You may ask what web of trust means?
The thawte web of trust is way to ensure the thawty Personal E-mail Certificate owners identity. To get a E-Mail Certificate with your own name on it you need to get confirmed your own identy by a number of thawty notaries who can give you between 10 and 35 trust-points. Once you’ve collected more then 50 trust-point from two to five notaries you get your Personal Certificate. If you’ve got more the 100 trust-point you’ll become a notary by yourself.
Other certificate provieders, e.g. VeriSign, ensure the identity of a person by using a credit card which is the most secure way to do that as long no one has stolen your card number. Furthermore the VeriSign service is not free of charge like thawte.
Why do I need a Personal email certificate (x509)?
A thawte Personal E-mail Certificate (x509) in conjunction with the thawte Web of Trust allows you to secure and guarantee authorship of your e-mail communications by digitally signing and encrypting your e-mails. Otherwise email communication is like sending postcards everyone can read.
It allows you to sign and encrypt all your personal emails.
You can signs an e-mail so that the recipient is able to verify the e-mail address that the message originated from – this inspires trust in those who receive your email communication.
You can encrypts emails to prevent anyone except the intended recipient(s) from gaining access to the message contents. This guarantees information privacy and protection.
But isn’t it just enough to use PGP/GPG instead of complicate certificates?
Drawback on PGP, GPG etc. is that every user needs to have some piece of
software installed. The advantage of x509 certificates like thawtes free one is that almost every e-mail client supports it. In contrast to PGP’s public and private keys the thawte certificats need to be renewed after one year. That implicates to inform all your address book contacts to whom you want to send encrypted emails by using a x509 certificates.
What are the requirements to send encryted emails using a thatwe x509 certificate?
First of all you need to register for a Personal email certificate on thawte.com (that processes takes some time and the installation can be tricky for everyday-email-users). As well the recipients of your encrypted emails needs to have a x509 certificate from thawte or any other (trustfull) provider.
Before you can exchange encrypted messages with some one else you need to send him a signed email (=a email with your public key) to signal his email software the availability of x509. Now the recipient need to do the same to give you his public key. After the exchange of signed emails you can send encrypted emails to that particular person.
Any questions on how on getting tthose things done? Comment that post or just email me.