OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [pki-tc] Work items for the PKI TC

John asked people to send specific work items to this list
for discussion. The overall goal of this TC is to "address
issues related to the successful deployment of digital
certificates". So far, PKI deployment has been slower than hoped.
I believe we must adopt task items that will identify
impediments to PKI deployment and address them or see that
they are addressed. The PKI TC is particularly well suited
to this task, since we have a mix of technical, business, and
legal members.

Therefore, I propose the following work items:

1) Identify obstacles to PKI deployment

   This may require a survey of customers who have deployed
   PKI or considered PKI deployment and decided against it.
   Or we may be able to collect this data from existing

2) Address obstacles to PKI deployment

   We must figure out how to address the obstacles identified
   through work item 1). But we may be able to start work
   on this task before work item 1) has been completed if
   we identify and agree on key obstacles right now. Here is
   a list of obstacles that I have heard from customers:

 A) High Cost of Deploying PKI

   PKI is typically expensive to deploy. In addition to high
   per-user costs (for smart cards and certificates), there
   are high costs to get started. You must establish
   certificate policies and practices, buy and install CA
   software, and modify relying party software (which rarely
   includes PKI support). We must reduce this barrier to entry.

 B) Complexity of PKI

   To deploy PKI, you must hire or develop full-time PKI
   experts. There should be shrink-wrapped PKI deployment
   packages that any competent IS person can install and

 C) Interoperability Problems

   PKI products from different vendors don't work well
   together. We need to make sure that all basic PKI
   functions (certificate issuance, renewal, verification,
   and revocation) can be performed with any combination
   of different vendors' products.

Until these problems are addressed, PKI will not reach
its full potential. In some cases, the PKI TC is not the
right group to address these problems. But we can act as
the "voice of the customer", bringing a problem to
the attention of the right group and asking them to
address the problem.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]