Internet X.509 Public Key Infrastructure: Logotypes in X.509 Certificates
draft-ietf-pkix-logotypes-13
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Bert Wijnen |
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Margaret Wasserman |
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Harald Alvestrand |
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Ned Freed |
2012-08-22
|
13 | (System) | post-migration administrative database adjustment to the No Objection position for Ted Hardie |
2003-12-17
|
13 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2003-12-16
|
13 | Amy Vezza | IESG state changed to Approved-announcement sent |
2003-12-16
|
13 | Amy Vezza | IESG has approved the document |
2003-12-16
|
13 | Amy Vezza | Closed "Approve" ballot |
2003-12-16
|
13 | Steven Bellovin | State Changes to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed by Steve Bellovin |
2003-12-03
|
13 | (System) | New version available: draft-ietf-pkix-logotypes-13.txt |
2003-11-21
|
13 | Amy Vezza | Removed from agenda for telechat - 2003-11-20 by Amy Vezza |
2003-11-20
|
13 | Amy Vezza | State Changes to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation by Amy Vezza |
2003-11-19
|
13 | Ned Freed | [Ballot comment] I've cleared my discuss, but a couple of nits remain: The field name for the media type is called "mediaSubType". This should be … [Ballot comment] I've cleared my discuss, but a couple of nits remain: The field name for the media type is called "mediaSubType". This should be changed to "mediaType" since it contains the entire media type string, not just the subtype. The restructuring that's been done fixes the problem of having to use image types exclusively for images and audio types exclusively for aduio, but this in turn means that the comment on the media type field "MIME image or audio subtype" is no longer appropriate. Suggest changing it to "MIME media type name and optional parameters". I continue to believe that it is a mistake not to use media features rather than inventing a new private nonextensible labelling scheme, but my belief is not cause to block this document going forward. |
2003-11-19
|
13 | Ned Freed | [Ballot Position Update] Position for Ned Freed has been changed to No Objection from Discuss by Ned Freed |
2003-11-19
|
13 | Harald Alvestrand | [Ballot comment] I have cleared my discuss based on version -12. I still agree with Ned's comments about describing data, but will leave it to … [Ballot comment] I have cleared my discuss based on version -12. I still agree with Ned's comments about describing data, but will leave it to Ned to say if those issues have been addressed. Still worried about the GIF reference, but it's not worth holding the document for. |
2003-11-19
|
13 | Harald Alvestrand | [Ballot Position Update] Position for Harald Alvestrand has been changed to No Objection from Discuss by Harald Alvestrand |
2003-11-06
|
13 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Discuss by Ted Hardie |
2003-11-05
|
13 | Steven Bellovin | State Changes to IESG Evaluation from IESG Evaluation::Revised ID Needed by Steve Bellovin |
2003-11-05
|
13 | Steven Bellovin | Placed on agenda for telechat - 2003-11-20 by Steve Bellovin |
2003-11-05
|
13 | Steven Bellovin | [Note]: 'Minor changes have been made while waiting on IESG action' has been cleared by Steve Bellovin |
2003-11-05
|
13 | Steven Bellovin | Changes made in response to DISCUSS comments. |
2003-10-24
|
12 | (System) | New version available: draft-ietf-pkix-logotypes-12.txt |
2003-09-22
|
13 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2003-09-22
|
13 | Amy Vezza | Removed from agenda for telechat - 2003-09-18 by Amy Vezza |
2003-09-22
|
13 | Bert Wijnen | [Ballot comment] My DSICUSS question was: What do the numbers in the first column in appendix B represent? The answer is that they are … [Ballot comment] My DSICUSS question was: What do the numbers in the first column in appendix B represent? The answer is that they are offsets into the certificate. Russ and I agreed (via email) that it would be good to add a sentence about that so that people can understand what the first column represents. |
2003-09-22
|
13 | Bert Wijnen | [Ballot Position Update] Position has been changed to No Objection from Discuss by Bert Wijnen |
2003-09-20
|
13 | Margaret Cullen | [Ballot comment] Changed my discuss vote to no-obj after discussion with Russ, Steve and others. |
2003-09-20
|
13 | Margaret Cullen | [Ballot Position Update] Position has been changed to No Objection from Discuss by Margaret Wasserman |
2003-09-18
|
