RE: Logotypes in certificates

Stephen Kent <kent@bbn.com> Wed, 21 March 2001 23:22 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id SAA22057 for <pkix-archive@odin.ietf.org>; Wed, 21 Mar 2001 18:22:13 -0500 (EST)
Received: from localhost by above.proper.com (8.9.3/8.9.3) with SMTP id PAA10119; Wed, 21 Mar 2001 15:21:32 -0800 (PST)
Received: by mail.imc.org (bulk_mailer v1.12); Wed, 21 Mar 2001 15:21:30 -0800
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.9.3/8.9.3) with ESMTP id PAA10088 for <ietf-pkix@imc.org>; Wed, 21 Mar 2001 15:21:29 -0800 (PST)
Received: from [128.33.238.72] (TC096.BBN.COM [128.33.238.96]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id SAA01290; Wed, 21 Mar 2001 18:18:02 -0500 (EST)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010407b6dee6ef6571@[128.33.238.72]>
In-Reply-To: <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au>
References: <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au>
Date: Wed, 21 Mar 2001 18:21:53 -0500
To: Michael Zolotarev <michael.zolotarev@baltimore.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: Logotypes in certificates
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Michael,

>Though I don't favor including logotype or reference to a logotype to a
>cert, considering it as a pure marketing trick (sorry, Stefan :), but my
>realisation was that a logotype is by no means related to the establishment
>of trust. It is 100% meant for a human eye only, and verification algorithm
>should simply ignore it, as it ingores any other proprietory extentions. If
>the verification comes up with an answer 'not validated', and the software
>prompts a user saying 'couldn't validate', and the user still makes a
>decision to trust the cert, it is an application's problem, which already
>exists now, and logotypes add no extra pitch to it.

I think the whole purpose of including a displayable logo is 
precisely an attempt by a CA to gain the trust of users, so I 
disagree with your stating point. The concern I raised is not one 
that is addressed by your example, i.e., my example of a "bad 
outcome" is a cert that carries a logo which will be recognized by a 
user and thus will engender the user's confidence, but it is 
contained in a cert that, while valid under our path validation 
controls, has nothing to do with the entity whose logo appears in the 
cert and which is displayed to the user.

>As an extreme, if a CA considers logotypes to be anyhow harmful, it simply
>won't have a logotype in its own cert, and refuse certification of
>logotypes.

As a CA I can refuse to certify a logo-equipped cert one layer down, 
but not farther, unless we adopt a means of representing the logo 
that is subject to existing controls. Tom suggested on possible 
means, if we put the logo in an altname field and make it a type 
which can be prohibited using nameConstraints.

Steve