[cryptography] Let's go back to the beginning on this

Ben Laurie ben at links.org
Fri Sep 16 04:58:25 EDT 2011


On Fri, Sep 16, 2011 at 8:57 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Marsh Ray <marsh at extendedsubset.com> writes:
>
>>The CAs can each fail on you independently. Each one is a potential weakest
>>link in the chain that the Relying Party's security hangs from. So their
>>reliability statistics multiply:
>>
>>one CA:   0.99      = 99% reliability
>>two CAs:  0.99*0.99 = 98% reliability
>>100 CAs:  0.99**100 = 37% reliability
>
> I realise that this is playing with numbers to some extent (i.e. we don't know
> what the true reliability figure actually is), but once you take it out to what
> we currently have in browsers:

We could have a stab at it. A = Integral of number of CAs in trusted
root/number of years CAs have been around = ? (I'd guess 100?).

B = Total failures/number of years = ? (1, maybe?)

So failure rate = A/B = 1% p.a.

giving reliability of 99% p.a.. What do you know?

Anyone got better numbers?



More information about the cryptography mailing list