RE: Logotypes in certificates
Michael Zolotarev <michael.zolotarev@baltimore.com> Wed, 21 March 2001 17:54 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA03289 for <pkix-archive@odin.ietf.org>; Wed, 21 Mar 2001 12:54:55 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id JAA17327; Wed, 21 Mar 2001 09:54:03 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Wed, 21 Mar 2001 09:54:00 -0800
Received: from stargate.zergo.com.au (IDENT:root@stargate.zergo.com.au [203.2.208.130]) by above.proper.com (8.9.3/8.9.3) with ESMTP id JAA17292 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 09:53:59 -0800 (PST)
Received: from sweepau.baltimore.com.au (sweepau.zergo.com.au [10.61.2.6]) by stargate.zergo.com.au (8.9.1/8.8.7) with ESMTP id EAA03833 for <ietf-pkix@imc.org>; Thu, 22 Mar 2001 04:03:34 +1100
Received: from sydneymail1.zergo.com.au (unverified) by sweepau.baltimore.com.au (Content Technologies SMTPRS 4.2.1) with ESMTP id <T52711a4f800a3d02061aa@sweepau.baltimore.com.au>; Thu, 22 Mar 2001 04:54:27 +1100
Received: by sydneymail1.zergo.com.au with Internet Mail Service (5.5.2650.21) id <HAVTGMZJ>; Thu, 22 Mar 2001 04:51:49 +1100
Message-ID: <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au>
From: Michael Zolotarev <michael.zolotarev@baltimore.com>
To: 'Ambarish Malpani' <ambarish@valicert.com>, 'Stephen Kent' <kent@bbn.com>, Dean Povey <povey@dstc.qut.edu.au>
Cc: ietf-pkix@imc.org
Subject: RE: Logotypes in certificates
Date: Thu, 22 Mar 2001 04:51:46 +1100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Though I don't favor including logotype or reference to a logotype to a cert, considering it as a pure marketing trick (sorry, Stefan :), but my realisation was that a logotype is by no means related to the establishment of trust. It is 100% meant for a human eye only, and verification algorithm should simply ignore it, as it ingores any other proprietory extentions. If the verification comes up with an answer 'not validated', and the software prompts a user saying 'couldn't validate', and the user still makes a decision to trust the cert, it is an application's problem, which already exists now, and logotypes add no extra pitch to it. As an extreme, if a CA considers logotypes to be anyhow harmful, it simply won't have a logotype in its own cert, and refuse certification of logotypes. Michael -----Original Message----- From: Ambarish Malpani [mailto:ambarish@valicert.com] Sent: Thursday, March 22, 2001 4:07 AM To: 'Stephen Kent'; Dean Povey Cc: ietf-pkix@imc.org Subject: RE: Logotypes in certificates Steve, This is the same argument as a CA issuing a cert to a subordinate, who issues incorrect certificates with it - e.g. issues a certificate for the domain www.amazon.com to say BN. Either a CA controls/audits subordinate CAs, or has enough reason to trust them, or the value of that hierarchy is pretty useless. I don't think logos in certificates affect this either way. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 339 N. Bernardo Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Stephen Kent [mailto:kent@bbn.com] > Sent: Tuesday, March 20, 2001 8:57 PM > To: Dean Povey > Cc: ietf-pkix@imc.org > Subject: Re: Logotypes in certificates > > > Dean and Stefan, > > As a security kinda' guy, I always approach this from the "what will > the bad giy do" perspective. From that perspective, I worry that a > TTP CA will cerfity company X, putting the company X logo in the > cert. Then company X will issue a cert to a subordinate CA, and put > in that cert an inappropriate logo. It is not realistic for an app to > display a chain of logos, and expect a user to pay attention, any > more that if one displayed a chain of DNs. I still maintain that we > can agree on what would be a reasonable set of circumstances in which > the logo extension would be useful and safe, but I don't see a > technical means of enforcing these circumstances without changes to > the path validation algorithm. I am open to suggestions that provide > the necessary controls and don't have this unfortunate side effect, > but I have yet to see an example of such. > > Steve > This footnote confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. ----------------------------------------------------------------------------------------------------------------- The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Baltimore Technologies plc will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. In addition, certain Marketing collateral may be added from time to time to promote Baltimore Technologies products, services, Global e-Security or appearance at trade shows and conferences. This footnote confirms that this email message has been swept by Baltimore MIMEsweeper for Content Security threats, including computer viruses.
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson