Re: Logotypes [not] in certificates
Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de> Mon, 26 March 2001 08:49 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id DAA08784 for <pkix-archive@odin.ietf.org>; Mon, 26 Mar 2001 03:49:13 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id AAA22293; Mon, 26 Mar 2001 00:48:42 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Mon, 26 Mar 2001 00:48:34 -0800
Received: from cdc-info.cdc.informatik.tu-darmstadt.de (cdc-info.cdc.informatik.tu-darmstadt.de [130.83.23.100]) by above.proper.com (8.9.3/8.9.3) with ESMTP id AAA22257 for <ietf-pkix@imc.org>; Mon, 26 Mar 2001 00:48:33 -0800 (PST)
Received: from cdc-ws1.cdc.informatik.tu-darmstadt.de (cdc-ws1 [130.83.23.129]) by cdc-info.cdc.informatik.tu-darmstadt.de (Postfix) with ESMTP id CFC942C79; Mon, 26 Mar 2001 10:48:32 +0200 (MET DST)
Received: (from moeller@localhost) by cdc-ws1.cdc.informatik.tu-darmstadt.de (8.9.3+Sun/8.9.3) id KAA29145; Mon, 26 Mar 2001 10:48:29 +0200 (MEST)
X-Authentication-Warning: cdc-ws1.cdc.informatik.tu-darmstadt.de: moeller set sender to moeller@cdc.informatik.tu-darmstadt.de using -f
Date: Mon, 26 Mar 2001 10:48:29 +0200
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Dean Povey <povey@dstc.qut.edu.au>
Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>, ietf-pkix@imc.org
Subject: Re: Logotypes [not] in certificates
Message-ID: <20010326104828.A28867@cdc.informatik.tu-darmstadt.de>
References: <dpkemp@missi.ncsc.mil> <200103222159.f2MLxHm09012@thunder.dstc.qut.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200103222159.f2MLxHm09012@thunder.dstc.qut.edu.au>; from povey@dstc.qut.edu.au on Fri, Mar 23, 2001 at 07:59:17AM +1000
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
X-MIME-Autoconverted: from 8bit to quoted-printable by above.proper.com id AAA22293
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id DAA08784
On Fri, Mar 23, 2001 at 07:59:17AM +1000, Dean Povey wrote: > [...] However, names are frequently ambiguous and in some cases are > difficult to recognise. This leads to problems where an attacker obtains > a Certificate for a name similar to an organisation they are trying to > target. For a concrete examples see the recent slashdot story: > > http://slashdot.org/articles/01/03/22/1947233.shtml > > And MicroSoft's Bulletin: > http://www.microsoft.com/technet/security/bulletin/MS01-017.asp > > Logos are much easier for humans to recognise. By having a CA bind the > public key to a logo and having the UI use it appropriately you enable > users to make much better decisions about how they use their certificates. I am not sure I get your point. Are you saying that including logos into certificates could have prevented this from happening? According to the Microsoft Security Bulletin, VeriSign, Inc., recently advised Microsoft that on January 29 and 30, 2001, it issued two VeriSign Class 3 code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. I fail to see what difference it would have made to include logos into the process. In the message that started this thread it was claimed that "logotypes are carriers of trust," whatever this means. The argument was made that certificates "must be user friendly" and not only be accessible to "technically oriented users". Let me assume the role of advocatus diaboli: The basic idea appears to be that users who don't have a clue of what is going on should not notice that they don't. The technical process of certification is enriched with colourful logotypes to give certificate recipients warm fuzzies and convey a feeling of "trust." Users who don't understand the concept of chain validation and the risks of mis-certification will gladly accept certificates as genuine because they carry the proper logo. In other words, we are discussing how to enable the digital world for one of the traditional tricks for faking physical ID, which is to use logos to evoke trust. (Exit advocatus diaboli. Enter Bodo.) You say that logos bound to public keys "enable users to make much better decisions about how they use their certificates." Will logos really help to make *better* decisions? Won't they rather make it easier to make mistakes? -- Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036
- Re: Logotypes [not] in certificates David P. Kemp
- Re: Logotypes [not] in certificates Dean Povey
- Re: Logotypes in certificates Aram Perez
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Anders Rundgren
- Re: Logotypes [not] in certificates Bodo Moeller
- Re: Logotypes [not] in certificates Dean Povey
- Re: Logotypes [not] in certificates Bodo Moeller
- RE: Logotypes [not] in certificates Frank Balluffi