It's a bit like the "Thawte Secure Site" seal. They encourage
https sites
to put it on their pages (and of course make advertising for them).
But the drawback is that people start to think as they see the seal
that the site is a "good" one. So if you are a "bad" one you can add
the seal and people will think they're save.
So basically with the seal Thawte - surely without deliberateness -
tricks the people in a trust feeling they can't control and into
(wrong) trust situations they can't provide.
The security controls in this case are a set of Web crawlers that
continuously scan the net for violations of the use policy. There
are a couple of other features built in that help detect abuse.
Sure it is a system that is based on enforcement rather than
cryptography. But even so systems of that kind can work. Until
cryptography came along they were all we had.
A transition to a more secure scheme is already under way. If
you look at the more recent SSL roots you will find that they
use the LogoTypes extension to create a cryptographic binding
between the certificate and the logo.
Phill
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg