Re: charter revisions

["Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>]

Steve Hanna:

> I haven't seen any comments on the revised charter yet. Most of it looks
> good to me. However, I don't think PKIX should do any work on the
> logotype extension. I know that there is a demand for this from
> marketing folks, but I don't believe that we should standardize it
> unless it can be used securely. This does not seem possible.

You and I agree on most things, but we have a major disagreement here.  I 
do not think that we will see widespread deployment of certificates without 
logos.  One measure of success will be the number of certificates that 
average Internet user have.  Hopefully every Internet user will have at 
least one.  I suspect that as we become successful, these logos will be the 
tag by which users select a certificate.

I do not want to see more than one way that logos can be put into 
certificates.  That is the most important reason for PKIX to be involved in 
the definition.  You seem to agree that the market has a demand for 
logos.  Letting each vendor devise an independent way to meet this 
marketing requirement would be very bad for all implementors.

You seem to be concerned with the security of logos.  I am not.  From my 
perspective, we are asking CAs to do many things that are harder than 
including a URL and hash of a the appropriate logo.  In many, many cases, 
this will be the same logo in every certificate that is issued by that CA.

Anyway, we should not have the complete technical debate on a threat about 
the charter.  I strongly encourage the PKIX working group to include this 
area in the charter sent forward to the Area Directors for approval.  Once 
the revised charter is approved, we can have the technical debate and sort 
out the details.

Russ