« FAM09: Metadata Aggregation | Main
January 18, 2010
E-mail Certificates
The Thawte Web of Trust, for which I was a fairly junior notary, was shut down recently. This included revoking all existing certificates back in November, at least according to Thawte's FAQ on the closure. Amusingly — but perhaps not surprisingly to anyone familiar with the area — I've had to date precisely no queries relating to my continued use of the supposedly revoked personal e-mail certificate.
The only other S/MIME certificate authority I'm aware of that does Web of Trust type identity validation is CAcert; unfortunately their root certificate isn't trusted by most browsers and e-mail clients and until that happens (if it ever does) I can't recommend them as a replacement. Similarly, the lack of built-in PGP/GPG support in current mail clients rules that system out for most people.
If you had a Thawte S/MIME e-mail certificate, you may have been able to trade it in for a 1-year equivalent from VeriSign free of charge. Unfortunately, after the first year it looks like VeriSign charge $19.95 per annum even for a "persona not validated" certificate, which doesn't sound to me like a lot of bang for your buck.
One alternative for the cost-conscious is Comodo's Free Secure Email Certificate product. Again, this is "persona not validated" but should be sufficient for most uses and you can't beat the price.
Posted by Ian at January 18, 2010 12:21 PM