[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: charter revisions
I too agree that logotypes can help foster deployment of certificates to the
broader consumer community. Consider how merchants use the Visa, MC, and
AMEX logos to denote which credit cards they accept. Consumers then look
into their wallets and pull out the appropriate credit card (using the logo
as an identifier) based on what the merchant will accept. Of course, the
merchant still processes the credit card to ensure it is still valid, and
does not solely rely on the logo on the card. The same approach can be
taken with consumers trying to gain access to services at merchant web
sites. Therefore, I think it would be helpful to define a standard way of
representing logos in certificates.
Yuriy
-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx [mailto:owner-ietf-pkix@xxxxxxxxxxxx]On
Behalf Of Al Arsenault
Sent: Thursday, August 30, 2001 4:43 PM
To: Steve Hanna
Cc: Stephen Kent; ietf-pkix@xxxxxxx
Subject: RE: charter revisions
I agree with Russ here. The issues involved with logos, while difficult,
are not insurmountable. They do serve a useful purpose in some
environments, and a standard way of including them will be much better than
letting every CA invents its own.
I believe that the logo work should be in the PKIX charter.
Al Arsenault
Chief Security Architect
Diversinet
-----Original Message-----
From: owner-ietf-pkix@xxxxxxxxxxxx
[mailto:owner-ietf-pkix@xxxxxxxxxxxx]On Behalf Of Housley, Russ
Sent: Thursday, August 30, 2001 1:33 PM
To: Steve Hanna
Cc: Stephen Kent; ietf-pkix@xxxxxxx
Subject: Re: charter revisions
Steve Hanna:
>I haven't seen any comments on the revised charter yet. Most of it looks
>good to me. However, I don't think PKIX should do any work on the
>logotype extension. I know that there is a demand for this from
>marketing folks, but I don't believe that we should standardize it
>unless it can be used securely. This does not seem possible.
You and I agree on most things, but we have a major disagreement here. I
do not think that we will see widespread deployment of certificates without
logos. One measure of success will be the number of certificates that
average Internet user have. Hopefully every Internet user will have at
least one. I suspect that as we become successful, these logos will be the
tag by which users select a certificate.
I do not want to see more than one way that logos can be put into
certificates. That is the most important reason for PKIX to be involved in
the definition. You seem to agree that the market has a demand for
logos. Letting each vendor devise an independent way to meet this
marketing requirement would be very bad for all implementors.
You seem to be concerned with the security of logos. I am not. From my
perspective, we are asking CAs to do many things that are harder than
including a URL and hash of a the appropriate logo. In many, many cases,
this will be the same logo in every certificate that is issued by that CA.
Anyway, we should not have the complete technical debate on a threat about
the charter. I strongly encourage the PKIX working group to include this
area in the charter sent forward to the Area Directors for approval. Once
the revised charter is approved, we can have the technical debate and sort
out the details.
Russ