RE: Logotypes in certificates
Ambarish Malpani <ambarish@valicert.com> Sun, 18 March 2001 19:45 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id OAA09748 for <pkix-archive@odin.ietf.org>; Sun, 18 Mar 2001 14:45:09 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id LAA28836; Sun, 18 Mar 2001 11:44:36 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Sun, 18 Mar 2001 11:44:16 -0800
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.9.3/8.9.3) with ESMTP id LAA28790 for <ietf-pkix@imc.org>; Sun, 18 Mar 2001 11:44:15 -0800 (PST)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GAE00C01S5O8Y@ext-mail.valicert.com> for ietf-pkix@imc.org; Sun, 18 Mar 2001 11:44:12 -0800 (PST)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GAE00C4KS5N5O@ext-mail.valicert.com>; Sun, 18 Mar 2001 11:44:11 -0800 (PST)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <G7DHVV2T>; Sun, 18 Mar 2001 11:37:43 -0800
Content-return: allowed
Date: Sun, 18 Mar 2001 11:37:41 -0800
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Logotypes in certificates
To: 'Trevor Freeman' <trevorf@Exchange.Microsoft.com>, Stefan Santesson <stefan@accurata.se>, David Cross <dcross@microsoft.com>, ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E014C8B26@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Hi Trevor, Isn't it possible that IE/Communicator show the logo next to the lock symbol when displaying securely downloaded pages? Doesn't require the user to do something different and let's you associate the site with a logo that you are familiar with. Might help with the kinds of attacks where people try to send you to paypai.com rather than paypal.com Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 339 N. Bernardo Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Trevor Freeman [mailto:trevorf@Exchange.Microsoft.com] > Sent: Sunday, March 18, 2001 10:42 AM > To: Stefan Santesson; David Cross; ietf-pkix@imc.org > Subject: RE: Logotypes in certificates > > > Hi Stefan, > The fundamental gap here is that most users don't know what a > certificate is, and are happy that they just get a simple icon if > everything is ok or not rather than some UI detailing the > content of the > credential. Most users never look as the certificate UI. > Trevor > > -----Original Message----- > From: Stefan Santesson [mailto:stefan@accurata.se] > Sent: Saturday, March 17, 2001 4:14 PM > To: David Cross; ietf-pkix@imc.org > Subject: RE: Logotypes in certificates > > > David, > > Comment in line; > > At 18:46 2001-03-16 -0800, David Cross wrote: > >Stefan: > > > >Some comments - > > > >First: I do not think that this should be considered for son of > >RFC2459 > >- we do not want to hold this up to consider this proposal. > > That's OK with me. > > > > >Second: I do not see how applications will make use of this > >information. How do you see it being used? > > Well first I would like to state that I now of several > applications that > > would use this information if it was available. This is typically any > application which includes a function to display a certificates to a > human > user. These applications will seek to have a display format > which makes > sense to the user. These applications can, if logotype data > is present, > choose to download these logotypes and display them to the > user when a > certificate is displayed. > > Applications don't caring about logos won't be effected since > they just > ignore this information without problem. The logo is only a display > function and has no part in any DN or alternative name. > > We will surely implement this in certificates if this gets to be > supported > by any standard. > > /Stefan > > > > >Third: People are complaining about size of certs now, this will > >expand that issue > > Everything is a tradeoff. In this case we can meet an > important business > > need with just a few bytes. I think this is one of those cases that > definitely is worth it. > > /Stefan > > > > > > >David B. Cross > > > > > > -----Original Message----- > > From: Stefan Santesson [mailto:stefan@accurata.se] > > Sent: Thursday, March 15, 2001 3:22 PM > > To: ietf-pkix@imc.org > > Subject: Logotypes in certificates > > > > > > In last PKIX meeting in San Diego I presented some > thoughts on > > >creating a new extension for inclusion of logotype information in > >certificates. > > > > Last in this mail I include a primary suggested outline for > >such extension. > > > > But first a short summary of the rationale: > > > > At a first glance it may seem irrelevant to include > logotype > >information in certificates and a natural first reaction is > "OH NO... > >NOT ANOTHER THING TO INCLUDE!! DON'T WE HAVE ENOUGH?!!!" > > > > The fact is though that at the ETSI meeting this > week (In the > >group that handles European standards related to electronic > >signatures). IT WAS GENERALLY RECOGNIZED THAT INCLUSION OF LOGOTYPE > >DATA WOULD BE VERY USEFUL. > > > > Why is that so? > > > > The answer is that logotypes are carriers of trust and are > >widely recognized tools for trust recognition. Have you ever thought > >why EVERY physical instrument of trust, from loyalty cards, credit > >cards to Passports, contain trust symbols in the form of logotypes. > > > > Are certificates different? ABSOLUTELY NOT!! > > > > If PKI is to take off in the private market, the > certificates > >must be user friendly and carry the same functionality (in electronic > >form) as ID-cards, passports and other physical ID:s do in physical > >form. And logotypes are a FUNDAMENTAL part of that. > > > > Without logotypes, certificates can only be handled and > >presented as textual information for technically oriented > users. This > >is the reality I see. > > > > What is your observation? > > > > How can we then do this? > > > > Technically speaking, we don't have to include the actual > >logotype image and we don't have to destroy legacy applications. > > I would suggest that we use the same mechanism that we > >specified for biometric data in RFC 3039 where a > non-critical extension > > >can include for each logotype: > > > > - type of logo > > - type of hash algorithm > > - hash of logotype data > > - URI to location of data > > > > This will only take a few bytes but will allow new > >applications to import relevant logotypes, signed by the > issuer of the > >certificate, to be displayed to the user. > > > > So... What to do with this? > > > > If this is to be proceeded at all, It could be part > of son of > >RFC 2459, it could be part of a new RFC 3039 and it could be a new > >draft or merged with some other work. I'm open for suggestions. > > > > I hope to be able to meet with many of you and > discuss this in > > >Minneapolis next week. > > > > /Stefan Santesson > > > > > > logotypeInfo EXTENSION ::= { > > SYNTAX LogotypeSyntax > > IDENTIFIED BY id-pe-logotypeInfo } > > > > id-pe-logotypeInfo OBJECT IDENTIFIER ::= {id-pe XX} > > > > LogotypeSyntax ::= SEQUENCE OF LogotypeData > > > > LogotypeData ::= SEQUENCE { > > typeOfLogotype TypeOflogotype, > > hashAlgorithm AlgorithmIdentifier, > > logotypeDataHash OCTET STRING, > > sourceDataUri IA5String OPTIONAL } > > > > TypeOflogotype ::= CHOICE { > > predefinedLogotypeType PredefinedLogotypeType, > > LogotypeTypeID OBJECT IDENTIFIER } > > > > PredefinedLogotypeType ::= INTEGER { > > subject-organization-logotype(0), > > issuer-organization-logotype(1) > > CA-network-logotype(2)} > > (subject-organization-logotype| > > issuer-organization-logotype| > > CA-network-logotype,...) > > > > > > The predefined logotype types are > > > > subject-organization-logotype, if used, SHALL be used to > >include a logotype of the subject organization. The logotype > SHALL be > >consistent with, and require the presence of, an organization name > >stored in the organization attribute in the subject field. > > > > issuer-organization-logotype, if used, SHALL be used to > >include a logotype of the issuer organization. The logotype SHALL be > >consistent with, and require the presence of, an organization name > >stored in the organization attribute in the issuer field. > > > > CA-network-logotype, if used, SHALL be used to include a > >logotype used by a network of CA services, provided by one > or several > >independent CA's, within which the issuer claims to issue this > >certificate. > > > > >
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson