Thawte
Encyclopedia
Thawte Consulting is a certificate authority
Certificate authority
In cryptography, a certificate authority, or certification authority, is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate...

 (CA) for X.509
X.509
In cryptography, X.509 is an ITU-T standard for a public key infrastructure and Privilege Management Infrastructure . X.509 specifies, amongst other things, standard formats for public key certificates, certificate revocation lists, attribute certificates, and a certification path validation...

 certificates. Thawte was founded in 1995 by Mark Shuttleworth
Mark Shuttleworth
Mark Richard Shuttleworth is a South African entrepreneur who was the second self-funded space tourist. Shuttleworth founded Canonical Ltd. and as of 2010, provides leadership for the Ubuntu operating system...

 in South Africa
South Africa
The Republic of South Africa is a country in southern Africa. Located at the southern tip of Africa, it is divided into nine provinces, with of coastline on the Atlantic and Indian oceans...

 and is the second largest public CA on the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

.

Origins

Thawte was originally run from Shuttleworth
Mark Shuttleworth
Mark Richard Shuttleworth is a South African entrepreneur who was the second self-funded space tourist. Shuttleworth founded Canonical Ltd. and as of 2010, provides leadership for the Ubuntu operating system...

's parents' garage. Shuttleworth's original project was to produce a secure server not fettered by the restrictions on the export of cryptography
Export of cryptography
The export of cryptography in the United States is the transfer from the United States to another country of devices and technology related to cryptography....

 which had been imposed by the U.S. The server, Sioux, was an adaptation of the Apache HTTP server
Apache HTTP Server
The Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...

; it was later integrated with the Stronghold web server as Thawte began to concentrate more on their certification activities.

Sale

In 1999 VeriSign
VeriSign
Verisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...

 acquired Thawte in a stock purchase from Shuttleworth for US$
United States dollar
The United States dollar , also referred to as the American dollar, is the official currency of the United States of America. It is divided into 100 smaller units called cents or pennies....

575 million. Both VeriSign and Thawte had certificates in the first Netscape
Netscape
Netscape Communications is a US computer services company, best known for Netscape Navigator, its web browser. When it was an independent company, its headquarters were in Mountain View, California...

 browsers, and were thus 'grandfathered' into all other web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...

s. Before VeriSign's purchase, they each had about 50% of the market. VeriSign's certificate
Public key certificate
In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...

 rollover was due to take place on 1 January 2000 — an unfortunate choice considering the imminent Y2K bug. (Thawte had a similar rollover in July 1998.) The purchase of Thawte ensured there would be no business loss over Y2K .

Proceeds from the sale enabled Shuttleworth to become the second space tourist
Space tourism
Space Tourism is space travel for recreational, leisure or business purposes. A number of startup companies have sprung up in recent years, hoping to create a space tourism industry...

, and to found the Ubuntu
Ubuntu (operating system)
Ubuntu is a computer operating system based on the Debian Linux distribution and distributed as free and open source software. It is named after the Southern African philosophy of Ubuntu...

 project.

In August 2010, Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...

 acquired VeriSign's security business; thus, Thawte is now owned by Symantec.

Web of trust

The Thawte Web of trust was discontinued on 16 November 2009. Thawte used to issue free email certificates and the Thawte Web of trust was the optional identity verification mechanism for it. To obtain a free Thawte email certificate, a person needed to sign up for a Thawte FreeMail account which allowed a person to create as many certificates as they want. Although each certificate was associated with exactly one email address, multiple email addresses could have been associated with a single Thawte FreeMail account. So if a person has more than one email address, they could have created a different certificate for each of them through the same account.

Associating the Thawte FreeMail account with the real identity of the person owning was based on a Web of trust
Web of trust
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure ,...

 model (similar to CAcert.org
CAcert.org
CAcert.org is a community-driven certificate authority that issues free public key certificates to the public...

). The person's identity was assured by meeting face-to-face with one or more Thawte Notaries who needed to see identification and keep a copy of it (for at least five years). Points were assigned by the notaries. The number of points a notary could have assigned ranges from 10 to 35. In general, the more experienced a notary was the more points they could have assigned (see table below). Notaries who were directly verified by Thawte, through events Thawte attended or held, automatically could have issued 35 points without needing to gain experience.

The number of points determined what that person's account can do. With less than 50 points, the certificates issued had "Thawte Freemail Member" in the name field. With 50 or more points, the certificates had the person's name in it. The presence of the person's real name in the certificate can be useful for identifying the certificate (e.g. when stored in a key store) and to help the recipient to recognize and trust the certificate. For the purposes of signing and encrypting both types of certificates could be used in the same way, because both types of certificates had the person's email address in it.

With 100 or more points, a person became a Thawte Notary. When a person becomes a notary, they were initially listed underneath their country. They could then change that location and add text to advertise the services they offer. Changes to the advertising text were approved by Thawte and the notary was placed in a pending state while it waits approval. The approval process could take several weeks, during which the person's advertisement was not published and the system did not let them access it as a notary. Cross notarization was not allowed: a notary could not notarize a person who had notarized them.
Assertions made
by the notary
Maximum points that
the notary may award
0 10
5 15
10 20
15 25
25 30
35 35

After end of life

Thawte Notaries have been submitting minimal information to the Gossamer Spider Web of Trust ("GSWoT"; a grass-roots OpenPGP PKI
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...

) for safe-keeping in hopes to increase the longevity of their earned trust points. The collaborative effort aims to bind Thawte Notary names and email addresses to their now-existing entry on Thawte's Web of Trust Notary Map. Thawte Notaries from within and without GSWoT are performing the validations. The initiative will bear no fruit if Thawte Notaries fail to find or create a WoT that will recognize their former status as a Thawte Web of Trust Notary. The Thawte WoT Notaries List on GSWoT was maintained until November 16, 2010.

See also

  • Cryptography
    Cryptography
    Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

  • Public key certificate
    Public key certificate
    In cryptography, a public key certificate is an electronic document which uses a digital signature to bind a public key with an identity — information such as the name of a person or an organization, their address, and so forth...

  • SSL
  • Transport Layer Security
    Transport Layer Security
    Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK