“A nearly impenetrable thicket of geekitude…”

E-mail Certificates

The Thawte Web of Trust, for which I was a fairly junior notary, was shut down recently. This included revoking all existing certificates back in November, at least according to Thawte’s FAQ on the closure. Amusingly — but perhaps not surprisingly to anyone familiar with the area — I’ve had to date precisely no queries relating to my continued use of the supposedly revoked personal e-mail certificate.

The only other S/MIME certificate authority I’m aware of that does Web of Trust type identity validation is CAcert; unfortunately their root certificate isn’t trusted by most browsers and e-mail clients and until that happens (if it ever does) I can’t recommend them as a replacement. Similarly, the lack of built-in PGP/GPG support in current mail clients rules that system out for most people.

If you had a Thawte S/MIME e-mail certificate, you may have been able to trade it in for a 1-year equivalent from VeriSign free of charge. Unfortunately, after the first year it looks like VeriSign charge $19.95 per annum even for a “persona not validated” certificate, which doesn’t sound to me like a lot of bang for your buck.

One alternative for the cost-conscious is Comodo’s Free Secure Email Certificate product. Again, this is “persona not validated” but should be sufficient for most uses and you can’t beat the price.

[2019-10-08: Removed link to Comodo’s product, which no longer exists.]