My name is Jacco de Leeuw and I am participating in the Web of Trust certification programs of both Thawte and CAcert.
How can I be of assistance to you?
In a 'Web of Trust' is a concept where users mutually establish eachother's identity. I am a "CAcert Assurer" myself. In short, it means that I verify your identity through your identity document such as passport or driving licence, you hand me a photocopy of this ID and then you'll receive 35 CAcert points from me. With 50 points or more you can request certificates from CAcert which contain your name, in addition to your e-mail address. With 100 points or more you can be a CAcert Assurer yourself. E-mail programs such as Mozilla Thunderbird, Netscape, Opera and Outlook (Express) can use certificates to sign e-mails and send and receive encrypted e-mails (S/MIME). Some websites require personal certificates for access. More and more programs and websites support personal certificates. You can sign PDF documents with Adobe Acrobat if you have a personal certificate. Another example is NetMeeting, which can use certificates to positively identify people. Also, the EAP-TLS protocol for wireless networks requires personal certificates.
Of course anyone can issue his or her own certificates. Some
companies and
individuals offer certificates. A disadvantage of these types of
certificates is that they are not recognised by the well-known
e-mail
clients and operating systems. People will see a cryptic error
message
about the root certificate not being trusted. The CAcert root
certificate on the other hand is present in some e-mail clients
and
operating systems. This means that if you own a CAcert certificate
you
can sign and send e-mail to other people with less chance of
these people receiving
an annoying message about the root certificate.
CAcert is a certification
program which is very similar to Thawte's now defunct Web of
Trust. The
difference is that
CAcert is a non-profit organisation. Thawte on the other hand is a
commercial company. In fact, it is a subsidiary of security giant
VeriSign. Unlike Thawte's certificates, all
CAcert certificates are free, including those for servers.
An important difference between CAcert and Thawte is that
Thawte's
root certificate is included in almost every operating
system
and e-mail program. This is not the case for CAcert.
Its root certificate is currently only included
in a
select number of programs and Linux/Unix distributions. There are
however plans for an 'audit' of CAcert. An audit is required by
organisations such as Mozilla, Microsoft and Apple, and costs
several
thousands of dollars. CAcert's audit is sponsored by the Oophaga Foundation. This means
that
most users will currently see a cryptic warning when they
receive a message signed with a certificate issued by CAcert. If a
user adds CAcert's
root
certificate to his computer no warning
will be displayed. This procedure is probably too advanced for
most users.
So, currently, Thawte is more user-friendly than CAcert.
Fortunately more and more vendors are adding the CAcert root
certificate
on their own initiative, for example the Linux distribution
Ubuntu.
As a "CAcert Assurer", I can assign 35 points. You need 50 points to be able to request a certificate containing your name.
TopPGP was one of the first
encryption
systems available to the general public.
Unlike the X.509 system used by CAcert, there is no
central 'authority' in PGP who issues certificates. As a user of
PGP,
you yourself decide which public keys to trust. This way you build
your
own Web of Trust. Which has its pros and cons.
Several PGP implementations are available, including GnuPG which is Free Software. Commercial software
is
also available, for instance PGP Inc.
I myself use PGP too, mostly for signing Linux software (RPMs).
Here
you can find my PGP public key.
I
can sign your public key if you want. My own public key has been
signed
by several people.
The procedure for verification of the ID is similar to that for
CAcert.
One difference is that you will have to distribute your public key
yourself, for instance, by uploading it to a keyserver.
You would like to make an appointment for an identity assertion
Great! It doesn't matter if you are a Dutch resident or not, if you live in the Netherlands or if you're here for a holiday or a business trip: I can issue 35 CAcert points to you! I have already met people from 6 different countries!
OK, so let's pick a place and time. I've got the following on offer:
From home, I log on to the CAcert website and issue the 35 points to you. You will be notified of this by CAcert. Once you have 50 or more points you will be able to request one or more certificates containing your name when you log on to the CAcert website.
I have a written an article for a local user group. It is in Dutch, so it might not be that useful to you. (It does contain a survey on how to upgrade the SSL strength of your browser from 40 bit to 128 bit).
DISCLAIMERBy order of the Royal Dutch Brotherhood of Notaries (KNB) I have to declare the following:These webpages are in no way intended to suggest that a "Thawte Notary" is a notary public or a civil law notary. If you require the services of a Dutch notary, please visit this website: www.notaris.nl. Certificates issued by Thawte and CAcert are NOT "qualified certificates" in the sense of the Dutch law. If you require a "qualified certificate", contact one of the (few) companies approved by the Dutch government. |