[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Discuss comments on draft-ietf-pkix-logotypes

To: iesg@ietf.org
Subject: Discuss comments on draft-ietf-pkix-logotypes
From: Margaret Wasserman <mrw@windriver.com>
Date: Wed, 17 Sep 2003 23:49:52 -0400

I have entered the attached DISCUSS comments on
draft-ietf-pkix-logotypes.

Margaret


Although I don't object, in principle, to the idea of associating logos
or sounds with certificates, I am having trouble understanding the value
of doing so.  Also, I found much of the text in this document to be
either confusing or disturbing.

The discussion of human psychology and branding in the introduction
seems misplaced in a protocol specification.

Also, there is a strange tension in this document between:

1) The  purpose of including logo information in a certificate
   is that users will decide how much to trust a given certificate
   based on its "brand".
2) There is no way to authenticate that the logo information
   associated with a certificate is valid in any way.

The security considerations section says:

"It is thus imperative that the representation of any
certificate that fails to validate is not enhanced in any way by
using the logotype graphic unless an appropriate warning is given to
the end user."

But, other sections of the document have already acknowledged the
fact that the user will pay more attention to whether or not he
trusts the apparent "brand" of the certificate than to an obscure
warning message...

Follow-Ups:
- Re: Discuss comments on draft-ietf-pkix-logotypes
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Discuss on draft-ietf-iptel-trip-mib-08.txt
Next by Date: Re: Discuss comments on draft-ietf-pkix-logotypes
Previous by thread: Discuss on draft-ietf-iptel-trip-mib-08.txt
Next by thread: Re: Discuss comments on draft-ietf-pkix-logotypes
Index(es):
- Date
- Thread