Re: Discuss comments on draft-ietf-pkix-logotypes

[Harald Tveit Alvestrand <harald@alvestrand.no>]

--On 18. september 2003 00:07 -0400 Margaret Wasserman <mrw@windriver.com> 
wrote:

> I would feel more comfortable with this specification if the
> security consideration sections said that the client MUST
> NOT display any logo information, unless the certificate has
> been validated with the CA.
>
> In that case, I agree that the CA should be trusted to
> associate the right logo information (for some definition)
> with the certificate.
>
> But, displaying logos for unvalidated certificates along
> with a warning message only seems like a good way to distract
> users from taking the warning seriously.

I was thinking that since this is a graphics interface issue, appropriate 
warning messages might be a large red X placed across the face of the 
certificate picture, or a visual representation of a certificate graphic 
chopped into little pieces..... it is possible to make warning messages 
hard to overlook.

But that's "out of scope for the IETF".....