[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-pkix-logotypes-06.txt

To: "Housley, Russ" <rhousley@xxxxxxxxxxxxxxx>
Subject: Re: draft-ietf-pkix-logotypes-06.txt
From: Dean Povey <povey@xxxxxxxxxxxxx>
Date: Wed, 23 Oct 2002 15:02:33 +1000
Cc: Denis Pinkas <Denis.Pinkas@xxxxxxxx>, ietf-pkix@xxxxxxx
In-reply-to: Your message of "Mon, 21 Oct 2002 13:57:51 -0400." <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

<meta>I have been sitting on the sidelines in this debate for a bit, 
because I thought it would all go away.  Since it appears not to have, I 
feel obliged to vent :-) </meta>

>>If a user using a client is blind, do we think he will be more confident by
>>hearing the gingle ? How does he make sure that the gingle really originates
>>from the logoype extension ?
>
>The jingle associated with a brand may well help a blind person select the 
>most appropriate certificate.  Remember that this is one of the primary 
>motives for the specification.

I don't buy this.  Logos/trademarks are a piece of IP that most companies
invest a considerable amount of time and effort associating with their
brand.  Jingles are produced by advertising companies and generally have a
much shorter life time.  Sometimes companies license some existing music
for their jingle (as in Microsoft's Start Me Up campaign).  Besides which
many of companies which matter most for this spec don't have recognisable
jingles.  Can you hum the RSA jingle Russ :-).  Does anyone know the
Verisign one.

Adding a jingle to a certificate means revoking it every time a company
changes its advertising.  This is clearly silly.  Whilst logos do change,
the cost of changing them is so high in most organisations that it seems to
be a rarer event (they last years rather than weeks). The whole point of
logotypes is to provide a mechanism to increase trust recognition in
certificates. Clearly, displaying a logo is not useful in improving trust
to a blind person, however there are other means available (e.g. the
browser software can read out the subject and issuer names to them).

Notwithstanding the good intentions of the draft editors who have in many
ways produced an excellent document, I STRONGLY RECOMMEND that the whole
audio bit of the logotypes draft be deleted as a bad joke.

-- 
Dean Povey,             |em: povey@xxxxxxxxxxxxx|JCSI: Java security toolkit
Wedgetail Communications|ph:  +61 7 3023 5139   |uPKI: Embedded/C PKI toolkit
Level 14, 388 Queen St, |fax: +61 7 3023 5199   |uSSL: Embedded/C SSL toolkit
Brisbane, Australia     |www: www.wedgetail.com |XML Security: XML Signatures

Follow-Ups:
- Re: draft-ietf-pkix-logotypes-06.txt
  - From: Housley, Russ
- Re: draft-ietf-pkix-logotypes-06.txt
  - From: Aram Perez

References:
- Re: draft-ietf-pkix-logotypes-06.txt
  - From: Housley, Russ

Prev by Date: Re: 2003 PKI Research Workshop CFP
Next by Date: Re: draft-ietf-pkix-logotypes-06.txt
Previous by thread: Re: draft-ietf-pkix-logotypes-06.txt
Next by thread: Re: draft-ietf-pkix-logotypes-06.txt
Index(es):
- Date
- Thread