[cryptography] Let's go back to the beginning on this

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Sep 16 03:57:27 EDT 2011

Marsh Ray <marsh at extendedsubset.com> writes:

>The CAs can each fail on you independently. Each one is a potential weakest
>link in the chain that the Relying Party's security hangs from. So their
>reliability statistics multiply:
>one CA:   0.99      = 99% reliability
>two CAs:  0.99*0.99 = 98% reliability
>100 CAs:  0.99**100 = 37% reliability

I realise that this is playing with numbers to some extent (i.e. we don't know
what the true reliability figure actually is), but once you take it out to what
we currently have in browsers:

500 CAs: 0.6% reliability.
Thousands (via sub-CAs): Effectively zero.

In other words once you get to the current morass of auto-trusted CAs,
failures of the kind we've been seeing are pretty much guaranteed.


More information about the cryptography mailing list