Personal certs

Adrian Midgley amidgley at
Tue Jan 26 14:30:18 GMT 2016

Why did Thawte Web of Trust (a phrase I associate with Phil Zimmerman) die?

Did anything supplant it?

One of the things it occurred to me the GMC and Royal Colleges (eg of
surgeons) could do would be to assist their registrants or members to do
the difficult bit of the PGP WoTrust - knowing the person is the person.

Too new perhaps.

On Mon, 25 Jan 2016, 16:20 Melanie Dymond Harper <mel at> wrote:

> On Mon, Jan 25, 2016 at 09:45:02AM +0000,
> ukcrypto-request at wrote:
> >
> > > In article <D8889865-1033-46F4-82B6-50EDF78D7AFE at>, Roger
> Hayter <roger at> writes
> > >
> > >> AMI, how are the keys for end-to-end users supplied?
> > >
> > > Is this relevant (I don't know for sure, but as someone formerly
> practising in Wales maybe you have some inside track):
> > >
> > >
> > > --
> > > Roland Perry
> >
> > I was never important enough to be advised to do such a thing. It does
> seem remarkably simple, but raises more questions.  Does it use the same
> SSL libraries as used for encrypted web sites?  If Thawte issue a
> certificate which you then use, does this potentially give them a way into
> your encrypted information or not?  And is this the same system the English
> NHS use for end-to-end encryption?  It would seem to render NHSnet
> irrelevant, unless its sole role is to prevent you sending encrypted email
> or secret documents outside NHSnet.
> That's very, _very_ out of date. Thawte haven't done personal
> certificates for a very long time, and the Thawte Web of Trust has been
> dead since November 2009.
> The certificate keys were generated within the browser in a similar way
> to the way in which most code-signing certificates are handled these
> days -- the CA doesn't typically see the private keys at all. I don't
> offhand remember the precise libraries in use, I'm afraid.
> Cheers
> Mel (formerly Thawte rep in the UK & Web of Trust notary)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list