Re: Logotypes in certificates

Stefan Santesson <stefan@accurata.se> Mon, 19 March 2001 05:45 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id AAA19434 for <pkix-archive@odin.ietf.org>; Mon, 19 Mar 2001 00:45:32 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id VAA22299; Sun, 18 Mar 2001 21:44:56 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Sun, 18 Mar 2001 21:44:54 -0800
Received: from popmail2.inbox.se (root@popmail2.inbox.se [212.28.208.210]) by above.proper.com (8.9.3/8.9.3) with ESMTP id VAA22268 for <ietf-pkix@imc.org>; Sun, 18 Mar 2001 21:44:52 -0800 (PST)
Received: from santesson.accurata.se ([216.70.218.90]) by popmail2.inbox.se (8.10.1/8.10.1) with ESMTP id f2J5gkA07474; Mon, 19 Mar 2001 06:42:46 +0100
Message-Id: <5.0.0.25.2.20010319061843.033dbad8@mail.accurata.se>
X-Sender: mb517@mail.accurata.se
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Mon, 19 Mar 2001 06:45:23 +0100
To: Eric Murray <ericm@lne.com>, Trevor Freeman <trevorf@Exchange.Microsoft.com>
From: Stefan Santesson <stefan@accurata.se>
Subject: Re: Logotypes in certificates
Cc: ietf-pkix@imc.org
In-Reply-To: <20010318160744.B3021@slack.lne.com>
References: <CC2E64D4B3BAB646A87B5A3AE97090420D0F46A3@speak.dogfood> <CC2E64D4B3BAB646A87B5A3AE97090420D0F46A3@speak.dogfood>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Hi Eric,

Thank you for interesting thoughts. Yes this is a challenging subject.

Let me first ask you to consider the case if we didn't use handwritten 
signatures today. Imagine that I now suggested that we start using a method 
to close contracts and deals where involved parties freely chooses any 
personal written symbol and let that represent them and their acceptance of 
a contract.

Can you imagine what philosophic debates that would cause? How easy it 
would be to forge and how hard it will be to prove who really signed a 
document!!! Pretty much the kind of challenges you just raised with respect 
to logotypes.

Identification and naming are not exact science. It is just like signatures 
- It is a phenomena which has evolved over long periods of times as it has 
proved its value despite its imperfection.

What we try to do with certificates is not to make this world more perfect, 
but to REFLECT that world and DOCUMENT the processes that makes up the 
fundament of trust in our lives and societies.

You can fool any PKI structure if you don't require the CA to 1) Be trusted 
and 2) prove that trustworthiness by being signed by a trusted ROOT CA.

Given that, we don't ask any CA to do more than to INVESTIGATE and DOCUMENT 
what it already out there, I don't see the problem. Personally I see no 
problem for a CA to validate a logotype of an organization since what a CA 
does is merely to identify the organization and then document what that 
legal entity CLAIMS to be its logotype.

If that claim is wrong, then there is legal ways to deal with that.

International conflicts of logos are there with or without certificates.

Logos are NOT replacements of DN:s and names of any kind, they are just 
complementing concepts of symbols developed over long period of time, 
proven valuable to the society as a carrier of trust, despite its imperfection.

/Stefan


At 16:07 2001-03-18 -0800, Eric Murray wrote:
>On Sun, Mar 18, 2001 at 10:42:12AM -0800, Trevor Freeman wrote:
> > Hi Stefan,
> > The fundamental gap here is that most users don't know what a
> > certificate is, and are happy that they just get a simple icon if
> > everything is ok or not rather than some UI detailing the content of the
> > credential. Most users never look as the certificate UI.
>
>
>Agreed.
>
>
>I don't think that the logo extension would add that much data to the
>cert.  There's already a whole load of junk people can put in certs,
>what's another 1-200 bytes?
>
>
>
>I am however concerned with how certs with the logo extension
>would be issued.
>
>Evil Trent is setting up a site to spoof the Bank of Alice web site.
>Since Trent knows that the BofA customers all use the logo extension
>to verify that they're really connected to Alice, he spoofs
>the logo.  Trent creates a logo which is very similar to the BofA
>logo, but with one pixel in the corner different.
>
>When Trent goes to Verisign, do they check the logo before they sign
>the cert?  How much do they check it- that it's hash is different from
>all the other logos in their database?  If that's the case, Trent's
>visually-identical logo is "different" and Trent gets his cert.
>
>Trent puts up his spoof site, redirects traffic to it, and cleans out a
>number of accounts.  Eventually Alice will find out that Trent is using a
>logo that's too similar to Alice's.  There's already laws for this sort
>of thing, so Alice can eventually prevail in the courts and get Trent
>to stop using the confusing logo.  Before that happens, Trent moves to
>some small country with weak extradition laws.
>
>With DNs this is simple(er)- Verisign just won't sign a cert request
>from Trent that says it's from Alice.  Of course "says it's from Alice"
>is interpreted different by different CAs and to be 100% correct
>you have to know each CA's naming convention.  But generally it's not
>possible to get a Subject DN that's close enough to an existing issued
>cert to spoof it.
>
>How would this be handled with logos?  There's a body of law for
>similarity of logos and trademarks, would that be followed?  Or would
>someone at Verisign (or pick any CA) just look at the logos and reject any
>that're "too similar".  There's probably also an international law problem
>here- what if I get a cert issued with my logo, which is trademarked
>in the US, and there's another very similar logo trademarked in the UK
>for an entirely unrelated company?  Normally I and the other company
>would not be competing in each other's territories, but now with the
>net, we are, and our logos clash.  Who figures this out?  This problem
>sounds very similar to the domain name situation, which as we all know,
>is a bit of a mess.
>
>I think that these issues (and probably more in the same vein)
>should be thought through before going ahead with this.