Scott Brickner wrote: | Adam Shostack writes: | > Just a minor nit regarding a well thought out post, public | >keys are not 'global' ids, but 'system-wide' IDs. For keys to be | >really global, there needs to be a mechanism in place for insuring | >that key ids are very probably unique. One way to ensure that keys | >are globally unique would be to integrate a KCA identifier with the | >keyid, and KCAs base part of their reputation on not signing multiple | >keys with the same id. | | A public key *is* "very probably unique". A "randomly selected" 1024 bit | prime number has a specific amount of entropy in it. The likelihood of | two users world wide "randomly" choosing the same such prime may be | precisely determined (assuming you can figure the entropy). The key does indeed have a high likelihood of being unique, but dealing with 1024 bit identifiers could strain database systems, especially when 100 well chosen bits would be than enough. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume