OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-tc message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pki-tc] Closure of TC?

Hi Stephen,
Thank you for the hard work that you've done as Chair of the TC.
It is sad to see the closure of this TC but as we all know, the time has
Keep in touch and look forward to work with you in the future.

This message contains information which may be confidential and privileged. Unless you are the intended addressee (or authorized to receive for the intended addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by e-mail then delete the message immediately.
Francais: http://www.fundserv.com/francais/legal/disclaimer_email_ib.shtml
-----Original Message-----

From: Arshad Noor [mailto:arshad.noor@strongauth.com] 
Sent: Thursday, October 23, 2008 7:52 PM
To: swilson@lockstep.com.au
Cc: mary mcrae; pki-tc@lists.oasis-open.org; ekmi
Subject: Re: [pki-tc] Closure of TC?

Good thoughts, Stephen.  I concur with your sentiments.  PKI is much
maligned, misunderstood and misrepresented.  But the people who know it
and understand it, quietly soldier on, using it where it makes sense, to
solve problems that cannot be solved easily with other technologies.

Since the OASIS Enterprise Key Management Infrastructure TC has always
maintained that PKI is one of two major components of an EKMI (SKMS
being the other one), something that we may all want to consider, is if
the content of PKI TC and some part of its mission (education,
guidelines, etc.) should be subsumed as a sub-committee within EKMI.  

I'm not sure what the OASIS rules are about this, but I think there are
enough people within the EKMI TC who recognize and understand the value
of PKI, and see it being a natural part of an enterprise's
key-management infrastructure.


----- Original Message -----
From: "Stephen Wilson" <swilson@lockstep.com.au>
To: "mary mcrae" <mary.mcrae@oasis-open.org>,
Sent: Wednesday, October 22, 2008 10:58:33 PM (GMT-0800)
Subject: Re: [pki-tc] Closure of TC?

Thanks Mary.

Firstly, I have been remiss as Chair in my prevarication over alerting
the membership to the likely closure of the PKI Adoption TC.  For this I

Yet it is surely obvious to all remaining members of the PKIA TC that
the group has been sub-critical for a long time.  The IDtrust Member
Section Steering Committee has discussed the situation over several
cycles and has consulted closely with me.  Our considered position is
that adoption of PKI has in most places got to the point that it no
longer captures the imagination sufficient to energise the TC.

Over the years, the OASIS PKI TC and the Member Section, as well as the
PKI Forum before it, have played a very significant role in the
promotion and facilitation of public key technologies.  Many of the
deliverables live on as valuable contributions to the field.  I would
like to suggest that we can be jointly proud of our efforts.

So, I do believe it is timely and appropriate to close the PKIA TC.

Having said that, my personal position is that PKI adoption does in fact
still suffer from impediments that we as an industry could still do more
to overcome.  Chief amongst these is a pervasive cynicism about -- or
even antagonism towards -- PKI.

True story: Only yesterday I attended a meeting where a handful of CTOs
were complaining that they "hated digital certificates".  I challenged
them them to expand on their comments, because I said that there are all
manner of certificates in use and it's not sensible to write them off in
one sweeping generalisation.  It's a category error; I said it's like
saying "I hate operating systems" when all you might have experienced is
MS-DOS.  But their expansions were bizarre and indicated a true naivety.

  Their comments included "when someone steals your PC, they steal your
certificate", or "they are no more secure than a user name and password"

[overlooking the special security enforcing functions of digital
signatures even with soft keys], or "they don't even have passwords", or
"they expire without any warning", or "what I meant was *personal*
certificates".  So I could see that these guys had poor experiences
about very specific instances of PKCs, and were blithely extrapolating
with no sense of perspective or evolution.

I asked if any of them were using Skype; they all said yes.  I pointed
out they were all therefore using personal 'soft' certificates every
day, and that they should therefore try and nuance their critiques.

Another pertinent anecdote comes from a current client of mine, an Asian
Government, that is looking at PKI regulatory reform.  They complained
to me of disappointing take up rates of certificates; they hypothesise
that 'in their culture', people prefer to do business in person.  I told
them that if anyone thinks that certificates should replace in-person
business, then they are ill advised.  Certificates are best for
automating routine formalised paperless transactions between parties in
a defined context, and are not of much use at all for two strangers
getting to know one another.

So, it is clear to me that much work remains to be done to facilitate
the adoption of PKI.  The question is, how best to ground the next wave
of promotional, educational and strategic activities?

I for one will mull this over in coming months.

Meanwhile, unless there is a sudden wave of contrary voices, as Chair I
would like to recommend to Mary that OASIS commence formal closure of
the PKI Adoption TC, and initiate any necessary formalities.

With thanks to all OASIS PKI[A] TC members, past and present,


Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

Lockstep Consulting provides independent specialist advice and analysis
on identity management, PKI and smartcards.  Lockstep Technologies
develops unique new smartcard technologies to address transaction
privacy and web fraud.

Mary McRae wrote:
> Hi everyone,
>   I notice that there are only*/ /* 4 voting members, and that there 
> have been no real activity on the mail list for quite some time. I 
> know at one point the TC was considering shutting down.
>   According to OASIS Policy:
> ----
> *2.15 Closing a TC*
> A TC may be closed by Full Majority Vote of the TC, by Resolution of 
> the OASIS Board of Directors, or by the OASIS TC Administrator.
> The TC Administrator must close a TC that has completed the 
> deliverables listed in its Charter if the TC does not add new 
> deliverables or that fails to elect a Chair for the period provided in
Section 2.7.
> The TC Administrator may close a TC that fails to conduct at least one

> Quorate Meeting or conduct any Specification Ballots during any six 
> month period; whose membership falls below the Minimum Membership; 
> which has not completed its deliverables within the schedule listed in

> its Charter; or which has failed to show progress towards achieving 
> its purpose as defined by its Charter.
> ----
> Should we begin the process of shutting down this group?
> Regards,
> Mary
> ___________________________________________________________
> Mary P McRae
> Director, Technical Committee Administration
> OASIS: Advancing open standards for the information society
> email: mary.mcrae@oasis-open.org <mailto:mary.mcrae@oasis-open.org>
> web: www.oasis-open.org <http://www.oasis-open.org/>
> phone: 1.603.232.9090
> twitter: fiberartisan

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]