[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CmnLn Elec Exch: 6/18/98, 6/25/98 Minutes
CommonLine Electronic Exchange subcommittee minutes for 06/18/98 and
6/25/98. Please respond to the EE listserve with any corrections or
additions.
Scott Fullerton*+ Great Lakes(Chair) sfullerton@glhec.org
Brian Wilson*+ Great Lakes bwilson@goliath.com
Karl Ebert SLMA 105502.3154@CompuServe.Com
John Falconer SLMA
Frank Hum SLMA franklin.r.hum.jr@slma.com
Libby Meeker SLMA Libby.Meeker@SLMA.com
Gary Thomas SLMA 70664.401@compuserve.com
Mike Nolan PHEAA mnolan@pheaa.org
Darwin Peiffer*+ PHEAA dpeiffer@pheaa.org
Chris Seiders*+ PHEAA cseiders@pheaa.org
Terry Zuch PHEAA tzuch@pheaa.org
John Hall PHEAA
Linda Laub PHEAA llaub@pheaa.org
Jeff Knass USA Group jknass@usagroup.com
Brian Allison+ USA Group BALLISON@usagroup.com
Ron Clark+ USA Group rclark@usagroup.com
Paul Logston USA Group plogston@usagroup.com
Mike Brannon USA Group MBrannon@usagroup.com
Matt Parrett*+ USA Group mparrett@usagroup.com
Paul Jansen USA Group pjansen@usagroup.com
Jon Kroehler USA Group
Ki Ha NELA kiha@nela.net
Gary Burleson TGSLC gary.burleson@tgslc.org
Kelly Klipple TGSLC kelly.klipple@tgslc.org
Will Thien TGSLC will.thien@tgslc.org
Dennis Alley*+ TGSLC dennis.alley@tgslc.org
Warren Sherard Edfund wsherard@edfund.org
Patrick Walters SLFC waltersp@slf.org
Gad Hazum Access ghazum@accessgrp.org
Ed McGowan ESF emcgowan@esfweb.com
Ruth Smith+ NYHESC rsmith@hesc.com
Kevin Malmberg NYHESC kmalmberg@hesc.com
Mike Schoeppler NYHESC mschoeppler@hesc.com
Jason Mantor*+ NYHESC
Betty Hansman ISAC bhansman@isc016r1.state.il.us
Mike Yip ISAC
Debbie Phillips ISAC dphillip@isc016r1.state.il.us
Fred Highsmith*+ Guarantec fhighsmith@guarantec.com
Tim Hearley*+ KHEAA thearley@kheaa.com
Mark Lifland Nellie Mae mark_lifland@nelliemae.com
Goeff Boisvert Nellie Mae geoff_boisvert@nelliemae.com
Doug McCaleb* Nellie Mae doug_mccaleb@nelliemae.org
Tom Jurado AFSA twjurado@aol.com
Bill Horn College Foundation whorn@cfi-nc.org
Dawn Harris College Foundation dharris@cfi-nc.org
* = present 6/18
+ = present 6/25
================
*SUMMARY*
Both the 6/18 and the 6/25 meetings addressed the following topics.
1) Update on NAI (Scott)
2) Evaluation Report (Brian Wilson and Evaluation Team)
3) Polling for tentative choice of encryption product based on known facts.
4) Discussion on CAM Support
=================
1) *NAI UPDATE (Scott)*
Scott spoke with Jen Gilberg of NAI, Brian Jackman's replacement,
about possibilities that may exist after the RSA DSI settlement to
either:
a) resume negotiation on the purchase of the 4.x toolkit using RSA
algorithm;
b) purchase the SDK with the RSA algorithm.
It turns out neither of these options is open to us. As part of the
settlement,NAI cannot use the RSA algorithm in developer tools,
although it can in end-user products.
Option c:
They can, however, sell us the SDK using Diffie-Hellman. Jen seemed
reluctantly willing to honor the overall agreement we had with Brian
although she strongly expressed her need to have some guarantees of
purchase. In other words, it may be much more of an uphill battle to
negotiate the terms and conditions than it was with Brian.
She claims the toolkit does not now nor soon will it have support for
any language than MS visual c++ and unix variants of c/c++. This is
contrary to information Ki obtained when attending a security seminar
conducted by NAI. I left a voice-mail message with the person Ki
mentioned, but received no response.
2) *EVALUATION REPORT ON AT&T (Brian Wilson and Evaluation Team)*
Toolkit
-Language support: VB and Delphi are supported as well as c/c++.
Although VB support has not yet been tested. KHEAA, NYHESC, USA
Group, and Guarantech will evaluate this before the 7/2 meeting.
