[cryptography] Math corrections

Marsh Ray marsh at extendedsubset.com
Sun Sep 18 16:12:38 EDT 2011

On 09/18/2011 12:50 PM, Arshad Noor wrote:
> On 09/17/2011 10:37 PM, Marsh Ray wrote:
>> It really is the fact that there are hundreds of links in the chain and
>> that the failure of any single weak link results in the failure of the
>> system as a whole.
> I'm afraid we will remain in disagreement on this. I do not view the
> failure of a single CA as a failure of PKI, no more than I see the
> crash of a single airplane as an indictment of air-travel.

The crash of a single airplane only affects the passengers on that one 
airplane (and occasionally a few unlucky folks on the ground). It does 
not kill everyone on all airplanes.

But the failure of *any* single CA allows a successful attack on *every* 
user connecting to *every* https website. (Except, of course, Chrome 
users connecting to Google sites because it has special logic to avoid 
reliance on PKI).

> Are there weaknesses in PKI? Undoubtedly! But, there are failures
> in every ecosystem. The intelligent response to "certificate
> manufacturing and distribution" weaknesses is to improve the quality
> of the ecosystem - not throw the baby out with the bath-water.

OK, nothing's perfect, let's turn the equation around then.

What's the minimum level of reliability you would consider acceptable?

Usually crypto-systems hold themselves to a pretty high standard 
(certainly higher than the underlying transport), but we can pick 
anything. Let's look for a definition of "high quality" from non-secure 
systems and manufacturing.

Five-nines of availability is a pretty common goal for conventional 
telecommunications systems. It translates to about 5 minutes of downtime 
per year. It's similar to the the "Six Sigma" quality initiative for 
manufacturing processes: "one in which 99.99966% of the products 
manufactured are statistically expected to be free of defects (3.4 
defects per million)".

Let's try it. What number raised to the 150th power (150 being an 
estimate for the number of CAs "trusted" in current browser PKI) will 
give the security of our communications similar reliability to the phone 
company or a quality manufacturing process?

    I.e.,  r**150 = 0.99999

In Python 2.6, pow(0.99999, 1.0/150.0) returns
0.99999993333300219. Confirming with 50 decimal digit precision it's

That's *seven* nines that of reliability for a service that necessarily 
involves the interaction of both automated and human processes. You are 
just not going to get there no matter how much ISO 27001 you throw at 
the problem.

Yet you will have to require at least that of *every single* trusted 
root CA in order for the security of this 150-CA scheme to reach a 
similar level of reliability as public telephone system did back in the 
20th century.

- Marsh

More information about the cryptography mailing list