[cabfpub] RFC3709 and EV certificate logotypes

Phillip Hallam-Baker philliph at comodo.com
Mon Jul 22 13:56:03 UTC 2013


That is not how I remember it.  The blocking issue was lack of interest in support in the browsers.

If we really thought we could not validate logos then it would bring the whole CA validation model into question. There is clearly a demand and clearly a security value.

The validation scheme I proposed was to leverage the Madrid treaty on trademarks that required signatories to join a global registry of trademarks held by WIPO.  Pretty much every country of interest is a member. To obtain a logocert the CA would need to complete the following steps above and beyond EV.

1) Determine that there is a registration for the trademark in the Madrid treaty registry system.

2) Determine that the applicant has right of use.

3) Report the application for review (yes, I proposed a transparency requirement several years ahead of CT)


As with many transactions, it is very difficult to completely stop someone from making a fraudulent registration but rather easier to design an application process that makes it difficult to get away with the application without being caught.




On Jul 21, 2013, at 10:59 PM, Rick Andrews <Rick_Andrews at symantec.com> wrote:

> We just used issuer logos in our certs. We never offered subscriber logos because of the difficulty of determining that a subscriber had the legal right to use a particular logo. 
> 
> -Rick
> 
> On Jul 21, 2013, at 3:12 PM, "Hill, Brad" <bhill at paypal-inc.com> wrote:
> 
>> Really?  I remember it being used for subscriber logos in InfoCard back seven or eight years ago.  Since there were no other consumers I'm aware of and that product has been discontinued, I'm not surprised most folks don't want the extra bytes in their cert.  But it might become relevant again if it were still available...
>> ________________________________________
>> From: public-bounces at cabforum.org [public-bounces at cabforum.org] on behalf of Ryan Hurst [ryan.hurst at globalsign.com]
>> Sent: Sunday, July 21, 2013 12:18 PM
>> To: Rick Andrews
>> Cc: Brian Trzupek; public at cabforum.org
>> Subject: Re: [cabfpub] RFC3709 and EV certificate logotypes
>> 
>> Yes.
>> 
>> Symantec (then Verisign) was the first to support it, when we were adding support to cryptoapi.
>> 
>> I don't think anyone ever moved to include subscriber logos just issuer logos.
>> 
>> Ryan Hurst
>> Chief Technology Officer
>> GMO Globalsign
>> 
>> twitter: @rmhrisk
>> email: ryan.hurst at globalsign.com
>> phone: 206-650-7926
>> 
>> Sent from my phone, please forgive the brevity.
>> 
>> On Jul 21, 2013, at 10:37 PM, Rick Andrews <Rick_Andrews at symantec.com> wrote:
>> 
>>> We removed it last year from all certs because no client was doing anything with it.
>>> 
>>> -Rick
>>> 
>>> On Jul 20, 2013, at 11:16 PM, "Ryan Hurst" <ryan.hurst at globalsign.com> wrote:
>>> 
>>>> I believe the same is true for us.
>>>> 
>>>> Ryan Hurst
>>>> Chief Technology Officer
>>>> GMO Globalsign
>>>> 
>>>> twitter: @rmhrisk
>>>> email: ryan.hurst at globalsign.com
>>>> phone: 206-650-7926
>>>> 
>>>> Sent from my phone, please forgive the brevity.
>>>> 
>>>> On Jul 21, 2013, at 5:24 AM, Brian Trzupek <BTrzupek at trustwave.com> wrote:
>>>> 
>>>>> In test. Not in prod. Why?
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>> On Jul 20, 2013, at 6:37 PM, "Hill, Brad" <bhill at paypal-inc.com> wrote:
>>>>> 
>>>>>> Hey folks,
>>>>>> 
>>>>>> Do any of you still support issuing EV certificates with an RFC3709 logotype extension?
>>>>>> 
>>>>>> Thanks,
>>>>>> 
>>>>>> Brad Hill
>>>>>> _______________________________________________
>>>>>> Public mailing list
>>>>>> Public at cabforum.org
>>>>>> https://cabforum.org/mailman/listinfo/public
>>>>> 
>>>>> ________________________________
>>>>> 
>>>>> This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
>>>>> 
>>>>> _______________________________________________
>>>>> Public mailing list
>>>>> Public at cabforum.org
>>>>> https://cabforum.org/mailman/listinfo/public
>>>> <smime.p7s>
>>>> _______________________________________________
>>>> Public mailing list
>>>> Public at cabforum.org
>>>> https://cabforum.org/mailman/listinfo/public
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public




More information about the Public mailing list