On 09/17/2011 09:14 PM, Chris Palmer wrote:
Thus, having more signers or longer certificate chains does not reduce the probability of failure; it gives attackers more chances to score a hit with (our agreed-upon hypothetical) 0.01 probability. After just 100 chances, an attacker is all but certain to score a hit.
Agreed. But, that is just a consequence of the numbers involved. The real problem, however, is not the number of signers or the length of the cert-chain; its the quality of the "certificate manufacturing" process. Arshad Noor StrongAuth, Inc. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography