[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter revisions

To: Steve Hanna <steve.hanna@xxxxxxx>
Subject: Re: charter revisions
From: Stephen Kent <kent@xxxxxxx>
Date: Thu, 30 Aug 2001 17:06:20 -0400
Cc: ietf-pkix@xxxxxxx
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Steve,

As you recall, I have not been a fan of the logotype extension. I have requested Stefan justify the utility of the extension, in concept, and propose a concrete design to be evaluated. Still, I think the first of your criticisms is not a good one.

I haven't seen any comments on the revised charter yet. Most of it looks
good to me. However, I don't think PKIX should do any work on the
logotype extension. I know that there is a demand for this from
marketing folks, but I don't believe that we should standardize it
unless it can be used securely. This does not seem possible.

First, CAs will find it very hard to verify whether a particular
logotype should be included in a particular certificate. They'll just
need to certify whatever the client gives them and disclaim all
responsibility for its accuracy. With textual names, at least they can
make some attempt to verify that the name corresponds to the requesting
client (by requiring a response from an email address before it's
certified, for instance).

Just as a CA may employ various means to verify a subject's claim to a name, a CA can employ analogous means to verify a subject's claim to a logotype. In fact, this may be relatively easy to verify if the logo is a registered trademark (something a CA could require via its CPS).

Second, there's no equivalent to name constraints for use in cross
certificates. If I cross certify someone, I just have to trust that they
(and anyone they certify) will only put proper logotypes into
certificates.

This has been my greatest concern as well, and I'd like to see a better proposal on how to better control use of the extension. Stefan rejected some approaches, and provided rationales for the rejections, but that doesn't mean that we have to live with the current proposal if the WG finds the inherent security problematic.

Third, an apparently innocuous logotype can change appearance radically
when scaled to a smaller size or mapped to a different number of colors.
This can be exploited to deceive cell phone users into thinking that
they're communicating with their bank, for instance.

I had not considered this issue. we should explore ways that this problem might be avoided. presumably anyone displaying a logo on a web page has a similar concern, so maybe there are viable means to address this issue.

Unless these concerns can be addressed, I do not think that this
proposal is safe and secure. And I do not think that the IETF should
publish an RFC on a fundamentally insecure idea, especially from a
security working group.

The attribute RFC has some problems too, in that bad choices of how to map an AC to a PKC can result in security failures, right? So, the issue is not whether there are insecure ways to make use of the extension, but whether there are ways to make its use secure and whether, on the balance, we think appropriate use of the extension is beneficial, from a security (not marketing) perspective.

Steve

Follow-Ups:
- Re: charter revisions
  - From: Steve Hanna
- Re: charter revisions
  - From: Michael Ströder

References:
- charter revisions
  - From: Stephen Kent
- Re: charter revisions
  - From: Steve Hanna

Prev by Date: RE: charter revisions
Next by Date: Re: charter revisions
Previous by thread: Re: charter revisions
Next by thread: Re: charter revisions
Index(es):
- Date
- Thread