Practical TCP/IP and Ethernet Networking- P51: The transmitter encodes the information into a suitable form to be transmitted over the communications channel. The communications channel moves this signal as electromagnetic energy from the source to one or more destination receivers. The channel may convert this energy from one form to another, such as electrical to optical signals, whilst maintaining the integrity of the information so the recipient can understand the message sent by the transmitter | 232 Practical TCP IP and Ethernet Networking Somewhere in the middle ground lies a hybrid approach that relies upon both independent CAs and peer-to-peer certification. In such an approach businesses may act as their own CA issuing certificates for its employees and trading partners. Alternatively trading partners may agree to honor certificates signed by trusted third party CAs. This decentralized model most closely mimics today s typical business relationships and it is likely the way PKIs will mature. Building a public-key infrastructure is not an easy task. There are a lot of technical details to address - but the concept behind an effective PKI is quite simple a PKI provides the support elements necessary to enable the use of public-key cryptography. One thing is certain the public-key infrastructure will eventually - whether directly or indirectly - reach every Internet user. Storage and distribution of public keys E-commerce transactions don t always involve parties who share a previously established relationship. For this reason a PKI provides a means for retrieving certificates. If provided with the identity of the person of interest the PKI s directory service will provide the certificate. If the validity of a certificate needs to be verified the PKI s certificate directory can also provide the means for obtaining the signer s certificate. Revocation of public keys Occasionally certificates must be taken out of circulation or revoked. After a period of time a certificate will expire. In other cases an employee may leave the company or a person may suspect that his or her private key has been compromised. In such circumstances simply waiting for a certificate to expire is not the best option but it is nearly impossible to physically recall all possible copies of a certificate already in circulation. To address this problem CAs publish certificate revocation lists CRLs and compromised key lists KRLs . Verification of public keys The true value of a PKI is .