[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter revisions

To: ietf-pkix@xxxxxxx
Subject: Re: charter revisions
From: Paul Hoffman / IMC <phoffman@xxxxxxx>
Date: Tue, 4 Sep 2001 14:11:23 -0700
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <><><>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

At 11:58 AM -0400 9/4/01, Steve Hanna wrote:

Unless the author of the Internet Draft indicates otherwise, I will
assume that the primary purpose of putting logotypes in certificates
is so that users can view them to make decisions about whether the
certificates are trustworthy. In that case, the risks are much greater
than those for the use case you described.

Are the risks any greater than what we have in 2459 now with spelling errors or things like "FooCA type 1 certificate" vs. "FooCA type 2 certificate"? I agree with Russ that the benefits are higher, but I'm not at all convinced that the risks are higher.

Unless we can develop a fairly secure way to meet the "marketing
requirement" for logotypes in certificates, I would say that it is
our obligation as an IETF working group to NOT accept this as a
work item. Much better to have multiple incompatible ways
to do something insecure (probably resulting in little deployment
of this feature) than to have the PKIX working group issue an RFC
explaining the one true way to do it. We are in the Security area,
after all!

The end of that paragraph doesn't follow from the beginning of the paragraph. As long as the method we described doesn't have any security holes, it doesn't matter if we meet some pre-existing marketing "need". Further, some of the multiple, non-interoperable protocols are likely to have security problems; that is worse than having one protocol that doesn't meet the need of some CAs.

At 10:34 AM -0700 9/4/01, Michael Myers wrote:

I agree with Stephen Farrell and Steve Hanna that logotypes are out of
scope.

They are out of scope; the discussion is whether to add them to the scope.

These needs are better addressed by other forums.

Such as...?

  Let's focus the
WG's remaining energy on resolving DPV/DPD issues.

The current charter has much more than that already. The "focus" on DPV/DPD is already so fuzzy that it is probably just wishful to hope for much more.

--Paul Hoffman, Director
--Internet Mail Consortium

Follow-Ups:
- Re: charter revisions
  - From: Steve Hanna
- RE: charter revisions
  - From: Michael Myers

References:
- charter revisions
  - From: Stephen Kent
- Re: charter revisions
  - From: Housley, Russ
- Re: charter revisions
  - From: Steve Hanna

Prev by Date: RE: charter revisions
Next by Date: RE: charter revisions
Previous by thread: Re: charter revisions (2)
Next by thread: RE: charter revisions
Index(es):
- Date
- Thread