[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CL Elec Exch: 2/26 Minutes (Via Listserve)
The minutes from *this week* are being circulated via the CommonLine Electronic
Exchange Listserve. They have also been sent to the subcommittee members using
that distribution list mistakenly under the subject header, "CL Elec Exch: 2/25
Minutes"
-----------------
CommonLine Electronic Exchange Subcommittee minutes for 02/26/98.
.
Sub-committee members:
* = present
Russ Judd Great Lakes rjudd@glhec.org
Scott Fullerton* Great Lakes(Chair) sfullerton@glhec.org
Karl Ebert* SLMA 105502.3154@CompuServe.Com
John Falconer SLMA
Frank Hum* SLMA franklin.r.hum.jr@slma.com
Libby Meeker SLMA Libby.Meeker@SLMA.com
Gary Thomas SLMA 70664.401@compuserve.com
Mike Nolan PHEAA mnolan@pheaa.org
Darwin Peiffer* PHEAA dpeiffer@pheaa.org
Terry Zuch PHEAA tzuch@pheaa.org
John Hall PHEAA
Linda Laub PHEAA llaub@pheaa.org
Jeff Knass USA Group jknass@usagroup.com
Brian Allison* USA Group BALLISON@usagroup.com
Ron Clark* USA Group rclark@usagroup.com
Paul Logston* USA Group plogston@usagroup.com
Mike Brannon USA Group MBrannon@usagroup.com
Matt Parrett USA Group mparrett@usagroup.com
Ki Ha NELA kiha@nela.net
Gary Burleson TGSLC gary.burleson@tgslc.org
Kelly Klipple TGSLC kelly.klipple@tgslc.org
Will Thien TGSLC will.thien@tgslc.org
Warren Sherard Edfund wsherard@edfund.org
Patrick Walters SLFC waltersp@slf.org
Gad Hazum Access ghazum@accessgrp.org
Ed McGowan ESF emcgowan@esfweb.com
Ruth Smith* NYHESC rsmith@hesc.com
Kevin Malmberg NYHESC kmalmberg@hesc.com
Mike Schoeppler NYHESC mschoeppler@hesc.com
Betty Hansman* ISAC bhansman@isc016r1.state.il.us
Mike Yip ISAC
Debbie Phillips* ISAC dphillip@isc016r1.state.il.us
Fred Highsmith* Guarantech fhighsmith@guarantec.com
Tim Hearley* KHEAA thearley@kheaa.com
Mark Lifland Nellie Mae mark_lifland@nelliemae.com
Goeff Boisvert Nellie Mae geoff_boisvert@nelliemae.com
Doug McCaleb* Nellie Mae doug_mccaleb@nelliemae.org
Tom Jurado AFSA jurado@ix.netcom.com
Bill Horn* College Foundation whorn@cfi-nc.org
.
In this meeting, we discussed new, positive developments in negotiations with
NAI (Network Associates Inc) and the possibility of maintaining our existing
deadlines as a result.
.
NOTE!!!!!.
This is a long document covering discussion on issues requiring general accord.
Please review carefully. If I have omitted or misrepresented anything, please
respond with corrections or place them as response on the listserve.
.
Three messages to and from NAI are appended to these minutes. Copies of the
first two were circulated to members of the subcommittee prior to the 2/26
meeting. The last message was sent to NAI after the meeting.
.
Next Meeting: 3/05/98
================================
*ELECTRONIC EXCHANGE LISTSERVE*
Minutes hereonafter will be posted on the electronic exchange listserve. They
can be viewed with a browser at the archive site
http://lists.glhec.org/cl-elec-exch (case sensitive).
.
These minutes and those for the next meeting will also go out via the standard
distribution list. After that, the listserve will be the exclusive means for
delivery.
--------------------------------
CYLINK/ALGORITHMIC RESEARCH and RSA
USA Group reported that CYLINK has extended its beta program for their
encryption products. They are not committing to a date when the product will
be available.
