[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Logos: objection to charter revisions

To: Stefan Santesson <stefan@xxxxxxxxxxxx>
Subject: Re: Logos: objection to charter revisions
From: Denis Pinkas <Denis.Pinkas@xxxxxxxx>
Date: Mon, 24 Sep 2001 11:30:25 +0200
Cc: "PKIX (E-mail)" <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Organization: Integris. A Bull Company
References: <> <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Stefan,

The current point is whether we include or not this work item on our "PKIX
plate". I wonder what the decision is at this time. Nevertheless, I will
provide you with some comments on your e-mail.

> Denis,
> 
> As I catch up the logo discussion, I think your questions are pretty much
> answered in the current draft.
> 
> In principle, there is no difference between the certificate types you
> mention regarding logos. What the logos means to the relying party is up to
> each relying party to define.

It seems difficult define extensions which have a left open and hence
undefined meaning !
 
> What is more important is that the different the logotypes have distinct
> meanings.
>
> 1) Subject organization logotype: The logotype of the organization
> specified in the subject field
> 2) Issuer Logotype: The logotype of the organization specified in the
> issuer field
> 3) Concept logotype: A logotype used by the issuer to represent the concept
> under which the certificate was issued.
> 
> The concept may represent a type of assurance level, policy or a family of
> distinct services shared between multiple CAs.
 
> The meaning of these logotypes are the same for any type of certificate,
> but in general they are only used to enhance human recognition after the
> certificate having passed all other validation criteria for certificate
> reliance.

This is the main point that puzzles me. In other words, this extension is
never checked when an automatic processing is being used, but is only
checked (how ???, using which criteria ???) by a human being. When this
extension appears in multiple certificates from a chain, shall all the
logotypes be displayed, or printed ? How should this be done ? 

But the main point is that this could lead to different results whether
human interactions or automatic processing is performed. 

Isn't it a problem ?  

Denis

 
> /Stefan
> 
> At 11:02 2001-09-06 +0200, Denis Pinkas wrote:
> 
> >After seeing all that discussion about logos, I realized that we had
> >a solution (i.e. the draft writen by Stefan) for an unknown problem.
> >
> >1) Are logos to be used in server certificates ?
> >    If so, what would be their intended meaning ?
> >
> >2) Are logos to be used in human-user certificates ?
> >    If so, what would be their intended meaning ?
> >
> >3) Are logos to be used in CA certificates ?
> >    If so, what would be their intended meaning ?
> >
> >4) Are logos to be used in self-signed certificates ?
> >    If so, what would be their intented meaning ?
> >
> >I do not think that the meaning and the use of the logo information will
> >necessarilly be the same for all of the above cases.
> >
> >If that topic is going to stay on the charter, before we define a solution
> >we should first define the requirements. So an INFORMATIONAL RFC on the
> >requirements should be the first step. This Informational RFC should at
> >least answer to the questions raised above.
> >
> >Denis

Follow-Ups:
- Re: Logos: objection to charter revisions
  - From: Stefan Santesson

References:
- RE: Logos: objection to charter revisions
  - From: Manger, James H
- Re: Logos: objection to charter revisions
  - From: Stefan Santesson

Prev by Date: Re: Logos: objection to charter revisions
Next by Date: Logos in PKIX - Was: charter revisions
Previous by thread: Re: Logos: objection to charter revisions
Next by thread: Re: Logos: objection to charter revisions
Index(es):
- Date
- Thread