[145421] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI
daemon@ATHENA.MIT.EDU (Sampo Syreeni)
Tue Jul 27 23:12:28 2010
Date: Wed, 28 Jul 2010 04:25:47 +0300 (EEST)
From: Sampo Syreeni <decoy@iki.fi>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
cc: iang@iang.org, paul.tiemann.usenet@gmail.com, cryptography@metzdowd.com
In-Reply-To: <E1Odl3j-0004CE-3C@wintermute02.cs.auckland.ac.nz>
X-SA-Exim-Mail-From: decoy@iki.fi
On 2010-07-28, Peter Gutmann wrote:
> ... or talking to PKI standards groups about adding a CRL reason code
> for "certificate issued in error" (e.g. to an imposter). This was
> turned down because CA's never make mistakes, so there's no need to
> have such a reason code.
Personally what I wonder about is that there is precious little research
on how difficult and/or worthwhile it is to circumvent the formal,
mathematical crypto-stuff, as a whole. We all know that is bound to be
the hardest part if somebody wants to hurt you, so why center your
attention there? Why not go for the soft flesh instead?
Perry already caught me on that basic security questionnaire, when I
asked for numbers and couldn't answer. Now I'm thinking the proper
figure should probably be "ratio of investment into a security break,
against benefit from the same". Including existing safeguards against
said break. That should be fair enough, and should help us optimize
against future security breaks at the margin, no?
--
Sampo Syreeni, aka decoy - decoy@iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
