It really does not matter how many layers of cryptography, identity checking etc you place between the human client and the service provider it eventually comes down to a matter of trust. I still do not understand why people who calmly give their credit card to a waiter in a restaurant (it only takes a couple of seconds out of your sight to swipe it through a cloning machine) get so uptight about emailing their credit card number. Much more security is provided by requiring that goods are delivered to the registered address of the owner of the card.
This book presents a sample of papers on all aspects of WWW security rather than the in vogue narrow discussions of strength of cryptography. If commercial use of the Net is to take off those offering services and goods over the Net need to make themselves familiar with such material. Those advising and legislating should also educate themselves by reading this book and those like it.
PGP and other public key cryptographic systems are only a small part of the problem. Quite apart from consideration of how to secure channels there is the wide issue of who should have access to data. This starts you into the subject area of 'trust management.' That is something that needs a much wider understanding than the current one.