RE: Logotypes in certificates
Ambarish Malpani <ambarish@valicert.com> Wed, 21 March 2001 17:15 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id MAA01128 for <pkix-archive@odin.ietf.org>; Wed, 21 Mar 2001 12:15:12 -0500 (EST)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id JAA15635; Wed, 21 Mar 2001 09:14:21 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Wed, 21 Mar 2001 09:14:15 -0800
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.9.3/8.9.3) with ESMTP id JAA15604 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 09:14:14 -0800 (PST)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GAK0080155WRY@ext-mail.valicert.com> for ietf-pkix@imc.org; Wed, 21 Mar 2001 09:13:08 -0800 (PST)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GAK006OX55WQ3@ext-mail.valicert.com>; Wed, 21 Mar 2001 09:13:08 -0800 (PST)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <HKLW09NM>; Wed, 21 Mar 2001 09:06:35 -0800
Content-return: allowed
Date: Wed, 21 Mar 2001 09:06:35 -0800
From: Ambarish Malpani <ambarish@valicert.com>
Subject: RE: Logotypes in certificates
To: 'Stephen Kent' <kent@bbn.com>, Dean Povey <povey@dstc.qut.edu.au>
Cc: ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E014C8B3E@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe
Steve, This is the same argument as a CA issuing a cert to a subordinate, who issues incorrect certificates with it - e.g. issues a certificate for the domain www.amazon.com to say BN. Either a CA controls/audits subordinate CAs, or has enough reason to trust them, or the value of that hierarchy is pretty useless. I don't think logos in certificates affect this either way. Regards, Ambarish --------------------------------------------------------------------- Ambarish Malpani Architect 650.567.5457 ValiCert, Inc. ambarish@valicert.com 339 N. Bernardo Ave. http://www.valicert.com Mountain View, CA 94043 > -----Original Message----- > From: Stephen Kent [mailto:kent@bbn.com] > Sent: Tuesday, March 20, 2001 8:57 PM > To: Dean Povey > Cc: ietf-pkix@imc.org > Subject: Re: Logotypes in certificates > > > Dean and Stefan, > > As a security kinda' guy, I always approach this from the "what will > the bad giy do" perspective. From that perspective, I worry that a > TTP CA will cerfity company X, putting the company X logo in the > cert. Then company X will issue a cert to a subordinate CA, and put > in that cert an inappropriate logo. It is not realistic for an app to > display a chain of logos, and expect a user to pay attention, any > more that if one displayed a chain of DNs. I still maintain that we > can agree on what would be a reasonable set of circumstances in which > the logo extension would be useful and safe, but I don't see a > technical means of enforcing these circumstances without changes to > the path validation algorithm. I am open to suggestions that provide > the necessary controls and don't have this unfortunate side effect, > but I have yet to see an example of such. > > Steve >
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Rich Salz
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Eric Murray
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Myers
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Andrew Hoag
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Tim Moses
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stefan Santesson
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Ambarish Malpani
- RE: Logotypes in certificates Tom Gindin
- RE: Logotypes in certificates Michael Zolotarev
- Re: Logotypes in certificates Terry Hayes
- RE: Logotypes in certificates Peter Gutmann
- RE: Logotypes in certificates Hal Lockhart
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates Stephen Kent
- RE: Logotypes in certificates David Cross
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Trevor Freeman
- RE: Logotypes in certificates Russ Housley
- Re: Logotypes in certificates Dean Povey
- RE: Logotypes in certificates Michael Zolotarev
- RE: Logotypes in certificates Manger, James H
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates David P. Kemp
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Dean Povey
- Re: Logotypes in certificates Michael Ströder
- Re: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates Bob Jueneman
- RE: Logotypes in certificates Stefan Santesson
- RE: Logotypes in certificates todd.glassey
- RE: Logotypes in certificates Stephen Kent
- Re: Logotypes in certificates Anders Rundgren
- RE: Logotypes in certificates Stefan Santesson