Re: charter revisions

[Steve Hanna <steve.hanna@xxxxxxx>]

I haven't seen any comments on the revised charter yet. Most of it looks
good to me. However, I don't think PKIX should do any work on the
logotype extension. I know that there is a demand for this from
marketing folks, but I don't believe that we should standardize it
unless it can be used securely. This does not seem possible.

First, CAs will find it very hard to verify whether a particular
logotype should be included in a particular certificate. They'll just
need to certify whatever the client gives them and disclaim all
responsibility for its accuracy. With textual names, at least they can
make some attempt to verify that the name corresponds to the requesting
client (by requiring a response from an email address before it's
certified, for instance).

Second, there's no equivalent to name constraints for use in cross
certificates. If I cross certify someone, I just have to trust that they
(and anyone they certify) will only put proper logotypes into
certificates.

Third, an apparently innocuous logotype can change appearance radically
when scaled to a smaller size or mapped to a different number of colors.
This can be exploited to deceive cell phone users into thinking that
they're communicating with their bank, for instance.

Unless these concerns can be addressed, I do not think that this
proposal is safe and secure. And I do not think that the IETF should
publish an RFC on a fundamentally insecure idea, especially from a
security working group.

-Steve