On Fri, Sep 16, 2011 at 4:58 AM, Ben Laurie <b...@links.org> wrote: > On Fri, Sep 16, 2011 at 8:57 AM, Peter Gutmann > <pgut...@cs.auckland.ac.nz> wrote: >> Marsh Ray <ma...@extendedsubset.com> writes: >> >>>The CAs can each fail on you independently. Each one is a potential weakest >>>link in the chain that the Relying Party's security hangs from. So their >>>reliability statistics multiply: >>> >>>one CA: 0.99 = 99% reliability >>>two CAs: 0.99*0.99 = 98% reliability >>>100 CAs: 0.99**100 = 37% reliability >> >> I realise that this is playing with numbers to some extent (i.e. we don't >> know >> what the true reliability figure actually is), but once you take it out to >> what >> we currently have in browsers: > > We could have a stab at it. A = Integral of number of CAs in trusted > root/number of years CAs have been around = ? (I'd guess 100?). > > B = Total failures/number of years = ? (1, maybe?) > > So failure rate = A/B = 1% p.a. > > giving reliability of 99% p.a.. What do you know? > > Anyone got better numbers? It look great on paper. The problem is that people will probably die due Digitar's failure. And the official death tool - as [to be] published by Iran - will likely be 0.
jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
