Educause Security Discussion mailing list archives
Re: Poll: Encrypted Authentication
From: Conor McGrath <conormc () UCHICAGO EDU>
Date: Mon, 16 Apr 2007 23:22:50 -0500
On Mon, Apr 16, 2007 at 04:17:53PM -0400 Christopher Penido said:
Hi everyone, In preparation for some potential policy development, we would like to take an informal poll. Whose institutions require clients to use encrypted protocols for applications which rely on central authentication (i.e., POP/IMAP over SSL, SSH, SSL for web page authentication)? Where possible, please include links to your University's related policies.
Our policy states that "servers that perform a substantial volume of authentications (such as email or ftp servers, and many Web-based applications) must prevent transmission of passwords in the clear over the data network." We don't specify "central authentication" as many departments use their own auth mechanisms without relying on our central LDAP service. This policy has been in place since September of 2004. You can read the full policy at: <http://nsit.uchicago.edu/dno/policies/infrastructure/> -Conor -- Conor McGrath Phone: (773)702-7611 Manager for Network Security Fax: (773)834-8444 Network Security Center, The University of Chicago NetSec: (773)702-2378 PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
Current thread:
- Poll: Encrypted Authentication Christopher Penido (Apr 16)
- <Possible follow-ups>
- Re: Poll: Encrypted Authentication Joel Rosenblatt (Apr 16)
- Re: Poll: Encrypted Authentication Michael Sinatra (Apr 16)
- Re: Poll: Encrypted Authentication Richard Gambrell (Apr 16)
- Re: Poll: Encrypted Authentication Brad Judy (Apr 16)
- Re: Poll: Encrypted Authentication Conor McGrath (Apr 16)
- Re: Poll: Encrypted Authentication Matthew Gracie (Apr 17)