Saturday, July 02, 2005

Festival is here again.

Village Green

A festival tradition. Lunch on the hay bales

posted by at: 14:19 SAST | path: /phone | permanent link

Wednesday, March 02, 2005

Thawte Web of Trust

In an effort to try and drag things into the digital era, I've managed to convince Rhodes that it'd be a good idea if we could issue digital signatures for signing e-mail.

One of the nicest systems for doing this that I've seen is Thawte's Web of Trust. The idea is that you can register for a (free) Thawte-signed digital signature. Because Thawte have no way of validating your identity, you get a signature without your name on it.

If you want to have your name added (which is useful if you're planning on using it as a signature, rather than as a crypto key) you need to find someone to notarise your certificate. The way Thawte handle this is to out-source the checking of identity documents to willing participants. In other words Thawte trusts one of their notaries who trusts you. You need to get at least two notaries to trust you before you get a name on your certificate, thus the web of trust. Eventually if enough people trust you, you're empowered to trust other people and thus become a notary yourself. It's very similar in many ways to PGP's idea of a web of signed certificates, but has the advantages of Thawte's root CA certificate being at the end of the chain, as well as being S/MIME (that's a rant for another day. suffice to say S/MIME works better than PGP ;-)

There is an obvious bootstrapping problem with this. How do the first notaries become notaries. Well Thawte's answer to that is to make use of trusted third parties, being bank managers, lawyers and chartered accountants. If you want to be a notary and you can find enough Thawte notaries to notarise you, then you find two trusted third parties and get them to verify your identity to thawte.

This is what we did today. Three of us from the IT Division wandered down High Street armed with paperwork and found ourselves some trusted third parties (the manager of First National Bank and a public notary at Wheeldon, Rushmere and Cole). It was a little difficult to get the concept of what we were trying to do across, but we came away with appropriately verified identity documents. Many thanks to our two trusted third parties.

Our idea is simple - we're trying to get enough Thawte notaries in Grahamstown to be able to notarise other people's certificates so that we can fix the bootstrapping problem. Once we're done with this, we'll happily help anyone at Rhodes (or in Grahamstown) who's looking for a digital signature to get a Thawte personal e-mail certificate with their name on it. Hopefully this'll raise awareness of the need for and use of this technology.

posted by guy at: 17:00 SAST | path: /general | permanent link

June 2010 (1)
August 2008 (1)
July 2008 (1)
May 2008 (2)
October 2007 (2)
September 2007 (1)
April 2007 (2)
November 2006 (1)
October 2006 (2)
September 2006 (3)
July 2006 (1)
June 2006 (1)
March 2006 (2)
December 2005 (1)
November 2005 (1)
October 2005 (3)
September 2005 (1)
August 2005 (3)
July 2005 (4)
June 2005 (1)
May 2005 (6)
April 2005 (4)
March 2005 (5)
February 2005 (2)
January 2005 (4)
November 2004 (5)
October 2004 (3)
September 2004 (10)
August 2004 (5)
July 2004 (12)
June 2004 (6)
February 2004 (7)
January 2004 (16)