[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Discuss comments on draft-ietf-pkix-logotypes

To: Russ Housley <housley@vigilsec.com>
Subject: Re: Discuss comments on draft-ietf-pkix-logotypes
From: Margaret Wasserman <mrw@windriver.com>
Date: Thu, 18 Sep 2003 00:07:14 -0400
Cc: iesg@ietf.org
In-reply-to: <5.2.0.9.2.20030917235459.04113550@mail.binhost.com>
References: <5.1.0.14.2.20030917234800.03e2aeb0@mail.windriver.com>


I would feel more comfortable with this specification if the
security consideration sections said that the client MUST
NOT display any logo information, unless the certificate has
been validated with the CA.

In that case, I agree that the CA should be trusted to
associate the right logo information (for some definition)
with the certificate.

But, displaying logos for unvalidated certificates along
with a warning message only seems like a good way to distract
users from taking the warning seriously.

Margaret

At 11:59 PM 9/17/2003 -0400, Russ Housley wrote:

Margaret:

The certificate is signed by the Certification Authority. The CA is responsible for the accuracy of all of the information in the certificate.

I belive that the most valuable use of this draft has to do with selection of a certificate from a whole pile. Assume that you have certificates from Starbucks and Boingo for use with EAP-TLS to access wireless networks. When attempting to access a wireless network, the user will know which credential is most likely to work, so the Starbucks logo and the Boingo logo will do much more to help the use make the right choice than viewing subject and issuer names in the certificates.

Russ

At 11:49 PM 9/17/2003 -0400, Margaret Wasserman wrote:
I have entered the attached DISCUSS comments on
draft-ietf-pkix-logotypes.
Margaret
Although I don't object, in principle, to the idea of associating logos
or sounds with certificates, I am having trouble understanding the value
of doing so.  Also, I found much of the text in this document to be
either confusing or disturbing.
The discussion of human psychology and branding in the introduction
seems misplaced in a protocol specification.
Also, there is a strange tension in this document between:
1) The  purpose of including logo information in a certificate
   is that users will decide how much to trust a given certificate
   based on its "brand".
2) There is no way to authenticate that the logo information
   associated with a certificate is valid in any way.
The security considerations section says:
"It is thus imperative that the representation of any
certificate that fails to validate is not enhanced in any way by
using the logotype graphic unless an appropriate warning is given to
the end user."
But, other sections of the document have already acknowledged the
fact that the user will pay more attention to whether or not he
trusts the apparent "brand" of the certificate than to an obscure
warning message...

Follow-Ups:
- Re: Discuss comments on draft-ietf-pkix-logotypes
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>
- Re: Discuss comments on draft-ietf-pkix-logotypes
  - From: "Steven M. Bellovin" <smb@research.att.com>

References:
- Discuss comments on draft-ietf-pkix-logotypes
  - From: Margaret Wasserman <mrw@windriver.com>
- Re: Discuss comments on draft-ietf-pkix-logotypes
  - From: Russ Housley <housley@vigilsec.com>

Prev by Date: Re: Discuss comments on draft-ietf-pkix-logotypes
Next by Date: Re: Last Call: 'Generic Message Exchange Authentication For SSH' to Proposed Standard
Previous by thread: Re: Discuss comments on draft-ietf-pkix-logotypes
Next by thread: Re: Discuss comments on draft-ietf-pkix-logotypes
Index(es):
- Date
- Thread