RE: Logotypes in certificates
Stephen Kent <kent@bbn.com> Wed, 21 March 2001 23:16 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA21643 for <pkix-archive@odin.ietf.org>; Wed, 21 Mar 2001 18:16:34 -0500 (EST)
Received: from localhost by above.proper.com (8.9.3/8.9.3) with SMTP id PAA09285; Wed, 21 Mar 2001 15:15:43 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Wed, 21 Mar 2001 15:15:41 -0800
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.9.3/8.9.3) with ESMTP id PAA09237 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 15:15:40 -0800 (PST)
Received: from [128.33.238.72] (TC096.BBN.COM [128.33.238.96]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA00810; Wed, 21 Mar 2001 18:12:20 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010406b6dee2f776b7@[128.33.238.72]>
In-Reply-To: <OF18A5657B.86F6D373-ON85256A16.0060AD42@somers.hqregion.ibm.com>
References: <OF18A5657B.86F6D373-ON85256A16.0060AD42@somers.hqregion.ibm.com>
Date: Wed, 21 Mar 2001 18:03:54 -0500
To: Tom Gindin <tgindin@us.ibm.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: Logotypes in certificates
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Tom, > Wouldn't Logotypes most easily be implemented as an OTHER-NAME within >one of the alternate name fields (probably SubjectAltName)? If so, how >would they affect NameConstraints and the like? IMHO, they would have >little effect on them since logos are not hierarchical names and thus >couldn't easily be governed by NameConstraints. > Since they are naming (or at least identifying) information about the >subject or issuer, I don't see why they should be in a different extension. >IMO, the standard way of displaying these should be to display the logo >along with the text of the highest-precedence ID for that entity anyway. >Binding them together in the same extension would encourage that. I think the answer to your first question is no, but we need to hear from Stefan about what he envisioned. I was assuming a new extension. If logos were stuffed into an OtherName, the best we could do is to prohibit them by ruling out use of that name type in the subject alt name field via nameConstraints. Now maybe we're getting some handle on control that works with the current path validation algorithm, but it's not much. We need to see a more concrete proposal before we can proceed with a reasoned, technical evaluation of the potential for this proposed field. Steve
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson