The statistics of certification authorities

[Warren Young]

Dave Korn wrote:
>>  Which would you trust more, a statement from N months ago that a^y mod m
>> = b, or a statement from 6 years ago that c^y mod m = d ?
> 
>   Why would how long ago the statement was made have any bearing on its truth
> or falsity if maths hasn't changed in the mean time?

The mathematics of crypto don't enter into it.  Cert expiration is 
useful because the entities that acquire certificates -- individual 
humans, corporations, fringe cults, hyperintelligent shades of the 
colour blue... -- change over time.

Let's continue thinking mathematically about it.

A cert lets us assign a probability and confidence interval to the 
statement that blob N was signed by entity X.  That is, we can imagine a 
statistical algorithm that takes various facts about the cert, the CA, 
etc. and comes up with a probability that we can trust that the blob 
came from the entity it claims to, and a confidence interval for that 
probability.  We can call this our trust statistic.

One of these facts must include how long ago the cert was assigned to 
entity X, because the chance that entity X has changed in some way which 
means we can no longer trust blobs claiming to be signed by it increases 
over time.  Our trust statistic is highest at the instant the cert is 
issued, and declines over time as the chances increase that the entity 
changes in some way harmful to the trust statistic.

Example: An employee of a company buys a certificate, then later gets 
fired for some violation of trust within the organization.  If we were 
to learn this fact, it would certainly damage our trust statistic for 
that cert.  We normally will not learn about such things, but we must 
assume they will happen, so we have to work out some kind of probability 
that this has happened, which must be an increasing function of time.

A CA makes a decision about the maximum amount of time it is willing to 
assume that the details about the entity it is certifying do not change, 
and sets the cert's expiration time accordingly.  The certification fee 
is really a side issue; many CAs charge nothing, directly, as in the 
case of a large organization that runs an internal CA.  Every CA has an 
incentive to put a lower threshold on the trust statistic, because our 
trust of the CA is bound up in how much we trust the certs it issues. 
If it issues 5-year certs, we know the chances that some of them certify 
things that are no longer true is higher than a CA that only issues 
1-year certs.  (Assuming a large enough sample size, similar population 
distributions, etc.)

You are quite free to choose a trust statistic threshold lower than that 
of the CA.  You can decide to trust a blob signed by an "expired" cert.