RE: Logotypes in certificates
Stefan Santesson <stefan@addtrust.com> Mon, 02 April 2001 21:29 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA01916 for <pkix-archive@odin.ietf.org>; Mon, 2 Apr 2001 17:29:30 -0400 (EDT)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id OAA19261; Mon, 2 Apr 2001 14:27:48 -0700 (PDT)
Received: by mail.imc.org (bulk_mailer v1.12); Mon, 2 Apr 2001 14:27:40 -0700
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.9.3/8.9.3) with ESMTP id OAA19227 for <ietf-pkix@imc.org>; Mon, 2 Apr 2001 14:27:38 -0700 (PDT)
Received: from santesson.addtrust.com ([62.20.231.166]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.1600); Mon, 2 Apr 2001 23:26:47 +0200
Message-Id: <5.0.0.25.2.20010402222124.033fbc38@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 02 Apr 2001 23:28:03 +0200
To: Stephen Kent <kent@bbn.com>
From: Stefan Santesson <stefan@addtrust.com>
Subject: RE: Logotypes in certificates
Cc: ietf-pkix@imc.org
In-Reply-To: <p05010408b6e11769eb54@[128.33.4.39]>
References: <5.0.0.25.2.20010322185247.0420d990@mail.addtrust.com> < <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au> <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au> <5.0.0.25.2.20010322185247.0420d990@mail.addtrust.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-OriginalArrivalTime: 02 Apr 2001 21:26:47.0796 (UTC) FILETIME=[9FA3BB40:01C0BBBB]
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Steve, I have problem to find the time to compile the input you ask for. I think though that enough persons, where many of those actually represent significant market players in PKI, has spoken in favour of including logotypes in certificates in some form. I would further regard Bob Junemans very relevant input as yet another very good reason for this. So to me the question is more HOW instead of IF or WHY. Everybody doesn't have to need or want a feature in order to motivate its support in standards. What is important though is that there is a consensus that the choosen solution doesn't break the systems for those who doesn't need or want to use it. I agree with those who consider inclusion of logotypes in policy qualifiers as a primitive hack, but I also see the good sides of this and right now I agree with Russ that this is probably the best way to do it in order to avoid the problems you address. If policy qualifiers would be deprecated, then I'm open for suggestions. I don't care that much about HOW as long as this important need gets addressed. /Stefan At 10:11 2001-03-23 -0500, Stephen Kent wrote: >Stefan, > >>Steve, >> >>There was a suggestion during a dinner yesterday that logotypes actually >>could be provided as a policy qualifier. That would actually solve your >>problem since you could directly tie acceptance of logotypes in >>certificates to a particular policy. >> >>This enables you to control the path validation problem with the use of >>policy constraints. > >I'd be comfortable with that approach, except that we have discouraged use >of policy qualifiers, as Russ noted. > >Let me suggest again that you send another message that includes a >comprehensive rationale for inclusion of logotypes, indicating what types >of certs would be allowed to contain them, what reference form you >envision, and what controls you think should be employed to prevent the >sorts of misuse I warned about. With a concrete proposal, and well >articulated rationale on the table, I think we have a better chance of >making progress. > >Steve
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson