[x500standard] SV: [T17Q11] Proposed Technical Report on the future of PKI
- From: "Erik Andersen" <era@xxxxxxx>
- To: <tony@xxxxxxxxxxxxx>, "'Directory list'" <x500standard@xxxxxxxxxxxxx>, <T13sg17q11@xxxxxxxxxxxxx>, "SG17-Q10" <t13sg17q10@xxxxxxxxxxxxx>
- Date: Thu, 3 Oct 2013 16:50:14 +0200
Hi Tony,
Thanks for your comments. We will consider them carefully.
Kind regards,
Erik
-----Oprindelig meddelelse-----
Fra: Tony Rutkowski [mailto:tony@xxxxxxxxxxxxx]
Sendt: 3. oktober 2013 15:46
Til: Erik Andersen; Directory list; SG17-Q10; T13sg17q11@xxxxxxxxxxxxx
Emne: Re: [T17Q11] Proposed Technical Report on the future of PKI
Hi Erik,
The only document on your site is
T13-SG17-130826-TD-PLEN-0464!R1!PDF-E
Is this the right one? Indeed, the document header
still has "TD 0627" from the previous Study
Period. :-)
Since this is just an incremental variant of
the material that has been available for
several years, is there some indication of
what has been changed?
The material seems to represent a fairly
extensive tutorial on PKI use. It might be
useful to provide a link to a generic widely
referenced site such as
http://en.wikipedia.org/wiki/X.509
You seem to miss some important industry PKI
forums, as well as treat the ones listed
rather superficially without saying anything
about current activities or developments.
You completely miss most of the mobile world,
e.g., 3GPP SA3, GSMA SG, and all of the
important developments relating to M2M. You
omit key bodies such as SAGE which reviews
and certifies PKI algorighms for the mobile
world. You also omit the current IETF
Security Area activities, especially wpkops
which is very active, and the CA/B Forum
open discussion lists.
The Bibliography seems several years old
without any current material.
In your treatment of current PKI management
activity, you seem to aggrandize SG17
activities and depreciate everyone else. The
reality is of course quite different - as the
commentors on the IETF PKI list mentioned to
you. There is a large, active PKI industry
and venues in a great many organizations
devoted to managing and evolving the numerous
PKI based platforms and creating new ones.
They don't come to the ITU-T, but participate
actively in their own forums in industry and
government. One gets a sense that all of
this is being missed.
As to your conclusions, they seem rather
inaccurate and disengenuous - especially your
characterization of what other PKI
organizations produce and their motivations.
It also lacks any substance or even coherency.
On the one hand, you suggest that "this
document has established requirement [sic]
for additional work in three areas," (which
it patently does not), and then you say that
"there is an enormous amount of key
management activities by almost every
standardisation organisation with a little
self-respect [sic]" (whatever that means).
The reality is that you have 1) not
"established requirement[s] for additional
work," 2) you have ignored the venues where
that work is occurring, and 3) the IETF
participants suggested you refrain from
promoting work in your own rapporteur group
when there is no one from industry (or ITU
member) requesting the work or capable of
pursuing it.
Hope this helps.
--tony
ps. could you sign you messages with your
PKI key? Mine is attached. You know the
old adage about cobbler's children. :-)
On 10/3/2013 5:47 AM, Erik Andersen wrote:
>
> I have produced a publication on the use of PKI. It is the intension
> to turn this publication into a Technical Report. Comments are
> solicited. Please see http://x500standard.com/index.php?n=Ig.PKIFut,
>
-----
www.x500standard.com: The central source for information on the X.500 Directory
Standard.
Other related posts:
- » [x500standard] SV: [T17Q11] Proposed Technical Report on the future of PKI - Erik Andersen
