On 15/09/2011, at 15:40, "Kevin W. Wall" <[email protected]> wrote:
> Trust is not binary. Right. Or, in modelling terms, trust isn't absolute. AES might be 99.999999% reliable, which is approximately 100% for any million or so events [1]. Trust in a CA might be more like 99%. Now, if we have a 1% untrustworthy rating for a CA, what happens when we have 100 CAs? Well, untrust is additive (at least). We require to trust all the CAs. So we have a 100% untrustworthy rating for any system of 100 CAs or more. The empirical numbers show that: out of 60 or so CAs and 600 sub-CAs, around 4 were breached by that one attacker. So, what to do? When the entire system is untrustworthy, at some modelled level? Do we try harder, Sarbanes-Oxley style? Or, stop using the word trust? Or? Iang [1] the reason for mentioning AES is that crypto world typically deals with absolutes, binaries. And this thinking pervades PKI, where architects model "trust" as a binary. Big mistake... _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
