11.
Stewart A. Baker and Paul R. Hurst,
12.
Ibid.
13.
See Hal Abelson et al., 'The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption,'
14.
Whitfield Diffie and Martin E. Hellman, 'New Directions in Cryptography,'
15.
Even if the wires are tapped, this type of encryption still achieves its magic. We can get a hint of how in a series of cases whose accumulating impact makes the potential clear. A. If I want to send a message to you that I know only you will be able to read, I can take your public key and use it to encrypt that message. Then I can send that message to you knowing that only the holder of the private key (presumably you) will be able to read it. Advantage: My message to you is secure. Disadvantage: You can't be sure it is I who sent you the message. Because anyone can encrypt a message using your public key and then send it to you, you have no way to be certain that I was the one who sent it. Therefore, consider the next example. B. Before I send the message I have encrypted with your public key, I can encrypt it with my private key. Then when you receive the message from me, you can first decrypt it with my public key, and then decrypt it again with your private key. After the first decryption, you can be sure that I (or the holder of my private key) was the one who sent you the message; after the second decryption, you can be sure that only you (or other holders of your private key) actually read the content of the message. But how do you know that what I say is the public key of Larry Lessig is actually the public key of Larry Lessig? How can you be sure, that is, that the public key you are using is actually the public key it purports to be? Here is where the next example comes in. C. If there is a trustworthy third party (say, my bank, or the Federal Reserve Board, or the ACLU) with a public key (a fact I am able to verify because of the prominence of the institution), and that third party verifies that the public key of Larry Lessig is actually the public key of Larry Lessig, then along with my message sent to you, encrypted first in your public key and second in my private key, would be a certificate, issued by that institution, itself encrypted with the institution's private key. When you receive the message, you can use the institution's public key to decrypt the certificate; take from the certificate my public key (which you now are fairly confident is my public key); decrypt the message I sent you with the key held in the certificate (after which you are fairly confident comes from me); and then decrypt the message encrypted with your public key (which you can be fairly confident no one else has read). If we did all that, you would know that I am who I say I am and that the message was sent by me; I would know that only you read the message; and you would know that no one else read the message along the way.
16.
Shawn C. Helms, 'Translating Privacy Values with Technology,'
17.
Ipanema Technologies, 'Automatically discover applications running over your net work.' Available at http://www.ipanematech.com/New/EN/Solutions.php?niv=2a (cached: http://www.webcitation.org/5IwlrfaFa).
18.
iProtectYou Pro Web Filter v7.10. See http://www.softforyou.com/ip-index.html (cached: http://cache.codev2.cc/Link_16.pdf).
19.
Nmap ('Network Mapper'). See http://www.insecure.org/nmap/ (cached: http://www.webcitation.org/5Iwlxlmdy).
20.
21.
Jack Goldsmith and Timothy Wu,
22.
MaxMind Home Page, available at http://www.maxmind.com/ (cached: http://www.webcitation.org/5Iwm0Xb51).
