From: "A. Padgett Peterson P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Fri, 1 Mar 1996 23:27:39 +0800
To: cypherpunks@toad.com
Subject: Problems with certificates.
Message-ID: <960301083512.202002a4@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain


I suspect the real danger would come from issuance of duplicate certificates.
MasterCard conrols MarterCard numbers by issuing all of them (and I suspect
that there is coding to separate MC from Visa from AmEx).

Today, each person generates their own PGP key. While it is unlikely that
any two will match, it is likely that at some point some two will match
(see matching birthdays in a bar - number is less than you would think).

Next rage might well be "vanity" PGP keys. While at the moment it is not known
how to create a specific match key to a sequence, if you generate enough
keys, there will be some interesting sequences found. Possibly some PGP
signatures will even be in violation of the CDA (now that should start a
rush 8*).

For some time I have been concerned about the scalability of PGP. It works
well in small groups but after trying once to create a 6,000 member keyring
(took over three days on a 386 & was several meg when done) I decided that
areas were going to need work to be a real anyone/anywhere/anytime 
mechanism. Not saying I have a good answer, just that at some point there
will be a problem.

						Warmly,
							Padgett