RE: Logotypes [not] in certificates

Frank Balluffi <frankb@valicert.com> Thu, 29 March 2001 15:14 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA17533 for <pkix-archive@odin.ietf.org>; Thu, 29 Mar 2001 10:14:27 -0500 (EST)
Received: from localhost by above.proper.com (8.9.3/8.9.3) with SMTP id HAA04601; Thu, 29 Mar 2001 07:13:38 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Thu, 29 Mar 2001 07:13:32 -0800
Received: from ext-mail.valicert.com (ns1.valicert.com [63.65.221.10]) by above.proper.com (8.9.3/8.9.3) with ESMTP id HAA04562 for <ietf-pkix@imc.org>; Thu, 29 Mar 2001 07:13:31 -0800 (PST)
Received: from CONVERSION-DAEMON by ext-mail.valicert.com (PMDF V5.2-33 #46613) id <0GAY00D01SYKL6@ext-mail.valicert.com> for ietf-pkix@imc.org; Thu, 29 Mar 2001 07:13:32 -0800 (PST)
Received: from polaris.valicert.com ([192.168.2.34]) by ext-mail.valicert.com (PMDF V5.2-33 #46613) with ESMTP id <0GAY00CBNSYKHI@ext-mail.valicert.com>; Thu, 29 Mar 2001 07:13:32 -0800 (PST)
Received: by exchange.valicert.com with Internet Mail Service (5.5.2650.21) id <HR26M4QZ>; Thu, 29 Mar 2001 07:13:17 -0800
Content-return: allowed
Date: Thu, 29 Mar 2001 07:13:16 -0800
From: Frank Balluffi <frankb@valicert.com>
Subject: RE: Logotypes [not] in certificates
To: "'Bodo Moeller'" <moeller@cdc.informatik.tu-darmstadt.de>
Cc: ietf-pkix@imc.org
Message-id: <613B3C619C9AD4118C4E00B0D03E7C3E014BAB25@exchange.valicert.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-type: text/plain; charset="iso-8859-1"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Bodo Moeller said:

> So it is likely that logos will be trusted *instead of* looking at the
> certificate details, rather than in addition to that.  I.e., most
> users won't even notice to which country the logo applies.  This opens
> a new can of worms.  Just one example: Until a couple of years ago,
> the owner of the Bayer name and the Bayer cross logo for the US and
> Canada was a company that had little to do with Bayer AG.  (In 1994,
> Bayer AG bought the division of Sterling Winthrop that had previously
> used these trademarks in North America; then, in 1995, Bayer's US and
> Canadian subsidiaries changed their names from "Miles Inc." and "Miles
> Canada Inc." into "Bayer Corporation" and "Bayer Inc.", respectively.)
> It is because of issues like this that distinguished names are
> hierarchical.

The level of trust will depend upon the application. A bad application is a
bad application. As RFC 3039 says about biometric information, logos should
be used to "enhance identification of the subject."

Frank