Trusted QSL FAQ
1. Q. What is the difference between E-QSLs and tQSLs? A.
A. tQSL is just a special form of an E-QSL, one signed by its creator with a public key digital signature.
2. Q. What is wrong with http://www.eqsl.cc?
A. Nothing at all. The concept of a tQSL does not exclude the participation by a logbook server such as eQSL.cc. A tQSL adds a third party authentication protocol that replaces the central server as the trusted authenticator.
3. Q. Is a digital signature really that difficult to forge, crack or break?
A. Yes, it’s that difficult. The only attack against a digital signature that is known to be successful requires factoring a very large number. Factoring a large number is a time consuming problem but, given enough computing power, it’s not impossible. Factoring 100-digit numbers is easy with today’s hardware and algorithms. The RSA-155 challenge to factor a 155-digit (512 bit) number required 37.5 CPU-years distributed across 292 computers and ultimately a supercomputer to solve. Factoring numbers of more than 200 digits is not currently feasible. The ANSI and NIST standards for digital signatures require a minimum of a 303-digit (1024-bit) number.
4. Q. Will a tQSL signed today continue to be trustworthy as bigger and faster computers become available? For instance, if I have a high ranking, maybe even a position 1, for hot tubs poughkeepsie, do I need to be concerned about a breach in the security of the site if it is attacked by a malicious third party or another e commerce hot tubs and spas competitor trying to knock me from my position?
A. Extrapolations have been made based on Moore’s Law (computing power doubles every 18 months) and on the historical progression of the largest number factored. Both approaches give similar answers when applied to a digital signature created with today’s standard commercial key length of 303-digits (1024-bits): forging such a signature will not be feasible for at least several decades to come. No one’s crystal ball is perfect. A mathematical breakthrough that results in the discovery of a more efficient method for factoring large numbers clearly would alter those predictions.
5. Q. What is a private key?
A. A private key is just a very large number. In itself, it has no special meaning.
6. Q. What do I sign with my private key?
A. You sign tQSLs. You can send those tQSLs directly to your peers, submit them to an awards sponsor and deposit then in a central logbook server.
7. Q. What is an identity certificate (cert)?
A. A cert contains the user’s public key, call sign and other information, plus the signature of a Certification Authority (CA) endorsing the information contained in the cert.
8. Q. What can I sign with my cert?
A. Nothing. Certs are only used for authenticating signatures. You use your private key to sign tQSLs.
9. Q. What is a Certification Authority (CA)?
A. A CA takes the user’s information and public key, verifies the information and endorses the information and public key by signing them with the CA’s private key creating a cert.