Re: [pki-askvendors] Revised Ask Vendors survey

[Steve Hanna <Steve.Hanna@Sun.COM>]

Thanks for your comments, Shivangi. You have
a lot of good ideas. Here are my thoughts in
response.

Shivangi Nadkarni wrote:
>>--------------
>>
>>Subject: PKI Support in Your Products
>>
>>Please forward this email to the Product Manager
>>for your ??? product or someone else who has
>>insight into the process by which the feature
>>set for this product is chosen.
> 
> 
>> [Shivangi] - Do we need to give a small intro here saying we are
> writing to you from the OASIS PKI Technical Committee which is looking at
> ways and means of making PKI easy to use......etc....? Just to ensure that
> the person who receives this doesnt trash the mail, especially if he/she
> is not the concerned person to whom the survey is targetted.
> 
> Or is is that these folks have already been contacted so they dont need a
> repeat?

Good idea. I don't want to repeat all the text
that appears later in the survey, but here's a
brief intro paragraph that could go the text
"Please forward this email ...". OK?

We, the OASIS PKI Technical Committee, are working
to improve Public Key Infrastructure (PKI) and to
remove obstacles to PKI deployment and usage. Since
your company has a product relevant to PKI, we'd like
to ask for a small amount of assistance.

>>Why is this worth your valuable time? The market for
>>PKI enabled applications is potentially quite large.
>>The U.S. Department of Defense is now deploying
>>PKI enabled smart cards to 4 million workers.
>>Deployment at the FBI is under way and discussions
>>have begun on extending the system throughout the
>>U.S. government. Corporate adoption of PKI enabled
>>smart cards is picking up with large companies
>>like Johnson and Johnson and Sun Microsystems
>>leading the way.
> 
>> [Shivangi] - At a global level also, much of Europe and Asia have PKI
> initiatives and E-Signature legislations that directly or indirectly
> propagate PKI
> 
> (Sorry - cudnt resist adding a bit of "non-US" centric point in your
 > note ;-))

Thanks for pointing this out. Maybe we should add a
sentence after "U.S. government" saying "In Europe,
Asia, and around the world, PKI initiatives are under
way and in some cases large and well established."

>> [Shivangi] - Steve, is this survey targetted at those orgns who
> already have PKI support built in for their products or for those who do
> not currently have support but are "candidates" for the same? If it is
> going to be answered by people who already have some level of support
> built in (thats the impression I got from the list of vendors u've
> circulated), then there shud be a few more questions for them like :

Some survey recipients already have PKI support in their
products. Many do not. It is a mix.

> -Are you happy with the PKI functionality/ features built into your
> product? If not, what specific areas would you like to enhance/ improve?

I like this question. Let's change question 1 to ask
for a bit more information:

1) Does your company currently sell products with PKI
    support? If so, which products include PKI support
    and what sort of PKI support do they include?

And then add a new question after that:

2) Are you happy with your PKI support or lack thereof?
    If not, what changes would you like to make? Is there
    something in particular holding you back from making
    these changes? If so, what?

> -Are the existing standards in PKI sufficient for building your
> applications? Did you feel constrained at any point in time by the lack
> of/ incompleteness of standards?
> -Did you have to take any decisions to do some amount of "proprietary
> implementation" to overcome lack of a standard specification? Would you
> like to share that with us?

These questions seem to be gathering more detail
about problems with PKI-related standards. But we
haven't yet determined whether standards are a
serious problem for these companies. I want to
understand what problems are holding them back
before drilling down too much on one problem.
Does that sound good to you?

> These were some thoughts that came to my mind while going thru your mail.
> If I have any more bursts of inspiration, will let you know.

Thanks for these comments. Please let me know
if you are comfortable with the changes I have
suggested to address them. I will submit the
revised survey to the PKI TC tomorrow so they
can discuss it at the Wednesday PKI TC meeting.

Any ideas on the vendor list?

Thanks,

Steve