At 04:58 PM 10/19/00 -0400, Arnold G. Reinhold wrote:
Yes, that is why Tony's remark was somewhat tongue-in-cheek and used "solid mathematical foundations" within quotes.
Eye twinkle doesn't come across in e-mail, I'm afraid. My apologies to Tony. This is obviously one of my hot buttons.
No problem. I often employ a quoted "x" to convey "so-called x", a shortcut that can lead to misunderstandings.
It is all hypothesis and empirical argument. A lone mathematician working in his attic could come up with an algorithm that would blow some or all of the existing systems out of the water. Who get to cover that financial risk?
The buyer. CAs (read Verisign's CPS or any CA's CPS, or bank contracts and -- above all -- see the US UCC) are not responsible for producing correct results but just for using correct methods. Where "correct methods" are what others consider correct -- even if they are proved wrong later on by a one mathematician working in his attic.
I'm not sure those contracts would stand up in court if there were massive public losses due to a collapse of the PKI. (Anyway CA CPS's stretch to notion of a "mutual agreement" pretty far. I purchase a $10 cert and am bound by over 100 pages of gobbldygook that only a handful of people on the planet can be expected to fully understand?)
But I am less concerned with CA legal liability then with who is left holding the bag when a massive subversion of the banking system is perpetrated, and how big that could be.
I'll wager the taxpayer/consumer will foot the bill, one way or another. Derivative to the Second Law of Thermodynamics, it is easier to destroy wealth than it is to create it. So, on average, work/energy is required to create or recreate wealth. The collapse of a future global PKI, or of the integrity of banking transactions, would represent a huge shift from order into chaos, a decoherence of identities and orderliness amounting to a huge destruction of wealth. Recovery thus will require the recreation of wealth, in one form or another. This will require a correspondingly huge input of work. So, who does most of the work, in general? You know the answer ;) ___tony___ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900