Every day security is getting more important on the internet. More and more of us do our shopping online, more and more of us do our banking online, etc., etc. Besides this there is also the matter of personal identification, on the internet anyone can claim to be who they want to be, but what security do you have that anyone you are communicating with actually is who they say they are. Unless you are using digital certificates, you have no such security.
Digital certificates are comprised of a public key and a private key part, collectively also called a keypair. The public key part is, as the name implies, public. Anyone that obtains the public key, usually from a website, a mail or a keyserver, can use the key to encrypt data such that only the holder of the private key can decrypt it and view the data. In this manner two parties can communicate with one another over an insecure link, such as the internet, without the fear of anyone eavesdropping. This is what happens when you send data in a form to a secure website, or send someone an encrypted e-mail.
Another use of digital certificates is the signing of data. One can sign a piece of data with the private key, allowing anyone to verify that the data was signed by the holder of the private key belonging to a certain public key. This can be used to sign digital communication such as e-mails, but also to sign downloads such as software packages. These signatures give the recipient a proof that what they receive comes from the person they believe it comes from and not from some third party injecting malicious data.
Of course all of this means nothing when you can't be certain that a particular public key belongs to a particular identity. When you send data to your bank you want to be certain that the public key you use to encrypt that data actually belongs to your bank and not some imposter. When you receive a digitally signed e-mail, you want to be sure that the mail comes from the person it says it comes from.
To make this possible, public keys can be signed by other keys. This means that the person signing another's key is presenting their confidence that the key they sign actually belongs to the identity attached to that key. Security of identity can now be established in two ways, the first is a hierarchical structure in which a certificate authority verifies the identity of an applicant and signs their key when the identity checks out. An end user that has posession of the certificate authority's public key, called the root key, can verify the signature on a key signed by the certificate authority, thereby verifying the identity attached to the key.
The other method of establishing security of identity is through a web of trust. In a web of trust there is no single authority which governs the trust, instead seperate individuals convey their trust of identity of another individual by signing the other's key with their own. This creates a web of directed links between all users in a web of trust. In the web of trust there are one or more paths from each user to any other, the shorter such a path, the greater the trust over that path and the more such paths between any two users, the greater the trust between them. The more people who verify eachother's identity, the shorter and more numerous the paths in the web of trust will be, leading to more trust in the web.
Pretty Good Privacy, or PGP, is a program created by Phil Zimmermann back in 1991. PGP is still under development and released by the PGP Corporation. There is however also an implementation by the FSF called the GNU Privacy Guard, or GPG. Both these implementations utilise the OpenPGP standard. OpenPGP keys are popular in the open source community for e-mail encryption and signing and code signing.
OpenPGP keys rely on the web of trust model for security of identity, people gather together to verify each other's identities and sign their keys. Signing parties, as they are called, are a regular event at many an open source gathering.
One problem with OpenPGP signed e-mails is that a large part of the closed source commercial software in use does not handle OpenPGP signed mails very well at all. Mails often appear blank with the actual content available in an attachment, containing the actual OpenPGP signature verbatim. This can be a major problem communicating with people not familiar with the world of digital security and mail signing.
Client to server and server to server communication on the internet is usually encrypted using Transport Layer Security, or TLS, formerly known as Secure Sockets Layer, or SSL. TLS utilises X.509 certificates in the X.509 Public Key Infrastructure. The S/MIME standard for e-mail signing and encryption supported by almost every mail client out there also utilises the X.509 PKI.
The X.509 PKI relies on the hierarchical structure with certificate authorities to convey trust to digital certificates. There exist a number of commercial certificate authorities that can issue you a certificate, but the costs of these verified certificates is far from negligable, especially since certificates need to be renewed on a regular basis. This is fine for a big corporation such as your bank or some e-commerce setup needing a secure website, but is a major problem to an individual just wishing to send signed e-mails or an open source developer wanting to sign their software releases.
CAcert is a community driven initiative to provide anyone with free X.509 certificates. Of course CAcert needs a basis for verifying the identity of applicants, this is provided for through a web of trust. Within the web of trust composed of CAcert members there are CAcert assurers. An assurer can verify the identity of other CAcert members through a personal meeting and inspection of government issues identity papers. The assurer then issues the user who had his or her identity verified a certain number of trust points. A user who has collected 50 or more trust points is considered to have a verified identity, a user who has collected 100 or more trust points becomes an assurer.
One problem with CAcert certificates is that the CAcert root certificate has not yet been integrated into many of the popular operating systems and internet clients such as web browsers and mail clients. This means that people who want to verify a CAcert issued certificate, either explicitly or implicitly (e.g. visiting a https site or receiving a signed mail secured with a CAcert certificate) need to install the CAcert root certificate manually and hence be familiar with digital certificates and digital security. Not something one can expect from the average internet user.
Thawte is a commercial X.509 certificate authority. To provide individuals with secure e-mail communications Thawte set up the FreeMail program in which individuals can obtain free X.509 certificates for mail signing and encryption. Thawte does however not provide certificates for other uses such as server certificates or code signing certificates for free.
In order to verify the identity of individuals Thawte uses a web of trust model very much like the CAcert web of trust. Members of the Thawte WOT can have their identities verified by a Thawte notary through a face to face meeting and presenting government issued identity papers. Again members can receive trust points from the notaries through such meetings and can obtain a named certificate once they reach 50 trust points and become a notary themselves when they reach 100 trust points.
The obvious advantage is that the Thawte root certificate has been integrated with nearly all relevant software in use. Many operating systems, web browsers and mail clients contain the Thawte root certificate and thus almost anyone can readily verify a Thawte issues certificate.