Anderson R.
Crispo B.
Lee J.H.
Manifavas C.
Matyas Jr. V.
Petitcolas F.

Abstract

The development of electronic commerce and other applications on the Internet is held up by concerns about security. Cryptography--the science of codes and ciphers--will be a significant part of the solution, but one of the hardest problems is enabling users to find out which cryptographic key belongs to whom.

The main things that can go wrong with cryptography are similar to those that can go wrong with a signature stamp. A stamp can be stolen or counterfeit; or it may not belong to the person one thought it did. The first two risks can be controlled largely by technical measures. The third risk is the hard one, and the one that this book helps to solve.

Many people who use cryptographic services on the Internet have had their keys certified by one or more of about a thousand important keys. The pioneers of cryptography hoped that these keys would in turn be certified by the United Nations or by each other, or listed in the phone book. For a variety of political and competitive reasons, this has not happened. The result is chaos, and the situation is bound to get worse as both companies and governments try to stake out claims in cyberspace.

The primary aim of this book is to cut through the chaos by publishing the thousand or so important keys in paper form, as a kind of global phone book. The secondary aim is political: By printing these keys on paper, we can use established legal protections to limit government.

[And99] Anderson R., Crispo B., Lee J.H., Manifavas C., Matyas Jr. V. and Petitcolas F.. The Global Internet Trust Register. In The Global Internet Trust Register, ISBN 0-262-51105-3, MIT Press, mitpress.mit.edu, March 1999.