Top:Computers and Internet:Internet:Thawte Notarization
You can get a personal e-mail certificate for FREE from Thawte, (pronounced "thought") a subsidiary of VeriSign, one of the world's largest digital security firms.
This personal e-mail certificate will allow you to digitally sign your e-mail, as well as to digitally sign web commerce transactions (on servers that support this emerging standard). You can also encrypt your e-mail to protect sensitive information from prying eyes while your e-mail is in transit.
Thawte personal e-mail certificates use the X.509 standard of digital security technology. This standard is emerging as the dominant standard in the world of digital signatures and e-mail encryption. There are a number of companies providing digital signatures using X.509. Because they are all using the same standard, a certificate issued by Thawte will work just fine with a certificate issued by, say, GlobalSign. Your Thawte e-mail certificate will work with any major e-mail package, including Microsoft Outlook and Outlook Express, as well as Netscape, Mozilla.
Digitally signing your e-mail does two things. First, it tells the recipients that the e-mail really did originate with you. Second, it makes your e-mail tamper-evident. This means that if the contents of your e-mail are altered at any point after you send it, the digital signature will alert the reader that the message has been altered. Using a digital signature is practically transparent to the user once the certificate is installed.
Encryption of your e-mail ensures that only the person(s) you are sending your e-mail to can read it. Using encryption requires that you have not only your own personal e-mail certificate, but that you have the public portions of the certificates of your recipients. Conveniently, the public portion of the certificate is contained in a digital signature, so it getting this information is easy.
Why use Thawte?
Thawte certificates are very trustworthy, even though they are free. This is because of a clever innovation called the Thawte Web of Trust (WoT). Basically, the WoT ensures that people are who they say they are by setting up a worldwide network of people who certify each other's digital identities -- all free, or nearly free.
There are two basic types of Thawte personal certificates.
The first one is an untrusted certificate. It simply says that the person using this certificate can get e-mail at this particular address. It makes no assertions as to the true identity of the person using the certificate. This is the initial certificate you will receive from Thawte.
Once you receive your untrusted certificate, you can take steps to make your certificate trusted. These steps involve appearing before at least two different Thawte notaries with appropriate identification documents. The Thawte notary will make copies of your documents and retain them on file. Assuming that the notary is satisfied that you are who you say you are, they will make an assertion to that affect to Thawte and assign you a number of trust points (between 10 and 35, depending on how experienced the notary is). When you have 50 trust points on file with Thawte, you will be issued a trusted certificate that includes your full name. This certificate now states that you are really who you say you are. Using this certificate to digitally sign e-mail and other transactions is exactly the same as physically signing a paper document -- i.e. in the United States (and many other countries), your digital signature is legally binding. Consult your attorney if you have legal questions as to your digital signature, as the legislation on digital signatures is still developing.
Great, what do I need to do to get started?
Well, first you need to get a basic Thawte personal e-mail certificate. It's pretty easy. Just go here and go through the process.
Once you've done that, you need to start working on getting more trust points. Find a Thawte notary near you and get in touch with them. Remember, you need 50 trust points to be trusted. (A directory of Thawte notaries is available from the Thawte secure web site after you have a basic certificate.)
If you are anywhere near Salem, Oregon, I am a 35-point Thawte notary (that means I can issue 35 trust points to any one person). Send me e-mail and we can go from there. I charge an amount not to exceed US$5 for an assertion to cover my time and inconvenience.
Once you have at least 50 trust points, your work is done. If you move, you will need to update your information with Thawte, but otherwise, you can now freely use your personal certificate and have people know that you are you. Obviously, you want to guard your personal certificate like you would your bank account or credit card. Give the public portion of it away to as many people as possible, but protect the private portion that lives on your computer. Should your personal certificate ever be compromised, immediately go to the Thawte website, revoke your certificates, and issue new ones to yourself so that your digital identity will not be taken over by someone else.
If you need my public key so you can send me an encrypted message, just send me e-mail and I will send you a reply that is digitally signed. You will then be able to send encrypted e-mail to me.
Page created 2/24/03.
© 1995-2004 by Michael Heggen. All rights reserved, except as noted.