19. Q. Who are the CAs?
A. Currently there aren’t any CAs for tQSLs. TrustedQSL will issue a “TEST” Certificate, but TrustedQSL isn’t going to be in the certificate business as a CA. The ARRL will soon be issuing identity certificates for its “Logbook of the World” program.
21. Q. Who grants CA status?
A. There’s no official CA status. Any person or group can act as a CA. It is up to the award sponsors who make a policy decision to accept a CA as being trustworthy for their award program.
23. Q. What is to stop an untrusted party from becoming a CA?
A. Nothing, anyone can become a CA. An award sponsor must decide to accept a CA before that CA has any trust for their award program. .
25. Q. What is the Public Key Infrastructure (PKI)?
A. A system of digital certificates, Certificate Authorities, and other registration authorities that verify and authenticate each party involved in an exchange of information.
27. Q. What is the “trust model”?
A. The trust model forms one basis for classifying different PKI architectures. A trust model defines the trusted relationships and describes the “chain of trust” from a public key that is known to be authentic through to a specific user’s public key.
29. Q. What happens if my cert gets stolen?
A. . It doesn’t matter. It is public information used to authenticate your signature. You can’t do anything bad with it. If there is any question about a certificate being authentic, it can be authenticated with the CA’s public key.
31. Q. What happens if my secret key gets stolen?
A. This is a problem. You will need to contact your CA to have them revoke it.
33. Q. Why is signing is so slow? A. Computing a digital signature involves the exponentiation of very large numbers. That is a very CPU intensive calculation that takes some time even with a fast processor. A private key operation such as signing requires performing several million operations per signature for a standard 1024-bit key. A somewhat less than bleeding edge machine such as an 800 MHz Pentium III is capable of generating 25-100 signatures per second.
35. Q. . If digital signatures and certs are so complex why force them on users? A. Digital signatures are an enabling technology. The authentication protocol provided by digital signatures keeps the E-QSL process “open” to participation by third parties. The most complex issue that a user has to deal with is the initial verification of identity. Were a central server model to be used, the initial process of identity verification would remain the same.
37. Q. If just a password is good enough to secure Internet banking, trading stocks, online shopping, paying taxes, etc., then why isn’t a password sufficient for tQSLs? A. Well, there’s a whole lot more at work behind the scenes in securing the typical e-commerce transaction than “just a password.” In fact, an integral part of the behind the scenes action involves the same identity certificates and digital signatures used in TrustedQSL. There’s absolutely no reason why tQSL implementations cannot be as equally transparent, appearing to the user to be no more complicated than “just a password.”
19. Q. Who are the CAs?