[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter revisions

To: <rhousley@xxxxxxxxxxxxxxx>, <steve.hanna@xxxxxxx>
Subject: Re: charter revisions
From: "Bob Jueneman" <bjueneman@xxxxxxxxxx>
Date: Thu, 30 Aug 2001 16:52:02 -0600
Cc: <kent@xxxxxxx>, <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

I agree with Russ and Al.  Validating the appropriateness of the logo is no more difficult as a business proposition than the due diligence validation of the corporation's right to a particular name, and in the case of international companies may actually be easier.

Yes, there are problems with scalability, but I was very impressed with the flexibility of Scalable Vector Graphics to handle that problem.  For visually impaired or blind users, the "logo" could even be a spoken or braille alternative ― "You've got a Visa/VeriSign/Coca-Cola certificate!"  And yes, in the case of subordinate CA's (and boy, are there a lot of those, aren't there?) , we could have a problem with the equivalent of name subordination.  

But the alternative is for the various browser vendors to look up the logo from a supplied list shipped with the browsers (presumably at a significant cost to the logo owner), and a never-ending secure update problem.  I don't think that is an acceptable alternative ― it's almost as hard as managing root certificates.

Of course, accepting the work item as part of the charter doesn't commit us to any particular solution.  We might even decide that the whole thing is hopeless after all, and throw up our hands.  But we should at least take a thoughtful look at the problem.

Bob

Robert R. Jueneman
Security Architect

Novell, Inc -- the leading provider of Net services software



>>> "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx> 08/30/01 11:33AM >>>

Steve Hanna:

>I haven't seen any comments on the revised charter yet. Most of it looks
>good to me. However, I don't think PKIX should do any work on the
>logotype extension. I know that there is a demand for this from
>marketing folks, but I don't believe that we should standardize it
>unless it can be used securely. This does not seem possible.

You and I agree on most things, but we have a major disagreement here.  I 
do not think that we will see widespread deployment of certificates without 
logos.  One measure of success will be the number of certificates that 
average Internet user have.  Hopefully every Internet user will have at 
least one.  I suspect that as we become successful, these logos will be the 
tag by which users select a certificate.

I do not want to see more than one way that logos can be put into 
certificates.  That is the most important reason for PKIX to be involved in 
the definition.  You seem to agree that the market has a demand for 
logos.  Letting each vendor devise an independent way to meet this 
marketing requirement would be very bad for all implementors.

You seem to be concerned with the security of logos.  I am not.  From my 
perspective, we are asking CAs to do many things that are harder than 
including a URL and hash of a the appropriate logo.  In many, many cases, 
this will be the same logo in every certificate that is issued by that CA.

Anyway, we should not have the complete technical debate on a threat about 
the charter.  I strongly encourage the PKIX working group to include this 
area in the charter sent forward to the Area Directors for approval.  Once 
the revised charter is approved, we can have the technical debate and sort 
out the details.

Russ

BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Bob Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell Inc. -- the leading provider of Net services software;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@xxxxxxxxxx
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;;Novell, Inc.\n1800 South Novell Place\n;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah  84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Bob Jueneman=0A=
Novell, Inc.=0A=
1800 South Novell Place=0A=
=0A=
Provo, Utah  84606
END:VCARD

BEGIN:VCARD
VERSION:2.1
X-GWTYPE:USER
FN:Robert R. Jueneman
TEL;WORK:01-801/861-7387
ORG:Novell, Inc.;DS eBusiness Solutions
TEL;PREF;FAX:01-801/861-2522
EMAIL;WORK;PREF;NGW:BJUENEMAN@xxxxxxxxxx
N:Jueneman;Bob
TITLE:Consultant Engineer
ADR;INTL;WORK;PARCEL;POSTAL:;PRV-F331;122 E. 1700 South;Provo;Utah;84606;USA
LABEL;INTL;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah  84606=0A=
USA
LABEL;DOM;WORK;PARCEL;POSTAL;ENCODING=QUOTED-PRINTABLE:Robert R. Jueneman=0A=
PRV-F331=0A=
122 E. 1700 South=0A=
Provo, Utah  84606
TEL;HOME:1-801-765-4378
TEL;CELL:1-801-361-1410
TEL;PREF:1-801-861-7387, 1-800-453-1267
END:VCARD

Prev by Date: Re: charter revisions
Next by Date: Re: charter revisions
Previous by thread: Re: charter revisions
Next by thread: RE: charter revisions
Index(es):
- Date
- Thread