Table of Contents
Trusted QSL FAQ
- Q. What is the difference between E-QSLs
A. A tQSL is just a special form of an E-QSL,
one signed by its creator with a public key digital signature.
- Q. What is wrong with
A. Nothing at all. The concept of a tQSL
does not exclude the participation by a logbook server such as eQSL.cc.
A tQSL adds a third party authentication protocol that replaces the
central server as the trusted authenticator.
- Q. Is a digital signature really that difficult
to forge, crack or break?
A. Yes, it's that difficult. The only attack
against a digital signature that is known to be successful requires
factoring a very large number. Factoring a large number is a time consuming
problem but, given enough computing power, it's not impossible. Factoring
100-digit numbers is easy with today's hardware and algorithms. The
challenge to factor a 155-digit (512 bit) number required 37.5 CPU-years
distributed across 292 computers and ultimately a supercomputer to solve.
Factoring numbers of more than 200 digits is not currently feasible.
The ANSI and NIST standards for digital signatures require a minimum
of a 303-digit (1024-bit) number.
- Q. Will a tQSL signed today continue to
be trustworthy as bigger and faster computers become available?
A. Extrapolations have been made based on
Moore's Law (computing power doubles every 18 months) and on the historical
progression of the largest number factored. Both approaches give similar
answers when applied to a digital signature created with today's standard
commercial key length of 303-digits (1024-bits): forging such a signature
will not be feasible for at least several decades to come. No one's
crystal ball is perfect. A mathematical breakthrough that results in
the discovery of a more efficient method for factoring large numbers
clearly would alter those predictions.
- Q. What is a private key?
A. A private key is just a very large number.
In itself, it has no special meaning.
- Q. What do I sign with my private key?
A. You sign tQSLs. You can send those tQSLs
directly to your peers, submit them to an awards sponsor and deposit
then in a central logbook server.
- Q. What is an identity certificate (cert)?
A. A cert contains the user's public key,
call sign and other information, plus the signature of a Certification
Authority (CA) endorsing the information contained in the cert.
- Q. What can I sign with my cert?
A. Nothing. Certs are only used for authenticating
signatures. You use your private key to sign tQSLs.
- Q. What is a Certification Authority (CA)?
A. A CA takes the user's information and
public key, verifies the information and endorses the information and
public key by signing them with the CA's private key creating a cert.
- Q. Who are the CAs?
A. Currently there aren't any CAs for tQSLs.
TrustedQSL will issue a "TEST" Certificate, but TrustedQSL
isn't going to be in the certificate business as a CA. The ARRL will
soon be issuing identity certificates for its "Logbook of the World"
- Q. Who grants CA status?
A. There's no official CA status. Any person
or group can act as a CA. It is up to the award sponsors who make a
policy decision to accept a CA as being trustworthy for their award
- Q. What is to stop an untrusted party
from becoming a CA?
A. Nothing, anyone can become a CA. An award
sponsor must decide to accept a CA before that CA has any trust for
their award program. .
- Q. What is the Public Key Infrastructure
A. A system of digital certificates, Certificate
Authorities, and other registration authorities that verify and authenticate
each party involved in an exchange of information.
- Q. What is the "trust model"?
A. The trust model forms one basis for classifying
different PKI architectures. A trust model defines the trusted relationships
and describes the "chain of trust" from a public key that
is known to be authentic through to a specific user's public key.
- Q. What happens if my cert gets stolen?
A. . It doesn't matter. It is public information
used to authenticate your signature. You can't do anything bad with
it. If there is any question about a certificate being authentic, it
can be authenticated with the CA's public key.
- Q. What happens if my secret key gets stolen?
A. This is a problem. You will need to contact
your CA to have them revoke it.
- Q. Why is signing is so slow?
A. Computing a digital signature involves
the exponentiation of very large numbers. That is a very CPU intensive
calculation that takes some time even with a fast processor. A private
key operation such as signing requires performing several million operations
per signature for a standard 1024-bit key. A somewhat less than bleeding
edge machine such as an 800 MHz Pentium III is capable of generating
25-100 signatures per second.
- Q. . If digital signatures and certs are so
complex why force them on users?
A. Digital signatures are an enabling technology.
The authentication protocol provided by digital signatures keeps the
E-QSL process "open" to participation by third parties. The
most complex issue that a user has to deal with is the initial verification
of identity. Were a central server model to be used, the initial process
of identity verification would remain the same.
- Q. If just a password is good enough to
secure Internet banking, trading stocks, online shopping, paying taxes,
etc., then why isn't a password sufficient for tQSLs?
A. Well, there's a whole lot more at work behind
the scenes in securing the typical e-commerce transaction than "just
a password." In fact, an integral part of the behind the scenes
action involves the same identity certificates and digital signatures
used in TrustedQSL. There's absolutely no reason why tQSL implementations
cannot be as equally transparent, appearing to the user to be no more
complicated than "just a password."
- Q. Why do I need anything more than a user-id
and password to log into a server and exchange tQSLs?
A. While you can login into a server and
exchange tQSLs, you don't have to. A user-id and secret password are
a way of authenticating a connection such as a login session. However,
an authenticated, trustworthy connection is not necessary for sending
and receiving tQSLs. It's the tQSLs themselves that are trustworthy,
not the connection. That's why an inherently "untrustworthy"
transport mechanism such as e-mail can be used to exchange tQSLs or
to "upload" tQSLs to an award sponsor. If the server you frequent
requires the use of a user-id and password, it's not because of tQSLs.
- Q. I heard that the verification of my
identity by a CA is going to involve paper. Heaven forbid! Why such
a slow and onerous process?
A. The trustworthiness of a tQSL ultimately
traces back to the identity verification performed by the CA. The effort
expended in making sure that identification is made correctly is time
well spent. To complete the initial verification process a tQSL CA must
exchange some information with the user via a "trustworthy"
channel. A commonly used trusted channel is the postal mail.
- Q. Can't the initial enrollment with a
CA be performed entirely online?
A. It can't, not entirely. The enrollment
process can be initiated online. However, a totally online enrollment
process would be readily spoofed and not trustworthy.
- Q. I've enrolled in the Internet service
of the XYZ Company entirely online, no postcard required. Why can't
a TrustedQSL CA employ an all-electronic enrollment like a real business
A. In the enrollment process for that service
you likely provided some "personal secret" that verifies your
identity. Such "secrets" might be a credit card number, an
account number, SSN, PIN, etc. None of those are suitable for use by
a TrustedQSL CA.
- Q. Why must TrustedQSL be more secure then say,
A. QSL'ing doesn't need to be more secure than
online shopping. Moreover, TrustedQSL isn't. As just one example, e-commerce
transactions such as online purchases are routinely conducted over an
encrypted link in order to prevent eavesdropping. tQSLs contain no sensitive
or secret information. So there's no need to be employing security measures
such as encryption in tQSLs.
- Q. Why do I need an identity certificate for
QSLs when I don't need one to transact business online, to shop at Amazon.com
A. Correct, you don't need an identity certificate
in order to shop at Amazon. However, it is true that every time you
shop at Amazon your computer receives an identity certificate and authenticates
a digital signature. Whenever you log onto a secure e-commerce site
such as Amazon, the secure server sends a copy of its identify certificate
and a digital signature to your computer. Together, the cert and signature
prove that you're really connected to a computer that, in this example,
is a bona fide reresentative of Jeff Bezos' company. In part this proof
is meant to reassure you that an impostor out to steal your credit card
number or drain your bank account has not spoofed the connection. TrustedQSL
employs the same public key digital signature technology that you've
used when making online purchases, most likely without ever being aware
that you were using it. The crucial difference is that in e-commerce
the digital signature is used to authenticate a live connection. In
TrustedQSL'ing the digital signature is used to create an archival electronic
document, a tQSL, which can be authenticated at any future date.
- Q. Why do I need an identity certificate
to prove my identity?
A. You don't need a certificate to prove
your identity. That's not how the identity certificate is used in the
TrustedQSL process. The identity certificate is created so others can
use it to verify that a tQSL that says it is from your station is authentic.
- Q. Why does the CA send me a copy of the
identity certificate if I don't need to use it?
A. For convenience and on general principles,
it is after all your public key and your information. Standard practice
has the sender include a copy of all the certificates in his "chain
of trust" along with his tQSLs. This is a courtesy to the recipient
and expedites authentication. An alternative approach would be for the
CA to keep your certificate, publish it in the CA's online directory
and have the recipient of your tQSLs look up your certificate online.
- Q. What else can I do with a copy of my
A. You can save your identity certificate
along with your private key in a standard portable format (PKCS#12).
The PKCS#12 file can be read by a variety of standard applications such
as e-mail programs and Internet browsers. This will allow using your
private key to sign e-mail messages that you exchange with other amateurs.
And other amateurs can authenticate e-mail claiming to be from you as
coming from the real WA1XYZ.
- Q. Who will accept my identity certificate?
A. TrustedQSL's goal is for your identity
certificate to be accepted by other hams and by award sponsors. The
broader, non-amateur radio community who have chains of trust originating
in commercial CAs or national PTTs are unlikely to accept an identity
certificate for WA1XYZ as being trustworthy.
- Q. Why should I bother to digitally sign
A. In the Spirit of Ham Radio one signs
tQSLs so that your fellow hams can receive award credit for contacts
they've made with you. Signing your tQSLs permits those who do care
about such things, award sponsors being the prime example, to authenticate
that the WA1XYZ tQSLs received from an unauthenticated intermediary
did indeed originate with you, the real WA1XYZ and not some impostor.
- Q. Who's an "unauthenticated intermediary?"
A. It can be any third party. Digital signatures
permit the paradigm to shift away from security and authentication via
records kept on central servers towards individual documents that can
be authenticated. Just as with traditional paper QSLs, third parties
are free to handle, store and forward tQSLs. It is of no concern through
which hands, such as logbook servers, a tQSL may have passed prior to
its being presented to an award sponsor.
- Q. Can paper QSL cards have a digital
A. Yes. It can be done with a bar code printed
on the card. The information on the paper card can then be authenticated
just like a tQSL.
