What do you think?
Rate this book
The Global Internet Trust Register: 1999 edition
The development of electronic commerce and other applications on the Internet is held up by concerns about security. Cryptography—the science of codes and ciphers—will be a significant part of the solution, but one of the hardest problems is enabling users to find out which cryptographic key belongs to whom.
The main things that can go wrong with cryptography are similar to those that can go wrong with a signature stamp. A stamp can be stolen or counterfeit; or it may not belong to the person one thought it did. The first two risks can be controlled largely by technical measures. The third risk is the hard one, and the one that this book helps to solve.
Many people who use cryptographic services on the Internet have had their keys certified by one or more of about a thousand important keys. The pioneers of cryptography hoped that these keys would in turn be certified by the United Nations or by each other, or listed in the phone book. For a variety of political and competitive reasons, this has not happened. The result is chaos, and the situation is bound to get worse as both companies and governments try to stake out claims in cyberspace.
The primary aim of this book is to cut through the chaos by publishing the thousand or so important keys in paper form, as a kind of global phone book. The secondary aim is By printing these keys on paper, we can use established legal protections to limit government interference.
The main things that can go wrong with cryptography are similar to those that can go wrong with a signature stamp. A stamp can be stolen or counterfeit; or it may not belong to the person one thought it did. The first two risks can be controlled largely by technical measures. The third risk is the hard one, and the one that this book helps to solve.
Many people who use cryptographic services on the Internet have had their keys certified by one or more of about a thousand important keys. The pioneers of cryptography hoped that these keys would in turn be certified by the United Nations or by each other, or listed in the phone book. For a variety of political and competitive reasons, this has not happened. The result is chaos, and the situation is bound to get worse as both companies and governments try to stake out claims in cyberspace.
The primary aim of this book is to cut through the chaos by publishing the thousand or so important keys in paper form, as a kind of global phone book. The secondary aim is By printing these keys on paper, we can use established legal protections to limit government interference.
150 pages, Paperback
First published March 12, 1999
4 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
January 6, 2011
This is an MIT effort to ground the PGP "web of trust" universe in a paper document. PGP was originally conceived as something used among small groups of people who already knew each other. When its use grew into larger areas, people discovered that it was rather awkward to be sure the key you have really identifies the person you know--indeed, that "knowing" of the person took on newer and vaguer meanings. This is in sharp contrast to the "Certifying Authorities" used in other common crypto-systems, such as SSL: with those, there is a canonical list of trustworthy keys, built into your browser, and your browser trusts a new key if it's signed by a known-good key. But the "bootstrapping" effect of having that initial list of trustworthy keys depends on commercial interests and relationships (though you're probably not aware of that), and doesn't fit the culture that surrounds PGP.
MIT stepped in, providing a paper-based document, like a phone book, as that initial list of trustworthies. It's still valid for that purpose, but as a practical matter the function has been superseded by a web site now:
https://keyserver2.pgp.com:443/vkd/Ge...
MIT stepped in, providing a paper-based document, like a phone book, as that initial list of trustworthies. It's still valid for that purpose, but as a practical matter the function has been superseded by a web site now:
https://keyserver2.pgp.com:443/vkd/Ge...
Displaying 1 of 1 review