39. Q. Why do I need anything more than a user-id and password to log into a server and exchange tQSLs?
A. While you can login into a server and exchange tQSLs, you don’t have to. A user-id and secret password are a way of authenticating a connection such as a login session. However, an authenticated, trustworthy connection is not necessary for sending and receiving tQSLs. It’s the tQSLs themselves that are trustworthy, not the connection. That’s why an inherently “untrustworthy” transport mechanism such as e-mail can be used to exchange tQSLs or to “upload” tQSLs to an award sponsor. If the server you frequent requires the use of a user-id and password, it’s not because of tQSLs.
41. Q. I heard that the verification of my identity by a CA is going to involve paper. Heaven forbid! Why such a slow and onerous process?
A. The trustworthiness of a tQSL ultimately traces back to the identity verification performed by the CA. The effort expended in making sure that identification is made correctly is time well spent. To complete the initial verification process a tQSL CA must exchange some information with the user via a “trustworthy” channel. A commonly used trusted channel is the postal mail.
43. Q. Can’t the initial enrollment with a CA be performed entirely online?
A. It can’t, not entirely. The enrollment process can be initiated online. However, a totally online enrollment process would be readily spoofed and not trustworthy.
45. Q. I’ve enrolled in the Internet service of the XYZ Company entirely online, no postcard required. Why can’t a TrustedQSL CA employ an all-electronic enrollment like a real business does?
A. In the enrollment process for that service you likely provided some “personal secret” that verifies your identity. Such “secrets” might be a credit card number, an account number, SSN, PIN, etc. None of those are suitable for use by a TrustedQSL CA.
47. Q. Why must TrustedQSL be more secure then say, online shopping?
A. QSL’ing doesn’t need to be more secure than online shopping. Moreover, TrustedQSL isn’t. As just one example, e-commerce transactions such as online purchases are routinely conducted over an encrypted link in order to prevent eavesdropping. tQSLs contain no sensitive or secret information. So there’s no need to be employing security measures such as encryption in tQSLs.
49. Q. Why do I need an identity certificate for QSLs when I don’t need one to transact business online, to shop at Amazon.com for example?
A. Correct, you don’t need an identity certificate in order to shop at Amazon. However, it is true that every time you shop at Amazon your computer receives an identity certificate and authenticates a digital signature. Whenever you log onto a secure e-commerce site such as Amazon, the secure server sends a copy of its identify certificate and a digital signature to your computer. Together, the cert and signature prove that you’re really connected to a computer that, in this example, is a bona fide reresentative of Jeff Bezos’ company. In part this proof is meant to reassure you that an impostor out to steal your credit card number or drain your bank account has not spoofed the connection. TrustedQSL employs the same public key digital signature technology that you’ve used when making online purchases, most likely without ever being aware that you were using it. The crucial difference is that in e-commerce the digital signature is used to authenticate a live connection. In TrustedQSL’ing the digital signature is used to create an archival electronic document, a tQSL, which can be authenticated at any future date.

Leave a Reply

Your email address will not be published. Required fields are marked *