[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CommonLine purchase of 4.0 Toolkit: Final draft

To: "cl-elec-exch@lists. glhec. org (E-mail)" <cl-elec-exch@lists.glhec.org>
Subject: CommonLine purchase of 4.0 Toolkit: Final draft
From: Scott Fullerton <sfullerton@glhec.org>
Date: Fri, 27 Mar 1998 09:14:30 -0600
Sender: owner-cl-elec-exch@lists.glhec.org

This went out to Rich Hornstein NAI VP of Legal and Jeff Platon NAI VP of 
marketing at 9:10 central

Mr. Hornstein and Mr. Platon:

I am writing on behalf of the CommonLine Electronic Exchange Subcommittee to 
express my shock and dismay upon hearing you may withdraw the offer to sell the 
PGP/Viacrypt 4.0 toolkit.  This places us in a very bad position, as many 
schools and guarantors have already done extensive work to release products 
using the RSA algorithm.   Over the course of the winter during your merger, 
our dealings with PGP/NAI became very problematic due to poor internal 
communication among NAI/PGP.  This was bad enough.  But now, after we have 
proceeded assiduously and in good faith for another one and a half months 
toward final closure of a deal, this presents a much larger problem.  You must 
understand, this is not only costing ten to twenty student loan guaranty 
agencies as much as six months of development time.  At this late date, it 
jeopardizes student loan processing nationwide. We are hoping, therefore, the 
information we received -- that you have withdrawn this offer -- is unfounded, 
or if it is true, that the decision can be revisited and reversed.

Should it be true, we would be left with meager options, as we move toward the 
summer, a time when colleges are at their busiest processing applications for 
fall semester loans.  CompuServe/AOL wants to move its users from their 
proprietary mail system and do not at this point guarantee continued service on 
that system. We set up procedures in a timely fashion to migrate users to POP3 
and included specifications therein for encryption and authentication through 
the use of PGP.  We have delayed our migration first because of members' 
inability to negotiate contracts with your representatives over the course of 
January and February, and now because we are attempting to complete the 
purchase on the offer that was extended to us.  To retract that offer now would 
leave us with very high exposure to disruption of service to colleges and 
students across the country.

By waiting until now to inform us, you have left us in a vulnerable position, 
as we are running out of time.  After the problems experienced following the 
merger, we were prepared to look elsewhere for encryption technology when there 
was still sufficient time to do so.  But, because of the very attractive offer 
extended by Brian Jackman, we chose to stay with NAI.  The offer included 
software and licensing for the toolkit and the corresponding end-user software 
along with technical support of sufficient duration to allow a transition to 
32-bit Windows after the peak processing period.   Now, having waited this 
long, we have run out of effective alternatives.  We cannot count on the 
continued availability of the existing proprietary CompuServe system.

The offer Brian made was attractive to us, because it provided us with 
RSA-based software for end-use AND development.  We need RSA, because it is the 
only algorithm that allows compatibility across our entire group of colleges, 
lenders, and guarantors.  Mutual compatibility is essential because of the 
many-to-many nature of the communications.   RSA and Diffie-Hellman are 
mutually incompatible, and you have not provided the necessary "bridge" 
technology.   The most recent release of the development toolset (the SDK) does 
not support RSA, only Diffie-Hellman, and Diffie-Hellman is not available for 
16-bit end-use or development. Our options are determined by the lowest common 
denominator.   Since many SBS products are still 16-bit Windows, our entire 
network must settle on an algorithm that is available to that platform and 
compatible with the rest.

We have been working hard to complete the arrangements Brian proposed, but 
there have been delays in the entire process largely caused by delays obtaining 
information from NAI staff.  For example, we have been attempting for three 
weeks to learn the specifics of technical support, one of the conditions of the 
agreement. Often calls were not answered. Essential points have yet to be 
answered.  There have also been delays also in setting up the licensing terms. 
 It took us until March 16 to get sample documents we could use as a basis for 
negotiation.   Our team met with Dave Tauber (of NAI legal) and Brian Jackman 
on March 20 to set up a common agreement for all CommonLine members.  Since 
then, we have been working hard to craft terms that would be acceptable to both 
sides.  (Interestingly, Dave Tauber sent me more information to further our 
joint effort AFTER we heard the offer was possibly withdrawn!).  While working 
through issues of support and licensing, we have proceeded to get participation 
from our members.   We kept them apprised of developments, and when, because of 
these delays, it looked as if we may not make the March 31 deadline, we 
circulated a "letter of intent" form,  which they are now using to inform NAI 
of quantities to purchases when the license terms are completed.

CommonLine is a standards-setting body under the auspices of National Council 
of Higher Education Loan Programs (NCHELP www.nchelp.org).  Its members consist 
of guaranty agencies, secondary markets, lenders, servicers, collection 
agencies, schools, and other organizations involved in the administration of 
the Federal Family Education Loan Program.    Examples include USA Group, 
Edfund, SLMA, Nellie Mae, AFSA,  The Access Group, TGSLC, PHEAA, Great Lakes, 
NYHESC, Citibank Student Loan Corp, Signet Bank, Penn State, US Bank, Bank One, 
UC Berkeley to name but a few.  Some of the agencies develop software they 
freely give to school financial aid offices.  The rest in the group are 
end-users or develop for their own in-house use.

Should CommonLine use PGP software as we had planned, NAI would enjoy high 
visibility as part of a national standard in an attractive market niche 
intersecting higher education, finance, and the Department of Education.   This 
would be widely publicized and provide ready entree into lending institutions 
and the administrative branch of colleges and universities.  We have included 
plans to utilize your encryption software in our presentations at seminars and 
conferences attended by hundreds of representatives from educational 
institutions during the past nine months.  It will be embarrassing for us, but 
more so for you, if we are forced to retract those plans.

Please review the issues and respond immediately.

Scott Fullerton
Chair CommonLine Electronic Exchange Subcommittee
608.246.1779
sfullerton@glhec.org
Prev by Date: CommonLine use of 4.0 toolkit: Draft to NAI Please reviewimmediately -Reply
Next by Date: Choose your poison
Prev by thread: CommonLine use of 4.0 toolkit: Draft to NAI Please reviewimmediately -Reply
Next by thread: Choose your poison
Index(es):
- Date
- Thread