13 | Harald Alvestrand | [Ballot discuss] Image/JPEG, Image/GIF and Audio/MPEG are not included in references. Image/JPEG is OK (registry refers to RFC 2046, which has a ref to … [Ballot discuss] Image/JPEG, Image/GIF and Audio/MPEG are not included in references. Image/JPEG is OK (registry refers to RFC 2046, which has a ref to the JPEG spec), but Image/GIF doesn't have a good reference (the RFC 2046 reference in IANA's database is erroneous). Audio/MPEG is OK, but needs to reference RFC 3003. I also agree with Ned's comments about describing data. Also, the spec uses an URI without specifying any usage guidelines for it except that HTTP must be supported - in theory, one could validly insert an LDAP: URI or a mailto: URI - it's unclear how an interpreter is supposed to interpret that. The text is weak in requiring relying parties to check the hash. The security considerations do not mention the privacy issue that someone watching the connection between user and server can detect when someone is using a certificate for the first time. |
2003-09-18
|
13 | Bert Wijnen | [Ballot discuss] What do the numbers in the first column in appendix B represent? |
2003-09-18
|
13 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded by Alex Zinin |
2003-09-18
|
13 | Bert Wijnen | [Ballot Position Update] New position, Discuss, has been recorded by Bert Wijnen |
2003-09-18
|
13 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded by Allison Mankin |
2003-09-18
|
13 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded by Thomas Narten |
2003-09-18
|
13 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded by Bill Fenner |
2003-09-18
|
13 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded by Jon Peterson |
2003-09-17
|
13 | Margaret Cullen | [Ballot discuss] Although I don't object, in principle, to the idea of associating logos or sounds with certificates, I am having trouble understanding the value … [Ballot discuss] Although I don't object, in principle, to the idea of associating logos or sounds with certificates, I am having trouble understanding the value of doing so. Also, I found much of the text in this document to be either confusing or disturbing. The discussion of human psychology and branding in the introduction seems misplaced in a protocol specification. Also, there is a strange tension in this document between: 1) The purpose of including logo information in a certificate is that users will decide how much to trust a given certificate based on its "brand". 2) There is no way to authenticate that the logo information associated with a certificate is valid in any way. The security considerations section says: "It is thus imperative that the representation of any certificate that fails to validate is not enhanced in any way by using the logotype graphic unless an appropriate warning is given to the end user." But, other sections of the document have already acknowledged the fact that the user will pay more attention to whether or not he trusts the apparent "brand" of the certificate than to an obscure warning message... |
2003-09-17
|
13 | Margaret Cullen | [Ballot Position Update] New position, Discuss, has been recorded by Margaret Wasserman |
2003-09-16
|
13 | Ted Hardie | [Ballot discuss] Section 1. TH: I personally believe this whole line of reasoning is utterly bogus. X.509 Certs are not human readable, and the idea … [Ballot discuss] Section 1. TH: I personally believe this whole line of reasoning is utterly bogus. X.509 Certs are not human readable, and the idea that external reference to human-readable symbols adds to their functionality doesn't fly. The *best* we can hope for is that the inclusion doesn't preclude the correct functioning of the automated checks, so that they don't allow for trivial social engineering around the cryptographic assurance these are meant to apply. Section 3. TH: Once again, this conflates URI with the protocol processing needed to dereference a file. This should probably limited to a very restricted set of agreed-on URI schemes. It also needs to think very carefully about the content negotiation aspects of this, as they have forbidden the display or annunciation of multiple variants, yet there is no pointer to how to select among them. A ranked order system (like multipart-alternative) or CONNEG style mechanism looks required. Section 7> draft: It is thus imperative that the representation of any certificate that fails to validate is not enhanced in any way by using the logotype graphic unless an appropriate warning is given to the end user. TH: No. No. No. No warning can overcome symbols where the naive user has a strong reason to believe the symbol. Take, for example, a user who has downloaded a site with a self-signed certificate in which the authority claims to be "United States GAO" and presents the symbol of the great seal of the United States. The *real* site may have a VeriSign-issued cert, but the naive user is going to believe it is reasonable for a sovereign nation to self-sign, and providing a lifted logo is just going to make the social engineering worse. |
2003-09-16
|
13 | Ted Hardie | [Ballot Position Update] New position, Discuss, has been recorded by Ted Hardie |
2003-09-12
|
