Bill writes,
> If the LoTW security method is better, why don't the banks use it?
>
> Conversely, if the bank's security method is both simpler and
> adequate, why doesn't LoTW use it?
Bill, you still don't understand ... they are the same method. The
only difference is where the user certificate resides.
Just today I was working on a new e-commerce site. The process to
get an SSL certificate and install it (in order to be able to
process credit card transactions) is identical to the LotW set-up.
1) the applicant has to "prove" who he is
2) the certificate issuing "authority" has to investigate the
applicant and confirm the applicant is who he says he is
(and, in some cases, do a through credit and background check)
3) the applicant needs to provide specific information on the
server to be certified (the one on which the certificate will
be installed)
4) the certificates have to be generated
5) the certificate must be installed
6) the system must be tested and certified
At this point, YOU can log in and generate a credit card transaction
(or in the case of a bank/brokerage conduct your business). You
prove to me that you're who you say you are when I process your
credit card number and security ID and the gateway returns an
authorization code ... I need to prove to the card processor that
I am who I say I am by having that SSL certificate installed and
encrypting (or signing) the data.
Again, the security and authentication for LotW is no different
than all the other banking, e-commerce and secure database sites.
If you have well written logging software, the process is completely
transparent once the LotW certificate is issued,
Could LotW have been designed to accept an unsigned ADIF upload
if you were logged into an https:// server? Probably. However,
by placing the certificate on the user's computer and using it
to "sign" the ADIF before uploading, you now don't even need
to log in to upload data ... a DX station without access to the
internet can sign an ADIF file and put it on a disk for someone
else to upload or e-mail (snail mail to a QSL manager).
The current system is actually MORE flexible and MORE user-
friendly than the typical bank/broker or other e-commerce site.
What you see with your bank/broker is equivalent to entering
one QSO at a time with LotW.
73,
... Joe, W4TV
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|