[OpenID] why is xri so obtuse?
James A. Donald
jamesd at echeque.com
Wed Jan 3 03:10:18 UTC 2007
James A. Donald
> > Calculate the probability of deliberately or
> > maliciously duplicating an existing key.
Bob Wyman:
> The probability is non-zero -- although very small.
The probability is vastly lower than the probability
that your central issuer will be struck by a comet in
the next second, vastly lower than the probability that
the world will be destroyed by comet strike in the next
few seconds.
> For some definitions of "secure," self-generated keys
> are not secure -- at least, if you use the kind of
> definition for "secure" that Dave Kearns seems to be
> using. But, you may have a less stringent definition
> of what it means to be secure and thus the risk of
> duplication may be low enough to satisfy you even
> though Dave wouldn't be satisfied. In that case, you
> would say self-generated keys are secure and Dave
> would say they aren't. So, you would both be correct
> -- within the bounds of your own definitions of what
> it means to be "secure"... On the other hand, if you
> agree with Dave, even a little bit, then, you would
> probably tend to use a central issuer who can prevent
> some of the failure modes that lead to duplications.
> But, even then,
But the probability of a central issuer maliciously or
inadvertently duplicating a key is several billion
billion times higher than the probability of the failure
mode to which you refer.
More information about the general
mailing list