Personal certs

Melanie Dymond Harper mel at
Mon Jan 25 12:13:09 GMT 2016

On Mon, Jan 25, 2016 at 09:45:02AM +0000, ukcrypto-request at wrote:
> > In article <D8889865-1033-46F4-82B6-50EDF78D7AFE at>, Roger Hayter <roger at> writes
> > 
> >> AMI, how are the keys for end-to-end users supplied?
> > 
> > Is this relevant (I don't know for sure, but as someone formerly practising in Wales maybe you have some inside track):
> > 
> >
> > -- 
> > Roland Perry
> I was never important enough to be advised to do such a thing. It does seem remarkably simple, but raises more questions.  Does it use the same SSL libraries as used for encrypted web sites?  If Thawte issue a certificate which you then use, does this potentially give them a way into your encrypted information or not?  And is this the same system the English NHS use for end-to-end encryption?  It would seem to render NHSnet irrelevant, unless its sole role is to prevent you sending encrypted email or secret documents outside NHSnet. 

That's very, _very_ out of date. Thawte haven't done personal 
certificates for a very long time, and the Thawte Web of Trust has been 
dead since November 2009.

The certificate keys were generated within the browser in a similar way 
to the way in which most code-signing certificates are handled these 
days -- the CA doesn't typically see the private keys at all. I don't 
offhand remember the precise libraries in use, I'm afraid.


Mel (formerly Thawte rep in the UK & Web of Trust notary)

More information about the ukcrypto mailing list