[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Logotypes in certificates

To: Stephen Kent <kent@xxxxxxx>
Subject: RE: Logotypes in certificates
From: Stefan Santesson <stefan@xxxxxxxxxxxx>
Date: Mon, 02 Apr 2001 23:28:03 +0200
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
References: <>< <><><>

Steve,

I have problem to find the time to compile the input you ask for.

I think though that enough persons, where many of those actually represent significant market players in PKI, has spoken in favour of including logotypes in certificates in some form.

I would further regard Bob Junemans very relevant input as yet another very good reason for this.

So to me the question is more HOW instead of IF or WHY. Everybody doesn't have to need or want a feature in order to motivate its support in standards. What is important though is that there is a consensus that the choosen solution doesn't break the systems for those who doesn't need or want to use it.

I agree with those who consider inclusion of logotypes in policy qualifiers as a primitive hack, but I also see the good sides of this and right now I agree with Russ that this is probably the best way to do it in order to avoid the problems you address.

If policy qualifiers would be deprecated, then I'm open for suggestions. I don't care that much about HOW as long as this important need gets addressed.

/Stefan

At 10:11 2001-03-23 -0500, Stephen Kent wrote:

Stefan,

Steve,

There was a suggestion during a dinner yesterday that logotypes actually could be provided as a policy qualifier. That would actually solve your problem since you could directly tie acceptance of logotypes in certificates to a particular policy.

This enables you to control the path validation problem with the use of policy constraints.
I'd be comfortable with that approach, except that we have discouraged use of policy qualifiers, as Russ noted.

Let me suggest again that you send another message that includes a comprehensive rationale for inclusion of logotypes, indicating what types of certs would be allowed to contain them, what reference form you envision, and what controls you think should be employed to prevent the sorts of misuse I warned about. With a concrete proposal, and well articulated rationale on the table, I think we have a better chance of making progress.

Steve

Follow-Ups:
- Re: Logotypes in certificates
  - From: Anders Rundgren
- RE: Logotypes in certificates
  - From: Stephen Kent

References:
- RE: Logotypes in certificates
  - From: Stefan Santesson
- RE: Logotypes in certificates
  - From: Michael Zolotarev
- RE: Logotypes in certificates
  - From: Stephen Kent

Prev by Date: Re: OCSPv2 certHash option will be deleted
Next by Date: RE: Logotypes in certificates
Previous by thread: RE: Logotypes in certificates
Next by thread: RE: Logotypes in certificates
Index(es):
- Date
- Thread