[cryptography] Math corrections [was: Let's go back to the beginning on this]

Ian G iang at iang.org
Sun Sep 18 06:05:18 EDT 2011


On 18/09/11 2:59 PM, Arshad Noor wrote:
> On 09/17/2011 09:14 PM, Chris Palmer wrote:
>>
>> Thus, having more signers or longer certificate chains does not reduce
>> the probability of failure; it gives attackers more chances to score a
>> hit with (our agreed-upon hypothetical) 0.01 probability. After just
>> 100 chances, an attacker is all but certain to score a hit.
>
> Agreed. But, that is just a consequence of the numbers involved.

You guys have a very funny way of saying probability equals 100% but 
hey, ... as long as we get there in the end, who am I to argue :)

> The real problem, however, is not the number of signers or the length
> of the cert-chain; its the quality of the "certificate manufacturing"
> process.

Which is a direct consequence of the fact that the vendors unwound the 
K6 mistake of PKI (my words), and hid the signature chain (your words).

Hence the commonly cited "race to the bottom."

So, causes and effects.

The real question is, how to reverse the race to the bottom?  What tweak 
do we have in mind?



iang



More information about the cryptography mailing list