Need for MD5 checksum?

[wx5s]

I don't see any real need for an MD5 checksum for our CQP log Cabrillo log files.

SendMail and standard internet protocols are reliable enough that we don't need that when we are shipping things around between various servers, even with sendmail. The standard internet protocols are reliable enough for us.

We could indeed use PGP, MD5, SHA-1 and whatever for further transmissions from our log acceptance server to potentially other servers, but this appears to me to be a complication that is not necessary.

One prior implementation of the CQP website enforced a log-in requirement that is appropriate for say a banking site. The concern would be that say a hacker uploaded a log version that was not authorized by the "real" submitter. I don't know of any hacker who has submitted logs that weren't his. If you wanted to screw W6YX, you could use a couple of e-mail addresses to submit 2 bogus logs for W6YX. Your chance to screw W6YX is greater if you use just 1 or 2 logs because we'd figure it out right away if you sent in 2,000 logs. This is a theoretical thing that could happen, but does not happen in practice. And if such a thing did happen, we'd figure it out. And the CQP log acceptance SW has the ability to track each submission.

I am not at all concerned about transmission errors or bogus logs that are not from the claimed station.

I hope that we can close this issue as "SOLVED", "NOT NEEDED". 73, Matt WX5S

[tepperly]

I think the point of the MD-5 checksum is to give sophisticated users a way to verify that their log was received intact. It's also a way to verify that we never lost the original file.

[tepperly]

Perhaps I am too "old school", but sendmail didn't used to be totally reliable. These days many mail servers have builtin spam filters that can make email disappear.