The team will also enquire as to support for Powerbuilder.
-Message Compatibility between AT&T and other products using the same
algorithms: Keys cannot be exchanged between products, therefore there
is no such compatibility. This is not a requirement, so its absense
is not a show-stopper.
-Concurrency of functions: there was a question raised as to its
ability to handle variousl functions concurrently (e.g. key management
and encryption). This is not a problem. Applications developed with
the toolkit can handle concurrency
-Signature algorithm: Call the decrypt function, and it automatically
handles the signature authentication. (searching through keys to see
if which key signed it)
-Email support: fully MAPI compliant, can use Netscape or Eudora as
MAPI providers to send the encrypted message as email from the Secret
Agent product. (more detail available)
-Issues:
TGSLC found difficulties invoking the RSApk and DSApk save functions.
This could be a show-stopper. Brian will check with the vendor on
this and publish a response.
Due to the vagaries of the mail system for which we are defining
standards, Guarantec has not had a chance yet to evaluate.
3) *POLLING FOR TENTATIVE CHOICE GIVEN KNOWN FACTS*
In the 6/18 meeting, the group was asked to indicate whether NAI had
any claim to preference based on standards or prior relationship. The
team unanimously indicated there was no preference.
In the 6/25 meeting the team was presented with the choice of products
(NAI, RSA DSI, AT&T) given known facts and assuming the key save
functions issue would be resolved. This was a tentative non-binding
vote. The group voted unanimously for AT&T. Present were PHEAA, USA
Group, TGSLC, NYHESC, Guarantec, KHEAA, Great Lakes
4) *CAM Support*
Our group has been asked to consider providing support to the CAM
group. We would be providing them with standards for their file
transmissions as we have for CommonLine. I believe CAM stands for
Common Account Maintenance.
I found this description of the group from an 8/97 document:
"Account Maintenance is an event driven, transaction-based reporting
process for lenders, servicers and guaranty agencies that facilitates
the exchange of loan and borrower information in a standardized
electronic format. Account Maintenance supports all post-guarantee
reporting except claims and pre-claims, and inculdes a solution for
those currently unable to share in the benefits of automation.
"CAM transactions are neither generated by, nor supplied to schools;
their purpose is to support two-way communications between loan
holders and guarantors. All of the data elements needed by NSLDS are
included in the AMF process."
It seems that one characteristic of CAM files is the size. Quite
large files (6-8MB?) are typically sent.
In the 6/18 discussion, members expressed a tentative interest pending
approval from their respective companies. Some members expressed a
desire to use this as an opportunity to visit other transmission
methods to supplement the POP3 standard, ftp in particular.
In the 6/25 discussion, the group discussed the need (as underscored
by Jon Kroehler in a separate email) to ensure there is sufficient
energy and representation in the committee to take on more work.
Active participation and broad representation by a mix of people
providing both technical and higher-level perspectives is crucial for
the success of the undertaking. We should get commitment from CAM
members to participate if needed to make sure we have this necessary
level of engagement.
Scott's (my) time will remain limited for the next six to eight
months. I can continue as chair to provide coordination and
continuity. I will, however, need to have others in the group as
active participants willing to undertake portions of the work. This
will have to be resolved.
This support would have to follow after the outstanding work for
CommonLine was completed. The group expects this to be by August or
(more realisticly) September.
With these caveats noted, the group voted to support CAM unanimously
(USA Group, NYHESC, PHEAA, TGSLC, Guarantec, KHEAA, Great Lakes)
=================
*ELECTRONIC EXCHANGE LISTSERVE*
These minutes will go out via the Electronic Exchange listserve.
They can be viewed with a browser at the archive site
<http://lists.glhec.org/cl-elec-exch> (case sensitive). To subscribe
to the listserve, send a message to
cl-elec-exch-request@lists.glhec.org.
Put the word subscribe in the body of the message (You may make the
subject anything you want). To post to the listserve, send messages
to cl-elec-exch@lists.glhec.org (You must first have subscribed).
--------------------------------
NEXT SCHEDULED MEETING:
Thursday 7/2/98 10a.m. central time. The number to call is (800)
374-8567. When asked for the name of the conference, reply "CommonLine
Electronic Exchange." If asked for the host's name, reply "Scott
Fullerton."
------------
Agenda
1) EVALUATION We hope to have all outstanding technical issues
resolved, such that we can make a final choice.
2) Assuming we make a choice, we will need to go ahead with negotiation,
statements of intent etc.
3) To support this we will need to provide some legal expertise.
Open Issues
- Standard vs. Product - open issue (group)
------------------------------------------------------