[cryptography] Math corrections [was: Let's go back to the beginning on this]

Ian G iang at iang.org
Sun Sep 18 06:13:49 EDT 2011


On 18/09/11 1:54 PM, Arshad Noor wrote:

> When one connects to a web-site, one does not trust all 500 CA's in
> one's browser simultaneously; one only trusts the CA's in that specific
> cert-chain. The probability of any specific CA from your trust-store
> being compromised does not change just because the number of CA's in the
> trust-store increase (unless the rate of failure incidents across
> all CA's do go up).


Right, but the user doesn't care about any specific CA.  She cares about 
the system of all CAs.  My words segwayed from an individual CA to the 
system of CAs ... perhaps a bit too briefly.

And, the attacker has the luxury of choosing the CA, apparently :)



iang



More information about the cryptography mailing list