[OpenID] why is xri so obtuse?

James A. Donald jamesd at echeque.com
Wed Jan 3 03:10:18 UTC 2007

James A. Donald
 > > Calculate the probability of deliberately or
 > > maliciously duplicating an existing key.

Bob Wyman:
 > The probability is non-zero -- although very small.

The probability is vastly lower than the probability
that your central issuer will be struck by a comet in
the next second, vastly lower than the probability that
the world will be destroyed by comet strike in the next
few seconds.

 > For some definitions of "secure," self-generated keys
 > are not secure -- at least, if you use the kind of
 > definition for "secure" that Dave Kearns seems to be
 > using. But, you may have a less stringent definition
 > of what it means to be secure and thus the risk of
 > duplication may be low enough to satisfy you even
 > though Dave wouldn't be satisfied. In that case, you
 > would say self-generated keys are secure and Dave
 > would say they aren't. So, you would both be correct
 > -- within the bounds of your own definitions of what
 > it means to be "secure"... On the other hand, if you
 > agree with Dave, even a little bit, then, you would
 > probably tend to use a central issuer who can prevent
 > some of the failure modes that lead to duplications.
 > But, even then,

But the probability of a central issuer maliciously or
inadvertently duplicating a key is several billion
billion times higher than the probability of the failure
mode to which you refer.

More information about the general mailing list