Re: [pki-tc] Closure of TC?

[Arshad Noor <arshad.noor@strongauth.com>]

Good thoughts, Stephen.  I concur with your sentiments.  PKI is
much maligned, misunderstood and misrepresented.  But the people
who know it and understand it, quietly soldier on, using it where
it makes sense, to solve problems that cannot be solved easily
with other technologies.

Since the OASIS Enterprise Key Management Infrastructure TC has
always maintained that PKI is one of two major components of an
EKMI (SKMS being the other one), something that we may all want
to consider, is if the content of PKI TC and some part of its 
mission (education, guidelines, etc.) should be subsumed as a 
sub-committee within EKMI.  

I'm not sure what the OASIS rules are about this, but I think 
there are enough people within the EKMI TC who recognize and 
understand the value of PKI, and see it being a natural part of
an enterprise's key-management infrastructure.

Arshad 


----- Original Message -----
From: "Stephen Wilson" <swilson@lockstep.com.au>
To: "mary mcrae" <mary.mcrae@oasis-open.org>, pki-tc@lists.oasis-open.org
Sent: Wednesday, October 22, 2008 10:58:33 PM (GMT-0800) America/Los_Angeles
Subject: Re: [pki-tc] Closure of TC?


Thanks Mary.

Firstly, I have been remiss as Chair in my prevarication over alerting 
the membership to the likely closure of the PKI Adoption TC.  For this I 
apologise.

Yet it is surely obvious to all remaining members of the PKIA TC that 
the group has been sub-critical for a long time.  The IDtrust Member 
Section Steering Committee has discussed the situation over several 
cycles and has consulted closely with me.  Our considered position is 
that adoption of PKI has in most places got to the point that it no 
longer captures the imagination sufficient to energise the TC.

Over the years, the OASIS PKI TC and the Member Section, as well as the 
PKI Forum before it, have played a very significant role in the 
promotion and facilitation of public key technologies.  Many of the 
deliverables live on as valuable contributions to the field.  I would 
like to suggest that we can be jointly proud of our efforts.

So, I do believe it is timely and appropriate to close the PKIA TC.


Having said that, my personal position is that PKI adoption does in fact 
still suffer from impediments that we as an industry could still do more 
to overcome.  Chief amongst these is a pervasive cynicism about -- or 
even antagonism towards -- PKI.

True story: Only yesterday I attended a meeting where a handful of CTOs 
were complaining that they "hated digital certificates".  I challenged 
them them to expand on their comments, because I said that there are all 
manner of certificates in use and it's not sensible to write them off in 
one sweeping generalisation.  It's a category error; I said it's like 
saying "I hate operating systems" when all you might have experienced is 
MS-DOS.  But their expansions were bizarre and indicated a true naivety. 
  Their comments included "when someone steals your PC, they steal your 
certificate", or "they are no more secure than a user name and password" 
[overlooking the special security enforcing functions of digital 
signatures even with soft keys], or "they don't even have passwords", or 
"they expire without any warning", or "what I meant was *personal* 
certificates".  So I could see that these guys had poor experiences 
about very specific instances of PKCs, and were blithely extrapolating 
with no sense of perspective or evolution.

I asked if any of them were using Skype; they all said yes.  I pointed 
out they were all therefore using personal 'soft' certificates every 
day, and that they should therefore try and nuance their critiques.


Another pertinent anecdote comes from a current client of mine, an Asian 
Government, that is looking at PKI regulatory reform.  They complained 
to me of disappointing take up rates of certificates; they hypothesise 
that 'in their culture', people prefer to do business in person.  I told 
them that if anyone thinks that certificates should replace in-person 
business, then they are ill advised.  Certificates are best for 
automating routine formalised paperless transactions between parties in 
a defined context, and are not of much use at all for two strangers 
getting to know one another.


So, it is clear to me that much work remains to be done to facilitate 
the adoption of PKI.  The question is, how best to ground the next wave 
of promotional, educational and strategic activities?


I for one will mull this over in coming months.

Meanwhile, unless there is a sudden wave of contrary voices, as Chair I 
would like to recommend to Mary that OASIS commence formal closure of 
the PKI Adoption TC, and initiate any necessary formalities.

With thanks to all OASIS PKI[A] TC members, past and present,

Stephen.


Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

www.lockstep.com.au
-------------------
Lockstep Consulting provides independent specialist advice and analysis 
on identity management, PKI and smartcards.  Lockstep Technologies 
develops unique new smartcard technologies to address transaction 
privacy and web fraud.



Mary McRae wrote:
> Hi everyone,
> 
>  
> 
>   I notice that there are only*/ /* 4 voting members, and that there 
> have been no real activity on the mail list for quite some time. I know 
> at one point the TC was considering shutting down.
> 
>  
> 
>   According to OASIS Policy:
> 
> ----
> 
> *2.15 Closing a TC*
> 
>  
> 
> A TC may be closed by Full Majority Vote of the TC, by Resolution of the 
> OASIS Board of Directors, or by the OASIS TC Administrator.
> 
>  
> 
> The TC Administrator must close a TC that has completed the deliverables 
> listed in its Charter if the TC does not add new deliverables or that 
> fails to elect a Chair for the period provided in Section 2.7.
> 
>  
> 
> The TC Administrator may close a TC that fails to conduct at least one 
> Quorate Meeting or conduct any Specification Ballots during any six 
> month period; whose membership falls below the Minimum Membership; which 
> has not completed its deliverables within the schedule listed in its 
> Charter; or which has failed to show progress towards achieving its 
> purpose as defined by its Charter.
> 
> ----
> 
>  
> 
> Should we begin the process of shutting down this group?
> 
>  
> 
> Regards,
> 
>  
> 
> Mary
> 
>  
> 
> ___________________________________________________________
> 
> Mary P McRae
> 
> Director, Technical Committee Administration
> 
> OASIS: Advancing open standards for the information society
> 
> email: mary.mcrae@oasis-open.org <mailto:mary.mcrae@oasis-open.org> 
> 
> web: www.oasis-open.org <http://www.oasis-open.org/>
> 
> phone: 1.603.232.9090
> 
> twitter: fiberartisan
> 
>  
> 

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php