A mighty fortress is our PKI
Sampo Syreeni
decoy at iki.fi
Tue Jul 27 21:25:47 EDT 2010
On 2010-07-28, Peter Gutmann wrote:
> ... or talking to PKI standards groups about adding a CRL reason code
> for "certificate issued in error" (e.g. to an imposter). This was
> turned down because CA's never make mistakes, so there's no need to
> have such a reason code.
Personally what I wonder about is that there is precious little research
on how difficult and/or worthwhile it is to circumvent the formal,
mathematical crypto-stuff, as a whole. We all know that is bound to be
the hardest part if somebody wants to hurt you, so why center your
attention there? Why not go for the soft flesh instead?
Perry already caught me on that basic security questionnaire, when I
asked for numbers and couldn't answer. Now I'm thinking the proper
figure should probably be "ratio of investment into a security break,
against benefit from the same". Including existing safeguards against
said break. That should be fair enough, and should help us optimize
against future security breaks at the margin, no?
--
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list