RE: Logos: objection to charter revisions

["Manger, James H" <James.H.Manger@xxxxxxxxxxxxxxxx>]

Steve Hanna,

You says "nobody has been able to come up with any way to fix [the current
logo proposal]" and conclude "that it can't be fixed".  .. but you provide
fixes earlier in the same e-mail!

Your statement that logos should be "ignored unless all certificates in the
path indicate that they should be supported" is just the sort of "logo
constraint" that enables safe use of logos.

One good reason for looking at logos is that it focuses attention on the
limitations of the current name constraints mechanism.  Name constraints
should be able to deal with new name forms and with non-hierarchical name
forms (logos are both), but the current extension cannot.  Name constraints
should, for instance, be able to exclude names of specified types or only
permit names of specified types.  [Another problem with the current name
constraints is that the "constraints" have to use the same syntax as the
"name", which is not always appropriate.]


> ----------
> From: 	Steve Hanna [mailto:steve.hanna@xxxxxxx] 
> Sent:	Thursday, 6 September 2001 7:36
> 
	..I, for one, would be much more comfortable if logotypes were
ignored unless all certificates in the path indicate that they should be
supported..

	..provide similar text warning that logotypes in certificates should
not be scaled or mapped to different colors before display. If this
requirement cannot be met, the certificate should be treated as if it did
not contain the logotype.

	..the proposal is demonstrably flawed (although this is subject to
some debate). Nobody has been able to come up with any way to fix it. My
conclusion is that it can't be fixed.