Re: Logotypes [not] in certificates

Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de> Mon, 26 March 2001 08:49 UTC

Date: Mon, 26 Mar 2001 10:48:29 +0200
From: Bodo Moeller <moeller@cdc.informatik.tu-darmstadt.de>
To: Dean Povey <povey@dstc.qut.edu.au>
Cc: "David P. Kemp" <dpkemp@missi.ncsc.mil>, ietf-pkix@imc.org
Subject: Re: Logotypes [not] in certificates
Message-ID: <20010326104828.A28867@cdc.informatik.tu-darmstadt.de>
References: <dpkemp@missi.ncsc.mil> <200103222159.f2MLxHm09012@thunder.dstc.qut.edu.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200103222159.f2MLxHm09012@thunder.dstc.qut.edu.au>; from povey@dstc.qut.edu.au on Fri, Mar 23, 2001 at 07:59:17AM +1000
Precedence: bulk
Content-Transfer-Encoding: 8bit

On Fri, Mar 23, 2001 at 07:59:17AM +1000, Dean Povey wrote:

> [...]  However, names are frequently ambiguous and in some cases are 
> difficult to recognise.  This leads to problems where an attacker obtains 
> a Certificate for a name similar to an organisation they are trying to 
> target.  For a concrete examples see the recent slashdot story:
> 
> http://slashdot.org/articles/01/03/22/1947233.shtml
> 
> And MicroSoft's Bulletin:
> http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
> 
> Logos are much easier for humans to recognise.  By having a CA bind the
> public key to a logo and having the UI use it appropriately you enable
> users to make much better decisions about how they use their certificates.

I am not sure I get your point.  Are you saying that including logos
into certificates could have prevented this from happening?
According to the Microsoft Security Bulletin,

     VeriSign, Inc., recently advised Microsoft that on January 29 and 30,
     2001, it issued two VeriSign Class 3 code-signing digital certificates
     to an individual who fraudulently claimed to be a Microsoft employee.

I fail to see what difference it would have made to include logos into
the process.

In the message that started this thread it was claimed that "logotypes
are carriers of trust," whatever this means.  The argument was made
that certificates "must be user friendly" and not only be accessible
to "technically oriented users".  Let me assume the role of advocatus
diaboli: The basic idea appears to be that users who don't have a clue
of what is going on should not notice that they don't.  The technical
process of certification is enriched with colourful logotypes to give
certificate recipients warm fuzzies and convey a feeling of "trust."
Users who don't understand the concept of chain validation and the
risks of mis-certification will gladly accept certificates as genuine
because they carry the proper logo.  In other words, we are discussing
how to enable the digital world for one of the traditional tricks for
faking physical ID, which is to use logos to evoke trust.

(Exit advocatus diaboli.  Enter Bodo.)

You say that logos bound to public keys "enable users to make much
better decisions about how they use their certificates."  Will logos
really help to make *better* decisions?  Won't they rather make it
easier to make mistakes?

-- 
Bodo Möller <moeller@cdc.informatik.tu-darmstadt.de>
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036

Re: Logotypes [not] in certificates David P. Kemp
Re: Logotypes [not] in certificates Dean Povey
Re: Logotypes in certificates Aram Perez
Re: Logotypes in certificates Dean Povey
Re: Logotypes in certificates Anders Rundgren
Re: Logotypes [not] in certificates Bodo Moeller
Re: Logotypes [not] in certificates Dean Povey
Re: Logotypes [not] in certificates Bodo Moeller
RE: Logotypes [not] in certificates Frank Balluffi