RE: Logotypes in certificates
"Trevor Freeman" <trevorf@Exchange.Microsoft.com> Sun, 18 March 2001 18:42 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id NAA09442 for <pkix-archive@odin.ietf.org>; Sun, 18 Mar 2001 13:42:24 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id KAA24534; Sun, 18 Mar 2001 10:41:51 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Sun, 18 Mar 2001 10:41:48 -0800
Received: from df-inet1.exchange.microsoft.com (df-inet1.exchange.microsoft.com [131.107.8.8]) by above.proper.com (8.9.3/8.9.3) with ESMTP id KAA24500 for <ietf-pkix@imc.org>; Sun, 18 Mar 2001 10:41:48 -0800 (PST)
Received: from df-virus2.platinum.corp.microsoft.com ([172.30.236.33]) by df-inet1.exchange.microsoft.com with Microsoft SMTPSVC(5.0.2195.2831); Sun, 18 Mar 2001 10:42:08 -0800
Received: from 172.30.236.11 by df-virus2.platinum.corp.microsoft.com (InterScan E-Mail VirusWall NT); Sun, 18 Mar 2001 10:42:13 -0800 (Pacific Standard Time)
Received: from speak.platinum.corp.microsoft.com ([172.30.236.197]) by yuri.dns.microsoft.com with Microsoft SMTPSVC(5.0.2195.2883); Sun, 18 Mar 2001 10:42:13 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.0.4668.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: Logotypes in certificates
Date: Sun, 18 Mar 2001 10:42:12 -0800
Message-ID: <CC2E64D4B3BAB646A87B5A3AE97090420D0F46A3@speak.dogfood>
Thread-Topic: Logotypes in certificates
Thread-Index: AcCvQYQnChwVkky9TLiQhLmHhK194wAmGPqg
From: Trevor Freeman <trevorf@Exchange.Microsoft.com>
To: Stefan Santesson <stefan@accurata.se>, David Cross <dcross@microsoft.com>, ietf-pkix@imc.org
X-OriginalArrivalTime: 18 Mar 2001 18:42:13.0155 (UTC) FILETIME=[25B2D730:01C0AFDB]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by above.proper.com id KAA24501
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Content-Transfer-Encoding: 8bit
Hi Stefan, The fundamental gap here is that most users don't know what a certificate is, and are happy that they just get a simple icon if everything is ok or not rather than some UI detailing the content of the credential. Most users never look as the certificate UI. Trevor -----Original Message----- From: Stefan Santesson [mailto:stefan@accurata.se] Sent: Saturday, March 17, 2001 4:14 PM To: David Cross; ietf-pkix@imc.org Subject: RE: Logotypes in certificates David, Comment in line; At 18:46 2001-03-16 -0800, David Cross wrote: >Stefan: > >Some comments - > >First: I do not think that this should be considered for son of >RFC2459 >- we do not want to hold this up to consider this proposal. That's OK with me. > >Second: I do not see how applications will make use of this >information. How do you see it being used? Well first I would like to state that I now of several applications that would use this information if it was available. This is typically any application which includes a function to display a certificates to a human user. These applications will seek to have a display format which makes sense to the user. These applications can, if logotype data is present, choose to download these logotypes and display them to the user when a certificate is displayed. Applications don't caring about logos won't be effected since they just ignore this information without problem. The logo is only a display function and has no part in any DN or alternative name. We will surely implement this in certificates if this gets to be supported by any standard. /Stefan > >Third: People are complaining about size of certs now, this will >expand that issue Everything is a tradeoff. In this case we can meet an important business need with just a few bytes. I think this is one of those cases that definitely is worth it. /Stefan > > >David B. Cross > > > -----Original Message----- > From: Stefan Santesson [mailto:stefan@accurata.se] > Sent: Thursday, March 15, 2001 3:22 PM > To: ietf-pkix@imc.org > Subject: Logotypes in certificates > > > In last PKIX meeting in San Diego I presented some thoughts on >creating a new extension for inclusion of logotype information in >certificates. > > Last in this mail I include a primary suggested outline for >such extension. > > But first a short summary of the rationale: > > At a first glance it may seem irrelevant to include logotype >information in certificates and a natural first reaction is "OH NO... >NOT ANOTHER THING TO INCLUDE!! DON'T WE HAVE ENOUGH?!!!" > > The fact is though that at the ETSI meeting this week (In the >group that handles European standards related to electronic >signatures). IT WAS GENERALLY RECOGNIZED THAT INCLUSION OF LOGOTYPE >DATA WOULD BE VERY USEFUL. > > Why is that so? > > The answer is that logotypes are carriers of trust and are >widely recognized tools for trust recognition. Have you ever thought >why EVERY physical instrument of trust, from loyalty cards, credit >cards to Passports, contain trust symbols in the form of logotypes. > > Are certificates different? ABSOLUTELY NOT!! > > If PKI is to take off in the private market, the certificates >must be user friendly and carry the same functionality (in electronic >form) as ID-cards, passports and other physical ID:s do in physical >form. And logotypes are a FUNDAMENTAL part of that. > > Without logotypes, certificates can only be handled and >presented as textual information for technically oriented users. This >is the reality I see. > > What is your observation? > > How can we then do this? > > Technically speaking, we don't have to include the actual >logotype image and we don't have to destroy legacy applications. > I would suggest that we use the same mechanism that we >specified for biometric data in RFC 3039 where a non-critical extension >can include for each logotype: > > - type of logo > - type of hash algorithm > - hash of logotype data > - URI to location of data > > This will only take a few bytes but will allow new >applications to import relevant logotypes, signed by the issuer of the >certificate, to be displayed to the user. > > So... What to do with this? > > If this is to be proceeded at all, It could be part of son of >RFC 2459, it could be part of a new RFC 3039 and it could be a new >draft or merged with some other work. I'm open for suggestions. > > I hope to be able to meet with many of you and discuss this in >Minneapolis next week. > > /Stefan Santesson > > > logotypeInfo EXTENSION ::= { > SYNTAX LogotypeSyntax > IDENTIFIED BY id-pe-logotypeInfo } > > id-pe-logotypeInfo OBJECT IDENTIFIER ::= {id-pe XX} > > LogotypeSyntax ::= SEQUENCE OF LogotypeData > > LogotypeData ::= SEQUENCE { > typeOfLogotype TypeOflogotype, > hashAlgorithm AlgorithmIdentifier, > logotypeDataHash OCTET STRING, > sourceDataUri IA5String OPTIONAL } > > TypeOflogotype ::= CHOICE { > predefinedLogotypeType PredefinedLogotypeType, > LogotypeTypeID OBJECT IDENTIFIER } > > PredefinedLogotypeType ::= INTEGER { > subject-organization-logotype(0), > issuer-organization-logotype(1) > CA-network-logotype(2)} > (subject-organization-logotype| > issuer-organization-logotype| > CA-network-logotype,...) > > > The predefined logotype types are > > subject-organization-logotype, if used, SHALL be used to >include a logotype of the subject organization. The logotype SHALL be >consistent with, and require the presence of, an organization name >stored in the organization attribute in the subject field. > > issuer-organization-logotype, if used, SHALL be used to >include a logotype of the issuer organization. The logotype SHALL be >consistent with, and require the presence of, an organization name >stored in the organization attribute in the issuer field. > > CA-network-logotype, if used, SHALL be used to include a >logotype used by a network of CA services, provided by one or several >independent CA's, within which the issuer claims to issue this >certificate. > >
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson