Re: Logotypes in certificates

[Eric Murray <ericm@lne.com>]

On Sun, Mar 18, 2001 at 10:42:12AM -0800, Trevor Freeman wrote:
> Hi Stefan,
> The fundamental gap here is that most users don't know what a
> certificate is, and are happy that they just get a simple icon if
> everything is ok or not rather than some UI detailing the content of the
> credential. Most users never look as the certificate UI.


Agreed.


I don't think that the logo extension would add that much data to the
cert.  There's already a whole load of junk people can put in certs,
what's another 1-200 bytes?



I am however concerned with how certs with the logo extension
would be issued.

Evil Trent is setting up a site to spoof the Bank of Alice web site.
Since Trent knows that the BofA customers all use the logo extension
to verify that they're really connected to Alice, he spoofs
the logo.  Trent creates a logo which is very similar to the BofA
logo, but with one pixel in the corner different.

When Trent goes to Verisign, do they check the logo before they sign
the cert?  How much do they check it- that it's hash is different from
all the other logos in their database?  If that's the case, Trent's
visually-identical logo is "different" and Trent gets his cert.

Trent puts up his spoof site, redirects traffic to it, and cleans out a
number of accounts.  Eventually Alice will find out that Trent is using a
logo that's too similar to Alice's.  There's already laws for this sort
of thing, so Alice can eventually prevail in the courts and get Trent
to stop using the confusing logo.  Before that happens, Trent moves to
some small country with weak extradition laws.

With DNs this is simple(er)- Verisign just won't sign a cert request
from Trent that says it's from Alice.  Of course "says it's from Alice"
is interpreted different by different CAs and to be 100% correct
you have to know each CA's naming convention.  But generally it's not
possible to get a Subject DN that's close enough to an existing issued
cert to spoof it.

How would this be handled with logos?  There's a body of law for
similarity of logos and trademarks, would that be followed?  Or would
someone at Verisign (or pick any CA) just look at the logos and reject any
that're "too similar".  There's probably also an international law problem
here- what if I get a cert issued with my logo, which is trademarked
in the US, and there's another very similar logo trademarked in the UK
for an entirely unrelated company?  Normally I and the other company
would not be competing in each other's territories, but now with the
net, we are, and our logos clash.  Who figures this out?  This problem
sounds very similar to the domain name situation, which as we all know,
is a bit of a mess.

I think that these issues (and probably more in the same vein)
should be thought through before going ahead with this.