Thawte offers free public key infrastructure certificates that they call Personal E-Mail Certificates, or Freemail Web of Trust Certificates. They describe their policies concerning these in the thawte Certification Practice Statement (CPS for short; I viewed Version 3.3, dated November 2006). In the CPS, in a table on page 15 they state that Personal E-Mail Certificates have a low assurance level, are issued to individuals, and in the "Description and Benefit" column it states:
Secure e-mail communication thawte Personal E-mail Certificates contain "Thawte Freemail Member" as the common name. thawte's Freemail Web of Trust Certificates includes the Subscriber's authenticated name as the common name.
From page 21, it appears that under certain conditions, the certificates can be used for a higher level of security:
1.3.4 Applicability
. . . Nonetheless, by contract or within specific environments (such as an intra-company environment), thawte PKI Participants are permitted to use Certificates for higher security applications than the ones described in CPS §§ 1.1, 1.3.4.1. Any such usage, however, shall be limited to such entities and subject to CPS §§ 2.2.1.2 [disclaimer of warranties], 2.2.2 [Registration Authority Liability], and these entities shall be solely responsible for any harm or liability caused by such usage.
Section 1.3.4.3, Prohibited Applications, states (in part) "Also, subject to CPS § 1.3.4, Low Assurance Personal E-mail and Freemail Web of Trust Certificates shall not be used as proof of identity or as support of nonrepudiation of identity or authority." On the other hand, section 1.3.4.1, Suitable Applications, states:
Individual Certificates and some organizational Certificates permit Relying Parties to verify digital signatures. thawte PKI Participants acknowledge and agree, to the extent permitted by applicable law, that where a transaction is required to be in writing, a message or other record bearing a digital signature verifiable with reference to a thawte Certificate may be valid, effective, and enforceable to an extent no less than if the same message or record been written and signed on paper. Subject to applicable law, a digital signature or transaction entered into with reference to a thawte Certificate shall be effective regardless of the geographic location where the thawte Certificate is issued or the digital signature created or used, and regardless of the geographic location of the place of business of the CA or Subscriber.Interpreting the inteplay between these two sections is beyond my ability.