On 1/2/07, <b class="gmail_sendername">James A. Donald</b> <<a href="mailto:jamesd@echeque.com">jamesd@echeque.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Calculate the probability of deliberately or<br>maliciously duplicating an existing key.</blockquote><div><br>The probability is non-zero -- although very small. <br><br>For some definitions of "secure," self-generated keys are not secure -- at least, if you use the kind of definition for "secure" that Dave Kearns seems to be using. But, you may have a less stringent definition of what it means to be secure and thus the risk of duplication may be low enough to satisfy you even though Dave wouldn't be satisfied. In that case, you would say self-generated keys are secure and Dave would say they aren't. So, you would both be correct -- within the bounds of your own definitions of what it means to be "secure"... On the other hand, if you agree with Dave, even a little bit, then, you would probably tend to use a central issuer who can prevent some of the failure modes that lead to duplications. But, even then, you would have to recognize that no known public/private key pair system can give you guaranteed persistent security over all time. Thus, even if you end up agreeing with Dave, you would still both be wrong. So, take your pick. You're either both right or both wrong and you are both right and wrong at the same time. In any case, a tie is the best you can do here.
<br><br>bob wyman<br><br></div></div>