RE: [pki-tc] Closure of TC? [SEC=UNCLASSIFIED]

["Andison, Drew" <Drew.Andison@finance.gov.au>]

 Hi Steve
disappointed that the TC is to be disbanded but understand the rationale
from my perspective (Gatekeeper) there remains a lot of work to do to
get PKI accepted more broadly
and to do it "properly"
happy to participate again when something new arises
cheers
Drew


-----Original Message-----
From: Stephen Wilson [mailto:swilson@lockstep.com.au] 
Sent: Thursday, 23 October 2008 4:59 PM
To: mary.mcrae@oasis-open.org; pki-tc@lists.oasis-open.org
Subject: Re: [pki-tc] Closure of TC?


Thanks Mary.

Firstly, I have been remiss as Chair in my prevarication over alerting
the membership to the likely closure of the PKI Adoption TC.  For this I
apologise.

Yet it is surely obvious to all remaining members of the PKIA TC that
the group has been sub-critical for a long time.  The IDtrust Member
Section Steering Committee has discussed the situation over several
cycles and has consulted closely with me.  Our considered position is
that adoption of PKI has in most places got to the point that it no
longer captures the imagination sufficient to energise the TC.

Over the years, the OASIS PKI TC and the Member Section, as well as the
PKI Forum before it, have played a very significant role in the
promotion and facilitation of public key technologies.  Many of the
deliverables live on as valuable contributions to the field.  I would
like to suggest that we can be jointly proud of our efforts.

So, I do believe it is timely and appropriate to close the PKIA TC.


Having said that, my personal position is that PKI adoption does in fact
still suffer from impediments that we as an industry could still do more
to overcome.  Chief amongst these is a pervasive cynicism about -- or
even antagonism towards -- PKI.

True story: Only yesterday I attended a meeting where a handful of CTOs
were complaining that they "hated digital certificates".  I challenged
them them to expand on their comments, because I said that there are all
manner of certificates in use and it's not sensible to write them off in
one sweeping generalisation.  It's a category error; I said it's like
saying "I hate operating systems" when all you might have experienced is
MS-DOS.  But their expansions were bizarre and indicated a true naivety.

  Their comments included "when someone steals your PC, they steal your
certificate", or "they are no more secure than a user name and password"

[overlooking the special security enforcing functions of digital
signatures even with soft keys], or "they don't even have passwords", or
"they expire without any warning", or "what I meant was *personal*
certificates".  So I could see that these guys had poor experiences
about very specific instances of PKCs, and were blithely extrapolating
with no sense of perspective or evolution.

I asked if any of them were using Skype; they all said yes.  I pointed
out they were all therefore using personal 'soft' certificates every
day, and that they should therefore try and nuance their critiques.


Another pertinent anecdote comes from a current client of mine, an Asian
Government, that is looking at PKI regulatory reform.  They complained
to me of disappointing take up rates of certificates; they hypothesise
that 'in their culture', people prefer to do business in person.  I told
them that if anyone thinks that certificates should replace in-person
business, then they are ill advised.  Certificates are best for
automating routine formalised paperless transactions between parties in
a defined context, and are not of much use at all for two strangers
getting to know one another.


So, it is clear to me that much work remains to be done to facilitate
the adoption of PKI.  The question is, how best to ground the next wave
of promotional, educational and strategic activities?


I for one will mull this over in coming months.

Meanwhile, unless there is a sudden wave of contrary voices, as Chair I
would like to recommend to Mary that OASIS commence formal closure of
the PKI Adoption TC, and initiate any necessary formalities.

With thanks to all OASIS PKI[A] TC members, past and present,

Stephen.


Stephen Wilson
Chair, OASIS PKI Adoption TC
Managing Director, Lockstep Group

Phone +61 (0)414 488 851

www.lockstep.com.au
-------------------
Lockstep Consulting provides independent specialist advice and analysis
on identity management, PKI and smartcards.  Lockstep Technologies
develops unique new smartcard technologies to address transaction
privacy and web fraud.



Mary McRae wrote:
> Hi everyone,
> 
>  
> 
>   I notice that there are only*/ /* 4 voting members, and that there 
> have been no real activity on the mail list for quite some time. I 
> know at one point the TC was considering shutting down.
> 
>  
> 
>   According to OASIS Policy:
> 
> ----
> 
> *2.15 Closing a TC*
> 
>  
> 
> A TC may be closed by Full Majority Vote of the TC, by Resolution of 
> the OASIS Board of Directors, or by the OASIS TC Administrator.
> 
>  
> 
> The TC Administrator must close a TC that has completed the 
> deliverables listed in its Charter if the TC does not add new 
> deliverables or that fails to elect a Chair for the period provided in
Section 2.7.
> 
>  
> 
> The TC Administrator may close a TC that fails to conduct at least one

> Quorate Meeting or conduct any Specification Ballots during any six 
> month period; whose membership falls below the Minimum Membership; 
> which has not completed its deliverables within the schedule listed in

> its Charter; or which has failed to show progress towards achieving 
> its purpose as defined by its Charter.
> 
> ----
> 
>  
> 
> Should we begin the process of shutting down this group?
> 
>  
> 
> Regards,
> 
>  
> 
> Mary
> 
>  
> 
> ___________________________________________________________
> 
> Mary P McRae
> 
> Director, Technical Committee Administration
> 
> OASIS: Advancing open standards for the information society
> 
> email: mary.mcrae@oasis-open.org <mailto:mary.mcrae@oasis-open.org>
> 
> web: www.oasis-open.org <http://www.oasis-open.org/>
> 
> phone: 1.603.232.9090
> 
> twitter: fiberartisan
> 
>  
> 

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 



________________________________

Finance Australian Business Number (ABN):   61 970 632 495	 
Finance Web Site:   www.finance.gov.au	 

IMPORTANT:

This transmission is intended only for the use of the addressee and may contain confidential or legally privileged information. If you are not the intended recipient, you are notified that any use or dissemination of this communication is strictly prohibited. 
If you have received this transmission in error, please notify us immediately by telephone on 61-2-6215-2222 and delete all copies of this transmission together with any attachments. 
If responding to this email, please send to the appropriate person using the suffix .gov.au. 

________________________________