RE: Logotypes in certificates

[todd.glassey@att.net]

--
Regards,
Todd
> Steve,
> 
> I have problem to find the time to compile the input you ask for.
> 
> I think though that enough persons, where many of those actually represent 
> significant market players in PKI, 

You mean people that provide PKI solutions, not people that use them. This 
is a key differentiation, (pardon the pun) since I have yet to hear
anyone who would be using LogoTypes say what and how they would 
use them for.

> has spoken in favour of including 
> logotypes in certificates in some form.
> 
> I would further regard Bob Junemans very relevant input as yet another very 
> good reason for this.
> 
> So to me the question is more HOW instead of IF or WHY. Everybody doesn't 
> have to need or want a feature in order to motivate its support in 
> standards. 

here again. Is this feature for the users of the system or
for you as a technologist?


> What is important though is that there is a consensus that the 
> choosen solution doesn't break 

Impugn the QoS, or increase the overhead of

> the systems for those who don't need or 
> want to use it.
> 
> I agree with those who consider inclusion of logotypes in policy qualifiers 
> as a primitive hack, but I also see the good sides of this and right now I 
> agree with Russ that this is probably the best way to do it in order to 
> avoid the problems you address.

I see it differently. I see it as a way to complicate an
already very complex process. Once again more and more of the use model seems to 
be sneaking from the Application into the core protocol, making
creeping featureism an everyday word it seems.
> 
> If policy qualifiers would be deprecated, then I'm open for suggestions. I 
> don't care that much about HOW as long as this important need gets addressed.
> 
> /Stefan
> 
> 
> At 10:11 2001-03-23 -0500, Stephen Kent wrote:
> >Stefan,
> >
> >>Steve,
> >>
> >>There was a suggestion during a dinner yesterday that logotypes actually 
> >>could be provided as a policy qualifier. That would actually solve your 
> >>problem since you could directly tie acceptance of logotypes in 
> >>certificates to a particular policy.
> >>
> >>This enables you to control the path validation problem with the use of 
> >>policy constraints.
> >
> >I'd be comfortable with that approach, except that we have discouraged use 
> >of policy qualifiers, as Russ noted.
> >
> >Let me suggest again that you send another message that includes a 
> >comprehensive rationale for inclusion of logotypes, indicating what types 
> >of certs would be allowed to contain them, what reference form you 
> >envision, and what controls you think should be employed to prevent the 
> >sorts of misuse I warned about.  With a concrete proposal, and well 
> >articulated rationale on the table, I think we have a better chance of 
> >making progress.
> >
> >Steve
>