[cryptography] Let's go back to the beginning on this
iang at iang.org
Thu Sep 15 13:15:23 EDT 2011
On 15/09/2011, at 15:40, "Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:
> Trust is not binary.
Right. Or, in modelling terms, trust isn't absolute.
AES might be 99.999999% reliable, which is approximately 100% for any million or so events .
Trust in a CA might be more like 99%.
Now, if we have a 1% untrustworthy rating for a CA, what happens when we have 100 CAs?
Well, untrust is additive (at least). We require to trust all the CAs. So we have a 100% untrustworthy rating for any system of 100 CAs or more.
The empirical numbers show that: out of 60 or so CAs and 600 sub-CAs, around 4 were breached by that one attacker.
So, what to do? When the entire system is untrustworthy, at some modelled level?
Do we try harder, Sarbanes-Oxley style?
Or, stop using the word trust?
 the reason for mentioning AES is that crypto world typically deals with absolutes, binaries. And this thinking pervades PKI, where architects model "trust" as a binary. Big mistake...
More information about the cryptography