From: "Frank Haber" 

I'm beginning to understand.  I need to learn the jargon.  Let's see, there
are no certs to my knowledge on this Win98/IE6sp1 machine.  Let's see
whether I can sign a pure ASCII newsgroup message (plugging ears, closing
eyes).

Ah, can't do that.  I'm nicely prompted to go get a cert.  I'll turn the
flag off and post.

Pardon, Rich, below is Thawte's "policy lite," for the free mail
certs, in case anyone else is interested.  It seems reasonable, but it's a
bit bulky to read in the little Java peephole they give you.  The full
megillah can be downloaded in PDF from the first link given.

=====================

Thawte's Public Certification Services are governed by Thawte's
Certification Practice Statement (the "CPS") as amended from time
to time, which is incorporated by reference into Terms and Conditions. The
CPS is published by Thawte on the Internet at http://www.thawte.com/cps/.
You agree to use the Personal Certificate (certificate) and any related
services only in accordance with the CPS.You demonstrate your knowledge and
acceptance of the terms of this subscriber agreement by either 1)
submitting an application for a Personal Certificate (certificate) to
Thawte, or 2) using the Personal Certificate (certificate), whichever
occurs first.

:: About Personal Certificates ::
A personal certificate is a digital identity document that can be used to
sign digital messages like email and news. It can also be used by other
people to encrypt information that is for your eyes only. Once you exchange
certificates with your friends or business partners you can correspond over
the Internet in complete privacy.The role of the Certifying Authority
Thawte is a Certifying Authority, which means that we issue digital
certificates to consumers and businesses. We are trusted by almost all the
secure software out there to issue certificates that contain valid identity
information. When you request a certificate from Thawte, you will be able
to specify exactly what information goes into that certificate. Because
Thawte plays the role of a trusted introducer in ecommerce relationships,
we have a policy of openness and transparency with respect to our
procedures and our requirements for certification.

This page, and the whole enrollment process, contain a lot of text. None of
it is fine print! It is designed to keep you fully informed about the
information we need from you so that we can be your Certifying Authority.
We prefer to be specific up front rather than after the fact, which means
that we have a lot of text for you to read before you can actually get your
certificate. It is very important that you take the time to read each page
very carefully. If you have questions, feel free to call us or send us some
mail. The good news is that once you have gone through the process once and
understand what we are trying to do, using our system becomes very easy,
and you can come back as often as you like to get as many certificates as
you like at no cost, and very efficiently.

:: Confidentiality and Privacy Guarantee ::
Your relationship with your CA is one of trust.  In order to do our job
effectively we need to know a considerable amount of information about you.
You may rest assured that we will never,  under any circumstances,
voluntarily or willingly disclose that information to any third party. We
regularly receive requests for information from our database. They get
thrown away. That is our guarantee to you. We hold ourselves fully liable
to our customers for the privacy of their personal information. Currently,
the database is held in the USA. Should there ever be a suggestion that
your details might not be safe there we will move our database to another
free nation.  We can envisage no legitimate State interest in your personal
information. We keep no private key information so your security cannot be
compromised through Thawte. So that we can verify your identity we ask for
the following information during this registration process. These
requirements vary by country, but once we have set them they cannot be
changed.
 - Your identification number, passport number, social security number, driver
licence number or tax number, depending on your nationality.
 - Your full name and date of birth.
 - Your employer's name, size and address (if you are employed).
 - Your home address and contact details.
 - Your preferred currency.

We need this information even if you only intend subscribing to the
Freemail program, for which there is no charge.  We realise that some
people will not want to divulge that information, despite our commitment to
protecting your privacy.  While we respect your decision, our experience
has been that a completely open policy leads to a significant degradation
in the quality of requests we receive.  We would rather have a slightly
smaller, serious userbase, than open the doors to the abuse of our system.

THE FOLLOWING PARAGRAPHS ARE EXTRACTED FROM OUR PRIVACY STATEMENT WHICH WE
ENCOURAGE YOU TO READ IN FULL
(http://www.thawte.com/html/CORPORATE/privacy.html). PLEASE NOTE THAT OTHER
PRODUCTS AND SERVICES MAY INVOLVE ADDITIONAL PRIVACY CONSIDERATIONS.

:: The CPS ::
With respect to Thawte's Public Certification Services, this Privacy
Statement is intended to supplement the Thawte Certification Practice
Statement ("CPS"), not replace it.

:: Information We Gather from You ::
Thawte is asking for the personal information in this Personal Certificate
enrollment process for the limited purposes of creating your Personal
Certificate, providing the services that may be part of your Personal
Certificate, and authenticating your identity in order to issue you a
Personal Certificate. You should also be assured that we do not provide or
sell information about our customers or site visitors to vendors that are
not involved in the provision of Thawte's public certification and other
services. When you visit our site, our computers may automatically collect
statistics about your visit. This information does not identify you
personally, but rather about a visit to our site. We may monitor statistics
such as how many people visit our site, the user's IP address, which pages
people visit, from which domains our visitors come and which browsers
people use. We use these statistics about your visit for aggregation
purposes only. These statistics are used to help us improve the performance
of our Web site.

:: How We Use and With Whom We Share the Information We Gather ::
We may request information from customers via surveys. Participation in
these surveys is voluntary and will be used for purposes of monitoring or
improving the use of and satisfaction with our Web site We use the
information you submit to contact you to discuss the support, renewal, and
purchase of our products and services. We may also provide the information
you have submitted to us to a Thawte holding company, subsidiary, business
partner, or representative so that the holding company, subsidiary,
business partner, or representative can contact you on behalf of Thawte to
facilitate the support, renewal, and purchase of Thawte products and
services.  Please be assured that any holding company, subsidiary, business
partner, or representative who contacts you for one of these purposes has
agreed to use the information we supply only in accordance with a
confidentiality agreement or, with respect to Personal Certificates, our
CPS. To find out the names and locations of the holding company,
subsidiaries, business partners, and/or representatives to whom we have
provided your information, please contact us at the address listed at the
end of this document. We will also use the information you supply to form
the contents of a Personal Certificate. The exact information that appears
in our different types of Personal Certificates is set forth in the
relevant enrollment page, our CPS, and this Privacy Statement. Please note
that all information that you provide us that forms the content of a
Personal Certificate may be "published." Publication of Personal
Certificates in an accessible location would enable a third party to
access, review, and rely upon your Personal Certificate. You should have no
expectation of privacy regarding the content of your Personal Certificate.
If we are required by law to disclose certain information to local, state,
federal, national or international government or law enforcement
authorities, we will do so.

:: Your Ability to Opt-Out of Further Notifications ::
From time-to-time, we notify our subscribers of new products,
announcements, upgrades and updates. If you would like to opt-out of being
notified, please contact us at "optout{at}thawte.com". Please be
aware that we reserve the right to notify our subscribers of any
information that affects the security of our products or services.

:: How You Can Update or Correct Your Information ::
We cannot update or correct information contained in a Personal Certificate
without destroying the integrity of the Personal Certificate because we
digitally sign each subscriber's Personal Certificate as a part of the
Personal Certificate issuance process. If we were to subsequently modify or
remove any information listed in a Personal Certificate, our digital
signature would not verify the Personal Certificate's new content.
Furthermore, if a subscriber (sender) then digitally signed a message with
his or her private key, a third party would not be able to properly verify
the sender's signature (created using the sender's private key) because the
sender's Personal Certificate would have been altered after the key pair's
creation.

If you would like to update or correct any information in our records that
is not contained in your Personal Certificate, please go to
https://www.thawte.com/cgi/personal/general/editinfo.exe.

:: How You Can Revoke (Deactivate) Your Personal Certificate ::
A third party relying on a Personal Certificate may want to know its status
(for example, whether it is valid, suspended (where available) or revoked).
Thawte does not generally delete Personal Certificates (and their content)
from its database because a third party might not then be able to check its
status. You may, however, revoke (deactivate) your Personal Certificate. A
revoked Personal Certificate will still appear in our database with an
indication that it has been revoked. If you are a Personal Certificate
subscriber and would like to have your Personal Certificate revoked
(deactivated) from our database, please visit Thawte's Personal Certificate
manager page at:
https://www.thawte.com/cgi/personal/cert/revoke.exe
and follow the listed instructions.

:: Changes to Thawte's Privacy Statement ::
If a material change is made to the Thawte Privacy Statement
(http://www.thawte.com/html/CORPORATE/privacy.html) and/or the way we use
our customers' personally identifiable information then, with the prior
written approval from TRUSTe, we will post prominent notice of the nature
of such change on the first page of the Privacy Statement

Thawte's International Postal address is:
     P.O. Box 2749
     Durbanville 7551
     South Africa

     US Postal address is:
     Thawte (USA), Inc.
     P.O. Box 17648, Raleigh, NC=
     27619-7648


:: Key Escrow and Government Access to Keys ::
Encryption and digital signatures are the only tools individuals have in
the fight to protect their online privacy. The security of this system is
based on the belief that the individual, and only the individual, has a
copy of the private key used for decryption and signature. However, in an
attempt to snoop on the communications of their citizens and those of other
countries, some governments have suggested that these private keys should
essentially be copied and held by law enforcement officials as well. This
is tantamount to handing over your house keys and the ability to sign your
name on a document.

We view with dismay recent attempts by the USA to mandate key escrow and
recovery. Such rules are both impractical and Orwellian. We strongly
encourage you to take what action you can to make your opinion on this
topic clear and public. Suffice it to say that we do not participate in any
such programs, and so long as it is at all possible for us to do business
in the international arena without compromising the privacy of our users
that will remain the case.

:: Conditions of Use ::
This is not a test system. If you proceed with your enrollment you are
expected to do so in good faith. An individual submitting false or
fraudulent information will be subject to a personal claim of not less than
US$10,000.00. That individual's employer may also be subject to a claim of
no less than US$100,000.00, if it is proven that the organization was
cognizant of the actions of the individual. Please do not toy with this
service. Please only enroll in the system once. We do not permit multiple
profiles.

:: Certification Practice Statement and Statement of Liability ::
Thawte hereby warrants that it performs checks on each and every
certificate request with due diligence appropriate to the certification
fee. Unlike other Certification Authorities we accept liability for our
services. There does not seem to be any point in a CA that completely
disclaims all liability. For full details on the scope of our warranty, we
encourage you to read our Certification Practice Statement and Schedules.

--- BBBS/NT v4.01 Flag-4