On Fri, Sep 16, 2011 at 8:57 AM, Peter Gutmann <[email protected]> wrote: > Marsh Ray <[email protected]> writes: > >>The CAs can each fail on you independently. Each one is a potential weakest >>link in the chain that the Relying Party's security hangs from. So their >>reliability statistics multiply: >> >>one CA: 0.99 = 99% reliability >>two CAs: 0.99*0.99 = 98% reliability >>100 CAs: 0.99**100 = 37% reliability > > I realise that this is playing with numbers to some extent (i.e. we don't know > what the true reliability figure actually is), but once you take it out to > what > we currently have in browsers:
We could have a stab at it. A = Integral of number of CAs in trusted root/number of years CAs have been around = ? (I'd guess 100?). B = Total failures/number of years = ? (1, maybe?) So failure rate = A/B = 1% p.a. giving reliability of 99% p.a.. What do you know? Anyone got better numbers? _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
