pki-tc message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [pki-tc] Work items for the PKI TC
- From: Anders Rundgren <anders.rundgren@telia.com>
- To: pki-tc@lists.oasis-open.org, Steve Hanna <steve.hanna@sun.com>
- Date: Wed, 12 Mar 2003 07:49:09 +0100
Steve,
I have one major question regarding the deliverables of the
OASIS PKI-TC.
Are we supposed to produce an agreed-upon road-map or
provide as set issues with possibly multiple solutions?
As you may have noted, I and many other PKI architects, have lost faith in
directories as the foundation for PKI deployment. Phillip Hallam-Baker
of VeriSign even says, "X.500, LDAP Considered harmful":
http://www.imc.org/ietf-pkix/mail-archive/msg05571.html
Therefore we may have an impossible task ahead of us.
Depending on what the task really is of course.
Best
Anders
----- Original Message -----
From: "Steve Hanna" <steve.hanna@sun.com>
To: <pki-tc@lists.oasis-open.org>
Sent: Tuesday, March 11, 2003 23:58
Subject: [pki-tc] Work items for the PKI TC
John asked people to send specific work items to this list
for discussion. The overall goal of this TC is to "address
issues related to the successful deployment of digital
certificates". So far, PKI deployment has been slower than hoped.
I believe we must adopt task items that will identify
impediments to PKI deployment and address them or see that
they are addressed. The PKI TC is particularly well suited
to this task, since we have a mix of technical, business, and
legal members.
Therefore, I propose the following work items:
1) Identify obstacles to PKI deployment
This may require a survey of customers who have deployed
PKI or considered PKI deployment and decided against it.
Or we may be able to collect this data from existing
sources.
2) Address obstacles to PKI deployment
We must figure out how to address the obstacles identified
through work item 1). But we may be able to start work
on this task before work item 1) has been completed if
we identify and agree on key obstacles right now. Here is
a list of obstacles that I have heard from customers:
A) High Cost of Deploying PKI
PKI is typically expensive to deploy. In addition to high
per-user costs (for smart cards and certificates), there
are high costs to get started. You must establish
certificate policies and practices, buy and install CA
software, and modify relying party software (which rarely
includes PKI support). We must reduce this barrier to entry.
B) Complexity of PKI
To deploy PKI, you must hire or develop full-time PKI
experts. There should be shrink-wrapped PKI deployment
packages that any competent IS person can install and
use.
C) Interoperability Problems
PKI products from different vendors don't work well
together. We need to make sure that all basic PKI
functions (certificate issuance, renewal, verification,
and revocation) can be performed with any combination
of different vendors' products.
Until these problems are addressed, PKI will not reach
its full potential. In some cases, the PKI TC is not the
right group to address these problems. But we can act as
the "voice of the customer", bringing a problem to
the attention of the right group and asking them to
address the problem.
Comments?
-Steve
����
����
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]