The principal lesson that we learned from this exercise was that the X.509 mechanisms are not really suitable for publishing. This realisation started to dawn when we had to decide on the longevity of publisher's keys. Assuming that users' keys would last three years, why not make the publishers' last five? But what would happen once a publisher's key was more than two years old, and thus unable to issue a certificate of three years' duration for an author? Would he have to refresh it, or acquire another one?
Many further complexities arose. For example, what does revocation mean in the context of book publishing? If an author fails to pay his annual fee to the local CA, will all his books magically vanish from all library shelves? What if a lawsuit is then brought in which a party relies on one of them? And what if revocation mechanisms were used maliciously as an instrument of censorship?
`Planned obsolescence' may make sense in software publishing, and in the banking world it is quite natural to use X.509 certificates in SET where both public and private keys have a lifetime of two years, as this simply replicates the existing trust structure of mag-stripe credit cards. However this approach is not appropriate in publishing, where objects are long-lived. Book copyright in the EU countries is now for a period of 70 years after the author's death.
The conclusion to which we were unexpectedly driven by the Wax project was that our secondary trust mechanism - namely, a tree of hashes in which chapters are hashed into a book and books into a catalogue - should in fact be the primary mechanism, while the X.509 signature mechanisms, which we had anticipated would provide the primary protection, are relegated to a number of secondary and specialist roles. The basic functionality can be seen in the following diagram (Fig. 1).
The question that we were naturally led to ask was whether catalogue-based trust had other natural applications than medical publishing, and what extensions of it might be appropriate. Our conclusion is that it gives a much better solution to some problems currently tackled using public-key cryptography, ranging from assuring the authorship of applets through enabling web authors to protect themselves from libel actions; in general, we can adopt the Wax mechanisms to provide a simple and robust set of mechanisms to authenticate the content of world wide web and other hypermedia systems, which fits well with the actual trust model that people have for published content.
We will now describe a set of proposed extensions to HTML that explain what we have in mind and make clear what can be achieved with it.