RE: Logotypes in certificates
Stefan Santesson <stefan@addtrust.com> Tue, 20 March 2001 15:45 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA10144 for <pkix-archive@odin.ietf.org>; Tue, 20 Mar 2001 10:45:04 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id HAA27503; Tue, 20 Mar 2001 07:44:06 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 20 Mar 2001 07:44:04 -0800
Received: from exafix.addtrust.com ([212.112.175.83]) by above.proper.com (8.9.3/8.9.3) with ESMTP id HAA27461 for <ietf-pkix@imc.org>; Tue, 20 Mar 2001 07:44:02 -0800 (PST)
Received: from santesson.addtrust.com ([135.222.66.11]) by exafix.addtrust.com with Microsoft SMTPSVC(5.0.2195.1600); Tue, 20 Mar 2001 16:42:48 +0100
Message-Id: <5.0.0.25.2.20010320163717.0278a0f8@mail.addtrust.com>
X-Sender: sts@mail.addtrust.com
X-Mailer: QUALCOMM Windows Eudora Version 5.0
Date: Tue, 20 Mar 2001 16:44:11 +0100
To: todd.glassey@att.net, Tim Moses <tim.moses@entrust.com>
From: Stefan Santesson <stefan@addtrust.com>
Subject: RE: Logotypes in certificates
Cc: ietf-pkix@imc.org
In-Reply-To: <20010320152015.RWIG14058.mtiwmhc24.worldnet.att.net@webmai l.worldnet.att.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-OriginalArrivalTime: 20 Mar 2001 15:42:48.0906 (UTC) FILETIME=[6A884AA0:01C0B154]
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Todd, I may have misunderstood you but the proposal to include logotype information is definitely about certificate content. The proposal suggests a method to contain relevant information about logotypes in certificates in a way that allows a client to get, validate and display the logo to an end user. How the client does that is not the major issue, just to provide the possibility. /Stefan At 15:20 2001-03-20 +0000, todd.glassey@att.net wrote: >-- >Regards, >Todd > > Colleagues - I am supportive of the idea of including branding information > > in certificates. I recognize Steve's concern. But, I suggest that there > > should be no impact on processing rules ... other than ... in applications > > where the relying party is a human, the logo from the very first > certificate > > in the path should be displayed to him/her. When a relying party accepts a > > trust anchor, their experience should be identical regardless of the > details > > of the remainder of the path. Best regards. Tim. > > >This this is an instance wherein you are talking about >is the end-use model for the cert and not the cert >content. It is important to differentiate the two >since use of a cert is more an applications level effort. > >The concept in "displaying" squat to anyone takes the >issue out of the "content" and into the "use of" realms >which seems to be more "application oriented" than ANYTHING, >and as such not something that PKIX should be >concerning itself with unless it is going to change again >and start to publish certified use models for its wares. > >In which case the structure and accountability of PKIX for >what it is producing must also change significantly more >towards the ISO standards I think. > > > > > > > > -----Original Message----- > > From: Stephen Kent [mailto:kent@bbn.com] > > Sent: Monday, March 19, 2001 11:47 AM > > To: Stefan Santesson > > Cc: ietf-pkix@imc.org > > Subject: RE: Logotypes in certificates > > > > > > Stefan, > > > > I have mixed feelings about this proposal. We have, in the > > NameConstraints extension, a powerful mechanism for making cross > > certification a safe thing to do. If one were to include a logotype > > extension in a cert that was issued by a CA who had been cross > > certified using name constraints, it holds the potential for > > seriously undermining the controls imposed by NameConstraints. > > > > There is an issue here that merits discussion: the logotype is > > presumably useful only when people are being asked to accept/reject > > certs, in addition to or in lieu of the many software-based controls > > that v3 certs offer. If the use is in lieu of use of more extensive > > software-based controls, there may not be a conflict, since the > > context is probably that of a TTP CA where NameConstraints and > > similar controls are of minimal use. However, if the syntactic > > controls are also in use, a logotype extension may be of limited > > value and might easily degrade security. > > > > So, I would be opposed to PKIX approving this sort of extension (even > > as a separate RFC from 2459bis) without imposing significant > > constraints on the contexts in which it is to be used, including > > limitations on its use in conjunction with other extensions, e.g., > > NameConstraints. What worries me even more, is that we might have to > > extend/modify the validation procedure to enforce such > > inter-extension constraints, which would then affect 2459bis! > > > > Steve
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson