[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf-pkix
Subject:    Re: Embedded certificate image
From:       Stefan Santesson <stefan () aaa-sec ! com>
Date:       2009-08-14 13:43:24
Message-ID: C6AB369C.3E23%stefan () aaa-sec ! com
[Download RAW message or body]


I would like to conclude this discussion, at least with respect to this
draft.

The fact of the case is that the scope of this draft is limited to defining
a new image type to be referenced through the logotype extension defined in
RFC3709.

All RFC 3709 allows in this context is to define an OID and its semantics.
There are no extensibility mechanism available through which one can provide
any extra random bits to the image.

The question is therefore not what could be done to safely include image
data in a certificate signed with a poor signature algorithm, but if it is
reasonable to reference the data URL scheme as one optional way to store the
referenced image without adding any random data.

My proposal is to allow the data url scheme for embedding an image, but to
clarify the risk of including images provided by a potential attacker in
combination with a week signing hash.

Would anyone strongly object?

/Stefan


On 09-08-04 4:27 PM, "Stephen Kent" <kent@bbn.com> wrote:

> 
> At 4:46 PM -0400 8/3/09, Kemp, David P. wrote:
>> If a CA were going to accept user input to an image composed by the CA,
>> then the composition process can provide confounding data by doing more
>> than just "inserting a customer-provided graphic into a [known] template
>> provided by the CA".  The Security Considerations section could
>> recommend steganographic techniques for unpredictably modifying the
>> image in perceptually-insignificant ways, such as by adding noise to the
>> image data and/or inserting random tags in image formats for which tags
>> are defined.
>> 
> 
> David,
> 
> I think a CA-selected, random prefix may be a better choice here. An
> organization may be very "attached" to its logo and not want any form
> of manipulation.  In many (most?) cases I expect the organization to
> provide the artwork in precisely the form they will want it to be
> displayed. It would be much easier for a CA to just generate random
> bit string and insert in into a data structure used to convey the
> image, rather than having to be able to watermark the image in some
> fahsion.
> 
> Steve
> 


[prev in list] [next in list] [prev in thread] [next in thread]