IETF Logo Mail Archive

RE: Logotypes in certificates

Stefan Santesson <stefan@accurata.se> Sun, 18 March 2001 00:01 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id TAA10507 for <pkix-archive@odin.ietf.org>; Sat, 17 Mar 2001 19:01:47 -0500 (EST)
Received: from localhost by above.proper.com (8.9.3/8.9.3) with SMTP id QAA02083; Sat, 17 Mar 2001 16:01:13 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Sat, 17 Mar 2001 16:01:10 -0800
Received: from popmail2.inbox.se (root@popmail2.inbox.se [212.28.208.210]) by above.proper.com (8.9.3/8.9.3) with ESMTP id QAA02051 for <ietf-pkix@imc.org>; Sat, 17 Mar 2001 16:01:08 -0800 (PST)
Received: from santesson.accurata.se (lon-qbu-gyu-vty12.as.wcom.net [195.232.107.12]) by popmail2.inbox.se (8.10.1/8.10.1) with ESMTP id f2HNx0A02987; Sun, 18 Mar 2001 00:59:02 +0100
Message-Id: <5.0.0.25.2.20010318005150.027a0258@mail.accurata.se>
X-Sender: mb517@mail.accurata.se
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Sun, 18 Mar 2001 01:01:09 +0100
To: David Cross <dcross@microsoft.com>, Michael Zolotarev <michael.zolotarev@baltimore.com>, ietf-pkix@imc.org
From: Stefan Santesson <stefan@accurata.se>
Subject: RE: Logotypes in certificates
In-Reply-To: <24A715275661C8428C00432EFCA5CB7C01E3E9D8@red-msg-02.redmon d.corp.microsoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Well,

I didn't really suggest inclusion in son of rfc 2459. It was mora like a 
question.

Personally I think it could be done in it's own document and maybe merged 
later into others.

I have negative feelings about the approach to just point to a signed logo, 
but lets discuss it openly.

I think I would like to have the logotype signed by the certificate and I 
suggest that you should not be allowed to update or change any information 
signed and identified by a certificate. If you have an physical ID-card, 
any logotypes are fixed. The present logotypes reflects the logotypes valid 
at the time of issuance.

/Stefan


At 13:11 2001-03-17 -0800, David Cross wrote:
>Sounds like a reasonable suggestion.  Still, I would not want this in
>son-of-RFC2459.
>
>David B. Cross
>
>
>
>
>
>-----Original Message-----
>From: Michael Zolotarev [mailto:michael.zolotarev@baltimore.com]
>Sent: Friday, March 16, 2001 7:09 PM
>To: David Cross; Stefan Santesson; ietf-pkix@imc.org
>Subject: RE: Logotypes in certificates
>
>
>Probably a better alternative to including a logotype into a certificate
>would be to include a reference to a [signed] logotype. As an extension,
>containing a uri of a logotype which is stored somewhere. The drawback
>is that it requires the verifier to be connected, obviously. But
>certificate verification normally assumes that you are connected. The
>size of a logotype won't matter much.
>
>Naturally, a logotype should be signed by the same entity which issued
>the certificate which contains the reference to the logotype. it also
>allows flexible update of logotype if necessary, should a change be made
>within validity period of the certificate (i.e. a new photo required
>because I've grown a bead).
>
>Michael

v2.23.0 | Report a Bug | By Email