[cryptography] Math corrections
marsh at extendedsubset.com
Sun Sep 18 16:12:38 EDT 2011
On 09/18/2011 12:50 PM, Arshad Noor wrote:
> On 09/17/2011 10:37 PM, Marsh Ray wrote:
>> It really is the fact that there are hundreds of links in the chain and
>> that the failure of any single weak link results in the failure of the
>> system as a whole.
> I'm afraid we will remain in disagreement on this. I do not view the
> failure of a single CA as a failure of PKI, no more than I see the
> crash of a single airplane as an indictment of air-travel.
The crash of a single airplane only affects the passengers on that one
airplane (and occasionally a few unlucky folks on the ground). It does
not kill everyone on all airplanes.
But the failure of *any* single CA allows a successful attack on *every*
user connecting to *every* https website. (Except, of course, Chrome
users connecting to Google sites because it has special logic to avoid
reliance on PKI).
> Are there weaknesses in PKI? Undoubtedly! But, there are failures
> in every ecosystem. The intelligent response to "certificate
> manufacturing and distribution" weaknesses is to improve the quality
> of the ecosystem - not throw the baby out with the bath-water.
OK, nothing's perfect, let's turn the equation around then.
What's the minimum level of reliability you would consider acceptable?
Usually crypto-systems hold themselves to a pretty high standard
(certainly higher than the underlying transport), but we can pick
anything. Let's look for a definition of "high quality" from non-secure
systems and manufacturing.
Five-nines of availability is a pretty common goal for conventional
telecommunications systems. It translates to about 5 minutes of downtime
per year. It's similar to the the "Six Sigma" quality initiative for
manufacturing processes: "one in which 99.99966% of the products
manufactured are statistically expected to be free of defects (3.4
defects per million)".
Let's try it. What number raised to the 150th power (150 being an
estimate for the number of CAs "trusted" in current browser PKI) will
give the security of our communications similar reliability to the phone
company or a quality manufacturing process?
I.e., r**150 = 0.99999
In Python 2.6, pow(0.99999, 1.0/150.0) returns
0.99999993333300219. Confirming with 50 decimal digit precision it's
That's *seven* nines that of reliability for a service that necessarily
involves the interaction of both automated and human processes. You are
just not going to get there no matter how much ISO 27001 you throw at
Yet you will have to require at least that of *every single* trusted
root CA in order for the security of this 150-CA scheme to reach a
similar level of reliability as public telephone system did back in the
More information about the cryptography