[cryptography] Math corrections

Ian G iang at iang.org
Sun Sep 18 15:27:48 EDT 2011


On 19/09/11 3:50 AM, Arshad Noor wrote:
> On 09/17/2011 10:37 PM, Marsh Ray wrote:
>>
>> It really is the fact that there are hundreds of links in the chain and
>> that the failure of any single weak link results in the failure of the
>> system as a whole.
>
> I'm afraid we will remain in disagreement on this. I do not view the
> failure of a single CA as a failure of PKI, no more than I see the
> crash of a single airplane as an indictment of air-travel.


His point is that the failure of a single CA is the failure of the 
entire browsing PKI.  Not PKI in concept, but all secure browsing, being 
one of the PKIs.

One single CA failure means the faiure of the system.  That's the point.

> Are there weaknesses in PKI? Undoubtedly! But, there are failures
> in every ecosystem. The intelligent response to "certificate
> manufacturing and distribution" weaknesses is to improve the quality
> of the ecosystem - not throw the baby out with the bath-water.


Right -- how to fix the race to the bottom?



iang



More information about the cryptography mailing list