Hello all,
I’ve been looking into FIPS
but couldn’t help falling over the Squeak Pluggin for OpenSSL and
Stunnel. https://lists.wisc.edu/read/messages?id=181840
https://lists.wisc.edu/read/messages?id=183375
I haven’t tried them yet but was wondering
if anyone else has. Does it make sense to move forward with our own FIPS
certification, or would it make sense to tightly integrate both openSSL and
Stunnel into squeak instead?
Does anyone have any thoughts about the benefits and
drawbacks of having the cryptographic code be an external black box? Are
there greater benefits to our having implemented our own code, for education
and flexibility … ? Personally I would prefer having the code
be in squeak, but I thought the question worth asking. Should we do both?
Thoughts?
Ron Teitelbaum
Squeak Cryptography Team Leader