[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: More PKI Action Plan comments
Here are some more comments on the PKI Action Plan. I have removed identifying information to protect the privacy of the person submitting the comments. Thanks, Steve --------- In reviewing the draft action plan, an area of concern is the usage of the term "interoperable". [...] This term is overused and rarely clearly defined for the specific context intended. Some vendors and participants may presume the interoperability problem to exist between PKI implementations. Others may recognize the interoperability problems as being between applications enabled to use PKI and the particular PKI implementations of interest. Still others may choose to focus on application interoperability when the applications have been enabled to use the same PKI. It would be helpful to clearly state the context and boundaries of the term "interoperability". I agree that reference implementations of PKI and of applications enabled to use PKI will be a major contributor to the success of ALL PKIs. And as you have said, if more focus is placed on specific functional areas (such as certificate path validation) for standardization rather than the proliferation of substantially repetitive ways to "skin the cat", the result will be better building blocks. As we are seeing in [my organization], the "build it and they will come" mentality will only carry us so far. Also, to answer one of your focus questions, I think that to take two years for fruitful technical guidance may be under-ambitious. I understand by my own experience, though, that the consensus-building effort can be tedious and drawn out.
S/MIME Cryptographic Signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]