Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thawte Will End "Web of Trust" On November 16

Posted by kdawson on from the fencing-of-the-commons dept.

An anonymous reader writes "Thawte is ending their Web of Trust, including their free Personal Email Certificates, in less than 2 weeks' time. This hasn't been picked up by the media yet. Seems to me a lot of people, including myself, are hurt by this." Thawte is offering a 1-year free VeriSign cert to those holding valid Personal Email Certificates; after that you pay.

6 of 127 comments (clear)

  1. Sad by understandable by chamilto0516 · · Score: 5, Insightful

    This saddens me but I understand it. Adoption of PKI for email in this multi-standard, multi-client fashion was just too difficult for the average email user. Yes, I usually have one or two accounts for secure messaging and I do use Thawte (I am a Notary) but it just doesn't work for most unless there is someone to walk them through. As much as I am aggravated by Lotus Notes, they self contained system (part of my aggravation) was able to pull this off 10 years ago and is still really the only app that I have seen do PKI well. Unfortunately it doesn't do a lot of other things very well.

    --
    Magic Eight Ball: Outlook not so good., Hmmm, how about Excel and Word?
  2. You didn't expect this? Really want to help? by Uzik2 · · Score: 5, Insightful

    What were you thinking?
    If you really want to do something worthwhile campaign the browser makers to change their browsers. The whole "encryption = authentication" idea is stupid and wrong. The scary warnings when someone wants to encrypt the traffic between you and their website using their own certificate is commercialism at it's worst.

    --
    -- Programming with boost is like building a house with lego. It's a cool but I wouldn't want to live in it
  3. How unexpected... by Admiralbumblebee · · Score: 5, Funny

    I never thawte this would happen.

  4. Re:Should have stuck with PGP/GPG by Anonymous Coward · · Score: 5, Informative

    You're post is an example of how people don't understand PGP, not that there are any technical limitations. Looking in my enigmail key manager, I have a whole list of keys (automatically downloaded) that are not trusted. The few that I have verified are trusted. If someone signs "almost everyone's" keys and isn't trustworthy you don't trust them. If they are trustworthy, then you just made use of the web of trust.

  5. Re:Should have stuck with PGP/GPG by buchner.johannes · · Score: 5, Informative

    You don't have to trust everyone in a Web of Trust that originated from you. It just tells you who trusts that person. What you do with that information is up to you. Also, there are several levels of trust. You don't have to sign anyones key, just the ones you met.

    GPG is right to download the public key from a server, because that tells you nothing about how much you trust that person. If it would set that person automatically to fully trusted, that'd be a different story.

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  6. Facebook Friends by muckracer · · Score: 5, Interesting

    Since people are quite adamant about adding each other as 'friends' on social networking sites like Facebook etc., why can't something like the Web-of-Trust be riding along somehow? Or at minimum a GPG key exchange requiring no further steps? There's gotta be a way! Firefox/Thunderbird Plugin that has access to all keys of your 'friends' and uses them automatically? Something like that.