IETF Logo Mail Archive

RE: Logotypes in certificates

Stefan Santesson <stefan@addtrust.com> Mon, 02 April 2001 21:29 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA01916 for <pkix-archive@odin.ietf.org>; Mon, 2 Apr 2001 17:29:30 -0400 (EDT)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id OAA19261; Mon, 2 Apr 2001 14:27:48 -0700 (PDT)
Received: by mail.imc.org (bulk_mailer v1.12); Mon, 2 Apr 2001 14:27:40 -0700
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.9.3/8.9.3) with ESMTP id OAA19227 for <ietf-pkix@imc.org>; Mon, 2 Apr 2001 14:27:38 -0700 (PDT)
Received: from santesson.addtrust.com ([62.20.231.166]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.1600); Mon, 2 Apr 2001 23:26:47 +0200
Message-Id: <5.0.0.25.2.20010402222124.033fbc38@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 02 Apr 2001 23:28:03 +0200
To: Stephen Kent <kent@bbn.com>
From: Stefan Santesson <stefan@addtrust.com>
Subject: RE: Logotypes in certificates
Cc: ietf-pkix@imc.org
In-Reply-To: <p05010408b6e11769eb54@[128.33.4.39]>
References: <5.0.0.25.2.20010322185247.0420d990@mail.addtrust.com> < <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au> <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au> <5.0.0.25.2.20010322185247.0420d990@mail.addtrust.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-OriginalArrivalTime: 02 Apr 2001 21:26:47.0796 (UTC) FILETIME=[9FA3BB40:01C0BBBB]
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Steve,

I have problem to find the time to compile the input you ask for.

I think though that enough persons, where many of those actually represent 
significant market players in PKI, has spoken in favour of including 
logotypes in certificates in some form.

I would further regard Bob Junemans very relevant input as yet another very 
good reason for this.

So to me the question is more HOW instead of IF or WHY. Everybody doesn't 
have to need or want a feature in order to motivate its support in 
standards. What is important though is that there is a consensus that the 
choosen solution doesn't break the systems for those who doesn't need or 
want to use it.

I agree with those who consider inclusion of logotypes in policy qualifiers 
as a primitive hack, but I also see the good sides of this and right now I 
agree with Russ that this is probably the best way to do it in order to 
avoid the problems you address.

If policy qualifiers would be deprecated, then I'm open for suggestions. I 
don't care that much about HOW as long as this important need gets addressed.

/Stefan


At 10:11 2001-03-23 -0500, Stephen Kent wrote:
>Stefan,
>
>>Steve,
>>
>>There was a suggestion during a dinner yesterday that logotypes actually 
>>could be provided as a policy qualifier. That would actually solve your 
>>problem since you could directly tie acceptance of logotypes in 
>>certificates to a particular policy.
>>
>>This enables you to control the path validation problem with the use of 
>>policy constraints.
>
>I'd be comfortable with that approach, except that we have discouraged use 
>of policy qualifiers, as Russ noted.
>
>Let me suggest again that you send another message that includes a 
>comprehensive rationale for inclusion of logotypes, indicating what types 
>of certs would be allowed to contain them, what reference form you 
>envision, and what controls you think should be employed to prevent the 
>sorts of misuse I warned about.  With a concrete proposal, and well 
>articulated rationale on the table, I think we have a better chance of 
>making progress.
>
>Steve

v2.23.0 | Report a Bug | By Email