Secure Services Mtg Notes
July 23rd, 2001
Attendees: Rick, Heidi, Lori, Sid, Brad, Nathan, Donn, Mark, Ryan

Decisions: 

- on Nov 7th, 2001, disable unsecure FTP services 

- on Aug 29th, 2001, announce campus wide

Action Items:

- get C&C Director sign-off on Nov 7th cutover [Brad]

Notes:

- Ryan is working on a license for ssh.com v3 stuff.
  the version tested w/o the license didn't work properly.
  [note: it does't look like he'll get it in time for Autumn
  UWICK, given that ssh.com is thin on staff due to mass vacations.]

- Aug 1st deadline for Autumn UWICK is fast approaching

- homer02 supports the ftpd w/ eviscerated channel bindings 
  
- someone (security@cac?) needs to decide if this change should
  be adopted throughout C&C ftpd's and recommended to departments

- donn plans to write the MIT people to see what they think about
  the NAT problems, his mods to ftpd, etc. [note: he's already
  reported some of this to securesvcs@u]

- over on the Unisys systems, they're laboring with what's available
  to implement kerberized ftp, either as client or server. they also
  need to ensure that the user identity is carried between sides

- heidi raised the issue of file transfer to/from vitcos and quipu
  and "what to tell users".  vitcos should be able to support the 
  usual AIX stuff, ssh and kerberized ftp. quipu won't support
  ssh, so we need to document solutions, like connecting thru an
  intermediate host (e.g. red or homer) and using kinit there 
  before going to quipu. 

- donn noted that the default ftp on the UA systems is not
  the kerberized ftp

Other:

- donn brought up other file transfer methodologies that we might
  also employ:
    . AFS
    . "coda" distributed file system
    . Unison
    
Next Mtg:

- develop/refine task list for moving forward to Nov 7th