This book is a personal account, not the result of a committee process. Many people have helped me write this book, an even larger number have helped to shape the ideas presented.

I first became interested in computer networking as an undergraduate at Southampton University where Denis Nicole my third year project supervisor and Professor Tony Hey got me interested in massively parallel processing systems and the Transputer.

My interest in the Transputer and the formal methods on which its design is based took me to the Nuclear Physics Laboratory at Oxford University. Large scale physics experiments need large computers. Working with my thesis supervisors Ian McArthur and Robin Devenish on the ZEUS experiment taught me a lot about the way that large scale computing projects fit together.

A major influence at Oxford was my college tutor Tony Hoare. He convinced me that the pursuit of simplicity in systems designed to address complex problems was not only possible, but essential if the system was to be feasible.

Digital Equipment Corporation sponsored my work at Oxford. At the end of which Chris Youngman took me on at Zeus, where the interesting sequence of events that brought me into the world of network security began.

High Energy Physics, a world dominated by FORTRAN, was considered to be about as far from the leading edge of computer science research as could be. Two people rescued me, first Paolo Palazzi who persuaded the European Union to award me a fellowship and more importantly persuaded the CERN management to hire me despite opposition. Secondly, Tim Berners-Lee, inventor of the Web, who asked me to take on the security brief in the Web design and later the secure payments portfolio at the World Wide Web Consortium (W3C).

During my time at CERN/W3C I worked with many people whose ideas have shaped the Web in ways that affect us daily. Some moved into the commercial world like I did but many stayed at W3C to work on the next generation of the Web. I am indebted to them all but in particular Dave Ragget, Dan Connoly, Henrik Frystyk Nielsen and Rohit Khare. I am also indebted to many people who joined W3C after I left, in particular Danny Weitzner and Thomas Roessler.

Working at CERN and W3C brought me into the world of commercial cryptography. Many thanks to Alan Schiffman and Eric Rescorla of EIT/Terisa, to Taher Elgamal, and Jeff Weinstein

Huge thanks are due to Jock Gill and Tom Kalil for making the Whitehouse Web site happen and to Al Gore for telling them to make it so. In 1992, Jock took the time to listen to me when I told him that the Web was the future of political communication despite the fact that we had no more than a hundred users at the time. Thanks also to John Mallery and Roger Hurwitz at what was then the MIT AI lab Political Participation Project and became the Intelligent Information Infrastructures project, which I joined after leaving W3C in 1996. MIT is an amazing place to be and John and Roger are amongst the people who helped me learn the most. I must also thank Ron Rivest and Butler Lampson for helping me to understand the difference between cryptography and security protocol design.

In addition to his many valuable technical and philosophical contributions I must thank Roger for introducing me to Karen and for marrying us some years later.

After leaving MIT I joined VeriSign where I have now worked as Principal Scientist for a decade. Thanks to Michael Baum for hiring me and for teaching me more about the law than I had ever expected to want to know but now find essential, for Warwick Ford for being both my mentor and my boss but most importantly my friend and for Jim Bidzos and Stratton Sclavos for starting the whole thing.

During my time at VeriSign I have worked with many extraordinary people, both inside and outside the company. At VeriSign, Anthony Maccario, Jack Biggane and Quentin Gallivan taught me about the sales process, Stephen Wu, Mark Silvern and Tony Berman some of the complexities of a Certificate Practices Statement works, to Chris Babel, Fran Rosch and Tim Callan in marketing. On the technical side huge thanks to Ari Balogh, Jay Patel, Alex Deacon, Jeff Burstein, Joe Adler, Thomas Hardjono, Nico Popp, Hemma Prafulchandra, Sidharth Bajaj, Rick Andrews, Casey LaRose, Tim Mather, Paul Meijer, Hans Granqvist, Gary Krall, Gabriel Swift, Sue Todd, Sean Wilcox, David M’Rahi, Mike Olsen, Ram Moskowitz, Matt Larson, Mark Kosters, Andy Newton, and Michael Aisenberg.

Thanks also to my public speaking coach, Marc Chodorow from Chodorow Associates, Brendan P. Lewis at 463 Communications, and all the people at Weber Shandwick.

Outside VeriSign there are thousands of people I should thank; a hundred will have to suffice.

At the IETF, in particular Russ Housley, Tim Polk, Stephan Santesson, Sam Hartman, Pat Cain, Derek Atkins, Jeff Schiller, Steve Bellovin, Carl Ellison, Andrea Doherty, Philip Hoyer, Stuart Vaeth, Jim Fenton, Barry Leiba, Dave Crocker, Steve Crocker, Harry Khatz, Tony Hansen, Nathaniel Borenstein, Eric Allman, Jon Calas, Mark Delaney, Miles Libbey, Larry Masinter, Hannes Tschofenig, Magnus Nystrom, Stephen Whitlock, and Lisa Dusseault.

From the W3C XKMS group, my co-authors, Brian LaMacchia, Barbara Fox, Blair Dillaway, Jeremy Epstein and Joe Lapp and to Stephen Farrell and Shivaram Mysore for chairing it.

From the W3C Web Security Context Working Group, Tyler Close, Mary Ellen Zurko, Bill Doyle, Maritza Johnson, Brad Porter, Johnathan Nightingale, Rachna Dhamija, Serge Egelman, Audian Paxson, and Yngve Nysaeter Pettersen.

From the OASIS SAML working group Prateek Mishra, Eve Maler, Jeff Hodges, Hal Lockhart, Bob Blakely, Joe Pato, Heather Hinton, Maryann Hondo, Frederick Hirsch, and Ronald Monzillo.

From the OASIS WS-Security working group, Anthony Nadalin, Kelvin Lawrence, Chris Kaler, and Merlin Hughes.

At the Anti-Phishing Working Group, Dave Jevans, Peter Cassidy, Foy Shiver, Lance James, Craig Spiezle, Joanthan Rusch, Bill Harris, and from the banking world Rhonda Maclean, Mack Hicks, Dave Solo, Dan Houser, Todd Inskeep, Dan Schutzer, Michael McCormick, and Richard Parry.

From CAB-Forum, Tim Moses, Mike Beltzner, Gervase Markham, and Steve Roylance.

In addition there are many people who have influenced me, either directly or through their work whose input I would like to especially acknowledge. These include Burt Kaliski, Adam Shostack, Kim Cameron, Dick Hardt, Michael Froomkin, Simson Garfinkel, Linda Franklin, Judith Spencer, Peter Alterman, Stefan Brands, David Chaum, Esther Dyson, Brian Behlendorf, Hans Peter Brøndmo, Join Praed, Meng Weng Wong, Ben Laurie, Amir Herzberg, Clifford Neuman, Richard Guida, David Berlind, Dan Farber, John Aravosis, Joshua Marshall, Bruce Schneier, and Ross Anderson.

That my manuscript turned into this book is due to my agent Ming Russell at Waterside productions, my editor Jessica Goldstein, her assistant Romny French, and project editor Kristy Hart. Thanks are also due to my reviewers, some of which have already been mentioned, others of which are anonymous.

Most importantly I thank my family for supporting this project and for tolerating the many weekends and evenings when family commitments were neglected to complete it. In particular Karen for her unstinting support and for being at times the only person who believed this would ever be completed.