.
They also reported that RSA was interested in negotiating a more attractive
price structure, but even with this, the cost was prohibitive: $75,000 for
unlimited licensing and $35,000 minimum for a specific number of licenses (the
exact number was unknown)
--------------------------------
*NAI (NETWORK ASSOCIATES INC.) REPORT*
Scott distributed copies of two messages (included below) to members of the
committee.
.
The first is a letter detailing the difficulties we have had thus far in our
negotiations with NAI. This was sent to the representatives with whom we have
had dealings, Eric Nesson, Steve Abbott, and Brian Jackman, as well as to Jeff
Platon, a VP of sales.
.
The second is a letter from Brian Jackman presenting an offer for us to
continue using 4.x and toolkit products with support through to April 1999. In
a follow-up phone conversation between Brian and Scott, the date was shifted to
May 1999.
.
Much of the meeting was devoted to consideration of this offer
--------------------------------
*SUMMARY OF THE OFFER*
As mentioned in the letter, NAI will make PGP 4.x and corresponding toolkits
(PGP software that uses the RSA algorithm and has 16- and 32-bit support)
available to us as soon as they can obtain the contact information for the
purchasers. CommonLine members may acquire the code at $130.50 and license for
distribution at $25.00 per installation (a licensed installation is counted as
a key use. SBS installed on a network with LAN clients, probably is a single
key use and therefore a single license).
.
We must purchase all the licenses we anticipate needing, as NAI cannot
guarantee any later purchases, since they are attempting to negotiate an
agreement with the RSA patent-holder, and the outcome of that process is still
unclear. Regardless of the outcome of negotiations with RSA, they will commit
to supporting our product until May 1999.
--------------------------------
*DISCUSSION ON THE NAI OFFER*
In general, the group was very pleased with the offer. There are some who have
committed considerable resources already to PGP and are thus to a great degree
already committed to this choice. The NAI offer, while leaving some important
things as of yet unclear, was nonetheless encouraging that we could continue
with this solution.
.
The topics below were discussed. We should be sure to get decisions on
unresolved issues next week.
------
##Getting it in Writing
We need to pin down our arrangements with NAI in writing. There was some
discussion as to how such a document could be legally binding, since with the
exception of NCHELP, there is no one entity on our side name as party to the
arrangements.
.
Even if we could not set up a legally binding document, we should try to get as
many explicitly stated commitments as possible in writing if only in e-mail. As
our options are limited, this much would be sufficient assurance to most (but
perhaps not all) the members.
------
##Clarifying the Issues
The committee wanted clarification on the following issues. (these are
contained in the third letter below sent to Brian Jackman after the meeting)
.
1) What specifically does support consist of. We want some level of confidence
that there will be sufficient expertise available, and that support includes
the use of the 16- and 32-bit toolkit(s), Viacrypt PGP/BE for Windows v4.0 and
PGP for Windows V4.5.1
2) When can we expect media to become available to those still needing it?
Will this include the set of products mentioned above?
3) Brian's message indicates the price for the SDK as $130.50. Does this cover
access to the products listed above?
4) Are licenses transferable when upgrading to newer versions. That is, when
we upgrade to the SDK, can we transfer license at no cost? If not, what is the
upgrade cost?
5) Should support become unavailable before the end of the transition period,
we would like source code to be held in escrow.
6) Should it happen that licensing RSA no longer becomes an option (because of
the outcome of negotiations between NAI and RSA DSI or for any other reason) we
would like to be notified in advance to give us the option to purchase more.
.
NAI should address these issues before our meeting next week.
----
##98-99 upgrade requirements implicit in this solution
The arrangement guarantees support through May 1999. A likely consequence of
this arrangement will be the need to upgrade/change the encryption components
of our software next year.
.
Given that, all of CommonLine would need to change algorithms at the same time
to maintain compatibility across all of CommonLine. The committee felt this
was an acceptable cost.
.
It is also likely that all of CommonLine will need to move to 32-bit next year.
This would almost certainly be the case if we stayed with NAI products.
-----
##Later Arrivals to CommonLine
The limitation that we could only be assured of a one-time purchase could have
the effect of freezing out lenders and schools that might want to come into
CommonLine at a later time. The suggestion was made to purchase extra licenses
to distribute to these agencies. The questions to answer with this are
1) who purchases the extra licenses? NCHELP?
2) would it be within the terms of the license agreement to transfer the
license from the purchaser to the late-comer?
.
Some members felt it might be acceptable not to provide for late-comers, as
CommonLine would be upgrading to a new encryption product in early 1999, thus
making the period of exclusion relatively short.
.
There was no decision reached about this.
------
##Compiling a list of CL members interested in software and licenses.
We should put an announcement on the general CommonLine ListServe with the
following:
1) Announcement of the pending offer by NAI
2) Request for names and addresses of parties still needing software(one
contact per agency)
3) Exhortation to get estimates of license requirements advising people to
estimate high as this may be the only chance to obtain licenses
.
Scott will do this
--------------------------------
*ADDENDUM REVISION*
Proposed changes so far include the following:
1.) Replace references to PGP Inc. with Network Associates. The first
reference could read Network Associates (formerly PGP Inc.)
.
2.) Change text on page 12 under "Setup: Initial Distribution of Keys"
paragraph 2 bullet 2. Where it reads CL COMM UPDATE <recipient name>, it should
read CL COMM UPDATE <sender name>
.
If you have any further revisions to suggest, please send them to me
(sfullerton@glhec.org)
--------------------------------
*PLEASE BE SURE TO SEND IN BILLING INFORMAITON*
If you haven't already done so, send billing information to Scott, who will
forward it to InPhoneMation. Active members of the subcommittee MUST FILL THIS
OUT. If several members always call in together to the meetings, we would then
only need information for one of them. Please provide the following.
.
Name (Used to identify yourself upon calling in):
Organization:
Billing Address:
Telephone Number:
e-mail:
Fax:
--------------------------------
NEXT SCHEDULED MEETING:
Thursday 3/05/98 10AM Central Time. The number to call is (800) 374-8567. When
asked for the name of the conference, reply "CommonLine Electronic Exchange."
If asked for the host's name, reply "Scott Fullerton"
------------
Agenda
1 Network Associates: Resolve outstanding issues from Brian Jackman's proposal.
(Brian will be attending)
2 Preparation for March CommonLine meeting
------------------------------------------------------
======================================
Message 1
======================================
Message from Scott Fullerton to NAI representatives, Steve Abbott, Brian
Jackman, Eric Nesson, Jeff Platon. 2/25/96
------------------------------------
Steve, Brian, Eric, Jeff:
..
I am writing this to express concern over the difficulties we have experienced
trying to obtain clear information and timely delivery of products. I hope
that with very recent discussions with Brian, the situation will be corrected,
but it is useful at this point to lay out the details of our concern so that we
can properly restore good relations.
..
I understand that in the aftermath of your acquisition, we cannot expect
perfect continuity of direction. What we do expect, however, is reliable and
timely information as it becomes available; clear internal communication among
yourselves so that we are not put in the position we frequently found ourselves
in of explaining to one NAI representative what was told to us by another;
timely response to purchase orders; and the assurance of availability and
support for the solution we select.
..
I understand also that with limited resources you would want to devote
available energy to areas with immediate promise of large sales. We greatly
appreciate the amount of time you put into working towards a common agreement
and the effort you made to provide our members with evaluation copies of the
product.
..
But while your priorities are understandable and your efforts have been
appreciated, the confusion and delays that we have experienced are unaccept
able.
..
Over the course of our dealings, we have been given very conflicting
information. Examples include:
In the beginning we were told to plan on using 4.0 for 16-bit development and
5.0 for 32-bit. Later we were told we could not use 5.0 but would use 4.5. We
then received several conflicting messages about whether there existed a 32-bit
correlative of the Viacrypt toolkit that would work with 4.5.
We were given one price structure from Greg Biersto and an altogether different
one from Steve Abbott.
When Eric Nesson became our contact, he told us that with our usage we had to
obtain batch server licensing. I had to coordinate with Steve and Brian
Jackman to clarify understanding. This should have been handled by Eric.
There is still uncertainty it seems on your side whether once settling on PGP
using RSA, we can be assured that subsequent purchases would be possible.
There is a great deal of confusion seemingly on your side as well as ours about
the availability of 4.x products. Eric told me several weeks ago that he was
unable to acquire the binaries for one or more versions of 4.x and toolkits and
requested that I send my copies back to him so that he could distribute these
to other members of CommonLine. This was by itself quite distressing. There
is no clear indication how the documentation would be distributed. This also
presents us with a great deal of concern as to whether there will be technical
support for the product. As we understand it, Howard Fritz is the only person
on your staff available to support 4.x. Should he leave, support would become
virtually unavailable.
..
I am sure, taking the above into consideration, you can understand our alarm.
..
CommonLine is a standards-setting body under the auspices of NCHELP (National
Council of Higher Education Loan Programs Inc.). NCHELP is a national
consortium of independent agencies: lenders, post-secondary schools, guarantors
and servicers, all of which are players in the student loan process. The focus
of CommonLine is data and transmission standards for originating student loans
electronically. My subcommittee focuses on the messaging infrastructure for
these transactions.
..
The CommonLine standard is now used to originate electronically the vast
majority of student loans across the nation. The participants in NCHELP
collectively have a very strong influence on national policy and national
standards for issues dealing with many aspects of higher education financing.
Members include USA Group, Edfund, SLMA, Nellie Mae, AFSA, The Access Group,
TGSLC, PHEAA, Great Lakes, NYHESC, Citibank Student Loan Corp, Signet Bank,
Penn State, US Bank, Bank One, UC Berkeley to name but a few.
..
I would think it would be in your interest to have PGP become a standard for
the student loan industry. This should be attractive in spite of the small
numbers of licenses initially requested. The standards we set will see
wide-spread implementation, but there is typically a one-half year lag time.
In the present case, there have been further delays resulting from the
difficulties getting information and access to products.
..
If we are to continue with you, we must renew our relationship. We need clear
information and prompt access to supported product. The product should be
compatible between 16-bit and 32-bit. Further, we need a single point of
contact on your end to negotiate. In recent discussions with Brian, it seems
all of this except assurance of RSA licensing in the future is in fact
possible. If so, we should proceed quickly to our mutual benefit. If not, my
group needs to know immediately so that we can look to other options.
..
Scott Fullerton
Chair CommonLine Electronic Exchange Subcommittee
608.246.1779
sfullerton@glhec.org
=====================================
Message 2
=====================================
Message from Brian Jackman to Scott Fullerton (2/25) and Scott's reply before
meeting (2/26/98)
.
Brian,
Thank you for your response. Thanks also for stepping forward to coordinate
this effort. I will circulate this to the members of my group.
..
Two items to note: Your paragraph three talks of a transition period not to
exceed April 1998. I think you mean April 1999. I would prefer May 1999 as I
mentioned yesterday. This would be consistent with our own deadlines and would
only extend your obligation by one month. Also as we discuss support, we
should consider to what extent there is sufficient expertise on your end to
provide that. Everything else looks good.
..
I am growing optimistic that we can work this through, thanks to your efforts.
Scott
-----Original Message-----
From: Brian Jackman <bjackman@pgp.com>
Sent: Wednesday, February 25, 1998 3:54 PM
To: Scott Fullerton
Subject: NAI Information for Comonline Group
>
>Scott,
>
>Here are the details as I know them today. Please convey my apologies to
>the memebers of the Commonline Group for the poor maintenance and follow
>through on the part of PGP and NAI. Your patience has been truly
>appreciated during this transition time.
