Hi Tony, Thanks for your comments. We will consider them carefully. Kind regards, Erik -----Oprindelig meddelelse----- Fra: Tony Rutkowski [mailto:tony@xxxxxxxxxxxxx] Sendt: 3. oktober 2013 15:46 Til: Erik Andersen; Directory list; SG17-Q10; T13sg17q11@xxxxxxxxxxxxx Emne: Re: [T17Q11] Proposed Technical Report on the future of PKI Hi Erik, The only document on your site is T13-SG17-130826-TD-PLEN-0464!R1!PDF-E Is this the right one? Indeed, the document header still has "TD 0627" from the previous Study Period. :-) Since this is just an incremental variant of the material that has been available for several years, is there some indication of what has been changed? The material seems to represent a fairly extensive tutorial on PKI use. It might be useful to provide a link to a generic widely referenced site such as http://en.wikipedia.org/wiki/X.509 You seem to miss some important industry PKI forums, as well as treat the ones listed rather superficially without saying anything about current activities or developments. You completely miss most of the mobile world, e.g., 3GPP SA3, GSMA SG, and all of the important developments relating to M2M. You omit key bodies such as SAGE which reviews and certifies PKI algorighms for the mobile world. You also omit the current IETF Security Area activities, especially wpkops which is very active, and the CA/B Forum open discussion lists. The Bibliography seems several years old without any current material. In your treatment of current PKI management activity, you seem to aggrandize SG17 activities and depreciate everyone else. The reality is of course quite different - as the commentors on the IETF PKI list mentioned to you. There is a large, active PKI industry and venues in a great many organizations devoted to managing and evolving the numerous PKI based platforms and creating new ones. They don't come to the ITU-T, but participate actively in their own forums in industry and government. One gets a sense that all of this is being missed. As to your conclusions, they seem rather inaccurate and disengenuous - especially your characterization of what other PKI organizations produce and their motivations. It also lacks any substance or even coherency. On the one hand, you suggest that "this document has established requirement [sic] for additional work in three areas," (which it patently does not), and then you say that "there is an enormous amount of key management activities by almost every standardisation organisation with a little self-respect [sic]" (whatever that means). The reality is that you have 1) not "established requirement[s] for additional work," 2) you have ignored the venues where that work is occurring, and 3) the IETF participants suggested you refrain from promoting work in your own rapporteur group when there is no one from industry (or ITU member) requesting the work or capable of pursuing it. Hope this helps. --tony ps. could you sign you messages with your PKI key? Mine is attached. You know the old adage about cobbler's children. :-) On 10/3/2013 5:47 AM, Erik Andersen wrote: > > I have produced a publication on the use of PKI. It is the intension > to turn this publication into a Technical Report. Comments are > solicited. Please see http://x500standard.com/index.php?n=Ig.PKIFut, > ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.