Thawte Consulting
   HOME

TheInfoList



OR:

Thawte Consulting (pronounced "thought") is a
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA) for
X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure ...
certificates. Thawte was founded in 1995 by
Mark Shuttleworth Mark Richard Shuttleworth (born 18 September 1973) is a South African and British entrepreneur, founder and CEO of Canonical, the company behind the Ubuntu Linux operating system. In 2002, Shuttleworth became the first African to travel to spa ...
in South Africa. As of December 30, 2016, its then-parent company, Symantec Group, was collectively the third largest public CA on the Internet with 17.2% market share.


History

Thawte was originally run from
Mark Shuttleworth Mark Richard Shuttleworth (born 18 September 1973) is a South African and British entrepreneur, founder and CEO of Canonical, the company behind the Ubuntu Linux operating system. In 2002, Shuttleworth became the first African to travel to spa ...
's parents' garage. Shuttleworth aimed to produce a secure server not fettered by the restrictions on the
export of cryptography The export of cryptography is the transfer from one country to another of devices and technology related to cryptography. In the early days of the Cold War, the United States and its allies developed an elaborate series of export control regulat ...
which had been imposed by the United States. The server, Sioux, was a
fork In cutlery or kitchenware, a fork (from 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods either to h ...
of the
Apache HTTP server The Apache HTTP Server ( ) is a free and open-source software, free and open-source cross-platform web server, released under the terms of Apache License, Apache License 2.0. It is developed and maintained by a community of developers under the ...
; it was later integrated with the
Stronghold A fortification (also called a fort, fortress, fastness, or stronghold) is a military construction designed for the defense of territories in warfare, and is used to establish rule in a region during peacetime. The term is derived from La ...
web server as Thawte began to concentrate more on their certification activities. In 1999,
Verisign Verisign, Inc. is an American company based in Reston, Virginia, that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and generic top-level d ...
acquired Thawte in a stock purchase from Shuttleworth for US $575 million. Both Verisign and Thawte had certificates in the first
Netscape Netscape Communications Corporation (originally Mosaic Communications Corporation) was an American independent computer services company with headquarters in Mountain View, California, and then Dulles, Virginia. Its Netscape web browser was o ...
browsers, and were thus " grandfathered" into all other
web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
s. Before Verisign's purchase, they each had about 50% of the market. Verisign's
certificate Certificate may refer to: * Birth certificate * Marriage certificate * Death certificate * Gift certificate * Certificate of authenticity, a document or seal certifying the authenticity of something * Certificate of deposit, or CD, a financial p ...
rollover was due to take place on 1 January 2000—an unfortunate choice considering the imminent
Y2K Y2K may refer to: * Y2K problem, a computer issue related to the year 2000 * Year 2K, the year 2000 2000 was designated as the International Year for the Culture of Peace and the World Mathematics, Mathematical Year. Popular cultu ...
bug. (Thawte had a similar rollover in July 1998.) The purchase of Thawte ensured there would be no business loss over Y2K. Proceeds from the sale enabled Shuttleworth to become the second
space tourist Space tourism is human space travel for recreational purposes. There are several different types of space tourism, including orbital, suborbital and lunar space tourism. Tourists are motivated by the possibility of viewing Earth from space, ...
and to found the
Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed primarily of free and open-source software. Developed by the British company Canonical (company), Canonical and a community of contributors under a Meritocracy, meritocratic gover ...
project through the creation of
Canonical The adjective canonical is applied in many contexts to mean 'according to the canon' the standard, rule or primary source that is accepted as authoritative for the body of knowledge or literature in that context. In mathematics, ''canonical exampl ...
. In August 2010,
Symantec Symantec may refer to: * Gen Digital, an American consumer software company formerly known as Symantec * Symantec Security, a brand of enterprise security software purchased by Broadcom Broadcom Inc. is an American multinational corporation, ...
acquired Verisign's security business, including Thawte. Thawte is now part of
DigiCert DigiCert, Inc. is a digital security company headquartered in Lehi, Utah. DigiCert provides public key infrastructure (PKI) and validation required for issuing Public key certificate, digital certificates or Transport Layer Security, TLS/SSL cert ...
with its acquisition of Symantec's web security assets in 2017.


Root certificate untrust

Following Thawte's improper issuance of certificates and a dispute with
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
, the GeoTrust Root Certificate became untrusted. This led to the sale of Symantec's certificate business which included Thawte in August 2017 to Thoma Bravo LLC for $1 billion with the intention of merging it with
DigiCert DigiCert, Inc. is a digital security company headquartered in Lehi, Utah. DigiCert provides public key infrastructure (PKI) and validation required for issuing Public key certificate, digital certificates or Transport Layer Security, TLS/SSL cert ...
. From 1 December 2017, Thawte started to issue all new certificates under the DigiCert Trusted Root TLS Certificate.


Web of Trust

The Thawte Web of Trust was discontinued on 16 November 2009. Thawte used to issue free email certificates and the Thawte Web of Trust was the optional identity verification mechanism for it. To obtain a free Thawte email certificate, a person needed to sign up for a Thawte FreeMail account which allowed a person to create as many certificates as they wanted. Although each certificate was associated with exactly one email address, multiple email addresses could have been associated with a single Thawte FreeMail account. So if a person had more than one email address, they could have created a different certificate for each of them through the same account. Associating the Thawte FreeMail account with the real identity of the person owning was based on a
Web of trust In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the ...
model. The person's identity was assured by meeting face-to-face with one or more "Thawte Notaries" who needed to see identification and keep a copy of it (for at least five years). Points were assigned by the notaries. The number of points a notary could have assigned ranges from 10 to 35. In general, the more experienced a notary was the more points they could have assigned (see table below). Notaries who were directly verified by Thawte, through events Thawte attended or held, automatically could have issued 35 points without needing to gain experience. The number of points determined what that person's account can do. With fewer than 50 points, the certificates issued had "Thawte Freemail Member" in the name field. With 50 or more points, the certificates had the person's name in it. The presence of the person's real name in the certificate can be useful for identifying the certificate (e.g., when stored in a key store) and to help the recipient to recognise and trust the certificate. For the purposes of signing and encrypting both types of certificates could be used in the same way, because both types of certificates had the person's email address in it. With 100 or more points, a person became a Thawte Notary. When a person becomes a notary, they were initially listed underneath their country. They could then change that location and add text to advertise the services they offer. Changes to the advertising text were approved by Thawte and the notary was placed in a pending state while it waits approval. The approval process could take several weeks, during which the person's advertisement was not published and the system did not let them access it as a notary. Cross notarisation was not allowed: a notary could not notarise a person who had notarised them.


After end of life

Thawte Notaries have been submitting minimal information to the Gossamer Spider Web of Trust ("GSWoT"; a grass-roots
OpenPGP Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partit ...
PKI) for safe-keeping in hopes to increase the longevity of their earned trust points. The collaborative effort aims to bind Thawte Notary names and email addresses to their now-existing entry on Thawte's Web of Trust Notary Map. Thawte Notaries from within and without GSWoT are performing the validations. The initiative will bear no fruit if Thawte Notaries fail to find or create a WoT that will recognise their former status as a Thawte Web of Trust Notary. The Thawte WoT Notaries List on GSWoT was maintained until 16 November 2010.
CAcert CAcert.org is a community-driven certificate authority that issues free X.509 public key certificates. CAcert.org relies heavily on automation and therefore issues only Domain-validated certificates (and not Extended validation or Organization ...
, the free certification authority, took over a large part of the participants of the Thawte Web of Trust through a special programme.


See also

*
Cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
*
Public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a Key authentication, public key. The certificate includes the public key and informati ...
* SSL *
Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...


References


External links

*{{Official website, https://www.thawte.com/
Thawte GermanyThawte France
Former certificate authorities Companies established in 1995 Companies established in 2001 South African inventions South African brands