The Thawte Web of Trust

Several years ago, while I was working at Xcert International, I became a notary for the Thawte Web of Trust, making identity assertions for Thawte’s free Personal Digital Certificates. The Thawte Web of Trust is a digital certificate trust assertion system that has some similar characteristics to the PGP Web of Trust, except that it uses X.509-based keys. To use an X.509 key for email authentication or encryption (S/MIME), you need a compatible email client such as Mozilla.

So a couple of years have passed since I last was involved in this, and then somebody contacted me out of the blue to get their identity asserted. Christ – two years later and I forgot how to do everything! What the hell was my password? It had been so long since I last bothered – I thought for sure that this service had completely gone the way of the dodo.

And then I remembered, this was an very cool way to authenticate messages and encrypt your email. Since it is built in to some of the major email clients such as Outlook/Outlook Express and Mozilla/Netscape, it is fairly convenient to use. Trust can be asserted by a major root certificate authority such as Verisign or Thawte. If everyone used this, email privacy and user authentication would be greatly improved in the email world.

Now if only there were more S/MIME-compatible email clients out there. Eudora doesn’t support it as far as I know. Mac versions of Apple Mail, Microsoft Outlook Express, and Microsoft Entourage also leave out X.509 compatabilty. The main limiting factor to widespread adoption, besides a general lack of awareness in the public, is that there are so many incompatible email clients out there.

At any rate, if you would like me to notarize your Thawte Personal Email Certificate and are or will be in the San Francisco Bay Area, then please feel free to contact me.