Educause Security Discussion mailing list archives

Re: Poll: Encrypted Authentication

From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Mon, 16 Apr 2007 18:31:58 -0600

The University of Colorado at Boulder has been requiring encrypted
authentication for central services since Jan 2003 (wow, has it been
more than four years already?).  

Flipping the switch takes a lot of communications, testing,
documentation, etc, and we postponed our initial deadline, but it's
great to have had it in place for the past few years.  

Given the current state of clients, making the move should be easier now
then it was in early 2003.  Having to do client software upgrades should
be very rare now.  

You can see some of our end-user documentation here:
http://www.colorado.edu/its/security/encauth/  It's from 2003, so it
doesn't include newer clients.  Using encryption has been integrated
into our general setup documents for all of our e-mail clients (current
docs here: http://www.colorado.edu/its/docs/email/culink/programs/) and
the older pages were just for the conversion.  

This policy mentions encrypted authentication in item 7 -
http://www.colorado.edu/its/docs/policies/accesspolicy.html

Brad Judy

IT Security Office
Information Technology Services
University of Colorado at Boulder

-----Original Message-----
From: Christopher Penido [mailto:chris.penido () NYU EDU] 
Sent: Monday, April 16, 2007 2:18 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Poll: Encrypted Authentication

Hi everyone,

In preparation for some potential policy development, we 
would like to take an informal poll.

Whose institutions require clients to use encrypted protocols 
for applications which rely on central authentication (i.e., 
POP/IMAP over SSL, SSH, SSL for web page authentication)?

Where possible, please include links to your University's 
related policies.

Thank you,
Christopher Penido

===================================
Christopher Penido
Network Security Analyst
NYU  \ ITS Technology Security Services  \  security () nyu edu 
chris.penido () nyu edu
-----------------------------------------------
Home  @   http://security.nyu.edu
Alerts   @   http://security.nyu.edu/alerts
News   @   http://security.nyu.edu/news
===================================

Current thread:

Poll: Encrypted Authentication Christopher Penido (Apr 16)
- <Possible follow-ups>
- Re: Poll: Encrypted Authentication Joel Rosenblatt (Apr 16)
- Re: Poll: Encrypted Authentication Michael Sinatra (Apr 16)
- Re: Poll: Encrypted Authentication Richard Gambrell (Apr 16)
- Re: Poll: Encrypted Authentication Brad Judy (Apr 16)
- Re: Poll: Encrypted Authentication Conor McGrath (Apr 16)
- Re: Poll: Encrypted Authentication Matthew Gracie (Apr 17)