At 4:46 PM -0400 8/3/09, Kemp, David P. wrote:
If a CA were going to accept user input to an image composed by the CA, then the composition process can provide confounding data by doing more than just "inserting a customer-provided graphic into a [known] template provided by the CA". The Security Considerations section could recommend steganographic techniques for unpredictably modifying the image in perceptually-insignificant ways, such as by adding noise to the image data and/or inserting random tags in image formats for which tags are defined.
David,I think a CA-selected, random prefix may be a better choice here. An organization may be very "attached" to its logo and not want any form of manipulation. In many (most?) cases I expect the organization to provide the artwork in precisely the form they will want it to be displayed. It would be much easier for a CA to just generate random bit string and insert in into a data structure used to convey the image, rather than having to be able to watermark the image in some fahsion.
Steve