[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CommonLine use of 4.0 toolkit: Draft to NAI Please reviewimmediately -Reply
Excellent job. I have no changes or additions that are necessary. If you
feel like it, you could throw in something like:
We have included our plans to utilize your encryption software in our
presentations at seminars and conferences attended by hundreds of
representatives from educational institutions during the past nine months.
It will be embarrassing for us, but more so for you, if we are forced to
retract those plans.
As far as I'm concerned, you can send it. Thanks,
Jon
>>> Scott Fullerton <sfullerton@glhec.org> 3/26/98 7:48 pm >>>
This is a letter to Rich Hornstein, NAI VP of legal. Please review. I would
like to send it by beginning of working day pacific time.
Scott
Mr. Hornstein
I am writing on behalf of the CommonLine Electronic Exchange
Subcommittee to
express my shock and dismay upon hearing you will possibly withdraw
your offer
to sell the 4.0 toolkit. This places us in a very bad position, as many
schools and guarantors have already done extensive work to release
products
using the RSA algorithm. Over the course of the winter during your
merger,
our dealings with PGP/NAI became very problematic due to poor internal
communication among NAI/PGP. This was bad enough. But now, after
we have
proceeded assiduously and in good faith toward final closure of a deal,
this
presents a much larger problem. You must understand, this is not only
costing
ten to twenty student loan guaranty agencies as much as six months of
development time. At this late date, it jeopardizes student loan
processing
nationwide. We are hoping, therefore, the information we received that
you have
withdrawn this offer is unfounded, or if it is true, that the decision can be
revisited and reversed.
Should this be true, we would be left with meager options, as we move
toward
the summer when a very high volume of applications come in for fall
semester
loans. CompuServe/AOL wants to move its users from their proprietary
mail
system and do not at this point guaranty continued service on that
system. We
set up procedures in a timely fashion to migrate users to POP3 and
included
specifications therein for encryption and authentication through the use
of
PGP. We have delayed our migration first because of members' inability
to
negotiate contracts with your representatives over the course of
January and
February, and now because we are attempting to complete the purchase
on the
offer that was extended to us. Should you withdraw the offer, we
would be left
with very high exposure to disruption of service.
In our use of PGP, we need an algorithm that allows compatibility across
our
entire group of colleges, lenders, and guarantors. Mutual compatibility is
essential because of the many-to-many nature of the communications.
RSA and
Diffie-Hellman are mutually incompatible, however, and you have not
provided
the necessary "bridge" technology. The most recent release of the
development
toolset (the SDK) does not support RSA, only Diffie-Hellman, and
Diffie-Hellman
is not available for 16-bit end-use or development. Our options are
determined
by the lowest common denominator. Since many SBS products are still
16-bit
Windows, our entire network must settle on an algorithm that is available
to
that platform and compatible with the rest.
By waiting until now to inform us, you have left us in a vulnerable
position,
as we are running out of time. After the problems experienced directly
following the merger, we were prepared to look elsewhere for
encryption
technology when there was still sufficient time to do so. But, because of
the
very attractive offer extended by Brian Jackman, we chose to stay with
NAI.
The offer included software and licensing for the toolkit and the
corresponding end-user software along with technical support of
sufficient
duration to allow a transition to 32-bit Windows after the peak
processing
period. Now, having waited this long, we have run out of effective
alternatives. We cannot count on the continued availability of the existing
proprietary CompuServe system.
CommonLine is a standards-setting body under the auspices of National
Council
of Higher Education Loan Programs (NCHELP www.nchelp.org). Its
members include
guaranty agencies, secondary markets, lenders, servicers, collection
agencies,
schools, and other organizations involved in the administration of the
Federal
Family Education Loan Program. Members include USA Group, Edfund,
SLMA,
Nellie Mae, AFSA, The Access Group, TGSLC, PHEAA, Great Lakes,
NYHESC,
Citibank Student Loan Corp, Signet Bank, Penn State, US Bank, Bank
One, UC
Berkeley to name but a few.
Should we use PGP software as we had planned, NAI would enjoy high
visibility
as part of a national standard in an attractive market niche intersecting
higher education, finance, and the Department of Education. This would
be
widely publicized and provide ready entree into lending institutions and
the
administrative branch of colleges and universities. Should we be denied
its
use, we would need to explain our situation in terms of our negative
experiences with NAI this winter and spring. This is something I am
sure you
would not want associated with your company.
I hope we can continue with the offer as Brian framed it to us in
February. We
have been awaiting resolution from NAI on the specifics of tech support
and
licensing. On our side, we have been pursuing negotiations very
aggressively.
Our team met with Dave Tauber (of NAI legal) and Brian Jackman on
Friday 3/20
to develop a common OEM agreement that all agencies could agree to.
We have
been working hard to craft this document. In fact Dave sent me material
for
this today after we heard about the withdrawal! We have circulated a
letter of
intent form for all participating lenders, guarantors, and schools to fill out
to specify the purchases they will make when the license terms are
complete.
Please review the issues and respond immediately.
Scott Fullerton
Chair CommonLine Electronic Exchange Subcommittee
608.246.1779
sfullerton@glhec.org