30.6 Further reading

As you have seen, there are many different aspects of computer security, even when only considering Web applications. This explains why there is such a lot of interesting literature on the subject to recommend.

If you want to get a thorough general overview on cryptography, to be able to understand the advanced topics, read [Schneier(1995)]. Frequently Asked Questions on Web security are answered in Web-FAQ and in chapters from Stein, [Cheswick and Bellovin(1994)] and [Liu et al.(1994)].

There is a working group in the Internet Engineering Task Force that deals with Web Transaction Security (WTS). The first output of this group is a requirements document that can be found in [Bossert et al.(1995)]. Other Internet drafts and Requests For Comment (RFCs) can be found on the following sites:

Africa: ftp.is.co.za (196.4.160.8)
Europe: nic.nordu.net (192.36.148.17)
Pacific Rim: munnari.oz.au (128.250.1.21)
US East Coast: ds.internic.net (198.49.45.10)
US West Coast: ftp.isi.edu (128.9.0.32)

You can find the S-HTTP proposal [Rescorla and Schiffman(1995)] on these sites as well as all the documents on MIME, PEM and MOSS (PEM1421, PEM1421; PEM1422, PEM1422; PEM1423, PEM1423; PEM1424, PEM1424; MIME, MIME; MOSS, MOSS; Galvin, Galvin and many others). More info on SSL can be found in [Hickman and Elgamal(1995)] and the PCT-Protocol is specified in [Benaloh et al.(1995)]. For the Secure Electronic Payment Protocol specifications, see [Secure Electronic Payment Protocol Draft. Version 1.1(1995)].

A technical discussion of electronic cash by David Chaum can be found in [Chaum(1991), Chaum(1989)], the software is available at http://www.ecash.com. All the other electronic commerce systems can of course be found online too, like First Virtual at http://www.fv.com, DigiCash at http://www.digicash.com, Netcash at http://www.netbank.com and Netbill in [Cox et al.(1995)].