[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pki-tc] Work items for the PKI TC
Anders, Having defined a set of work items we can competently address, a road map may be suitable to satisfy the overall plan as well as a few work broader work items, but it is possible that in certain areas our work may be much more detailed. As PKI continues to expand within large, but closed or closely-bounded "enterprise" systems we will likely see issues arise because of larger scale deployments. But the future of PKI in terms of its utility (not necessarily in ways it had been traditionally viewed) still seems strong to me. Discussions about the utility of X.500 and LDAP directories in support of PKI may be an issue to explore specifically. I appreciate your comments and Steve's suggested areas of inquiry and look forwrad to more input in advance of our teleconference. John ------------------------------------------------------------------ John T. Sabo Manager, Security Privacy and Trust Initiatives Computer Associates International 2291 Wood Oak Drive Herndon, Virginia, 20171 USA Phone: +1 703-708-3037 Mobile: +1 443-629-6198 -----Original Message----- From: Anders Rundgren [mailto:anders.rundgren@telia.com] Sent: Wednesday, March 12, 2003 1:49 AM To: pki-tc@lists.oasis-open.org; Steve Hanna Cc: Hallam-Baker, Phillip Subject: Re: [pki-tc] Work items for the PKI TC Steve, I have one major question regarding the deliverables of the OASIS PKI-TC. Are we supposed to produce an agreed-upon road-map or provide as set issues with possibly multiple solutions? As you may have noted, I and many other PKI architects, have lost faith in directories as the foundation for PKI deployment. Phillip Hallam-Baker of VeriSign even says, "X.500, LDAP Considered harmful": http://www.imc.org/ietf-pkix/mail-archive/msg05571.html Therefore we may have an impossible task ahead of us. Depending on what the task really is of course. Best Anders ----- Original Message ----- From: "Steve Hanna" <steve.hanna@sun.com> To: <pki-tc@lists.oasis-open.org> Sent: Tuesday, March 11, 2003 23:58 Subject: [pki-tc] Work items for the PKI TC John asked people to send specific work items to this list for discussion. The overall goal of this TC is to "address issues related to the successful deployment of digital certificates". So far, PKI deployment has been slower than hoped. I believe we must adopt task items that will identify impediments to PKI deployment and address them or see that they are addressed. The PKI TC is particularly well suited to this task, since we have a mix of technical, business, and legal members. Therefore, I propose the following work items: 1) Identify obstacles to PKI deployment This may require a survey of customers who have deployed PKI or considered PKI deployment and decided against it. Or we may be able to collect this data from existing sources. 2) Address obstacles to PKI deployment We must figure out how to address the obstacles identified through work item 1). But we may be able to start work on this task before work item 1) has been completed if we identify and agree on key obstacles right now. Here is a list of obstacles that I have heard from customers: A) High Cost of Deploying PKI PKI is typically expensive to deploy. In addition to high per-user costs (for smart cards and certificates), there are high costs to get started. You must establish certificate policies and practices, buy and install CA software, and modify relying party software (which rarely includes PKI support). We must reduce this barrier to entry. B) Complexity of PKI To deploy PKI, you must hire or develop full-time PKI experts. There should be shrink-wrapped PKI deployment packages that any competent IS person can install and use. C) Interoperability Problems PKI products from different vendors don't work well together. We need to make sure that all basic PKI functions (certificate issuance, renewal, verification, and revocation) can be performed with any combination of different vendors' products. Until these problems are addressed, PKI will not reach its full potential. In some cases, the PKI TC is not the right group to address these problems. But we can act as the "voice of the customer", bringing a problem to the attention of the right group and asking them to address the problem. Comments? -Steve
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]