Educause Security Discussion mailing list archives

Re: Poll: Encrypted Authentication

From: Conor McGrath <conormc () UCHICAGO EDU>
Date: Mon, 16 Apr 2007 23:22:50 -0500

On Mon, Apr 16, 2007 at 04:17:53PM -0400 Christopher Penido said:

Hi everyone,

In preparation for some potential policy development, we would like
to take an informal poll.

Whose institutions require clients to use encrypted protocols for
applications which rely on central authentication (i.e., POP/IMAP
over SSL, SSH, SSL for web page authentication)?

Where possible, please include links to your University's related
policies.


Our policy states that "servers that perform a substantial volume
of authentications (such as email or ftp servers, and many Web-based
applications) must prevent transmission of passwords in the clear over
the data network."  We don't specify "central authentication" as many
departments use their own auth mechanisms without relying on our central
LDAP service.

This policy has been in place since September of 2004.  You can read
the full policy at:

<http://nsit.uchicago.edu/dno/policies/infrastructure/>

-Conor

--
Conor McGrath                                           Phone: (773)702-7611
Manager for Network Security                            Fax: (773)834-8444
Network Security Center, The University of Chicago      NetSec: (773)702-2378
PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml

Current thread:

Poll: Encrypted Authentication Christopher Penido (Apr 16)
- <Possible follow-ups>
- Re: Poll: Encrypted Authentication Joel Rosenblatt (Apr 16)
- Re: Poll: Encrypted Authentication Michael Sinatra (Apr 16)
- Re: Poll: Encrypted Authentication Richard Gambrell (Apr 16)
- Re: Poll: Encrypted Authentication Brad Judy (Apr 16)
- Re: Poll: Encrypted Authentication Conor McGrath (Apr 16)
- Re: Poll: Encrypted Authentication Matthew Gracie (Apr 17)