IETF Logo Mail Archive

RE: Logotypes in certificates

Stephen Kent <kent@bbn.com> Tue, 03 April 2001 14:43 UTC

Received: from above.proper.com ([208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with SMTP id KAA02799 for <pkix-archive@odin.ietf.org>; Tue, 3 Apr 2001 10:43:09 -0400 (EDT)
Received: from localhost (daemon@localhost) by above.proper.com (8.9.3/8.9.3) with SMTP id HAA05155; Tue, 3 Apr 2001 07:41:49 -0700 (PDT)
Received: by mail.imc.org (bulk_mailer v1.12); Tue, 3 Apr 2001 07:41:31 -0700
Received: from po1.bbn.com (PO1.BBN.COM [192.1.50.38]) by above.proper.com (8.9.3/8.9.3) with ESMTP id HAA05100 for <ietf-pkix@imc.org>; Tue, 3 Apr 2001 07:41:30 -0700 (PDT)
Received: from [128.33.4.39] (comsec.bbn.com [128.33.4.39]) by po1.bbn.com (8.9.1/8.9.1) with ESMTP id KAA21271; Tue, 3 Apr 2001 10:41:28 -0400 (EDT)
Mime-Version: 1.0
X-Sender: kent@po1.bbn.com
Message-Id: <p05010400b6ef9022503a@[128.33.4.39]>
In-Reply-To: <5.0.0.25.2.20010402222124.033fbc38@mail.addtrust.com>
References: <5.0.0.25.2.20010322185247.0420d990@mail.addtrust.com> < <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au> <D44EACB40164D311BEF00090274EDCCA1E740A@sydneymail1.zergo.com.au> <5.0.0.25.2.20010322185247.0420d990@mail.addtrust.com> <5.0.0.25.2.20010402222124.033fbc38@mail.addtrust.com>
Date: Tue, 03 Apr 2001 10:43:13 -0400
To: Stefan Santesson <stefan@addtrust.com>
From: Stephen Kent <kent@bbn.com>
Subject: RE: Logotypes in certificates
Cc: ietf-pkix@imc.org
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Precedence: bulk
List-Archive: http://www.imc.org/ietf-pkix/mail-archive/
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: mailto:ietf-pkix-request@imc.org?body=unsubscribe

Stefan,

>Steve,
>
>I have problem to find the time to compile the input you ask for.
>
>I think though that enough persons, where many of those actually 
>represent significant market players in PKI, has spoken in favour of 
>including logotypes in certificates in some form.

In the IETF we make decisions based on technical inputs from 
individuals, not endorsements from company representatives, so the 
motivation you cite here is not persuasive. Also, several folks other 
than I have pointed out potential vulnerabilities of logotype use. I 
think it fair to say that there are pluses and minuses here.

>I would further regard Bob Junemans very relevant input as yet 
>another very good reason for this.

Bob made an argument for the acceptability of the logotype notion 
based on presumed legal redress against a public (TTP) CA. The 
concerns I and others have raised assume a rogue CA  below that 
level. Also, the IETF, in making standards, tends to prefer security 
mechanisms that are proactive and that do not rely on the legal 
system for redress.

>So to me the question is more HOW instead of IF or WHY. Everybody 
>doesn't have to need or want a feature in order to motivate its 
>support in standards. What is important though is that there is a 
>consensus that the choosen solution doesn't break the systems for 
>those who doesn't need or want to use it.

I learned long ago that it's often a bad idea to agree to a concept 
irrespective of a proposed means of achieving it. So, absent a 
concrete proposal for HOW, I don't think we have consensus on WHETHER 
to pursue this work item.  That's why I proposed that you, as the 
prime mover behind the idea, develop a comprehensive proposal for 
what you are trying to achieve and how you propose to achieve it. if 
you can't find the time to do that, then we will not pursue it.


Steve

v2.23.0 | Report a Bug | By Email