RE: draft-ietf-pkix-logotypes-06.txt

["Trevor Freeman" <trevorf@xxxxxxxxxxxxxxxxxxxxx>]

Denis,
I am still not convinced about binding multiple community logos to a
single certificate. If we take the much overworked merchant\credit card
scenario, then that does not back having multiple community logos bound
to the certificate. A merchant may have multiple separate business
relationships with different credit card brands but how is that related
to a single instance of a credential. I would not expect the CA to make
assertions about someone's business relationships which is what is being
described by the merchant\credit card scenario. I expect the CA to make
assertions about identity of the business and to be reasonably able to
map the legal identify of that business to a set of images they are
legally able to use to represent themselves. When a merchant displays
the logos of the credit cards they accept, the merchant is making an
assertion that they have a business relationship with credit card
vendors. That has nothing to do with the identity of the business.

Trevor

-----Original Message-----
From: Denis Pinkas [mailto:Denis.Pinkas@xxxxxxxx] 
Sent: Monday, October 28, 2002 6:22 AM
To: Housley, Russ
Cc: ietf-pkix@xxxxxxx
Subject: Re: draft-ietf-pkix-logotypes-06.txt

Russ,

I have cut some pieces from the text to make it more readable.

(...)

>> The text says:
>>
>> Compliant applications MUST display more just one (or none) of the 
>> images *and* play just one (or none) of the audio sequences at the 
>> same time.
>>
>> The "and" does not make it optional.
> 
> 
> I think that displaying one image and playing zero audio sequences 
> conforms with this sentence.  if you disagree, please propose
alternate 
> wording for this sentence.

Displaying *zero* image and playing *zero* audio sequences conforms with

this sentence. Is it thus a conformance clause ?

Alternate wording: delete that sentence.

Then, when we will have fixed the minimum size of the logo to be
displayed, 
then we will be able to add a conformance clause for *client-enabled
logos* 
(i.e. clients able to display logos, if they wish to do so).

(...)

>> No. There is no requirement to necessarily show both logos. If they 
>> are combined, then it would be mandatory to display both.
>>
>> Your response is technology driven, since the current ASN.1 syntax 
>> does not allow for that case, your are trying to find a way to 
>> accomodate the need, without changing the syntax.
> 
> No.  The authors wrote the syntax after considering this argument,
> 
> Many merchants have stickers on the doors to their retail shops that 
> indicate the brands of credit cards that are accepted.  They have one 
> sticker with many logos.  This is useful to the consumer because the 
> logos always appear in the same configuration.  I believe that the
same 
> argument applies here.

In practice I have never seen a small retail shop getting the logos all
at 
once e.g. from VISA and AMEX on the same sticker. There are separate
logos. 
So your example is not a real life example.

>> The syntax needs to be changed.
>>
>> > If it is not consistent, then we have not helped the use
>>
>>> make a selection from a group of certificates without investigating 
>>> details.
>>
>>
>> It is still up to the client application to display or not when it
wants,
>> in that case:
>>
>> no logo (1), logo A (2), logo B (3), or both logo A and logo B (4).
> 
> 
> I clearly disagree.  The choice should be no logo and one logo image 
> (which may be a combination of several logos if appropriate).

We clearly disagree, but you do not provide arguments to support your
position.

Since apparently you missed the logo attachments in my other e-mail, and
you 
deleted the note :-( , I am sending them again, with the same comment:

Now, if I had a certificate, it could well include the *two* following 
*community* logos. It would be up to your application, to display none
of 
them, one of them or both of them.

Denis

> Russ