>
>I have had discussions with Karla Johnson and our legal group, I will try
>to detail with as much accuracy as possible those discussions.
>
>Karla and I have discussed the support of the PGP Toolkit v. 4.0 throught
>the transition period not to exceed April 1998, she has committed the
>resource to support the application during that time. NAI will expect the
>migration to be completed to the PGP SDK for win95/NT to continue support
>of the school software and internal applications developed.
>
>In addition, I have had discussions with our legal department, at this
>point we have no restricitons on the selling of the RSA technology, but a
>final agreement has not been reached between NAI and RSA for the future.
>
>To ensure that all provisions are taken to to get the number of copies
>necessary of the toolkit as well as licenses required I would propse the
>following. NAI's goal is to have this relationship decided by the end of
>March 1998, to ensure that each of the instituiions get the software
>necessary, I would suggest that each instituion order the number of units
>necessary in the next month for the schools and internally that they will
>be providing software for in the Commonline Initative.
>
>Each instituion will need to decide the number of units necessary and cut a
>PO to NAI for those units to ensure that as long as the license is current
>and effective you can get the RSA units necessary. This will provide you
>with the transition time necessary to migrate the schools to a 32-bit
>version, both with support and copies necessary.
>
>If ordering takes place, I will refund 15% of any licenses unused by the
>transition date for any over projections for safety reasons.
>
>Pricing for the SDK tool kit is $130.50
>Pricing for Integration in school sw, is $20.00 for PGP, and an additional
>$5.00 for the RSA license, total $25.00.
>
>In addition Karla would like a single point of contact from each site that
>does not currently have the 4.0 tool kit and she will cut the necessary
>CD's and ship them to these institutions for use.
>
>Let me know if this helps you move this forward, and start the path to
>relationship repair.
>
>Thanks
>
>Brian Jackman
>970-491-9555
>Brian Jackman
>Manager, OEM Sales
>Pretty Good Privacy, Inc.
>(415) 524-6205
>
>My PGP public key can be found at:
>
========================================
Message 3
========================================
>From Scott Fullerton to Brian Jackman after the 2/26/98 subcommittee meeting.
Brian,
The members were encouraged by your efforts and are willing to work for the
kind of solution you have suggested. There was a desire stated by many to get
all the critical aspects in writing. There was also a request for
clarification on some points. I will list these. We need to have outstanding
issues nailed down by next week.
.
1) Please detail what support consists of. Specifically we are looking for
some level of confidence that there will be sufficient expertise available, and
that support includes the use of the 16- and 32-bit toolkit(s), Viacrypt PGP/BE
for Windows v4.0 and PGP for Windows V4.5.1
2) When can we expect media to become available to those still needing it?
Will this include the set of products mentioned above?
3) In your note you mention the price for the SDK as $130.50. Does this cover
access to the products listed above?
4) Are licenses transferable when upgrading to newer versions. That is, when
we upgrade to the SDK, can we transfer license at no cost? If not, what is the
upgrade cost?
5) Should support become unavailable before the end of the transition period,
we would like source code to be held in escrow.
6) Should it happen that licensing RSA no longer becomes an option (because of
the outcome of your negotiations with RSA DSI or for any other reason) we would
like to be notified in advance, to give us the option to purchase more.
.
Members were eager to have your participation next meeting. Again that is
Thursday, March 5 at 10a.m. central. The number to call is (800) 374-8567.
When asked for the name of the conference, answer "CommonLine Electronic
Exchange." If asked for the host name, replay "Scott Fullerton." We are
planning on your attending. Let me know if that will not work out.
.
We should talk soon. Thanks again, Brian, for your efforts.
Scott
Scott Fullerton
Chair CommonLine Electronic Exchange subcommittee
608.246.1779
sfullerton@glhec.org
=====================================
=====================================
=====================================