Secure Svcs Mtg Minutes
Monday, January 22, 2000
Attendees: brad, nathan, lori, donn, harold, juan, aaron, eliot, 
           rick, davidw, oren, ron, mark, ryan

Announcements:

- new mandate: shutoff insecure svcs the end of Spring quarter (June 13th)
- web site: http://depts.washington.edu/cac/project/securesvcs/
- we will begin meeting on a weekly basis

Notes:

- brad is going to email Ron J re: what we can accomplish by June 13th.
  if you have any svcs that cannot be secured by then, contact brad
  immediately

- donn: although we may not support them, email clients that use kerberos
  do exist

- donn: no need to build a new imapd to turn off clear text auths for imap

- oren: we should be able to meet the Feb 12th goal of having the 
  documentation done; how-to instructions can be created before we
  come up with documentation that covers our recommended solutions

- ryan: can we build a lightbulb imapd that will tell insecure folks
  what they should do?
  donn: seems like it might be doable
  
- bob: do we have any experience with kerberos-only imapd and do we know
  what clients do with it?

- *to do* [Rick, Ron, Oren] use the period between Feb 12th and the March
  support mtg to do a quick pilot test within the College of Arts &
  Sciences. it may reveal holes in the documentation, hardware issues, etc.

- oren: many opportunities here: to communicate with tech support staff,
  to present our documentation to tech support staff, to test it on
  actual users, to get feedback on potential announcement texts

- mark: when will ssh2d's be available on all systems?
  eliot: we have test, vanilla server up; can accelerate this
  harold: ssh2d on keynes by March 11th

- oren: we need to look at different solutions for different communities
  of FTP users: web publishing; general file access; a-series; email
  attachments

- brad: it doesn't look like we'll be able to do FTP by June 13th; this
  will be communicated to Ron

- oren: we should still set a date in the future for securing FTP

- *to do* before first general announcement (March?) we must pick
  a date to shutoff insecure FTP