Re: Logotypes in certificates
Dean Povey <povey@dstc.qut.edu.au> Thu, 22 March 2001 22:17 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id RAA23351 for <pkix-archive@odin.ietf.org>; Thu, 22 Mar 2001 17:17:42 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id OAA28866; Thu, 22 Mar 2001 14:17:12 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Thu, 22 Mar 2001 14:17:10 -0800
Received: from thunder.dstc.qut.edu.au (thunder.dstc.qut.edu.au [131.181.71.1]) by above.proper.com (8.9.3/8.9.3) with ESMTP id OAA28835 for <ietf-pkix@imc.org>; Thu, 22 Mar 2001 14:17:07 -0800 (PST)
Received: from dstc.qut.edu.au (garnet.dstc.qut.edu.au [131.181.71.36]) by thunder.dstc.qut.edu.au (8.10.1/8.10.1) with ESMTP id f2MMH5m09077; Fri, 23 Mar 2001 08:17:06 +1000 (EST)
Message-Id: <200103222217.f2MMH5m09077@thunder.dstc.qut.edu.au>
X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4
To: Trevor Freeman <trevorf@Exchange.Microsoft.com>
Cc: ietf-pkix@imc.org
Subject: Re: Logotypes in certificates
In-reply-to: Your message of "Thu, 22 Mar 2001 11:58:58 PST." <CC2E64D4B3BAB646A87B5A3AE97090420D0F46DA@speak.dogfood>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 23 Mar 2001 08:17:05 +1000
From: Dean Povey <povey@dstc.qut.edu.au>
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
>Logically speaking, this is a name in that we are talking about a token >which represents an organization. Its just a graphical token, not a >textual token. However I full agree with Steve that like other name >forms, we have to validate the CAs write to assert that logo. I for one >don't see a way to make this work with graphics, and unless it lives by >the same rules as text rules, it is open to abuse and therefore is a >very bad idea. This is really a very defeatist attitude. Just because you can't enforce technically the ability to make a logo fall within a certain `space' doesn't mean you can't control it technically. What constraints could the a higher level CA possibly want to enforce on a logo later in the path other than the right to either include one or not? Name Constraints already exists to restrict the range of possible spaces the DN/names would fall into (i.e. who you can issue certs to) and the subordinate CA has to follow the certificate policy or the whole thing falls down anyway. This is a really esoteric problem, and there is a simple solution - punt it to policy and revoke the subordinate CAs cert if they break the rules. Honestly you have far more to worry about if the subordinate CA is not following your identification/authentication rules than if they are including a pointer to a logo in their cert. You can no more enforce these with fields in the Certificate than you can enforce constraints on graphical types. The big benefit of logos is surely that it makes Joe User more involved/ aware of the security process that is occurring. Give the propensity of users to ignore pop up text messages (or turn them off), this has to be a good thing. -- Dean Povey, | e-m: povey@dstc.edu.au | JCSI: Java Crypto Toolkit Research Scientist | ph: +61 7 3864 5120 | uPKI: C PKI toolkit for embedded Security Unit, DSTC | fax: +61 7 3864 1282 | systems Brisbane, Australia | www: security.dstc.com | Oscar: C++ PKI toolkit
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson