Thawte, the second largest provider of trust for electronic commerce having issued SSL certificates to nearly 30% of the world`s Internet SSL servers along with tens-of-thousands of certificates for secure email, has appointed Ernst & Young as a global partner for cross-certification and chaining.
This means that Ernst & Young, along with Thawte`s other global partners, will provide assurance and compliance testing for Certificate Authorities that cross-certify or form trust chains with Thawte.
"Until now only a few companies could issue certificates that would immediately be trusted by web browsers and mail clients like MicrosoftOutlook Express and Netscape Communicator," said Mark Shuttleworth, CEO of Thawte.
"Now, by cross-certifying and forming trust chains to other Certificate Authorities, we are making that capability available to many Certificate Authorities that have a legitimate and reliable need to certify different communities."
In South Africa, the assurance and compliance testing will be addressed by Ernst & Young`s Information Systems Assurance and Advisory Services (ISAAS) group.
According to senior manager, Grant Brewer, ISAAS has a well-established international security and assurance practice, which makes it a natural partner to cover the area of Public Key Infrastructure.
"We are able to use our existing experience and trusted methodologies to test a new Certificate Authority and help it meet required levels of physical and procedural security," he said. "These capabilities will be augmented by the global practice`s recently announced CyberProcess Certification, a sophisticated methodology developed to verify and certify the claims made by electronic commerce businesses."
The Thawte certification program covers both corporate Certificate Authorities that issue certificates internally within an organisation, and retail Certificate Authorities that service the open market.
Organisations can cross-certify for different types of certificates. A limited trust chain, for example, might cover only certificates for S/MIME secure email, while more comprehensive cross-certification agreements might cover certificates for SSL servers as well as certificates that enable developers to sign their software.
Before Thawte will cross-certify with a Certificate Authority it will audit the CA for compliance with security and procedural best practices. These audits will be conducted by Thawte or by its approved PKI Assurance Partners.
Other global partners announced by Thawte recently include leading PKI vendors Baltimore, Entrust Technologies and Netscape Communications Corporation.
Share
Editorial contacts