[cryptography] Let's go back to the beginning on this

Ian G iang at iang.org
Thu Sep 15 13:15:23 EDT 2011

On 15/09/2011, at 15:40, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:

>  Trust is not binary.

Right. Or, in modelling terms, trust isn't absolute.

AES might be 99.999999% reliable, which is approximately 100% for any million or so events [1].

Trust in a CA might be more like 99%.

Now, if we have a 1% untrustworthy rating for a CA, what happens when we have 100 CAs?

Well, untrust is additive (at least). We require to trust all the CAs. So we have a 100% untrustworthy rating for any system of 100 CAs or more.

The empirical numbers show that: out of 60 or so CAs and 600 sub-CAs, around 4 were breached by that one attacker.

So, what to do? When the entire system is untrustworthy, at some modelled level?

Do we try harder, Sarbanes-Oxley style?

Or, stop using the word trust?



[1] the reason for mentioning AES is that crypto world typically deals with absolutes, binaries. And this thinking pervades PKI, where architects model "trust" as a binary. Big mistake...

More information about the cryptography mailing list