Deze pagina in het Nederlands
I am not a notary public or a civil law notary. Read the disclaimer at the bottom of this page.

Welcome to my CAcert Web of Trust page!

My name is Jacco de Leeuw and I am participating in the Web of Trust certification programs of both Thawte and CAcert.

How can I be of assistance to you?

Yours sincerely,

Jacco de Leeuw

What is a Web of Trust?

In a 'Web of Trust' is a concept where users mutually establish eachother's identity. I am a "CAcert Assurer" myself. In short, it means that I verify your identity through your identity document such as passport or driving licence, you hand me a photocopy of this ID and then you'll receive 35 CAcert points from me. With 50 points or more you can request certificates from CAcert which contain your name, in addition to your e-mail address. With 100 points or more you can be a CAcert Assurer yourself. E-mail programs such as Mozilla Thunderbird, Netscape, Opera and Outlook (Express) can use certificates to sign e-mails and send and receive encrypted e-mails (S/MIME). Some websites require personal certificates for access. More and more programs and websites support personal certificates. You can sign PDF documents with Adobe Acrobat if you have a personal certificate.  Another example is NetMeeting, which can use certificates to positively identify people. Also, the EAP-TLS protocol for wireless networks requires personal certificates.

Of course anyone can issue his or her own certificates. Some companies and individuals offer certificates. A disadvantage of these types of certificates is that they are not recognised by the well-known e-mail clients and operating systems. People will see a cryptic error message about the root certificate not being trusted. The CAcert root certificate on the other hand is present in some e-mail clients and operating systems. This means that if you own a CAcert certificate you can sign and send e-mail to other people with less chance of  these people receiving an annoying message about the root certificate.


And what is CAcert?

CAcert is a certification program which is very similar to Thawte's now defunct Web of Trust. The difference is that CAcert is a non-profit organisation. Thawte on the other hand is a commercial company. In fact, it is a subsidiary of security giant VeriSign. Unlike Thawte's certificates, all CAcert certificates are free, including those for servers.

An important difference between CAcert and Thawte is that Thawte's root certificate is included in almost every  operating system and e-mail program. This is not the case for CAcert. Its root certificate is currently only included in a select number of programs and Linux/Unix distributions. There are however plans for an 'audit' of CAcert. An audit is required by organisations such as Mozilla, Microsoft and Apple, and costs several thousands of dollars. CAcert's audit is sponsored by the Oophaga Foundation. This means that most users will currently see a cryptic warning when they receive a message signed with a certificate issued by CAcert. If a user adds CAcert's root certificate to his computer no warning will be displayed. This procedure is probably too advanced for most users. So, currently, Thawte is more user-friendly than CAcert. Fortunately more and more vendors are adding the CAcert root certificate on their own initiative, for example the Linux distribution Ubuntu.

As a "CAcert Assurer", I can assign 35 points. You need 50 points to be able to request a certificate containing your name.


How about PGP?

PGP was one of the first encryption systems available to the general public. Unlike the X.509 system used by CAcert, there is no central 'authority' in PGP who issues certificates. As a user of PGP, you yourself decide which public keys to trust. This way you build your own Web of Trust. Which has its pros and cons.

Several PGP implementations are available, including GnuPG which is Free Software. Commercial software is also available, for instance PGP Inc.

I myself use PGP too, mostly for signing Linux software (RPMs). Here you can find my PGP public key. I can sign your public key if you want. My own public key has been signed by several people. The procedure for verification of the ID is similar to that for CAcert. One difference is that you will have to distribute your public key yourself, for instance, by uploading it to a keyserver.


You would like to make an appointment for an identity assertion

Great! It doesn't matter if you are a Dutch resident or not, if you live in the Netherlands or if you're here for a holiday or a business trip: I can issue 35 CAcert points to you! I have already met people from 6 different countries!

OK, so let's pick a place and time. I've got the following on offer:

  1. I am a member of the Dutch user group "HCC". There are meetings every second and fourth Wednesday of the month, organised by the HCC Amsterdam (except for July/August and public holidays). Meetings are held in community centre De Meent in Amstelveen. The address is Orion 3, 1188 AM Amstelveen. Schiphol International Airport is about 30 minutes away by public transport. Parking is free. The HCC meetings are from 8PM to 11PM.
  2. Sometimes I visit the meetings of the HCC Unix/C user group in Eemnes or the Dutch Linux User Group (NLLGG) in Utrecht. Or other venues such as NLUUG conferences.
  3. Another place and time on neutral terrain such as Amsterdam Central Station.
The procedure is as follows:
  1. Make an appointment. Send me an e-mail with your preference for time, date and location.
  2. Bring along a valid identity document to the appointment: preferably a passport or European identity card. Or possibly a driving licence.
  3. I check your identity, keep the photocopy and sign the identity assertion paper that I will bring along.

You can recognise me from this picture: Picture of Jacco de Leeuw 

From home, I log on to the CAcert website and issue the 35 points to you. You will be notified of this by CAcert. Once you have 50 or more points you will be able to request one or more certificates containing your name when you log on to the CAcert website.


You would like to know more about digital certificates and the Web of Trust program.

I have a written an article for a local user group. It is in Dutch, so it might not be that useful to you. (It does contain a survey on how to upgrade the SSL strength of your browser from 40 bit to 128 bit).



By order of the Royal Dutch Brotherhood of Notaries (KNB) I have to declare the following:

These webpages are in no way intended to suggest that a "Thawte Notary" is a notary public or a civil law notary. If you require the services of a Dutch notary, please visit this website: Certificates issued by Thawte and CAcert are NOT "qualified certificates" in the sense of the Dutch law. If you require a "qualified certificate", contact one of the (few) companies approved by the Dutch government


Contact Jacco
Jacco's homepage