The statistics of certification authorities
Warren Young
warren@etr-usa.com
Thu Jul 23 01:26:00 GMT 2009
Dave Korn wrote:
>> Which would you trust more, a statement from N months ago that a^y mod m
>> = b, or a statement from 6 years ago that c^y mod m = d ?
>
> Why would how long ago the statement was made have any bearing on its truth
> or falsity if maths hasn't changed in the mean time?
The mathematics of crypto don't enter into it. Cert expiration is
useful because the entities that acquire certificates -- individual
humans, corporations, fringe cults, hyperintelligent shades of the
colour blue... -- change over time.
Let's continue thinking mathematically about it.
A cert lets us assign a probability and confidence interval to the
statement that blob N was signed by entity X. That is, we can imagine a
statistical algorithm that takes various facts about the cert, the CA,
etc. and comes up with a probability that we can trust that the blob
came from the entity it claims to, and a confidence interval for that
probability. We can call this our trust statistic.
One of these facts must include how long ago the cert was assigned to
entity X, because the chance that entity X has changed in some way which
means we can no longer trust blobs claiming to be signed by it increases
over time. Our trust statistic is highest at the instant the cert is
issued, and declines over time as the chances increase that the entity
changes in some way harmful to the trust statistic.
Example: An employee of a company buys a certificate, then later gets
fired for some violation of trust within the organization. If we were
to learn this fact, it would certainly damage our trust statistic for
that cert. We normally will not learn about such things, but we must
assume they will happen, so we have to work out some kind of probability
that this has happened, which must be an increasing function of time.
A CA makes a decision about the maximum amount of time it is willing to
assume that the details about the entity it is certifying do not change,
and sets the cert's expiration time accordingly. The certification fee
is really a side issue; many CAs charge nothing, directly, as in the
case of a large organization that runs an internal CA. Every CA has an
incentive to put a lower threshold on the trust statistic, because our
trust of the CA is bound up in how much we trust the certs it issues.
If it issues 5-year certs, we know the chances that some of them certify
things that are no longer true is higher than a CA that only issues
1-year certs. (Assuming a large enough sample size, similar population
distributions, etc.)
You are quite free to choose a trust statistic threshold lower than that
of the CA. You can decide to trust a blob signed by an "expired" cert.
More information about the Cygwin-talk
mailing list