[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Charter Revisions, Logotype Business models

To: "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: Charter Revisions, Logotype Business models
From: "Bland, Graham" <Graham.Bland@xxxxxxxxxxxxxxx>
Date: Thu, 6 Sep 2001 12:02:48 +0100
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

To clear up some of the Logotype discussions in my mind is it possible to
define some business models which they are trying to support, without a
clear understanding of these models the detailed discussions seem moot.

As I understand it the primary motivation for Logotype is to allow the
display of a recognisable visual cue(s) to aid the end user of the cert to
make a trust decision.

Here are some examples for discussion, please feel free to tear them to bits
and add others:

End Entity Logo
End entity requests a certificate with a logotype included in the cert
request.  This only applies to the EE cert and for example is a company
logo.  The use of the logo is designed to convey that the certificate holder
is a representative of the organisation, as such the validation of the
requested logo by the CA is similar to the process for the DN.

CA Logo
End Entity requests a certificate with or without a logotype included in the
cert request as above.  In this case the CA wishes to place a logo in the
issued cert to indicate something; for example this is a Visa Cert.  I do
not see the logo reference being requested by the end entity in this case,
more of it being inserted by the CA.  this is the primary trust mechanism
(this cert was issued by Visa) not this cert belongs to Visa.  Other
examples are numerous, such as this is a Verisign SSL server cert.

Logo Hierarchy
The CA logo example above could also be identified by Logos in the issuing
cert, this would require the display of a hierarchy of logos which would be
an output of DPD/DPV ?.  These may be complete or incomplete if for example
not all certs in the chain contain logos.
Also the Logo would get more complex, do we need the logo to indicate the
difference between Verisign Class1, Class 2 etc. certs or would it just be
the same Verisign Logo in all of them. 

Some other questions on the requirements:
Are there circumstances where a cert could contain multiple EE Logos such as
a well known division of a conglomerate could conceivably contain more than
one, for example Volkswagen owns Rolls Royce.

If a hierarchy of Logos are displayed how is this conveyed to the end user
or is just the logo in the EE cert displayed?



> Graham Bland
> Security Designer
> Open....
> 34-35 Farringdon Street London EC4A 4HJ
> Tel: 020 7332 6411   Fax: 020 7332 7100
> E Mail graham.bland@xxxxxxxxxxxxxxx
> 
>

This message is confidential and is intended for the addressee only; unless clearly 
stated that this disclaimer should not apply, this e-mail is not intended to create legally
 binding commitments on behalf of any company in the British Interactive Broadcasting 
Holding Limited group, nor do its contents reflect the corporate views or policies of any 
such company. Any unauthorised disclosure, use or dissemination, either whole or 
partial, is prohibited. If you are not the intended recipient of the message, please notify 
the sender immediately.

Prev by Date: Re: Logos: objection to charter revisions
Next by Date: RE: Removing expired certificates from CRLs.....
Previous by thread: RE: Logos: objection to charter revisions
Next by thread: RE: Charter Revisions, Logotype Business models
Index(es):
- Date
- Thread