- Q. Do I need to be connected to the Internet
to sign tQSLs?
A. No, tQSLs can be signed and sent by any
means. Including but not limited to e-mail, packet radio, floppy disk,
CD, even paper QSL cards.
- Q. Do I need to be connected to the Internet
to validate tQSLs?
A. No, you just need a trusted means to
obtain the CAs public key.
- Q. What is Open Source?
A. Open Source is a concept in which the
copyright holder wishes that the source code be accessible for anyone
- Q. Why is Open Source important to TrustedQSL?
A. For tQSLs to become a standard, then nothing
should keep software authors from providing support for the standard.
One way to encourage this is to make the source code freely available.
- Q. Your efforts duplicate commercial products.
Products such as Adobe Acrobat, while not free, offer digital signatures
with non-repudiation today.
A. TrustedQSL is an open source implementation.
The protocols adopted for tQSLs are the open standards supported by
Microsoft, Netscape, Verisign, Adobe et al. in their products.
- Q. A trusted system is also highly secure,
A. There's a publication called the US Department
of Defense Trusted Computer System Evaluation Criteria, commonly known
as the Orange Book. Although originally written for military systems,
the security classifications are now broadly used within the computer
industry; terms such as C2, B1 and A1 originate in the Orange Book.
Yes, a DoD trusted system is very secure. However, the only way in which
the "trusted systems" described in the Orange Book are related
to TrustedQSL is by the rather inopportune similarity of their names.
- Q. Does TrustedQSL rely upon exotic cryptographic
A. No, nothing particularly exotic. TrustedQSL
incorporates industry standard algorithms for creating and authenticating
digital signatures. Support for these standard algorithms can already
be found in most e-mail programs and Internet browsers.
- Q. Doesn't TrustedQSL involve such sophisticated
encryption techniques that it could never be exported outside the USA?
A. Absolutely not. The Bureau of Industry
and Security (BIS) in the U.S. Department of Commerce administers export
controls on commercial encryption
Export Administration Regulations (EAR) exempt from notification
and review prior to export all "encryption items" having limited
cryptographic functionality. Limited functionality is all that's required
for TrustedQSL: generation and authentication of digital signatures.
Such items may be exported without a license to any destination except
the seven nations designated by the U.S. State Department as "terrorist
supporting" states. Note that the export of any software to five
of the "T-7" nations to which digital signature software would
be controlled is subject to comprehensive embargoes administered by
the U.S. Treasury Department's Office
of Foreign Assets Control.
- Q. How about other countries, are there places
where the importation or use of digital signature software is controlled?
A. Possibly. With over 200 countries and territories
having independent policy-making authority over the import,
export and use of software containing cryptographic functions, it's
difficult to know the answer with complete certainty. And one needs
to be sure to ask the right question, as authentication cryptography
that is not used for confidentiality purposes is often exempt from controls
imposed on more general-purpose encryption software.
- Q. Do we really need to be using military grade
security for QSLs?
A. Look, there's nothing at all like "military
grade" security here. tQSLs are not secure; tQSLs are trustworthy
because they can be authenticated. It's a fundamental difference. And
it's not "military grade" authentication; tQSLs employ the
same commercial grade authentication protocols that virtually every
e-commerce site on the Web uses.
- Q. Isn't the public key algorithm that's used
for digital signatures patented?
A. Not any more. A public key algorithm
commonly used for digital signatures is known as RSA (Rivest-Shamir-Adelman).
The RSA algorithm was patented in the USA (Patent No. 4,405,829).
However, the patent expired on 20 September 2000.
- Q. The system you describe is open to fraud, in
that a group of users could conspire.
A. Sure, that could happen. As it could with
paper QSL cards. Any system will not be perfect. Just ask Verisign and
- Q. Will ARRL and other award sponsors accept
A. TrustedQSL has been selected as the authentication
protocol for the ARRL's "Logbook of the World" (LOTW) project.
Matching pairs of tQSLs will be acceptable for DXCC credit if both are
submitted to LOTW. The ARRL has stated its goal of eventually expanding
LOTW from just the DXCC program to include their other awards programs
(WAS, VUCC). The RSGB (IOTA) is awaiting an E-QSL system based on public
key cryptography to emerge. One could easily imagine the RSGB and other
awards sponsors such as CQ Magazine (WAZ, WPX, USA-CA) will be watching
the ARRL's experience with LOTW.
- Q. What type of service does TrustedQSL.org
A. TrustedQSL.org doesn't really offer any
services. We provide information about TrustedQSL systems, Open Standards
and Open Source tools.
- Q. Why should we trust TrustedQSL.org?
A. There is no need to trust TrustedQSL.org.
We're not a CA. We're just advocating adoption of an open standard based
on public key signatures and providing open source tools.
- Q. How did TrustedQSL get its name?
A. What's in a name? In coming up with a
name the originators of TrustedQSL were thinking in terms of trust conveyed
by a digital signature, as in "the trust model." How a QSL
would be trustworthy if it carried a signature that could be authenticated.
- Q. You guys are doing some cool stuff.
Can I be apart of it?
A. Sure, join the TrustedQSL reflector
and let us know.