13 | Harald Alvestrand | [Ballot discuss] Image/JPEG, Image/GIF and Audio/MPEG are not included in references. Image/JPEG is OK (registry refers to RFC 2046, which has a ref to … [Ballot discuss] Image/JPEG, Image/GIF and Audio/MPEG are not included in references. Image/JPEG is OK (registry refers to RFC 2046, which has a ref to the JPEG spec), but Image/GIF doesn't have a good reference (the RFC 2046 reference in IANA's database is erroneous). Audio/MPEG is OK, but needs to reference RFC 3003. I also agree with Ned's comments about describing data. Also, the spec uses an URI without specifying any usage guidelines for it - in theory, one could validly insert an LDAP: URI or a mailto: URI - it's unclear how an interpreter is supposed to interpret that. |
2003-09-12
|
13 | Harald Alvestrand | [Ballot Position Update] New position, Discuss, has been recorded by Harald Alvestrand |
2003-09-12
|
13 | Ned Freed | [Ballot discuss] It isn't clear whether the mimeType field is restricted to a MIME type/subtype pair or whether it allows for specification of MIME type … [Ballot discuss] It isn't clear whether the mimeType field is restricted to a MIME type/subtype pair or whether it allows for specification of MIME type parameters. I note that some audio types use parameters to communicate information that's needed in order to play back the audio stream correctly. The restriction to subtypes of image and audio is... interesting. The rule is that subtypes of image must be image formats and subtypes of audio must be audio formats, but the converse -- that subtypes of other top-level types cannot be used to describe images and audio -- is not true. For example, application/postscript can be used for images. (It was placed under application because it can be used for other things as well.) There are also several problems with the definitions of the LogotypeGrayScaleImageInfo, LogotypeColorImageInfo, and LogotypeAudioInfo fields: (1) Images can be language-specific, so why can't they be tagged with a langauge? (2) It is perfectly reasonable to tag audio objects with a length but not all audio formats employ a fixed number of sample per second. Yet samples per second is a mandatory field in the LogotypeAudioInfo structure. (3) I'm by no means an expert, but I'm fairly sure that not all image formats are amenable to the number of colors/greyscale levels being specified as a "number of bits". Yet these are also mandatory fields. All this begs the question of why our existing media features facility wasn't used here rather than defining what amounts to a new but limited feature tagging facility. |
2003-09-12
|
13 | Ned Freed | [Ballot Position Update] New position, Discuss, has been recorded by Ned Freed |
2003-09-12
|
13 | Russ Housley | [Ballot Position Update] New position, Recuse, has been recorded by Russ Housley |
2003-09-12
|
13 | Steven Bellovin | [Ballot Position Update] New position, Yes, has been recorded for Steven Bellovin |
2003-09-12
|
13 | Steven Bellovin | Ballot has been issued by Steve Bellovin |
2003-09-12
|
13 | Steven Bellovin | Created "Approve" ballot |
2003-09-12
|
13 | (System) | Ballot writeup text was added |
2003-09-12
|
13 | (System) | Last call text was added |
2003-09-12
|
13 | (System) | Ballot approval text was added |
2003-09-10
|
13 | Steven Bellovin | State Changes to IESG Evaluation from In Last Call by Steve Bellovin |
2003-09-10
|
13 | Steven Bellovin | Placed on agenda for telechat - 2003-09-18 by Steve Bellovin |
2003-07-28
|
11 | (System) | New version available: draft-ietf-pkix-logotypes-11.txt |
2003-06-05
|
13 | Amy Vezza | Status date has been changed to 2003-06-19 from |
2003-06-05
|
13 | Amy Vezza | State Changes to In Last Call from Publication Requested by Vezza, Amy |
2003-06-05
|
13 | (System) | Last call sent |
2003-03-18
|
13 | Russ Housley | Intended Status has been changed to Proposed Standard from None |
2003-03-06
|
10 | (System) | New version available: draft-ietf-pkix-logotypes-10.txt |
2003-02-23
|
13 | Steven Bellovin | Draft Added by Bellovin, Steve |
2002-12-20
|
09 | (System) | New version available: draft-ietf-pkix-logotypes-09.txt |
2002-11-21
|
08 | (System) | New version available: draft-ietf-pkix-logotypes-08.txt |
2002-10-28
|
07 | (System) | New version available: draft-ietf-pkix-logotypes-07.txt |
2002-10-07
|
06 | (System) | New version available: draft-ietf-pkix-logotypes-06.txt |
2002-09-18
|
05 | (System) | New version available: draft-ietf-pkix-logotypes-05.txt |
2002-09-03
|
04 | (System) | New version available: draft-ietf-pkix-logotypes-04.txt |
2002-06-28
|
03 | (System) | New version available: draft-ietf-pkix-logotypes-03.txt |
2002-04-17
|
02 | (System) | New version available: draft-ietf-pkix-logotypes-02.txt |
2002-02-08
|
01 | (System) | New version available: draft-ietf-pkix-logotypes-01.txt |
2001-07-26
|
00 | (System) | New version available: draft-ietf-pkix-logotypes-00.txt |