Authenticating logos
Ron_Vered at 3com.com
Ron_Vered at 3com.com
Wed Jan 16 13:35:36 EST 2002
While valid claims (decision about trust is made based on logo, etc.),
similar things happen outside of "cyberspace".
A person goes to AT&T store, with a big logo in front, eventually gives his
credit card information to the person sitting there. That person, maybe an
employee of a dealer / franchise store owner (similar to the Palm case).
Does that person trust the employee? probably not. Does he trust the store
owner? Maybe not. He made his decision based on the logo in front, which
may turn out to be fake.
"Amir Herzberg" <amir at beesites.co.il>@wasabisystems.com on 01/16/2002
07:38:29 AM
Sent by: owner-spki at wasabisystems.com
To: <cryptography @wasabisystems.com>, "'SPKI Mailing List'" <spki
@wasabisystems.com>
cc:
Subject: Authenticating logos
Eric said,
> I didn't say that it wasn't possible to secure logos. I said that
> you couldn't protect people who trusted logos that were transmitted
> to them in Web pages. This is not the same thing. The point is
> that such logos are transmitted in-band and are part of the web
> page. Therefore, they are not cryptographically verified.
It is a pity that logos are not authenticated by SSL and displayed in a
separate window. We've done an experimental implementation of a
secure-logo, as a special frame in the browser, controlled by a (local
or remote but in any case trusted) proxy. The proxy validates that the
server has a certificate for the logo; standard SSL certificates may not
provide this, but they can contain an address where the proxy can go get
the necessary additional certificates.
If anybody is interested in taking this project further, I'll be happy
to help.
Best,
Amir Herzberg
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list