OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11-comment] Dealing with a 2% or 80% PKCS #11 market

On 2013-07-24 16:39, Dennis E. Hamilton wrote:
> I don't understand the basis of the 2% and 80% comparison.  
>
> What is the 100% of which Windows, Android, and iOS make up 98%?  

What normal end-users use.  That is laptops, phones, "pads".

>
> That is, what is the 2% that you are talking about, and how large is that in absolute numbers?

A guesstimate is that Linux desktops/laptops/phones are used by 5-20M people.

>
> Now, with regard to Hardware Security Modules (HSMs?), what is that market size and what is 80% in absolute numbers?

I have no idea but if 80% of all HSM-based applications use PKCS #11 then it is pretty much _THE_ standard = IMPORTANT.

>
> I suspect that if I had a business that could profitably capture 1% of that 100% for some period of time, I would be a very happy camper.  I might even be quite happy with some smaller percentage of the 2% of that ginormous 100%.

What I meant is that none of the big vendors of consumer computers have any reason to bother about PKCS #11.

However, the message lacked context so here it is: PKCS #11 doesn't support online provisioning which is needed for end-users.
What missing? Things like performing C_InitToken in a remote scenario.  Can you do that?  IMO, no you can't.   It is not even possible to list requirements because you're  not allowed to do that for activities that would affect BILLIONS of users if you work for a major US tech company which means that TC would be restricted to lame, watered down solutions that would have zero uptake.  The remoting would also involve a protocol, presumably invoked from a browser and then the number of big NO NOs will crush all other (and much more useful) activities.

Our best option is waiting for Google.  They have decided to deal with this issue in the FIDO Alliance.


>
> I am not objecting to your conclusion.  I just don't see what the absolute comparison of %ages of quite different populations has to do with it.
>
>  - Dennis

Anders

>
> -----Original Message-----
> From: pkcs11-comment@lists.oasis-open.org [mailto:pkcs11-comment@lists.oasis-open.org] On Behalf Of Anders Rundgren
> Sent: Tuesday, July 23, 2013 11:21 PM
> To: pkcs11-comment@lists.oasis-open.org
> Subject: [pkcs11-comment] Dealing with a 2% or 80% PKCS #11 market
>
> I have had some discussion with people involved in PKCS #11.
> As far as I know PKCS #11 isn't a part of Windows, Android or iOS.
> That is, for 98% of all normal end-users PKCS #11 is irrelevant.
>
> For HSMs OTOH the PKCS #11 market-share may be as high as 80%.
>
> IMO, it doesn't make sense putting a lot of energy on a 2% market unless
> it is about adding things that exist in the schemes used by the other 98%.
>
> Anders
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]