Re: Logotypes in certificates
Stephen Kent <kent@bbn.com> Wed, 21 March 2001 04:57 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id XAA16241 for <pkix-archive@odin.ietf.org>; Tue, 20 Mar 2001 23:57:36 -0500 (EST)
Received: from localhost by above.proper.com (8.9.3/8.9.3) with SMTP id UAA07293; Tue, 20 Mar 2001 20:57:06 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 20 Mar 2001 20:57:03 -0800
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.9.3/8.9.3) with ESMTP id UAA07263 for <ietf-pkix@imc.org>; Tue, 20 Mar 2001 20:57:02 -0800 (PST)
Received: from [128.33.238.79] (TC079.BBN.COM [128.33.238.79]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id XAA06958; Tue, 20 Mar 2001 23:53:35 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010402b6dde3f12ea0@[128.33.238.79]>
In-Reply-To: <200103210409.f2L49lm27322@thunder.dstc.qut.edu.au>
References: <200103210409.f2L49lm27322@thunder.dstc.qut.edu.au>
Date: Tue, 20 Mar 2001 23:56:53 -0500
To: Dean Povey <povey@dstc.qut.edu.au>
From: Stephen Kent <kent@bbn.com>
Subject: Re: Logotypes in certificates
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Dean and Stefan, As a security kinda' guy, I always approach this from the "what will the bad giy do" perspective. From that perspective, I worry that a TTP CA will cerfity company X, putting the company X logo in the cert. Then company X will issue a cert to a subordinate CA, and put in that cert an inappropriate logo. It is not realistic for an app to display a chain of logos, and expect a user to pay attention, any more that if one displayed a chain of DNs. I still maintain that we can agree on what would be a reasonable set of circumstances in which the logo extension would be useful and safe, but I don't see a technical means of enforcing these circumstances without changes to the path validation algorithm. I am open to suggestions that provide the necessary controls and don't have this unfortunate side effect, but I have yet to see an example of such. Steve
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson