On 09/18/2011 12:50 PM, Arshad Noor wrote:
On 09/17/2011 10:37 PM, Marsh Ray wrote:
It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.
I'm afraid we will remain in disagreement on this. I do not view the
failure of a single CA as a failure of PKI, no more than I see the
crash of a single airplane as an indictment of air-travel.
The crash of a single airplane only affects the passengers on that one
airplane (and occasionally a few unlucky folks on the ground). It does
not kill everyone on all airplanes.
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website. (Except, of course, Chrome
users connecting to Google sites because it has special logic to avoid
reliance on PKI).
Are there weaknesses in PKI? Undoubtedly! But, there are failures
in every ecosystem. The intelligent response to "certificate
manufacturing and distribution" weaknesses is to improve the quality
of the ecosystem - not throw the baby out with the bath-water.
OK, nothing's perfect, let's turn the equation around then.
What's the minimum level of reliability you would consider acceptable?
Usually crypto-systems hold themselves to a pretty high standard
(certainly higher than the underlying transport), but we can pick
anything. Let's look for a definition of "high quality" from non-secure
systems and manufacturing.
Five-nines of availability is a pretty common goal for conventional
telecommunications systems. It translates to about 5 minutes of downtime
per year. It's similar to the the "Six Sigma" quality initiative for
manufacturing processes: "one in which 99.99966% of the products
manufactured are statistically expected to be free of defects (3.4
defects per million)".
http://en.wikipedia.org/wiki/High_availability
http://en.wikipedia.org/wiki/Six_Sigma
Let's try it. What number raised to the 150th power (150 being an
estimate for the number of CAs "trusted" in current browser PKI) will
give the security of our communications similar reliability to the phone
company or a quality manufacturing process?
I.e., r**150 = 0.99999
In Python 2.6, pow(0.99999, 1.0/150.0) returns
0.99999993333300219. Confirming with 50 decimal digit precision it's
0.99999993333300222002215637567180097976384031458884.
That's *seven* nines that of reliability for a service that necessarily
involves the interaction of both automated and human processes. You are
just not going to get there no matter how much ISO 27001 you throw at
the problem.
Yet you will have to require at least that of *every single* trusted
root CA in order for the security of this 150-CA scheme to reach a
similar level of reliability as public telephone system did back in the
20th century.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography