Thawte Will End "Web of Trust" On November 16

An anonymous reader writes "Thawte is ending their Web of Trust, including their free Personal Email Certificates, in less than 2 weeks' time. This hasn't been picked up by the media yet. Seems to me a lot of people, including myself, are hurt by this." Thawte is offering a 1-year free VeriSign cert to those holding valid Personal Email Certificates; after that you pay.

I knew it!

[Rantastic]

I knew I should not have trusted them and their web!

Sad by understandable

[chamilto0516]

This saddens me but I understand it. Adoption of PKI for email in this multi-standard, multi-client fashion was just too difficult for the average email user. Yes, I usually have one or two accounts for secure messaging and I do use Thawte (I am a Notary) but it just doesn't work for most unless there is someone to walk them through. As much as I am aggravated by Lotus Notes, they self contained system (part of my aggravation) was able to pull this off 10 years ago and is still really the only app that I have seen do PKI well. Unfortunately it doesn't do a lot of other things very well.

Re:Sad by understandable

[Joiseybill]

Notary here too.
I didn't see any notification yet, so I'm not sure if this is true.

If it is, then I won't need to worry about those pesky " check ID" and "keep paperwork on file for 5 years" rules.
I wonder if I can get my notary fees back.. I paid them since I couldn't find any other Notaries in my area.

If this really is true, I might not be opposed to giving away 30 points to anyone that seems reasonable enough. If we get another few notaries on board, maybe we can register a couple thousand slashdotters in the next few weeks - so at least they all get free VeriSign email certs.

PS - in addition to Lotus Notes, I've done a fair job with Novell GroupWise and individual Eudora and T-Bird clients as far as certificate management for the masses. At one point, (obviously a while back with Eudora) I had nearly three dozen non-IT folks using this appropriately to sign and verify their inter-office email. That 'trial' lasted about two weeks, and many still ask me to renew their certificates annually.

Re:Sad by understandable

[swillden]

If this really is true, I might not be opposed to giving away 30 points to anyone that seems reasonable enough. If we get another few notaries on board, maybe we can register a couple thousand slashdotters in the next few weeks - so at least they all get free VeriSign email certs.

I've been meaning to get my identity validated for the web of trust for years, and never quite gotten around to it. I'm interested if you want to drop me an e-mail, and I think I can prove my identity adequately on-line, through my long history on /., USENET, blog posts, etc.

Re:Sad by understandable

[tobiasly]

Yes it sucks but I agree, none of us should really be surprised. Ever since Verisign bought Thawte I've been waiting for this to happen. I've been a notary in a fairly large metro area for years and can't remember the last time I was asked to notarize someone.

Yeah, the concept itself was a bit difficult for a lot of people to grasp but their website also really sucked. It hadn't been updated in years and you had to navigate through that ridiculous hierarchical system instead of being able to just "find notaries within 25 miles of me".

But really, email certs serve two purposes: sender verification and/or encryption (I guess proving an email wasn't tampered with could count as a third but it's really part of encryption). The first function is increasingly already being performed at the server level using SenderID/DomainKeys, and there are plenty of ways to accomplish the second if two parties so choose.

It's one of those things that probably would have been a great idea if it were baked into the email standard since inception, but was just too unwieldy to bolt-on later.

Re:Sad by understandable

[storem]

I'm a WOT Notary myself since 2002.

<rant>To be very blunt, Thawte went downhill ever since VeriSign took over. I'm sure things would be different with Mark Shuttleworth still heading the company.</rant>

I also did not receive any official information from Thawte yet about this. I guess they figured we read today's Internet newspapers anyway.

Many of us Thawte WOT Notaries became CAcert ECCP Assurers during the last couple of years. While CAcert.org is a community-driven certificate authority that issues free public key certificates to the public, it still lacks inclusion of its root certificate in most popular browsers. I do however strongly think there is a need for this kind of service, as no communication is ever going to be really safe unless we all use encryption. It is way to easy to spot the important emails nowadays.

I'm must also admit that less people are interested by the technology - and WOT notaries assert less people each year - mainly due to the complexity of PKI implementations in popular email packages.

<product_placement>I hope efforts like the Comodo/DigitalPersona Privacy Manager product to make it easier for people to use PKI, revive the identity security awareness with people.</product_placement>

More info from Thawte's Wikipedia page:

Thawte Notaries have been submitting minimal information to the Gossamer Spider Web of Trust ("GSWoT"; a grass-roots OpenPGP PKI) for safe-keeping in hopes to increase the longevity of their earned trust points. The collaborative effort aims to bind Thawte Notary names and email addresses to their now-existing entry on Thawte's Web of Trust Notary Map. Thawte Notaries from within and without GSWoT are performing the validations. The initiative will bear no fruit if Thawte Notaries fail to find or create a WoT that will recognize their former status as a Thawte Web of Trust Notary. The Thawte Notary EOL List on GSWoT will die in one year's time - on November 16, 2010.

Re:Sad by understandable

[TheLink]

> > I might not be opposed to giving away 30 points to anyone that seems reasonable enough
> I'm interested if you want to drop me an e-mail, and I think I can prove my identity adequately on-line, through my long history

I suspect there's a funny Nigerian spammer spoof for this (with the "all caps" and other fun stuff).

But I'm too lazy at the moment to try. Anyone willing to give it a go?

Re:Sad by understandable

[Lennie]

Their is also a StartCom/StartSSL WOT, their free SSL-certs root cert recently got on the Microsoft list, although the update was still optional last time I looked.

https://blog.startcom.org/?p=205

Re:Sad by understandable

[dgatwood]

I've been using them for my personal site for several months. Once you figure out how to get it set up correctly, it works just fine with Safari and FireFox. And, of course, the number of MSIE users on my personal site is so close to zero that it amounts to a rounding error. :-D

Re:Sad by understandable

[Korin43]

What I don't understand is why you would use a certificate instead of PGP keys for email. Isn't it the same web of trust deal (except anyone can sign your key, and you can trust who you want to).

Re:Sad by understandable

Because the worlds most popular calendering application only supports S/MIME, and nobody can convince corporations to use real email.

Providing free certificates

[igny]

Can some other trusted company, like Google, step in?

Re:Providing free certificates

[Yamata+no+Orochi]

Can some other trusted company, like Google, step in?

I honestly can't tell if this was supposed to be funny or not.

Re:Providing free certificates

[Wowsers]

I trust myself, but how can I trust another company?

Re:Providing free certificates

www.cacert.org has an alternative web of trust that issues both client and server certs.

Re:Providing free certificates

[L4t3r4lu5]

Posted by Anon Coward. I don't trust that site, or their web.

What now?

Re:Providing free certificates

[martijno]

How about community driven efforts such as cacert.org? Requires the receiver to import their root certificate, though.

Re:Providing free certificates

You fear.

Re:Providing free certificates

[tepples]

Requires the receiver to import their root certificate, though.

But how would a receiver who is a home user know to import cacert.org's root certificate and not a phisher's root certificate?

Re:Providing free certificates

[digitalunity]

Whats the path to getting the root cert in popular browsers?

I really don't know how that works. Does Mozilla just decide?

Re:Providing free certificates

[Lincolnshire+Poacher]

> Whats the path to getting the root cert in popular browsers?

The path is long and strewn with rocks:

https://bugzilla.mozilla.org/show_bug.cgi?id=215243

Did not get any email

[Nikademus]

I did not get any email from Thawte about this issue. How do I get my token then?

Should have stuck with PGP/GPG

[argent]

Don't forget where the "web of trust" came from.

Re:Should have stuck with PGP/GPG

[Chrisq]

The problem is that PGP/GPG certificates are too open. If you trust a few certificates, say for software support, then trust the certificates they trust pretty soon you end up trusting almost everyone. Even worse GPG (and maybe PGP) by default will try and download a certificate from a public server when encountering an unknown certificate. This makes it as easy to set up a trust certificate for a "throw away" email account as to create a throw-away account in the first place.

True if you follow the guidelines in the GPG manual, find a trusted friend, verify the fingerprint of their email by phone, both agree only to sign certificates where you have gone through the same process, you can set up a trusted web - but its not as easy as having someone verify it for you.

Re:Should have stuck with PGP/GPG

You're post is an example of how people don't understand PGP, not that there are any technical limitations. Looking in my enigmail key manager, I have a whole list of keys (automatically downloaded) that are not trusted. The few that I have verified are trusted. If someone signs "almost everyone's" keys and isn't trustworthy you don't trust them. If they are trustworthy, then you just made use of the web of trust.

Re:Should have stuck with PGP/GPG

[Ilgaz]

Apple mail has built in PKCS7 support, I don't even care to mention pro apps like Outlook/Entoruage/Blacberry.

Where is PGP except that expensive commercial client which tries to do too much? If people used Thawte cert, they went for "easy and built in way", can you blame them? If PGP free version with that kind of compatibility, mail plugin was still alive and kicking, you could blame people for not sticking with PGP. All we see is some open source stuff not promising any kind of stability and support over there and there, that is what you get when you try to use PGP standard for free.

Re:Should have stuck with PGP/GPG

[slabbe]

As far as I know, gpg version 1.x doesn't try to download anything by itself. Maybe it's different for version 2.x, or some secondary software depending upon gpg? Regarding public key signing, http://xkcd.com/364/

Re:Should have stuck with PGP/GPG

Web of Trust may be stupid but using PGP/GPG stuff is stupid too because it's just a hack of a system. There are real tested global standards out there like X.509, S/MIME, etc that PGP/GPG does not use.

Personally I hate it when people use that idiotic non-standard PGP stuff in e-mails and such when things like X.509 and S/MIME are supported by practically everything out-of-the-box (and for good reason, it's standardized and globally recognized).

Re:Should have stuck with PGP/GPG

[buchner.johannes]

You don't have to trust everyone in a Web of Trust that originated from you. It just tells you who trusts that person. What you do with that information is up to you. Also, there are several levels of trust. You don't have to sign anyones key, just the ones you met.

GPG is right to download the public key from a server, because that tells you nothing about how much you trust that person. If it would set that person automatically to fully trusted, that'd be a different story.

Re:Should have stuck with PGP/GPG

Who the hell modded this insightful ?

You aren't distinguishing between is a key VALID (ie Does it really belong to who it says it belong to) and is it TRUSTED (do I trust that person/authority to sign others keys).

Re:Should have stuck with PGP/GPG

[The+Cisco+Kid]

If you think thawte and/or verisign actually do anything to verify anything (other than that the persons credit card works) you are a fool.

Re:Should have stuck with PGP/GPG

[argent]

Where is PGP except that expensive commercial client which tries to do too much?

I shouldn't have to google things like this for you.

Re:Should have stuck with PGP/GPG

[argent]

You do know that PGP came before S/MIME, right?

Re:Should have stuck with PGP/GPG

What does that have to do with anything? If anything it shows yet another reason why we should not be using PGP because despite the fact that it came first, it's supported by less software.

Standards almost always come after the "hacks." We should be using the recognized standards once they are available.

Re:Should have stuck with PGP/GPG

[Hurricane78]

The problem that you describe would be, that stating that a human should do something, and then expecting him to always do it, is a giant fallacy. And a very stupid one to expect, if you ever saw a real human. ^^

The rule is: If someone can do something wrong or the bad way, someone will. No exceptions.
And that's why those guidelines just useless dreams with no relation to physical reality.

Done right, you would have to set up a system where nothing is possible, except for the things you absolutely need, to achieve what it meant to be possible.
But who has the brains to actually do that?

Re:Should have stuck with PGP/GPG

[argent]

The standard did not get created because PGP was a "hack", it was created because of the legal issues surrounding PGP and Phil Zimmerman. Those issues should have been addressed explicitly, instead of creating a standard that depends on an expensive infrastructure that keeps it from being adopted by hoi polloi.

Re:Should have stuck with PGP/GPG

[digitalunity]

Honestly, the best email client I have ever used respecting PKI was Thunderbird with Enigmail on Linux.

I've tried to duplicate this success on my laptop with Vista, but enigmail sucks balls and just flat out doesn't work right.

We really need a good, OSS cross platform email client that supports GPG.

Re:Should have stuck with PGP/GPG

Even worse GPG (and maybe PGP) by default will try and download a certificate from a public server when encountering an unknown certificate.

And S/MIME sends its entire certificate along with the signature blob - the fact that you can get GPG to download unknown keys is irrelevant, since they are not trusted just because you possess their public keys.

Re:Should have stuck with PGP/GPG

[AxelTorvalds]

You don't end up trusting almost everybody, you end up with a bunch of untrusted bullshit keys in your keyring. The relative small size of the web of trust is the problem, it's difficult to try to rely upon trust, you probably just rely more upon the existence of a key. even then, more people sign stuff with PGP/GPG than actually encrypt stuff, even if they ahve a key for a recipient.

It's an authority and leadership problem. The thing the email cert dealers miss out on, in my opinion is the sale of directory services. If a dozen or so CAs could come up with a giant LDAP server of people they've verified and issued certificates to and you could just plug that in to your email client then you could rely upon a centralized like database of public keys that are all trusted, the owners could perhaps set some mail preferences (I prefer encrypted mail, I prefer signed mail, etc..) then the whole thing could develop some use. Thing is, people don't wnat to be "listed in the phone book" on the internet. PGP/GPG could possibly do some similar things, I mean you could build services on top of them such that everyone published a public key to a central server and then maybe used some social networking type stuff to encourage the web of trust to expand.

Either way, it seems like a central directory is pretty key to email certs working well, trusted CA or not, how do I know who has a key until we've already emailed? That alone prevents encryption and if it's only authentication then the value prop drops. In fact even Zimmerman suggests not signing most of your emails...

Re:Should have stuck with PGP/GPG

[CronoCloud]

Claws Mail?

Re:Should have stuck with PGP/GPG

[ChameleonDave]

We really need a good, OSS cross platform email client that supports GPG.

Use Gmail on Firefox with the FireGPG extension installed.

Re:Should have stuck with PGP/GPG

[Ilgaz]

You shouldn't google for that at all. I know GNUPG and its support for OS X Mail. Can you claim it is easily installed, used like commercial PGP? Can you trust Apple to stick with a God damn stable plugin API and don't break it in each OS update? Can you imagine Freeware/open source authors/packagers have some juicy Apple developer accounts to see what is coming?

Growlmail plugin, a basic plugin which has nothing to do with security/privacy like PGP had to move to mach_inject method instead of mail plugin. Wonder why? I have a good guess, read above.

It's Just That

Thawte had been hurt so many times and it's going to take a long time before Thawte can learn to trust again.

Re:It's Just That

[GaryOlson]

This is a technical discussion; find a non-technical support group therapy session to work thru your personal issues.

You didn't expect this? Really want to help?

[Uzik2]

What were you thinking?
If you really want to do something worthwhile campaign the browser makers to change their browsers. The whole "encryption = authentication" idea is stupid and wrong. The scary warnings when someone wants to encrypt the traffic between you and their website using their own certificate is commercialism at it's worst.

Re:You didn't expect this? Really want to help?

[CaptnMArk]

You are confused. Perhaps you mean authentication != certification?

Certification is something that CA's should do (that's what you trust them to do). Some don't. That's why the broken idea of EV certificates came about.

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

The whole "encryption = authentication" idea is stupid and wrong.

Well in many cases, encryption is used to transmit authentication tokens of some kinds (passwords, credit card numbers...). And certificates are needed to make sure nobody plays man in the middle...

The scary warnings when someone wants to encrypt the traffic between you and their website using their own certificate is commercialism at it's worst.

Indeed. Warnings are needlessly scary, because non-certified SSL is still more secure than no SSL at all (non-certified SSL at least protects against passive listeners).

So, in all logic the warnings should even be more scary for the plain unencrypted http case.

Indeed, nowadays, the smart men-in-the-middle just redirect the hijacked connection to a http page, and doesn't bother with https, because most users won't notice the missing s in the address bar anyways...

Re:You didn't expect this? Really want to help?

[zwei2stein]

Encryption without authentication is stupid and wrong too.

The scary warnings are there to make sure that you are not luled to false safety because man in middle attacks can work just fine with encryption as long as you trust their certificate.

Talking securely to someone is implied by fact that you really know who you are talking to.

Re:You didn't expect this? Really want to help?

[Aladrin]

No, he meant exactly what he said. As far as he went, he's correct. Putting up scary warnings when all that is required is an encrypted connection is silly.

But the process actually goes a step further, and you need to know what you are connected to who you think you are, which is the purpose of the scary warnings. It's very seldom that you need to just encrypt the connection without worrying about man-in-the-middle attacks.

Re:You didn't expect this? Really want to help?

[nedlohs]

No he means what he says, encryption.

If I'm buying stuff then yes some authentication/certification that I'm actually giving my credit card details to the company I think I am is a good thing.

If I am entering my password for a shitty forum web site, then having the session encrypted is nice to have. I don't really care about man-in-the-middle attacks since the alternative is no encryption at all.

Sometimes partial coverage is good enough. But web browsers make it appear that an encrypted connection without authentication is worse than an unencrypted connection without authentication by throwing up scary warnings about evil hackers.

Re:You didn't expect this? Really want to help?

[icebraining]

Missing s? I don't about yours, but Firefox show a green bar before the URL with the name of the entity, and all browsers show a "lock" symbol, and most people I know expect them in banks other important websites.

Re:You didn't expect this? Really want to help?

What does an encrypted connection get you when you don't know where it's coming from? It only protects you from the MITM that hasn't intercepted your connection...

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

Missing s? I don't about yours, but Firefox show a green bar before the URL with the name of the entity,

Mine shows a very short blue bar.

all browsers show a "lock" symbol

Yes, a small lock icon in the lower right corner.

most people I know expect them in banks other important websites.

So geeks (and their friends...) know about these. But most others don't, and wouldn't notice without anybody drawing attention to it.

Compare this now with the very noisy warnings that you get when trying to access a site with a bad certificate. Any man-in-the-middle worth his salt is going to opt for the missing lock icon rather than the very obnoxious "add exception" page of Firefox.

Re:You didn't expect this? Really want to help?

You'd think those clues (gr) would be big enough, but study after study has found people just don't notice. You can't really expect people to passively notice that items witch are ok to be missing 99% of the time are suddenly alarming to be missing on that last 1%. That amount of diligence is just not part of the average computer user's interaction.

Re:You didn't expect this? Really want to help?

[Sloppy]

Encryption without authentication is stupid and wrong too.

No more wrong than plaintext without authentication.

Hey dude, we get it: we want authentication. Sometimes we even need it. But that's a totally separate issue from encryption.

Encryption with a MitM has an active spy. Plaintext has an infinite number of passive spies. One of these two situations is better than the other.

Re:You didn't expect this? Really want to help?

For repeat customers, accepting a self signed certificate the first time would work fine. The certificate ensures that I'm connected to the site I think I am.

But for all the sites I haven't shopped before, a certificate doesn't improve anything. The certificate confirms that I'm connected to a site I don't know (since I haven't been there before), and I'm expecting to be connected to a site I don't know. But can I trust the site I'm connected to? That's the problem. I don't know. And the certificate won't help me a bit, it can only tell me that I am in fact connected to the site I don't know.

Re:You didn't expect this? Really want to help?

[IBBoard]

Talking securely to someone is implied by fact that you really know who you are talking to.

Huh? A->B does not mean B->A. Knowing who you talk to doesn't imply it is secure. The two can be separated out quite clearly - obvious real-world examples being "talking in a crowded room to a friend" (authentication without security) and "whispering to someone you've just met" (not the greatest example, but it should be fairly secure even if you don't have a clue who the hell they are).

Re:You didn't expect this? Really want to help?

[buchner.johannes]

But it is stupid that we have scary warnings for encrypted, not authenticated traffic, but unencrypted, not authenticated websites have no warnings.
It makes HTTP look more secure than HTTPS. Encrypted, not authenticated/verified HTTPS is as secure as HTTP.

Re:You didn't expect this? Really want to help?

So, who can sniff your traffic, who doesn't already own the network you're traveling through?

Re:You didn't expect this? Really want to help?

*You'd think those clues (green bar, lock, etc)...
[stupid editing fail]

Re:You didn't expect this? Really want to help?

[thegreatemu]

But the worst part is that absolutely no warning is given when submitting info on a completely unencrypted page. So the message is that somehow encryption via self-signed certificates is worse than just no encryption at all.

We get all these retarded warnings about "You are viewing an encrypted page, but some of the information is not encrypted! Oh noes!" But how freaking hard is it to pop up a warning on any form you try to submit that's unencrypted? Or if you think that would be too annoying, any form that includes a password field?

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

O, and some sites (such as facebook or hotmail) only use https for the form submission, but not for the template. Theoretically this is secure (because it's the submission of login data that you want to protect, not the mask that is displayed on screen), but in practice it means that neither of the usual tell-tale signs (green/blue bar, https, lock icon) will be present.

The only way to see whether the form is secure or not is then to view source and check whether the form action has https or not. I don't really believe that grandma is going to bother...

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

The certificate confirms that I'm connected to a site I don't know (since I haven't been there before), and I'm expecting to be connected to a site I don't know.

It not only confirms to you that you are connect to a site that you don't know, but to this particular site that you don't know. Which means that if something untowards happen, you now know that site a little bit better :-)

But can I trust the site I'm connected to?

This is a common misunderstanding about the purpose of certificates. Certificates don't help you trust the entities that you are doing business with. They only help you trust that you are talking to who you think your are talking.

A certification agencies job is not to assess the financial solidity of a bank, or the honesty of an online shop. Their only job is to make sure that only that bank, or that shop can get a certificate saying that it is indeed that particular bank or that particular shop.

A certificate confirms that you are indeed connected to aShadyDatingSiteThatIJustDiscovered.com rather than to your spying spouse.

Unfortunately those newfangled EV certificates confuse the issue about purpose of certificates...

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

Or if you think that would be too annoying, any form that includes a password field?

Exactly! And even better: have a user-maintainable white list of sites that have an unencrypted password field (so that you aren't bothered with noisy warnings whenever you log in to your favorite low-security chat site).

In order to avoid attacks against redirection, key the white list on both the form submission URL and the last URL entered by the user (through address bar or bookmark).

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

So, who can sniff your traffic, who doesn't already own the network you're traveling through?

Some attacks on switches (ARP spoofing, ARP table flooding) would allow passive spying, but no reliable interception. This is because such an attack duplicates switch traffic to both the intended target and the attacker. If the attacker intercepted, rather than just passively listed, it might become obvious that the client is suddenly getting to replies to each packet, and it might start acting strange (dropping connections, etc.)

Also, some physical taps (picking up the elecromagnetic fields outside of a cable using a pick-up solenoid) allow to listen, but not modify communication.

Also, passive listening is easier to set up (basically, just a tcpdump...) whereas active interception is more complicated (a proxy)

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

"talking in a crowded room to a friend" (authentication without security) and "whispering to someone you've just met" (not the greatest example, but it should be fairly secure even if you don't have a clue who the hell they are).

It's not about the security of your communication partner, but about security of the communication medium.

Try "passing notes in a classroom":

• "notes written on small sheets of paper": somebody of the people on the way to your target could read the note as well.
• "notes sealed in plane jane white envelopes": more secure, but somebody en route could open the envelope, read the note, and stuffed it into a new envelope.
• "notes sealed in fancy, hard to find envelopes": most secure, as the interceptor will not have the correct envelope to put the note into.

Nowhere does the trustworthiness of the final target enter into play, only the trustworthiness of those students that pass the message on (i.e. the communications medium).

Re:You didn't expect this? Really want to help?

[IBBoard]

Depending on which angle you're looking at the communication from, I agree with what you're saying. The thing is that most of those examples are the wrong way around for HTTPS (which is what we'd strayed towards as an example). In those analogies HTTPS is more like *makes random example* the person you're passing the note to sending you a padlocked box first and they've signed it in permanent marker. You know you've got something secure to send your response and you know it is from them because it has their signature on it.

The comment I was replying to explicitly said that security is implied by talking to a known individual, which isn't true since even when talking to a known individual then you're still liable to interception (which is breached security).

Re:You didn't expect this? Really want to help?

[ArsenneLupin]

This is actually an excellent example, especially since it is the recipient (web site) which signs the padlocked boxes. This makes it much closer to the real https (where web sites are certified, and generally not clients) than mine with the "fancy envelopes". Also, it addresses the case where the interloper does not care whether his attack has been detected after the fact.

Thanks.

Re:You didn't expect this? Really want to help?

[mpe]

Warnings are needlessly scary, because non-certified SSL is still more secure than no SSL at all (non-certified SSL at least protects against passive listeners).
So, in all logic the warnings should even be more scary for the plain unencrypted http case.

There are also situations where warnings are not generated when they should be. e.g. a signed certificate changing.

Re:You didn't expect this? Really want to help?

[mpe]

A certification agencies job is not to assess the financial solidity of a bank, or the honesty of an online shop. Their only job is to make sure that only that bank, or that shop can get a certificate saying that it is indeed that particular bank or that particular shop.

Unless the certifying authority is located physically near to the entity it is ment to be certifying there isn't really much they can do. e.g. entity in India is of little practical use if you want to know about a business anywhere other than India (Possibly Sri Lanka, Pakistan or Bangladesh if located in an appropriate part of India.)

Re:You didn't expect this? Really want to help?

[gehrehmee]

So there should be a warning whenever anybody does anything unencrypted?

There's an argument to be made that everything on the web should be encrypted.... but it's a tough sell considering the installed base of files on the web.

So, if some stuff is encrypted, and some stuff isn't, how do you decide what unencrypted sites to warn on? Just when submitting information? We already have a warning for that.... although I guess that could be sterner... hrm.

Re:You didn't expect this? Really want to help?

[Uzik2]

Certification is what they provide, but that seems like a useless semantic. My problem is that this system tries to convince you to place your trust in an authority that doesn't deserve it but leads you to believe they do. Their mandate as companies is to make money, not be trustworthy.

Re:You didn't expect this? Really want to help?

[Uzik2]

I agree. I'm not down on encryption, there should be more encryption, just negative about the way it's been handled by the browsers. Trust is, to me, more than just a certification by some company that is only concerned about making money and cares not a bit for me.

Re:You didn't expect this? Really want to help?

[Uzik2]

>Encrypted, not authenticated/verified HTTPS is as secure as HTTP.

I can't agree. Encryption is always a bonus as far as I can see. It provides you with some degree of protection from packet sniffing. It might not provide much else for a sophisticated attacker, but at least you have that much.

Re:You didn't expect this? Really want to help?

No, that is completely insecure too. The URL that the form submits too is subject to a MitM attack.

Disappointing. However, this is still the year

of personal digital certificates on the Linux desktop, over IPv6.

WoT

[smoker2]

I was a member of the WoT back in '99. It took several weeks (nearly a month) to find accessible notaries, and their method of meeting was suspect to say the least. For one I had to travel 30 miles to another town and meet in a supermarket car park. After I got my cert. no-one I sent signed messages to knew how to handle it - encryption was pointless. I let it lapse after about a year, and haven't bothered since.

Unfortunately, unless the govt. mandates personal electronic signatures, it ain't going to happen. And no-one will want to use it under govt. mandate anyway. This stuff is geek only territory.

Re:WoT

[Victor_0x53h]

I agree, it was great certifying my email, but nobody else I knew was using even the free cert, so I let mine lapse too. It's a great concept, but just won't work out until fully integrated into all clients, or mandated.

I tried contacting several trust members in 2003ish, and never received a response.

Re:WoT

[macterra]

Unfortunately, unless the govt. mandates personal electronic signatures, it ain't going to happen. And no-one will want to use it under govt. mandate anyway. This stuff is geek only territory.

I respectfully disagree. Google could easily add PK security to gmail, initially as a new feature that works only with other google accounts, and this would increase pressure for other email providers to adopt the standard.

Re:WoT

[Domini]

I disagree. Google cannot do this unless they change the way gmail works. I will not let them touch my private key lest I end up not trusting my own private key. You can say they can then kinda leave it on your PC and access it with client side JS, but then you sit again with the problem that it becomes hard to manage and understand by the masses.

Re:WoT

[Domini]

Same here. Was quite a process... had to drive around a lot and meet weird people. After that it was denied by the same government that had an official policy to accept it. And my bank preferred even a plain e-mail over it.

No one had a clue what to do with it.

The only thing I used it for was for secure e-mail... pah... could just as well stooped to PGP then.

Me.

