[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pki-tc] Work items for the PKI TC
Steve, I have one major question regarding the deliverables of the OASIS PKI-TC. Are we supposed to produce an agreed-upon road-map or provide as set issues with possibly multiple solutions? As you may have noted, I and many other PKI architects, have lost faith in directories as the foundation for PKI deployment. Phillip Hallam-Baker of VeriSign even says, "X.500, LDAP Considered harmful": http://www.imc.org/ietf-pkix/mail-archive/msg05571.html Therefore we may have an impossible task ahead of us. Depending on what the task really is of course. Best Anders ----- Original Message ----- From: "Steve Hanna" <steve.hanna@sun.com> To: <pki-tc@lists.oasis-open.org> Sent: Tuesday, March 11, 2003 23:58 Subject: [pki-tc] Work items for the PKI TC John asked people to send specific work items to this list for discussion. The overall goal of this TC is to "address issues related to the successful deployment of digital certificates". So far, PKI deployment has been slower than hoped. I believe we must adopt task items that will identify impediments to PKI deployment and address them or see that they are addressed. The PKI TC is particularly well suited to this task, since we have a mix of technical, business, and legal members. Therefore, I propose the following work items: 1) Identify obstacles to PKI deployment This may require a survey of customers who have deployed PKI or considered PKI deployment and decided against it. Or we may be able to collect this data from existing sources. 2) Address obstacles to PKI deployment We must figure out how to address the obstacles identified through work item 1). But we may be able to start work on this task before work item 1) has been completed if we identify and agree on key obstacles right now. Here is a list of obstacles that I have heard from customers: A) High Cost of Deploying PKI PKI is typically expensive to deploy. In addition to high per-user costs (for smart cards and certificates), there are high costs to get started. You must establish certificate policies and practices, buy and install CA software, and modify relying party software (which rarely includes PKI support). We must reduce this barrier to entry. B) Complexity of PKI To deploy PKI, you must hire or develop full-time PKI experts. There should be shrink-wrapped PKI deployment packages that any competent IS person can install and use. C) Interoperability Problems PKI products from different vendors don't work well together. We need to make sure that all basic PKI functions (certificate issuance, renewal, verification, and revocation) can be performed with any combination of different vendors' products. Until these problems are addressed, PKI will not reach its full potential. In some cases, the PKI TC is not the right group to address these problems. But we can act as the "voice of the customer", bringing a problem to the attention of the right group and asking them to address the problem. Comments? -Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]