Educause Security Discussion mailing list archives
Policy / Cryptography advice needed.
From: James H Moore <jhmfa () RIT EDU>
Date: Mon, 1 Aug 2005 15:44:26 -0400
I need advice from cryptographer/policy makers on the list. This is my first draft. I am working on wording for our server standard. One thing to be aware of, from an RIT standpoint is that we have affiliations and partnerships overseas. So for some things, the connection in can have 40-bit encryption at best. For those things, I have said that proxying is acceptable. The language that I am starting with to describe "strong encryption" follows . strong encryption should be used, examples are RC4 at 128bits, 3DES, AES, or PGP 1024 bits (should this be 2048?). (What about Blowfish, TwoFish strengths?) . what is not acceptable 40-bit RC4 or DES, unless used on a proxy server as a gateway to international campuses, and then only for the individuals located in or with frequent travel to export controlled countries. Jim - - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) ""In the middle of difficulty lies opportunity." Albert Einstein "The release of new internet threats have not created a new problem. It has merely made more urgent the necessity of solving an existing one." Parallels quote by Albert Einstein on atomic energy _____ From: UGA InfoSec Group [mailto:infosec () UGA EDU] Sent: Saturday, July 30, 2005 8:41 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Do you remember? Sensitivity: Confidential Anyone remember the College and University Information Security Professional (CUISP) group? Is it still active? Which school or who is chairing? Anyone? UGA Office of Information Security "Old InfoSec paradigm is "Experience and React" -- the enlightened way/strategy is "Anticipate and Adjust" "
Attachment:
smime.p7s
Description:
Current thread:
- Policy / Cryptography advice needed. James H Moore (Aug 01)
- <Possible follow-ups>
- Re: Policy / Cryptography advice needed. Jeffrey I. Schiller (Aug 01)