eQSL Article
  eQSL - Do eQSLs need Digital Signatures and Public Keys?
The Practice Exam with Memory
 

[Login] [Register]



Tuesday, November 5, 2024 06:53 UTC
Callsign:
Questions? Problems?

FAQ
Contact Us


MFJ Enterprises
MFJ Enterprises
Welcome New User
JA5ICH/P
Kazuo Nakai from JAPAN
Site News
| The SilverPlus membership is the BEST DEAL today! You get Audible eQSLs,... (more)
Last Heard
20M: EA7CB, XT2MD, more...
Latest eAwards
Most eAwards: F6ECI,EA3ZD,ZL1BQD,S55DX,G0BLB...
eAwardCallsignDate
5BeDX100tm K2DSW Oct 06
5BeWACtm W5TTW Oct 28
5BeWAStm KD9S Nov 02
eAfricatm KD2UBG Nov 04
eAntarcticatm CX6TU Oct 31
eAsiatm KD2UBG Nov 04
eAustraliatm OE8HOQ Nov 05
eCanadatm N7WET Nov 04
eDXtm EA3IXE Nov 04
eDX100tm ZL1VAH Nov 05
eEchoLinktm M3FGR Dec 21
eEuropetm KL7TC Nov 04
eFROMtm CX6TU Oct 31
eGridtm VK2AEV Nov 04
eJapantm DD0VE Nov 04
eNAmericatm HB9CAL Nov 04
eNZtm HA5WA Aug 16
eOceaniatm KL7TC Nov 04
ePFX300tm G4ZYY Nov 04
eSAmericatm K6NCC Nov 04
eSatellitetm HJ5LVR Oct 30
eUKtm WB0YLE Nov 05
eWACtm JK4JMO Nov 04
eWACHonorstm DK2CC Oct 29
eWAStm KG4SYK Nov 03
eZ40tm LU8VLE Nov 03

Power Users: AA3B,N2BJ,N3RS...
Latest Authenticity Guaranteed
MFJ Enterprises
MFJ Enterprises
Community
Charter Members: AF4LL,DH1LL,G3PGA...
Earliest QSOs in the database
Some of our members' ancient QSL card collections!
Advertising Opportunities
If you have a ham radio oriented business, take a look at our advertising opportunities!
Amateur Radio Products
Shop Online for amateur radio books and other items! More...
Zip Codes - Free zip code lookup and zip code database download.

Do eQSLs need Digital Signatures and Public Keys?

by Dave Morris, N5UP, Founder and Webmaster, eQSL.cc March 15, 2001

(This topic has the potential to make your eyes glaze over, but I'll try to keep you awake!) There has been quite a bit of discussion and confusion about whether or not eQSLs are secure, and whether or not someone needs to add encryption or digital signatures or public keys or some other kind of security to them. Unless you are familiar with these technologies, it can seem overwhelming.

Let's start with a comparison of 2 very different concepts of how to handle eQSLs.


Figure 1 illustrates one method, which I call "Peer-to-peer E-mail eQSLs". You can find a sprinkling of web sites that promote this type of eQSL, but you will never find more than a handful of people using them. Why? That will become immediately apparent when you study the diagram, because there is no one organization with a vested interest in accumulating a large user base.

Notice that each ham must create his own QSL card design using any software package he wants to. He then looks up the e-mail address of each ham he wants to send a card to, and e-mails the QSL out. Some form of authentication is required to make sure that when an e-mail arrives saying it is from JohnSmith@hotmail.com, that we can verify that the sender really was JohnSmith@hotmail.com, and not some hacker who is generating bogus e-mails. For instance, that function could be performed by a worldwide digital signature server such as is available through ZixMail. However, you still do not know that JohnSmith@hotmail.com is really John Smith, the licensed amateur radio operator.

Problems:

  1. You have to look up every e-mail address before you can send the QSL card;
  2. Recipients have to figure out how to store each and every QSL card they receive in e-mail;
  3. Since each sender makes up his own cards using whatever graphics technology he wants to, if there are problems displaying or printing the cards, the recipient has to work the problems out with each and every sender individually;
  4. After the card has been printed, it loses its ability to be verified - thus, anybody with a copier and an eraser can change the card, and nobody can verify its authenticity;
  5. If you implement a system that allows authentication for an indefinite period of time after receipt, then you have to purchase and install special software to do that;
  6. Somebody still has to authenticate that each person who sends an e-mail is the authorized holder of that licensed callsign;
  7. Every user of the system must learn how to use PGP or ZixMail or some other public key system. These are either so complicated to use that nobody uses them (PGP), or they cost money (ZixMail).


Figure 2 illustrates the patent-pending method used at eQSL.cc which I call a "Global Logbook and Central eQSL Processor". It is a centralized system where all of the computing power is stored at the center, and the users have thin clients (browsers) with which they create, post, and retrieve their cards when they wish to display or print them. In this configuration, nobody has to look up any e-mail addresses. Nobody has to purchase graphics software. Nobody has to purchase or learn how to use cryptographic software.

Through a series of different security measures, the Central Processor determines and guarantees that a particular user is in fact the license-holder of a particular callsign, and uses common "UserID and Password" techniques to maintain the integrity of that guarantee.

Advantages:

  1. Cards can be verified even after printing by looking them up in the Global Logbook;
  2. E-mail addresses come and go, but the users do not need to keep up with them;
  3. All graphics are produced using common technology, assuring that the widest possible viewership can display and print them;
  4. Users do not need to purchase graphics software;
  5. Users do not need to install any special software other than a browser;
  6. Users do not need to learn how to use digital signatures, public keys, or cryptographic software;
  7. Ham organizations can create their own awards programs and contests, and can use the Global Logbook to verify QSOs instead of having to handle paper QSL cards in the mail;
  8. Users have a single point of contact to resolve any problems in making eQSLs work;

While the Peer-to-Peer E-Mail eQSL concept has been tried in the past, it simply poses too many obstacles to widespread use. It is more complicated, less organized, and eQSLs cannot be validated after they have been printed. We believe it is for this reason that eQSL.cc has received the huge groundswell of support, with the total card count in our database doubling roughly every 6 weeks.

So, do eQSLs need digital signatures and public keys? The answer is, if one uses our eQSL system, no! The security is already implemented in a combination of inspection of license images, UserID/Password security, and after-printing verification against our database. Anything else just adds complexity for no apparent benefit.

Permission granted to reprint this article in whole or in part. Please send an e-mail to Support1@eqsl.cc to notify us if you do so.


ABOUT eQSL.cc
©Copyright 1998-2024 Electronic QSL Card Centre, a division of Air Wave Productions, LLC
eQSL® is a registered trademark belonging to Air Wave Productions, LLC
We participate in paid affiliate programs with eBay, Amazon, Fiverr, and others
Read the full Notice of Copyrights, Trademarks, and Liability Limitations for this site
Current System Time: 06:53:39 UTC - Server Zorak 10 (NEW!) - Run time: 0 seconds