CmnLn Elec Exch: 7/23/98 Minutes

[sfullerton@glhec.org]

     CommonLine Electronic Exchange subcommittee minutes for 07/23/98 . 
     Please respond to the EE listserve with any corrections or additions.
     
     Scott Fullerton*  Great Lakes(Chair)    sfullerton@glhec.org 
     Brian Wilson*     Great Lakes    bwilson@goliath.com
     Karl Ebert        SLMA           105502.3154@CompuServe.Com 
     John Falconer     SLMA
     Frank Hum         SLMA           franklin.r.hum.jr@slma.com 
     Libby Meeker      SLMA           Libby.Meeker@SLMA.com
     Gary Thomas       SLMA           70664.401@compuserve.com 
     Mike Nolan        PHEAA          mnolan@pheaa.org
     Darwin Peiffer*   PHEAA          dpeiffer@pheaa.org 
     Chris Seiders*    PHEAA          cseiders@pheaa.org 
     Terry Zuch        PHEAA          tzuch@pheaa.org 
     John Hall         PHEAA
     Jeff Knass        USA Group      jknass@usagroup.com 
     Brian Allison     USA Group      BALLISON@usagroup.com 
     Ron Clark         USA Group      rclark@usagroup.com 
     Paul Logston      USA Group      plogston@usagroup.com 
     Mike Brannon*     USA Group      MBrannon@usagroup.com 
     Matt Parrett*     USA Group      mparrett@usagroup.com 
     Paul Jansen       USA Group      pjansen@usagroup.com 
     Jon Kroehler      USA Group
     Ki Ha             NELA           kiha@nela.net
     Gary Burleson     TGSLC          gary.burleson@tgslc.org 
     Kelly Klipple     TGSLC          kelly.klipple@tgslc.org 
     Will Thien        TGSLC          will.thien@tgslc.org 
     Dennis Alley*     TGSLC          dennis.alley@tgslc.org 
     Warren Sherard    Edfund         wsherard@edfund.org 
     Patrick Walters   SLFC           waltersp@slf.org
     Gad Hazum         Access         ghazum@accessgrp.org 
     Ed McGowan        ESF            emcgowan@esfweb.com 
     Matt Downey*      NYHESC
     Kevin Malmberg    NYHESC         kmalmberg@hesc.com 
     Mike Schoeppler   NYHESC         mschoeppler@hesc.com 
     Jason Mantor      NYHESC
     Betty Hansman     ISAC           bhansman@isc016r1.state.il.us 
     Mike Yip          ISAC
     Deb Phillips*     ISAC           dphillip@isc016r1.state.il.us 
     Fred Highsmith*   Guarantec      fhighsmith@guarantec.com
     Tim Hearley       KHEAA          thearley@kheaa.com
     Doug McCaleb      Nellie Mae     doug_mccaleb@nelliemae.org 
     Tom Jurado        AFSA           twjurado@aol.com
     Bill Horn         College Foundation whorn@cfi-nc.org 
     Dawn Harris       College Foundation dharris@cfi-nc.org 
     * = present
     
     ================
     *SUMMARY*
     
     1) Encryption software purchase process
     2) Key update procedures
     3) Other items to modify in the addendum
     
     
     =================
     1)        *Encryption Software Purchase Process* 
     Scott is awaiting license terms and maintenance agreement from Ed 
     Grace.   In yet another aspect of this relationship with AT&T, the 
     license terms hurdle may be much more straightforward than with NAI.  
     Ed Grace of AT&T is expecting to use a standard shrink-wrap license 
     agreement, which may make acceptance by our various corporations much 
     simpler.
     
     Scott will draft a letter of intent.
     
     A letter to members must be circulated to announce the decision and to 
     request they hold off contacting AT&T directly until processes are in 
     place.
     
     Ed Grace has requested members of the evaluation team return any media 
     and documentation that AT&T provided to support the evaluation 
     process.
     
     
     2)         *Key Update Procedures*
     In a brainstorming session, alternatives to verification via phone 
     call were considered.  
     a) Embedding key in a dongle (hardware lock) or putting private key on 
     a CD thereby creating a protection disk.
     This would possibly obviate the need for key updates as long as this 
     ensured the key was thereby secure against copying.  This generated 
     much discussion and many concerns.  Specific questions that arose:
     -  Would it limit the use to a single PC? Could it go on a server?
     -  Would this be supported by the vendor?
     -  Would this in fact protect against taking the private key?
     Dennis Alley will research this further.
     b Using a certificate authority for key updates.
     Chris Seiders will look into this.
        
     3)         *Other Items to Modify in the Addendum*
     In the initial review, the team saw no need to change anything else in 
     the addendum except the references to PGP and NAI.
     
     
     =================
     *ELECTRONIC EXCHANGE LISTSERVE*
     These minutes will go out via the Electronic Exchange listserve.  They 
     can be viewed with a browser at the archive site 
     <http://lists.glhec.org/cl-elec-exch> (case sensitive).  To subscribe 
     to the listserve, send a message to 
     cl-elec-exch-request@lists.glhec.org.  
     Put the word subscribe in the body of the message (You may make the 
     subject anything you want).  To post to the listserve, send messages 
     to cl-elec-exch@lists.glhec.org (You must first have subscribed). 
     -------------------------------- 
     NEXT SCHEDULED MEETING:
     Thursday 7/30/98 10a.m. central time.  The number to call is (800) 
     374-8567. When asked for the name of the conference, reply "CommonLine 
     Electronic Exchange."   If asked for the host's name, reply "Scott 
     Fullerton." 
     ------------
     Agenda
     PLEASE REVIEW ADDENDUM
     1) Key update procedures
     2) Other items to modify in the addendum      
     
     ------------------------------------------------------