On 16/09/2017 5:50 PM, G1FEF via 44Net wrote:
It may be possible to link to LOTW if they were willing, but setting up our own CA and issuing certificates is not difficult and doesn’t need to be complicated.
Yep, done it for the likes of OpenVPN networks, where I was the sole CA for all links. That meant I could personally validate every connection as being authorised to access our network. The issuing of certificates is a dead simple process.
It’s the validation bit that’s difficult, for most countries you can’t automate the process, it would need a human being to validate the request. My thoughts were along the lines of establishing and building a web of trust to delegate the work. It’s not just coding effort, it’s social engineering as well.
Yep, it's deciding how much trust you need, then ensuring you have a web that provides the level of trust appropriate. And each country is different. Australia no longer issues paper licenses by default, would a PDF downloaded off the Internet be acceptable? These are the questions that must be resolved by the validating CA. I do like the way the US hams are validated by LoTW (by mail to the registered contact address), I think that would work here too now. But you've hit the nail on the head, it's the human/social stuff that is very hard when it comes to setting up validation. The technology is simple. :)