[cryptography] Let's go back to the beginning on this

dan at geer.org dan at geer.org
Fri Sep 16 09:18:52 EDT 2011

Ray & Gutmann exchanged:

 | >The CAs can each fail on you independently. Each one is a potential weakest
 | >link in the chain that the Relying Party's security hangs from. So their
 | >reliability statistics multiply:
 | >
 | >one CA:   0.99      = 99% reliability
 | >two CAs:  0.99*0.99 = 98% reliability
 | >100 CAs:  0.99**100 = 37% reliability
 | 500 CAs: 0.6% reliability.
 | Thousands (via sub-CAs): Effectively zero.
 | In other words once you get to the current morass of auto-trusted CAs,
 | failures of the kind we've been seeing are pretty much guaranteed.

And others have suggested in various ways that binary trust
is "wrong."

In the various renditions of non-stop computing, a common
theme is to do the same calculation more than once and
compare the results, X'ing out the disagreements but keeping
moving forward.  I wonder if there is a paradigm there we
might consider.


More information about the cryptography mailing list