OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pki-issues message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Feedback on PKI Action Plan

Here are some comments on the PKI Action Plan that
I received. Let's discuss them at our next meeting.

Thanks,

Steve

--------

I think this is a great effort and I really hope we
are successful. I only had a few comments after reviewing
the document:

Introduction
   I thought the final sentence of the last paragraph was a
   bit too definitive w/o any words to back it up:
   "Within two years, PKI deployment should be substantially
   easier". Perhaps that would be better moved to a conclusion
   section, after telling me about the action plan. Or you
   could insert "our primary goal is that" before "PKI deployment".

P. 4. end, typo: s/Because of/Because
p. 7. typo: s/should unbiased/should be unbiased

Action Items
   Although controversial, we might learn a lot by critiqueing
   existing PKI-enabled applications and explaining the problems
   and/or how they could have made things simpler or more interoperable.

   There's been a trend in the standards in recent years to
   hide and reduce the complexity of PKI by moving it to servers
   (ex: XKMS, DPV/DPD, DSS) but most of these standards are still
   in development or haven't been in the market long enough or have
   had enough application support to know if they will be successful
   in that goal. Does the group plan to encourage deployment of
   these standards as a way to reduce the cost & complexity of
applications
   using PKI?

   I think it is a fine goal to develop guidelines, etc for the
   3 most popular applications, but I think it would also be
   beneficial to document examples of why you should use (or pay for)
   these PKI-enabled applications. This might be addressed by the
   "provide educational materials" AI.

   I think the action items may be placing too much emphasis on
   applications and not enough on the infrastructure. You may
   be able to come up with a simple profile/guidelines for
   using and developing secure email, but if it is still too hard
   and too much cost to obtain and manage a certificate (or the
   benefits of using it are too low), then I think the ball stops
   there, so to speak.

S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]