My name is Jacco de Leeuw and I am participating in the Web of Trust certification programs of both Thawte and CAcert.
How can I be of assistance to you?
Jacco de Leeuw
In a 'Web of Trust' is a concept where users mutually establish eachother's identity. I am a "CAcert Assurer" myself. In short, it means that I verify your identity through your identity document such as passport or driving licence, you hand me a photocopy of this ID and then you'll receive 35 CAcert points from me. With 50 points or more you can request certificates from CAcert which contain your name, in addition to your e-mail address. With 100 points or more you can be a CAcert Assurer yourself. E-mail programs such as Mozilla Thunderbird, Netscape, Opera and Outlook (Express) can use certificates to sign e-mails and send and receive encrypted e-mails (S/MIME). Some websites require personal certificates for access. More and more programs and websites support personal certificates. You can sign PDF documents with Adobe Acrobat if you have a personal certificate. Another example is NetMeeting, which can use certificates to positively identify people. Also, the EAP-TLS protocol for wireless networks requires personal certificates.
CAcert is a certification
program which is very similar to Thawte's now defunct Web of
difference is that
CAcert is a non-profit organisation. Thawte on the other hand is a
commercial company. In fact, it is a subsidiary of security giant
VeriSign. Unlike Thawte's certificates, all
CAcert certificates are free, including those for servers.
An important difference between CAcert and Thawte is that
root certificate is included in almost every operating
and e-mail program. This is not the case for CAcert.
Its root certificate is currently only included
select number of programs and Linux/Unix distributions. There are
however plans for an 'audit' of CAcert. An audit is required by
organisations such as Mozilla, Microsoft and Apple, and costs
thousands of dollars. CAcert's audit is sponsored by the Oophaga Foundation. This means
most users will currently see a cryptic warning when they
receive a message signed with a certificate issued by CAcert. If a
user adds CAcert's
certificate to his computer no warning
will be displayed. This procedure is probably too advanced for
So, currently, Thawte is more user-friendly than CAcert.
Fortunately more and more vendors are adding the CAcert root
on their own initiative, for example the Linux distribution
As a "CAcert Assurer", I can assign 35 points. You need 50 points to be able to request a certificate containing your name.Top
How about PGP?
PGP was one of the first
systems available to the general public.
Unlike the X.509 system used by CAcert, there is no
central 'authority' in PGP who issues certificates. As a user of
you yourself decide which public keys to trust. This way you build
own Web of Trust. Which has its pros and cons.
Several PGP implementations are available, including GnuPG which is Free Software. Commercial software
also available, for instance PGP Inc.
I myself use PGP too, mostly for signing Linux software (RPMs).
you can find my PGP public key.
can sign your public key if you want. My own public key has been
by several people.
The procedure for verification of the ID is similar to that for
One difference is that you will have to distribute your public key
yourself, for instance, by uploading it to a keyserver.
You would like to make an appointment for an identity assertion
Great! It doesn't matter if you are a Dutch resident or not, if you live in the Netherlands or if you're here for a holiday or a business trip: I can issue 35 CAcert points to you! I have already met people from 6 different countries!
OK, so let's pick a place and time. I've got the following on offer:
From home, I log on to the CAcert website and issue the 35 points to you. You will be notified of this by CAcert. Once you have 50 or more points you will be able to request one or more certificates containing your name when you log on to the CAcert website.
I have a written an article for a local user group. It is in Dutch, so it might not be that useful to you. (It does contain a survey on how to upgrade the SSL strength of your browser from 40 bit to 128 bit).
DISCLAIMERBy order of the Royal Dutch Brotherhood of Notaries (KNB) I have to declare the following:
These webpages are in no way intended to suggest that a "Thawte Notary" is a notary public or a civil law notary. If you require the services of a Dutch notary, please visit this website: www.notaris.nl. Certificates issued by Thawte and CAcert are NOT "qualified certificates" in the sense of the Dutch law. If you require a "qualified certificate", contact one of the (few) companies approved by the Dutch government.