On 09/18/2011 12:50 PM, Arshad Noor wrote:
On 09/17/2011 10:37 PM, Marsh Ray wrote:

It really is the fact that there are hundreds of links in the chain and
that the failure of any single weak link results in the failure of the
system as a whole.

I'm afraid we will remain in disagreement on this. I do not view the
failure of a single CA as a failure of PKI, no more than I see the
crash of a single airplane as an indictment of air-travel.

The crash of a single airplane only affects the passengers on that one airplane (and occasionally a few unlucky folks on the ground). It does not kill everyone on all airplanes.

But the failure of *any* single CA allows a successful attack on *every* user connecting to *every* https website. (Except, of course, Chrome users connecting to Google sites because it has special logic to avoid reliance on PKI).

Are there weaknesses in PKI? Undoubtedly! But, there are failures
in every ecosystem. The intelligent response to "certificate
manufacturing and distribution" weaknesses is to improve the quality
of the ecosystem - not throw the baby out with the bath-water.

OK, nothing's perfect, let's turn the equation around then.

What's the minimum level of reliability you would consider acceptable?

Usually crypto-systems hold themselves to a pretty high standard (certainly higher than the underlying transport), but we can pick anything. Let's look for a definition of "high quality" from non-secure systems and manufacturing.

Five-nines of availability is a pretty common goal for conventional telecommunications systems. It translates to about 5 minutes of downtime per year. It's similar to the the "Six Sigma" quality initiative for manufacturing processes: "one in which 99.99966% of the products manufactured are statistically expected to be free of defects (3.4 defects per million)".
http://en.wikipedia.org/wiki/High_availability
http://en.wikipedia.org/wiki/Six_Sigma

Let's try it. What number raised to the 150th power (150 being an estimate for the number of CAs "trusted" in current browser PKI) will give the security of our communications similar reliability to the phone company or a quality manufacturing process?

   I.e.,  r**150 = 0.99999

In Python 2.6, pow(0.99999, 1.0/150.0) returns
0.99999993333300219. Confirming with 50 decimal digit precision it's
0.99999993333300222002215637567180097976384031458884.

That's *seven* nines that of reliability for a service that necessarily involves the interaction of both automated and human processes. You are just not going to get there no matter how much ISO 27001 you throw at the problem.

Yet you will have to require at least that of *every single* trusted root CA in order for the security of this 150-CA scheme to reach a similar level of reliability as public telephone system did back in the 20th century.

- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to