[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: subjective names and MITM
Scott Brickner wrote:
| Adam Shostack writes:
| > Just a minor nit regarding a well thought out post, public
| >keys are not 'global' ids, but 'system-wide' IDs. For keys to be
| >really global, there needs to be a mechanism in place for insuring
| >that key ids are very probably unique. One way to ensure that keys
| >are globally unique would be to integrate a KCA identifier with the
| >keyid, and KCAs base part of their reputation on not signing multiple
| >keys with the same id.
| A public key *is* "very probably unique". A "randomly selected" 1024 bit
| prime number has a specific amount of entropy in it. The likelihood of
| two users world wide "randomly" choosing the same such prime may be
| precisely determined (assuming you can figure the entropy).
The key does indeed have a high likelihood of being unique,
but dealing with 1024 bit identifiers could strain database systems,
especially when 100 well chosen bits would be than enough.
"It is seldom that liberty of any kind is lost all at once."