Re: Discuss comments on draft-ietf-pkix-logotypes

[Russ Housley <housley@vigilsec.com>]

Margaret:

RFC 3280 is silent on the presentation of information from certificates 
that fail to validate.  This is partly because there are so many different 
reasons that a certificate might fail to validate, and it is partly because 
it is not a "bits on the wire" issue.

I am opposed to the words that Steve proposed because certificate 
information is "used" to generate error messages.  Let's face it, most 
users do not know what a certificate is.  Anything that helps them 
understand that the stuff that they got to enable the use of the Starbucks 
wireless network is not working any more, probably because the certificate 
expired, is helpful.

Russ


> > If you want an additional warning, I'm not going to object.  But it
> > should be worded something like this:
> >
> >         As with all other fields in a certificate, logo information
> >         MUST NOT be used until the validity of the certificate has been
> >         successfully checked.
>
> This statement would work for me.
>
> Currently, the document says:
>
> "It is thus imperative that the representation of any certificate
> that fails to validate is not enhanced in any way by using the
> logotype graphic unless an appropriate warning is given to the
> end user."
>
> ...which I found pretty weak.
>
> Are there any cases when a certificate that fails to validate
> should be represented to the user without a warning?  This
> paragraph implies that it is okay to do so, as long as the
> logo information isn't displayed.
>
> I also think that displaying a trusted logo (like the MS logo)
> along with the warning message would actually make it _more_
> likely that a user would ignore the warning and click "OK".
>
> I'm not going to lose sleep over this, though, if our security
> folks really think that what's in the current draft is adequate.
>
> Margaret