Re: ACTION-457: Give overview of why logotypes are interesting in security considerations section from Yngve Nysaeter Pettersen on 2008-06-20 (public-wsc-wg@w3.org from June 2008)

From: Yngve Nysaeter Pettersen <yngve@opera.com>
Date: Fri, 20 Jun 2008 11:09:21 +0200
To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, public-wsc-wg@w3.org
Message-ID: <op.uc1idvlgvqd7e2@killashandra.oslo.opera.com>

I am not sure all readers would know the connection between X.500, X.509,  
and PKIX.

On Fri, 20 Jun 2008 04:34:45 +0200, Hallam-Baker, Phillip  
<pbaker@verisign.com> wrote:

>
> Sorry for the delay, have had real wordsmithing probs.
> Certificate Logotype Data
> Where the security of a Web interaction depends on the reliable  
> interpretation of the subject identity, the usability of the identifier  
> chosen to represent that identity is of great importance. A DNS name is  
> an identifier created for the purpose of specifying network hosts and is  
> optimized for that purpose, in particular ease of entry is given  
> priority over ease of interpretation. Likewise, the X.500 Distinguished  
> Names employed in X.509 digital certificates are a technical construct  
> designed to support the needs of the network directory.
> The form of identifier that corporations in particular have adopted for  
> representing their identity is the logo. A logo is an image that is  
> designed to communicate the identity of the party that uses it. Many  
> corporations and other enterprises invest enormous amounts of time,  
> effort and money to develop and promote logos that are instantly  
> recognizable.
> The PKIX Logotype extension allows the use of image or audio data to  
> represent the certificate subject, the certificate issuer and assertions  
> that the subject is a member of certain specified communities. The image  
> or audio data is securely incorporated into the certificate by a URL  
> reference and a cryptographically secure message digest of the data.
> Presentation of Logotype information from a PKIX certificate may allow  
> more effective representation of the subject and/or issuer identity and  
> membership of community groups, provided that:
>
> *	The logo information is presented in a manner that the user is likely  
> to take notice of in the necessary circumstances
> *	The logo information is presented through a secure channel that cannot  
> be spoofed or emulated by an attacker.
>
> In addition any technique that makes a subject identity assertion more  
> usable to the user is likely to increase the users confidence in that  
> identity and thus their reliance. Subject logotype data MUST NOT be  
> presented to the user without caveat unless it is contained in an  
> Augmented Assurance certificate.
>



-- 
Sincerely,
Yngve N. Pettersen
********************************************************************
Senior Developer		     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************

Received on Friday, 20 June 2008 09:12:06 UTC