RE: [pki-askvendors] Revised Ask Vendors survey

["Shivangi Nadkarni" <shivangi@safescrypt.com>]

Hi Steve,

I'm with you on your thoughts. Lets quickly move ahead once everyone on the
SC has given their inputs.

What are the next steps? U mentioned someone who could help with vendor
lists, right?

rgds
Shivangi

> -----Original Message-----
> From: Steve Hanna [mailto:Steve.Hanna@Sun.COM]
> Sent: Monday, May 17, 2004 8:56 PM
> To: PKI TC Ask Vendors SC
> Subject: Re: [pki-askvendors] Revised Ask Vendors survey
>
>
> Thanks for your comments, Shivangi. You have
> a lot of good ideas. Here are my thoughts in
> response.
>
> Shivangi Nadkarni wrote:
> >>--------------
> >>
> >>Subject: PKI Support in Your Products
> >>
> >>Please forward this email to the Product Manager
> >>for your ??? product or someone else who has
> >>insight into the process by which the feature
> >>set for this product is chosen.
> >
> >
> >> [Shivangi] - Do we need to give a small intro here saying we are
> > writing to you from the OASIS PKI Technical Committee which is
> looking at
> > ways and means of making PKI easy to use......etc....? Just to
> ensure that
> > the person who receives this doesnt trash the mail, especially if he/she
> > is not the concerned person to whom the survey is targetted.
> >
> > Or is is that these folks have already been contacted so they
> dont need a
> > repeat?
>
> Good idea. I don't want to repeat all the text
> that appears later in the survey, but here's a
> brief intro paragraph that could go the text
> "Please forward this email ...". OK?
>
> We, the OASIS PKI Technical Committee, are working
> to improve Public Key Infrastructure (PKI) and to
> remove obstacles to PKI deployment and usage. Since
> your company has a product relevant to PKI, we'd like
> to ask for a small amount of assistance.
>
> >>Why is this worth your valuable time? The market for
> >>PKI enabled applications is potentially quite large.
> >>The U.S. Department of Defense is now deploying
> >>PKI enabled smart cards to 4 million workers.
> >>Deployment at the FBI is under way and discussions
> >>have begun on extending the system throughout the
> >>U.S. government. Corporate adoption of PKI enabled
> >>smart cards is picking up with large companies
> >>like Johnson and Johnson and Sun Microsystems
> >>leading the way.
> >
> >> [Shivangi] - At a global level also, much of Europe and Asia have PKI
> > initiatives and E-Signature legislations that directly or indirectly
> > propagate PKI
> >
> > (Sorry - cudnt resist adding a bit of "non-US" centric point in your
>  > note ;-))
>
> Thanks for pointing this out. Maybe we should add a
> sentence after "U.S. government" saying "In Europe,
> Asia, and around the world, PKI initiatives are under
> way and in some cases large and well established."
>
> >> [Shivangi] - Steve, is this survey targetted at those orgns who
> > already have PKI support built in for their products or for those who do
> > not currently have support but are "candidates" for the same? If it is
> > going to be answered by people who already have some level of support
> > built in (thats the impression I got from the list of vendors u've
> > circulated), then there shud be a few more questions for them like :
>
> Some survey recipients already have PKI support in their
> products. Many do not. It is a mix.
>
> > -Are you happy with the PKI functionality/ features built into your
> > product? If not, what specific areas would you like to enhance/ improve?
>
> I like this question. Let's change question 1 to ask
> for a bit more information:
>
> 1) Does your company currently sell products with PKI
>     support? If so, which products include PKI support
>     and what sort of PKI support do they include?
>
> And then add a new question after that:
>
> 2) Are you happy with your PKI support or lack thereof?
>     If not, what changes would you like to make? Is there
>     something in particular holding you back from making
>     these changes? If so, what?
>
> > -Are the existing standards in PKI sufficient for building your
> > applications? Did you feel constrained at any point in time by the lack
> > of/ incompleteness of standards?
> > -Did you have to take any decisions to do some amount of "proprietary
> > implementation" to overcome lack of a standard specification? Would you
> > like to share that with us?
>
> These questions seem to be gathering more detail
> about problems with PKI-related standards. But we
> haven't yet determined whether standards are a
> serious problem for these companies. I want to
> understand what problems are holding them back
> before drilling down too much on one problem.
> Does that sound good to you?
>
> > These were some thoughts that came to my mind while going thru
> your mail.
> > If I have any more bursts of inspiration, will let you know.
>
> Thanks for these comments. Please let me know
> if you are comfortable with the changes I have
> suggested to address them. I will submit the
> revised survey to the PKI TC tomorrow so they
> can discuss it at the Wednesday PKI TC meeting.
>
> Any ideas on the vendor list?
>
> Thanks,
>
> Steve
>
>