AD-Assurance Notes from June 7
Eric Goodman, UCOP
Lee Amenya, UCSD
Mark Rank, UCSF
Erik Coleman, U of IL
Ron Thielen, U of Chicago
David Walker, Internet2/InCommon
Jeff Capehart, UFL
Michael Brogan, UW
Ann West, Internet2/InCommon
Next Call
June 14 at Noon ET
+1-734-615-7474 PREFERRED
+1-866-411-0013
0195240#
Agenda:
Last call for changes to Cookbook before Community Review. Update on Microsoft discussion.
Action Items
New Action Items
- Eric G to update BitLocker section.
- Last call for changes before community review due Thursday June 13 for discussion on our June 14 call.
- Ron will talk to UChicago operations to find out if there are undue hardships with using BitLocker.
- Ron will send AAC AM communication draft to the AD group.
Notes
Updates
Cookbook
Eric G contacted Nick and asked him to review the Cookbook. Nick had several comments, the most notable being the observation that one should use EFS in conjunction with BitLocker because BitLocker unecrypts the volume at mount time.
[AI] Eric will recast the rationale for the use of BitLocker.
Ron found that BitLocker on Windows 7 decrypt sectors when they're read. The source document didn't mention 2008, however. If we confirm that BitLocker decrypts when read across the target platforms, then we're addressing the requirements. [AI] Ron will talk to UChicago operations to find out if there are undue hardships with using BitLocker.
[AI] Last call for changes before community review due Thursday June 13 for discussion on our June 14 call.
Implementers call - Eric G
Eric provided an update about the AD Assurance work on this month's Assurance Implementers call.
Comments on the call were:
- What elements of the AD Cookbook would apply to MIT Kerberos? What guidance can folks take and apply directly?
- SHA-1 is only Approved Algorithm by the end of 2013 for TLS.
Monitor and Mitigate Endorsement
[AI] Ron will draft communication to AAC and send to the AD group.