[cryptography] Let's go back to the beginning on this
noloader at gmail.com
Fri Sep 16 05:16:02 EDT 2011
On Fri, Sep 16, 2011 at 4:58 AM, Ben Laurie <ben at links.org> wrote:
> On Fri, Sep 16, 2011 at 8:57 AM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
>> Marsh Ray <marsh at extendedsubset.com> writes:
>>>The CAs can each fail on you independently. Each one is a potential weakest
>>>link in the chain that the Relying Party's security hangs from. So their
>>>reliability statistics multiply:
>>>one CA: 0.99 = 99% reliability
>>>two CAs: 0.99*0.99 = 98% reliability
>>>100 CAs: 0.99**100 = 37% reliability
>> I realise that this is playing with numbers to some extent (i.e. we don't know
>> what the true reliability figure actually is), but once you take it out to what
>> we currently have in browsers:
> We could have a stab at it. A = Integral of number of CAs in trusted
> root/number of years CAs have been around = ? (I'd guess 100?).
> B = Total failures/number of years = ? (1, maybe?)
> So failure rate = A/B = 1% p.a.
> giving reliability of 99% p.a.. What do you know?
> Anyone got better numbers?
It look great on paper. The problem is that people will probably die
due Digitar's failure. And the official death tool - as [to be]
published by Iran - will likely be 0.
More information about the cryptography