On Tue, Oct 22, 2013 at 5:02 PM, Phillip Hallam-Baker <[email protected]> wrote: > On Tue, Oct 22, 2013 at 4:14 PM, DataPacRat <[email protected]> wrote:
>> I could suggest that the values be interpreted in terms of LaPlace's >> Sunrise formula - eg, "there's been 10 reports of the key being used >> falsely and 500,000 that it's been used successfully: Do you wish to >> continue?". > > This is why I would not attempt to use Bayesian logic. > > You have no way to measure probability reliably. An attacker can simulate > any behavior before they defect. The only measure that is useful is the cost > of simulating that behavior. If it is prohibitively high then we can decide > to trust them. > > Remember that Bernie Madoff paid out 100% of every redemption request right > up to the point where the money ran out. One thing using Bayesian/LaPlacian numbers /can/ do is indicate how much effort would need to have been exerted in order to simulate the behaviour. If implemented correctly, then put simply, you can't get to 40 decibans of confidence without having had 10,000 successful tests for every failed test. Thank you for your time, -- DataPacRat "Then again, I could be wrong." _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
