65. Q. Do I need to be connected to the Internet to sign tQSLs?
A. No, tQSLs can be signed and sent by any means. Including but not limited to e-mail, packet radio, floppy disk, CD, even paper QSL cards.
67. Q. Do I need to be connected to the Internet to validate tQSLs?
A. No, you just need a trusted means to obtain the CAs public key.
69. Q. What is Open Source?
A. Open Source is a concept in which the copyright holder wishes that the source code be accessible for anyone to use.
71. Q. Why is Open Source important to TrustedQSL?
A. For tQSLs to become a standard, then nothing should keep software authors from providing support for the standard. One way to encourage this is to make the source code freely available.
73. Q. Your efforts duplicate commercial products. Products such as Adobe Acrobat, while not free, offer digital signatures with non-repudiation today.
A. TrustedQSL is an open source implementation. The protocols adopted for tQSLs are the open standards supported by Microsoft, Netscape, Verisign, Adobe et al. in their products.
75. Q. A trusted system is also highly secure, isn’t it?
A. There’s a publication called the US Department of Defense Trusted Computer System Evaluation Criteria, commonly known as the Orange Book. Although originally written for military systems, the security classifications are now broadly used within the computer industry; terms such as C2, B1 and A1 originate in the Orange Book. Yes, a DoD trusted system is very secure. However, the only way in which the “trusted systems” described in the Orange Book are related to TrustedQSL is by the rather inopportune similarity of their names.
77. Q. Does TrustedQSL rely upon exotic cryptographic algorithms?
A. No, nothing particularly exotic. TrustedQSL incorporates industry standard algorithms for creating and authenticating digital signatures. Support for these standard algorithms can already be found in most e-mail programs and Internet browsers.
79. Q. Doesn’t TrustedQSL involve such sophisticated encryption techniques that it could never be exported outside the USA?
A. Absolutely not. The Bureau of Industry and Security (BIS) in the U.S. Department of Commerce administers export controls on commercial encryption products. The Export Administration Regulations (EAR) exempt from notification and review prior to export all “encryption items” having limited cryptographic functionality. Limited functionality is all that’s required for TrustedQSL: generation and authentication of digital signatures. Such items may be exported without a license to any destination except the seven nations designated by the U.S. State Department as “terrorist supporting” states. Note that the export of any software to five of the “T-7” nations to which digital signature software would be controlled is subject to comprehensive embargoes administered by the U.S. Treasury Department’s Office of Foreign Assets Control.
81. Q. How about other countries, are there places where the importation or use of digital signature software is controlled?
A. Possibly. With over 200 countries and territories having independent policy-making authority over the import, export and use of software containing cryptographic functions, it’s difficult to know the answer with complete certainty. And one needs to be sure to ask the right question, as authentication cryptography that is not used for confidentiality purposes is often exempt from controls imposed on more general-purpose encryption software.
83. Q. Do we really need to be using military grade security for QSLs?
A. Look, there’s nothing at all like “military grade” security here. tQSLs are not secure; tQSLs are trustworthy because they can be authenticated. It’s a fundamental difference. And it’s not “military grade” authentication; tQSLs employ the same commercial grade authentication protocols that virtually every e-commerce site on the Web uses.
85. Q. Isn’t the public key algorithm that’s used for digital signatures patented?
A. Not any more. A public key algorithm commonly used for digital signatures is known as RSA (Rivest-Shamir-Adelman). The RSA algorithm was patented in the USA (Patent No. 4,405,829). However, the patent expired on 20 September 2000.
87. Q. The system you describe is open to fraud, in that a group of users could conspire.
A. Sure, that could happen. As it could with paper QSL cards. Any system will not be perfect. Just ask Verisign and Microsoft.
89. Q. Will ARRL and other award sponsors accept tQSLs?
A. TrustedQSL has been selected as the authentication protocol for the ARRL’s “Logbook of the World” (LOTW) project. Matching pairs of tQSLs will be acceptable for DXCC credit if both are submitted to LOTW. The ARRL has stated its goal of eventually expanding LOTW from just the DXCC program to include their other awards programs (WAS, VUCC). The RSGB (IOTA) is awaiting an E-QSL system based on public key cryptography to emerge. One could easily imagine the RSGB and other awards sponsors such as CQ Magazine (WAZ, WPX, USA-CA) will be watching the ARRL’s experience with LOTW.
91. Q. What type of service does TrustedQSL.org offer?
A. TrustedQSL.org doesn’t really offer any services. We provide information about TrustedQSL systems, Open Standards and Open Source tools.
93. Q. Why should we trust TrustedQSL.org?
A. There is no need to trust TrustedQSL.org. We’re not a CA. We’re just advocating adoption of an open standard based on public key signatures and providing open source tools.
95. Q. How did TrustedQSL get its name?
A. What’s in a name? In coming up with a name the originators of TrustedQSL were thinking in terms of trust conveyed by a digital signature, as in “the trust model.” How a QSL would be trustworthy if it carried a signature that could be authenticated.
97. Q. You guys are doing some cool stuff. Can I be apart of it?
A. Sure, join the TrustedQSL reflector and let us know.