Re:WoT

[Hurricane78]

Well, in Germany, electronic signatures issued by your bank are valid signatures for contracts and the like. So you can actually sign an e-mail, send it to a government office, and they have to accept it as if it were a physical letter with signature.

Of course, if you really try that, they will fail, and if you're lucky ask you what that was, instead of ignoring it as an "error". But you *can* sue to enforce it being accepted. But you would have to actually sue. Because they would ignore or not believe that they have to comply and that you would sue otherwise.

I personally accept these digital signatures in my business.

Re:WoT

[LihTox]

OK, so you don't give Google *THE* private key you use, but what if you allow GMail to generate a different private key for you with which it signs/encrypts emails? That would be more secure than nothing at all, though of course it depends on Google's security. If Google were geeky enough, it could allow you to prove your identity to it with your private key (or other method), and then tell your email recipients that they at least are satisfied that you are who you say you are.

The key thing is that it gets people used to the idea of email encryption and signatures, a concept which few have even considered. Once people are thinking about encrypting their emails, then some will start questioning the security of Gmail and want to know how to increase their security, and they will become interested in client-side solutions, at least for important documents.

Re:WoT

[wshs]

If Google handles all the keys for Gmail, how is that any different than something much simpler, say, something like DomainKeys/DKIM?

Re:WoT

[JSlope]

Why do you think that only government can do it?

How unexpected...

[Admiralbumblebee]

I never thawte this would happen.

Re:How unexpected...

[angrytuna]

mod parent up +1 inthawteful, plz.

Will the freeware java developers effected?

[Ilgaz]

I have seen many Java signed opensource/freeware coming with that Thawte free mail certificate. I hope they won't be effected with it and if brain dead Sun offers some kind of special treatment to those, it won't be any matter.

Of course, it is Sun we talk about and even Oracle couldn't still change anything.

90% of reason Thawte brand was known among professional users was "Thawte free certificate" which was supported perfectly by mail clients. Thawte has no clue what kind of harm they did to brand value/recognition to save couple of CPU cycles and couple of gigabytes.

People thinking GNU PG or free PGP will be implemented by those: No, they will simply move to another way of pkcs signing their mails or buy commercial PGP.

Re:Will the freeware java developers effected?

What does that say about their business model if 90% of their professional users didn't pay them anything? And I bet Thawte know exactly what they're doing with regards to their brand value/recognition. Tell me where else are people likely to go for certs if not to Thawte? VeriSign? Geotrust?

As a VRSN stockholder, I'm loving it.

Re:Will the freeware java developers effected?

[Hurricane78]

<italian mafia accent>Umm... about your subject:
Need a bag of English? We've got some on sale. With nice words like "be" and "affected". We even have a special today, where we include a whole capital letter "J" for free!
Only $5! Beautiful fonts! Nice kerning! Buy now, before it's too late!
</italian mafia accent>

In order to end their "Web of Trust"...

[John+Hasler]

...they would first have to start one. Since Thawte is part of Verisign and Verisign is not worthy of trust...

Comodo?

[hedrick]

Any reason not to use Comodo's equivalent?

Re:Comodo?

[chicagoan]

That is actually the first thing I did when I read the original post. Seems to work exactly the same for email purposes at least and everyone I sent mail to was able to decrypt etc. I also found the getting the cert process much easier. I didn't have to create an account and the email saying my cert was ready only took about 1 minute, I think i've waited close to 15 minutes for thawte certs in the past.

http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

Hopefully they don't follow the same fate at thawte did.

Java WebStart, J2ME, Java applets

[Gollum]

One thing that a lot of people are ignoring is that Thawte FreeMail certs are used by a lot of small developers to publish Java apps, and this would kill off that ability quite quickly.

That said, I have not seen a word of this on the Thawte web site, which makes me wonder if the submitter is trying to perform a DoS on Thawte for some reason, and are tricking the slashdotters into being that DoS. The page linked takes an enormous amount of time to decide that there is nothing to return, meanwhile slashdotters are beating on the server over and over. Sorry for the OP, though. The rest of their site still seems to be just fine.

Re:Java WebStart, J2ME, Java applets

1. Why have you stopped offering thawte Personal Email Certificates?

Over the past several years, security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these requirements has expanded greatly. Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

2. What is Thawte going to do for customers with active Thawte Personal Email Certificates?

Customers with active Thawte® Personal Email Certificates will be given the option to enroll for a free one year VeriSign® Email Certificate.

3. Why are you revoking my Thawte Personal Email Certificate?

After 16 November 2009, the system that supports Thawte Personal Email Certificates will shut down and as a result, active email Certificates and enrollments of email Certificates will no longer be available.

4. When is Thawte going to revoke my Thawte Personal Email Certificate?

Your Thawte Personal Email Certificate will be revoked on 16 November 2009 on the same date that we stop offering Thawte Personal Email Certificates.

5. Does Thawte have an alternate product available to replace my active Thawte Personal Email Certificates?

Yes, Thawte is offering a free one-year VeriSign Email Certificate for each active Thawte Personal Email Certificate you own as of 24 September 2009.

6. How do I replace my Thawte Personal Email Certificate?

You may replace your Thawte Personal Email Certificate by redeeming the token that you received in the email from Thawte by 16 January 2010, and enrolling for your free one-year VeriSign Email Certificate at the link below:

Microsoft Internet Explorer Browsers: https://digitalid.verisign.com/client/class1MSToken.htm

Mozilla, Firefox, Netscape, or Apple Safari Browsers:
https://digitalid.verisign.com/client/class1NetscapeToken.htm

7. Will I be required to provide any documentation in order to request my replacement VeriSign Email Certificate?

No documents will be required when you request a replacement VeriSign Email Certificate.

8. Up until what date can I request my replacement VeriSign Email Certificate?

Requests for replacement VeriSign Email Certificates must be submitted by 16 January 2010.

9. When should I request my replacement VeriSign Email Certificate?

Thawte recommends that you replace your Thawte Personal Email Certificate as soon as possible to allow you sufficient time to install and test your new VeriSign Email Certificate. In any event, the last day to request a free replacement Certificate is 16 January 2010.

10.How do I renew my Thawte Personal Email Certificate?

Thawte Personal Email Certificates may not be renewed. Instead, you received a token in an email from Thawte, which may be used for a free one-year VeriSign Email Certificate. You may redeem your token and enroll for the Certificate at the link below:

Microsoft Internet Explorer Browsers: https://digitalid.verisign.com/client/class1MSToken.htm

Mozilla, Firefox, Netscape, or Apple Safari Browsers:
https://digitalid.verisign.com/client/class1NetscapeToken.htm

11. Can I revoke my Thawte Personal Email Certificate before Thawte stop offering Thawte Personal Email Certificates?

Yes, you may revoke your Thawte Personal Email Certificate before 16 November 2009 by logging into your portal at:

http://www.thawte.com/secure-email/personal-email-certificates/index.html?click=main-nav-products-email and selecting
1. Certificates
2. Revoke a Certificate

12. Will Thawte offer refunds for revoked Thawte Personal Email Certificates?

Thawte is offering a free one-year

Re:Java WebStart, J2ME, Java applets

[Mal-2]

This is directly from the website:

1. Why have you stopped offering thawte Personal Email Certificates?

Over the past several years, security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these requirements has expanded greatly. Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

Hmm.. Can't find a definite reference

[ivan_w]

That's the second source that's telling me the Free e-mail certs/WOT program is coming to an end..

However, looking at http://www.thawte.com/ doesn't reveal anything as such..

But I can't say I'm *that* surprised..

--Ivan

why hasn't the media picked this up?

Because this is not make for good news. The majority of webans don't use certs. Also things are heading in the other direction ... for example I can log into facebook and see who just took a shit, who's dog pissed on the rug, etc. They install apps with access to all there personal data. People give up privacy and security every 10 seconds for a free hand job it seems. I could get 99% of webans to send me something secure over plain open email and they would do it without question.

Re:why hasn't the media picked this up?

[muckracer]

> People give up privacy and security every 10 seconds for a free hand job it seems.

Free hand job? Want my address? :-)

Re:why hasn't the media picked this up?

[mdm42]

Free hand job? Want my address? :-)

Naah... but send me your bank details.

Facebook Friends

[muckracer]

Since people are quite adamant about adding each other as 'friends' on social networking sites like Facebook etc., why can't something like the Web-of-Trust be riding along somehow? Or at minimum a GPG key exchange requiring no further steps? There's gotta be a way! Firefox/Thunderbird Plugin that has access to all keys of your 'friends' and uses them automatically? Something like that.

Re:Facebook Friends

[Hurricane78]

Because that would be the complete opposite of how the web of trust is meant to work?

I mean the sole concept of putting "Facebook" and "Trust" in one sentence...! What were you thinking? ;)

Re:Facebook Friends

[lennier]

"Since people are quite adamant about adding each other as 'friends' on social networking sites like Facebook etc., why can't something like the Web-of-Trust be riding along somehow?"

That's pretty much the entire concept behind the Cory Doctorow book "Little Brother". The Xnet is a secure free Facebook. It did require physical key-signing parties, and he pointed out how the whole network could still be rooted by infiltrators, but that's the idea.

Finally! A source!

Thawte's FAQ on the matter:

https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO12658

Needs a new innovator

[krisbrowne42]

This is the perfect realm for someone like Google to change the space...

As of now PKI for email is just too much work for a normal user, and single emails, or single users, using encryption stand out as people to monitor, anomalous activity.

Someone like Google could add a checkbox in their Labs features that automatically encrypts email between users who have the feature enabled on their system, and publicizes the spec so others can implement on the server side. It doesn't address the authentication side of the equation, but at least could raise the traffic level of encrypted email enough to make purposely encrypted emails noise instead of signal.

Authentication can still be handled by other means, including SSI and self-signed keys.

Re:Needs a new innovator

[RMH101]

it's a bit hard to do keyword/traffic analysis on an encrypted exchange of email, though, which is what pays for your free Gmail...

Re:Needs a new innovator

[metamatic]

Someone like Google could add a checkbox in their Labs features that automatically encrypts email between users who have the feature enabled on their system, and publicizes the spec so others can implement on the server side.

We already have a spec, S/MIME. But Google doesn't even support that, let alone make it easy to use with Gmail.

Less than two weeks?

[Brad+Mace]

Submitter might want to recheck their calendar. They must have gotten some weird looks when they were trick-or-treating this weekend.

Let us not forget

[xrayspx]

That Verisign acquired Thawte 10 years ago in a deal that made Mark Shuttleworth a brazillionaire capable of sustaining a swell OSS project. Are they then just shuffling people from a free product to a for-pay model, or is there a significant advantage to the Verisign product? It seems they are replacing a whole community of users and trust with email certs that offer none of that extended web of trust.

Re:Let us not forget

[shadwstalkr]

As I understand it the paid certificates don't need a "web of trust" because verisign will verify your identity directly. The web of trust was just a way for them to save on administrative costs.

Re:Let us not forget

> As I understand it the paid certificates don't need a "web of trust" because verisign will verify your identity directly.

That is correct but because the certificate is only signed by VeriSign and not by, at least, three notaries those cerificates are less reliable and more suspectible to be legimate fake (meaning that the copy of the photo id you send to verisign is easily fakable). And it is also the issue of trust. Do you trust VeriSign?

(Posted AC because I am to lazy to create a slashdot account)

Options

Do we have any options now? Do I need to self generate cert's and email them to people I wish to send encrypted email to?

I'm starting with the man in the middle

[tepples]

Putting up scary warnings when all that is required is an encrypted connection is silly.

Without some sort of authentication, you don't know that a man in the middle isn't proxying and decrypting your encrypted connection. These man in the middle attacks are happening. Self-signed certs are good for verifying that the proxy hasn't been added between connections, but that doesn't help if you've got a proxy and have always had it.

Re:I'm starting with the man in the middle

[TheLink]

What if someone gets a CA in "Elbonia" to sign some certs? The browsers don't protect you against that sort of MITM attacks. Go look at how many CAs are preinstalled in your browser. Trust all of them?

If browsers _also_ did the SSH thing where they warn you if the cert has changed from the expected I'd be happy, and the OP would be happy - on his first visit to the site, he might choose to take the risk and say "accept this", and the browser will warn him if it changes in the future.

After all, he could choose to control his risk and exposure by making his first visits via a connection that he can trust. And then subsequent visits could be at some random WiFi.

It's not 100% safe, but neither is the way the current browsers do stuff - if a CA gets tricked/hacked/bribed into signing a Microsoft or a bank cert, you are just as screwed.

Think it'll never happen? Verisign got tricked, and more recently another CA's automated system got exploited.

Re:I'm starting with the man in the middle

[profplump]

Authentication is great. But given that the alternative -- no encryption and no authentication -- allows passive sniffing, MitM, and a whole slew of other attacks, but does *not* include a warning makes it seem awfully silly to warn extensively about a connection that is *only* vulnerable to MitM attacks.

I agree that authenticated connections should be treated differently than unauthenticated connections. But I don't see why an increase in security to unauthenticated encryption is treated worse than totally unencrypted, unauthenticated connections.

What about the calendar of trust?

[greenguy]

You know, the one where November 16 is two weeks after October 6th.

We're My Email?

[fast+turtle]

The last official email I've recieved from Thwate was a year ago when my certs expired. As to whether this is actually happening, I simply have to say it's a bogus message put out by someone who's got an axe to grind with Thwate. As to Verisign purchasing thwate 10 years ago, I wasn't aware of that as there was and is no information about such a purchase on their website, which is a critical piece of information that must be provided (of course I've not looked at their SEC filings to okay/deny).

Re:We're My Email?

http://en.wikipedia.org/wiki/Thawte

Fake?

[Nikademus]

It seems the post has been removed at the moment... Was it a fake one?

I now get:
Article is unavailable or has been removed, please try a new search.
        The article was not found, or is no longer available. Please try a new search..

So they're charging for it...

[vanyel]

$20/yr is not an onerous fee, big deal. I'm surprised it's gone free this long. If you really can't stand to pay for the service you're using, go to cacert.org.

re: "after that you pay"

[macraig]

"Thawte is offering a 1-year free VeriSign cert to those holding valid Personal Email Certificates; after that you pay."

Does this strategy sound familiar? It should... it's the same business strategy practiced by drug pushers: get 'em dependent and addicted, and then start demanding money. Make 'em an offer they can't refuse.

So is Thawte run by former drug pushers?

(Yes, I know the same question could be asked of Comcast and thousands of other companies. I'm singling Thawte out because of that word "trust" being involved here.)

Mail client support

[NightHwk1]

Maybe now that Thawte is making email certification less useful (and more expensive), clients like Thunderbird and Mail.app will start to prefer GPG/PGP. That's all I can hope for anyway, since GPGMail for Mail.app is now broken under Snow Leopard for the foreseeable future.

*NOT* Related to "Web of Trust" Web Safety Add-on

[the+JoshMeister]

Although I'm familiar with Thawte, I hadn't heard of its "Web of Trust" prior to this article. However, there's a popular browser add-on with the same name, so I thought I should point that out to avoid any confusion, especially since both products are related to Internet security in some way.

Web of Trust is also the name of a Firefox and Internet Explorer plug-in from a company called WOT Services Ltd. (until recently known as Against Intuition Inc.). It helps protect users from harmful Web sites and puts safety rating badges in search results on Google, Bing, Yahoo!, and other search engines, similar to McAfee SiteAdvisor and Symantec's Norton Safe Web (although in my experience, WOT is much more effective). This completely unrelated Web of Trust is not being killed off.

I hope that clears up any potential confusion.

Thawte are a waste of space

My company was a company that used Thawte. Then they started demanding that we prove who we are, despite the fact we already had an existing 2 year relationship with them. How do we prove who we are? By going to some anonymous person I've never heard of (and that Thawte have never heard of), paying them money to tell Thawte I am who I say I am. Well surely the fact that the credit card payments already made the previous two years confirm that (its not as if the payments were revoked). But no, I have to go to a "notary public" or equivalent and present myself to them. Even though that person doesn't know me from their arse or their elbow.

Thawte's tag line is/was "because trust matters", except that they don't even trust customers they have existing relationships with.

After arguing with them for days about this, I pulled the plug and went with a better provider. GeoTrust. I suggest you do the same.

No stupid going to an anonymous someone to tell them I am who I am and paying for the privilege - how on earth does that prove I am who I say I am? That anonymous someone knows me no more than the person at the end of the email in Thawte HQ, in fact I claim they know me less - I have an existing credit/purchase audit trail with Thawte and the credit card company but that counts for nothing.

No time wasting getting it done. None of that crap. And a better attitude, despite being smaller.

Thawte. Just say NO! Spend your money with people that know how to do business.

https://pip.verisignlabs.com/

So open an Open ID account from Verisign and use their Personal Identity Portal (PIP)
I use them for my OpenPGP encryption and digital signature. Certainly just as good if not better than Web-of-Trust

What if they cancel it too?

[Ilgaz]

A company who would cancel such a basic service would cancel OpenID in no matter of time. As it is offered free, you wouldn't have anything to say against it.

I stick with Yahoo in OpenID department, not some "side project" which has "beta" written all over the place.