From: “A. Padgett Peterson P.E. Information Security” <PADGETT@hobbes.orl.mmc.com>
To: cypherpunks@toad.com
Message Hash: 26c3921551c921c8beff4f477a4451564e75a2b140cbce63a57a0789ce142fb3
Message ID: <960301083512.202002a4@hobbes.orl.mmc.com>
Reply To: N/A
UTC Datetime: 1996-03-01 15:27:39 UTC
Raw Date: Fri, 1 Mar 1996 23:27:39 +0800
From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 1 Mar 1996 23:27:39 +0800
To: cypherpunks@toad.com
Subject: Problems with certificates.
Message-ID: <960301083512.202002a4@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain
I suspect the real danger would come from issuance of duplicate certificates.
MasterCard conrols MarterCard numbers by issuing all of them (and I suspect
that there is coding to separate MC from Visa from AmEx).
Today, each person generates their own PGP key. While it is unlikely that
any two will match, it is likely that at some point some two will match
(see matching birthdays in a bar - number is less than you would think).
Next rage might well be "vanity" PGP keys. While at the moment it is not known
how to create a specific match key to a sequence, if you generate enough
keys, there will be some interesting sequences found. Possibly some PGP
signatures will even be in violation of the CDA (now that should start a
rush 8*).
For some time I have been concerned about the scalability of PGP. It works
well in small groups but after trying once to create a 6,000 member keyring
(took over three days on a 386 & was several meg when done) I decided that
areas were going to need work to be a real anyone/anywhere/anytime
mechanism. Not saying I have a good answer, just that at some point there
will be a problem.
Warmly,
Padgett
Return to March 1996
Return to “Greg Rose <Greg_Rose@sydney.sterling.com>”