OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pki-tc] Work items for the PKI TC


Having defined a set of work items we can competently address, a road map may be suitable to satisfy the overall plan as well as a few work broader work items, but it is possible that in certain areas our work may be much more detailed.  As PKI continues to expand within large, but closed or closely-bounded "enterprise" systems we will likely see issues arise because of larger scale deployments. But the future of PKI in terms of its utility (not necessarily in ways it had been traditionally viewed) still seems strong to me.  Discussions about the utility of X.500 and LDAP directories in support of PKI may be an issue to explore specifically.

I appreciate your comments and Steve's suggested areas of inquiry and look forwrad to more input in advance of our teleconference.


John T. Sabo
Manager, Security Privacy and Trust Initiatives
Computer Associates International
2291 Wood Oak Drive
Herndon, Virginia, 20171
Phone: +1 703-708-3037
Mobile: +1 443-629-6198

-----Original Message-----
From: Anders Rundgren [mailto:anders.rundgren@telia.com]
Sent: Wednesday, March 12, 2003 1:49 AM
To: pki-tc@lists.oasis-open.org; Steve Hanna
Cc: Hallam-Baker, Phillip
Subject: Re: [pki-tc] Work items for the PKI TC

I have one major question regarding the deliverables of the

Are we supposed to produce an agreed-upon road-map or
provide as set issues with possibly multiple solutions?

As you may have noted, I and many other PKI architects, have lost faith in
directories as the foundation for PKI deployment. Phillip Hallam-Baker
of  VeriSign even says, "X.500, LDAP Considered harmful":


Therefore we may have an impossible task ahead of us.
Depending on what the task really is of course.


----- Original Message ----- 
From: "Steve Hanna" <steve.hanna@sun.com>
To: <pki-tc@lists.oasis-open.org>
Sent: Tuesday, March 11, 2003 23:58
Subject: [pki-tc] Work items for the PKI TC

John asked people to send specific work items to this list
for discussion. The overall goal of this TC is to "address
issues related to the successful deployment of digital
certificates". So far, PKI deployment has been slower than hoped.
I believe we must adopt task items that will identify
impediments to PKI deployment and address them or see that
they are addressed. The PKI TC is particularly well suited
to this task, since we have a mix of technical, business, and
legal members.

Therefore, I propose the following work items:

1) Identify obstacles to PKI deployment

   This may require a survey of customers who have deployed
   PKI or considered PKI deployment and decided against it.
   Or we may be able to collect this data from existing

2) Address obstacles to PKI deployment

   We must figure out how to address the obstacles identified
   through work item 1). But we may be able to start work
   on this task before work item 1) has been completed if
   we identify and agree on key obstacles right now. Here is
   a list of obstacles that I have heard from customers:

 A) High Cost of Deploying PKI

   PKI is typically expensive to deploy. In addition to high
   per-user costs (for smart cards and certificates), there
   are high costs to get started. You must establish
   certificate policies and practices, buy and install CA
   software, and modify relying party software (which rarely
   includes PKI support). We must reduce this barrier to entry.

 B) Complexity of PKI

   To deploy PKI, you must hire or develop full-time PKI
   experts. There should be shrink-wrapped PKI deployment
   packages that any competent IS person can install and

 C) Interoperability Problems

   PKI products from different vendors don't work well
   together. We need to make sure that all basic PKI
   functions (certificate issuance, renewal, verification,
   and revocation) can be performed with any combination
   of different vendors' products.

Until these problems are addressed, PKI will not reach
its full potential. In some cases, the PKI TC is not the
right group to address these problems. But we can act as
the "voice of the customer", bringing a problem to
the attention of the right group and asking them to
address the problem.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]