Subject: [TrustedQSL] Development Status
Date: Wed, 13 Mar 2002 10:53:46 -0500
From: "Simcik, Mark WA1VVB"


Hello TrustedQSL Forum,

This response is to Dave, AA6YQ and the rest of the group.

I had hoped that the press releases would satisfy your concerns. However, I will add a few more details...

In 2001, as of November, we had completed the formal design of LoTW Server. Realize that, when the board ratified the project in 2001-June, the design at that time was very conceptual -- more of a "what will the system do" proposal. By November, we had more of the "how will it do it" decided and documented. We also used that time span to investigate the operating system platform, database toolsets, development environments, security toolsets, server hardware and to realize some preliminary performance estimates that all would refine the design and operational goals. Everything looks good.

2001-December saw the beginning of the security policy and the implementation of the X.509 certificate chain of authority. This all comes from the server side and helps greatly to define what the client side needs to do. By the end of 2002-January, all of this was working very nicely on my test platform. With the certificates properly extended for ARRL LoTW, again everything continues to perform properly. Some of our formal designs involving client (user) functionality were also released to the client developers.

2001-February saw the first database structures implemented to store and retrieve the certificates and related data to begin the core of the server. This work continues into 2002-March. February also saw the release of the security chain to Darryl, WA1GON, for the client side to support the implementation of it's library.

The immediate future... With the database in place, we will then develop the interfaces for the administrators of LoTW. Then system testing will commence.

The Logbook of the World is a large database project. It is very complicated and requires strict attention to security from end-to-end (read: not even the administrators can violate the intrinsic security of this system). It will, via strong encryption, provide digital proof that two authorized people have confirmed a proper QSL. This system runs at the same level as your banking transactions do from bank-to-bank. The Amateur Radio Operators ultimately have secure control of their QSOs.

I have been involved in the design and implementation of monetary systems at the commercial level, moving millions of dollars around the country and the world each day. I can assure you that this system is being implemented efficiently and according to the state of the art in digital security. This is what the awards community demands; we are delivering it (though at a fraction of the cost of an equivalent commercial system -- and a fraction of the time, too!).

So far, the project has progressed without a hitch. Be mindful that this is careful, tedious, pioneering work on a novel system. 100% of my time is dedicated to this project. Jon Bloom continues to develop for both the ARRL Website and LoTW. So, this project is still "front burner" and moving forward. I have written directly to some members of this forum, when I needed answers from their specific expertise. I just cannot afford much time to write this forum -- understandably. Stay tuned.

73,

Mark E. Simcik, W A 1 V V B
Web Applications Developer