Educause Security Discussion mailing list archives

Re: VPN/ssh and foreign travel

From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Wed, 19 Nov 2008 12:49:04 -0600

Let me clarify this:
Cryptography is ALWAYS export controlled in the USA, but under the
"tools of trade" and "personal use" categories they may be taken out of
the country for up to 1 year. 
See  http://www.bis.doc.gov/encryption/lechart1.htm for guidance.

I wouldn't consider anything but encrypted communications for most
situations. Note that it is illegal in certain countries to use
encrypted communications. In that case you may be forced to use a less
secure means with an associated reduction in access allowed to your
campus assets. 

Ken.

Ken Rowe
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Wednesday, November 19, 2008 11:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] VPN/ssh and foreign travel

There shouldn't be an export control issue if you're talking about
employees 
travelling to another country with encryption software installed on
their 
notebook.  These travelers are presumably keeping the computer in their
own 
possession and bringing it back with them, in which case nothing was 
exported.

Now, if they are travelling to a more heavily restricted country like
North 
Korea, you might have different issues.

Many campuses (including my former one) have been requiring encrypted 
authentication to campus systems for years.

Brad Judy

----- Original Message ----- 
From: "jeff murphy" <jcmurphy () BUFFALO EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Wednesday, November 19, 2008 12:20 PM
Subject: [SECURITY] VPN/ssh and foreign travel

We're trying to eliminate use of cleartext password transmission for 
access to university systems. One point of discussion involves dealing

with US export controls. What I'd like to hear from you (sec@educ) is 
your thoughts on whether it's practical to require encrypted access

given

the export issue?

Thx

Jeff

Current thread:

VPN/ssh and foreign travel jeff murphy (Nov 19)
- <Possible follow-ups>
- Re: VPN/ssh and foreign travel Brad Judy (Nov 19)
- Re: VPN/ssh and foreign travel Gary Dobbins (Nov 19)
- Re: VPN/ssh and foreign travel Josh Drummond (Nov 19)
- Re: VPN/ssh and foreign travel Gary Flynn (Nov 19)
- Re: VPN/ssh and foreign travel Rowe, Ken (Nov 19)
- Re: VPN/ssh and foreign travel Brad Judy (Nov 19)