Note: I've had to paraphrase some of the content from the archives,
so please excuse me if this does not appear in the context of the
original thread.
I remember enough of my Advanced Statistics from school to know that
the following line of reasoning is fallacious, and can leads to
erroneou
On Sep 17, 2011, at 8:54 PM, Arshad Noor wrote:
> When one connects to a web-site, one does not trust all 500 CA's in
> one's browser simultaneously;
Actually, that is exactly the situation.
If, and only if, the person operating the browser inspects the certificate
chain and knows what to expec
On 09/17/2011 09:14 PM, Chris Palmer wrote:
Thus, having more signers or longer certificate chains does not reduce the
probability of failure; it gives attackers more chances to score a hit with
(our agreed-upon hypothetical) 0.01 probability. After just 100 chances, an
attacker is all but ce
On 09/17/2011 11:59 PM, Arshad Noor wrote:
The real problem, however, is not the number of signers or the length
of the cert-chain; its the quality of the "certificate manufacturing"
process.
No, you have it exactly backwards.
It really is the fact that there are hundreds of links in the chai
On 2011-09-18 3:37 PM, Marsh Ray wrote:
Now you may be a law-and-order type fellow who believes that "lawful
intercept" is a magnificent tool in the glorious war on whatever. But if
so, you have to realize that on the global internet, your own systems
are just as vulnerable to a "lawfully execute
On Sun, Sep 18, 2011 at 1:37 AM, Marsh Ray wrote:
> On 09/17/2011 11:59 PM, Arshad Noor wrote:
>>
>> The real problem, however, is not the number of signers or the length
>> of the cert-chain; its the quality of the "certificate manufacturing"
>> process.
>
> No, you have it exactly backwards.
>
>
On 18/09/11 2:59 PM, Arshad Noor wrote:
On 09/17/2011 09:14 PM, Chris Palmer wrote:
Thus, having more signers or longer certificate chains does not reduce
the probability of failure; it gives attackers more chances to score a
hit with (our agreed-upon hypothetical) 0.01 probability. After just
On 18/09/11 1:54 PM, Arshad Noor wrote:
When one connects to a web-site, one does not trust all 500 CA's in
one's browser simultaneously; one only trusts the CA's in that specific
cert-chain. The probability of any specific CA from your trust-store
being compromised does not change just because
