is true with other services. Take hamlogs.net for example. If you don't use WWPass to log there -- you will not be able to upload your logs, but you can still get many "participation type" awards in PDF format just entering your (or somebody else's) call. Soon there will be new services (like real-time contest scoring) which would require serious verification to protect participants from hackers -- if you don't like it, then your score would not be considered valid in certain future contests. If you don't like it -- fine, just don't take part in these contests, but please, do not complain.
Sorry for this apparent off-topic, but I think it's relevant to logging because when you are going from local storage of your QSO data to some private resources, and these resources have specific requirements regarding information integrity, you should either consider these requirements or don't use these services. Another option -- contact the resource owners and discuss possible enhancements. They may listen to you, may not. But trust me, in most cases they spent a lot of time designing their systems, and usually have good reason to do what they do.
73 Gene W3UA

Join DXLab@groups.io to automatically receive all group messages.