Re: [pki-survey] Final draft follow-up survey

[Steve Hanna <steve.hanna@sun.com>]

It's important for respondents to quickly understand
what each item means. I guess it might help to add
a few example protocols. How about "(such as S/MIME
or SSL)", since those are probably the two most
commonly used protocols that use PKI?

This doesn't seem too leading to me. I don't think
the respondent will be more or less likely to choose
that item if we include this explanation.

Thanks,

Steve

Sharon Boeyen wrote:
> 
> Steve, I agree with all of your suggestions. On the "protocols that
> use PKI" would it be a good idea to add an "e.g. S/MIME" or do you
> think that would be too leading?
> 
> -----Original Message-----
> From: Steve Hanna [mailto:steve.hanna@sun.com]
> Sent: Tuesday, August 05, 2003 5:05 PM
> To: Sharon Boeyen
> Cc: PKI TC Survey SC
> Subject: Re: [pki-survey] Final draft follow-up survey
> 
> Thanks for the review, Sharon. My comments are below.
> 
> Sharon Boeyen wrote:
> > I have no comments on the email text - I think it's perfect.
> 
> Good!
> 
> > Just a couple of minor comments on the survey itself:
> >
> > 1 - In the privacy statement it says "If you choose to
> > provide your email address..." but they really don't have
> > a choice do they? Question 1 requires that they supply it.
> > Suggest rewording the privacy statement to say "If you choose
> > to complete this survey (note that this requires supplying
> > your email address)...
> 
> Good point. I'll make this change.
> 
> > 2 - In question 2 I'm wondering if the "(generally not
> > legally binding)" could be changed to something like "(generally
> > no specific legal significance)". I'm thinking of things like
> > expense claims for business travel or other forms signed within
> > your own company for example. Your employment contract may make
> > these legally binding but they are different than signing contracts
> > for example. I like the "legally binding" for that category but
> > think the "not" may be a bit misleading in the signing electronic
> > forms case.
> 
> I see what you mean. The phrase "generally no specific legal
> significance" is long and a bit lawyerly, though. How about
> moving Signing Contracts to the front (since that's short
> and clear) and changing the parenthetical comment for Signing
> Electronic Forms to "(not legal agreements)" or "(not contracts)"?
> 
> > 3 - In the text just before question 3, where you describe the
> > points system it might be helpful to add another sentence at the
> > end of the first paragraph to make sure people understand that
> > they don't need to distribute the points among all items, only to
> > those of importance to them. Something along these lines "Note that you are
> > free to allocate the points as you see fit and there is no need
> > to allocate points to each item, only to those you feel are
> > important. For example all 10 points could be allocated to a single item
> > if you feel that reflects the relative importance." might work, but
> > I'm flexible on the text itself. Just want to make sure they understand
> > the flexibility.
> 
> OK. I'll make a change for this.
> 
> > 4 - In 7a, I suggest adding another item to the list (probably fits
> > in between certificate revocation and smart card). The item is
> > path validation.
> 
> That's a good one. It's pretty specific.
> 
> I think the three items that start with Application are
> too vague. Respondents will have trouble knowing what they
> mean and we'll have trouble knowing what to do if they
> are ranked high. Maybe we should change them to:
> 
> Protocols that use PKI
>    [formerly Application-Server and Application-Application]
> 
> Unusual Certificate Contents
>    [formerly Application-Certificate]
> 
> > 5 - In question 8, first paragraph. It might be good to add a sentence
> > to the end of this paragraph indicating that we still have the comments
> > they provided in the first survey so they need not repeat those, but any
> > additional thoughts would be welcome here.
> 
> There is a note about that later in question 8.
> I'll move it to the end of the first paragraph.
> 
> > Sorry I've taken so long to respond - just been swamped :-)
> 
> That's OK. I was worried we would miss our August 11
> startup date. But the OASIS staff is moving quickly.
> I should have a prototype survey for you to try by
> Thursday at the latest.
> 
> Thanks,
> 
> Steve

S/MIME Cryptographic Signature