Do you have a digital certificate? Not many
people do, but I believe everyone should.
If you want to send me encrypted mail, get
my certificate. To get your own, visit Thawte.To ask me to notarise your ID, fill out
my form.Do you have a digital certificate? Not many
people do, but I believe everyone should.
If you want to send me encrypted mail, get
my certificate. To get your own, visit Thawte.To ask me to notarise your ID, fill out
my form.
A digital certificate integrates with your mail client and web browser and allows you to both sign and encrypt mail as well as automatically log-in to some web sites.
When you 'sign' an e-mail message, you add to the message a piece of extra information that allows the recipient to be sure both that the message comes from you and that no-one has tampered with it in transit. To sign an e-mail message, you need a personal digital certificate because the signing process uses it. Configured correctly, your computer should ask you to enter a password before signing an e-mail message.
When you 'encrypt' an e-mail message, you render the message unreadable expect by the person who owns the digital certificate with which you encrypted the message. It's very secure and effective. I use it for personal correspondence and for those times when work correspondence has to be sent to my personal ID.
Some web sites are able to use digital certificates for a secure log-in. They do this by asking your browser to present a digital ID. Not many web sites work this way because so few people have certificates.
There are other uses for certificates, such as authenticating yourself to the VPN tunnel through which you access your employer's intranet.
To get a certificate, you need to request one from a Certifying Authority (CA). Some larger companies have their own CA department but most of us will need to engage a commercial CA such as Verisign. Personally, I use Thawte as my CA because (a) I agree with their trust model, and (b) they don't charge me no matter how many certificates I request.
The CA acts as a trusted authority for your certificate. Just like a credit card shows retailers that your bank trusts you and that they will vouch for your ability to pay, so a certificate shows that your CA will vouch for you. Exactly what they will vouch depends on what they write on the certificate. When you register with Thawte, they actually vouch for nothing more than the fact that they have successfully corresponded with you via the e-mail address you supplied. To get them to go further and vouch for your name and identity, you have to prove to their satisfaction that you are who you say you are.
A CA learns to trust your identity by various means. Most CAs will use the fact your cerdit card worked to inherit trust from your bank. Thawte, however, operates a system called the web of trust which I find much more satisfying because it is community and experience based. It works like this. When you register with Thawte, they will give you a basic 'Freemail' certificate with just your e-mail address in it. This is fine for exchanging mail with people who already know you but it's better to get a full certificate with your name on it. To get one, you need to visit several web of trust Notaries with your ID documents. Each of them will record your details and then allocate 'trust points' to you (between 10 and 35 points). Once you have 50 points allocated to you by notaries, Thawte will then trust that you are who you say you are and issue a full certificate to you.If you keep going and visit more notaries, Thawte will grant you notary status too (you need at least 100 points for this).
