Authenticating logos
Amir Herzberg
amir at beesites.co.il
Wed Jan 16 10:38:29 EST 2002
Eric said,
> I didn't say that it wasn't possible to secure logos. I said that
> you couldn't protect people who trusted logos that were transmitted
> to them in Web pages. This is not the same thing. The point is
> that such logos are transmitted in-band and are part of the web
> page. Therefore, they are not cryptographically verified.
It is a pity that logos are not authenticated by SSL and displayed in a
separate window. We've done an experimental implementation of a
secure-logo, as a special frame in the browser, controlled by a (local
or remote but in any case trusted) proxy. The proxy validates that the
server has a certificate for the logo; standard SSL certificates may not
provide this, but they can contain an address where the proxy can go get
the necessary additional certificates.
If anybody is interested in taking this project further, I'll be happy
to help.
Best,
Amir Herzberg
See http://amir.beesites.co.il for link to lectures and draft-chapters
on `secure communication and commerce using cryptography`; feedback
welcome!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list