Hello all,

 

I’ve been looking into FIPS but couldn’t help falling over the Squeak Pluggin for OpenSSL and Stunnel. https://lists.wisc.edu/read/messages?id=181840

 

https://lists.wisc.edu/read/messages?id=183375

 

  I haven’t tried them yet but was wondering if anyone else has.  Does it make sense to move forward with our own FIPS certification, or would it make sense to tightly integrate both openSSL and Stunnel into squeak instead?

 

Does anyone have any thoughts about the benefits and drawbacks of having the cryptographic code be an external black box?  Are there greater benefits to our having implemented our own code, for education and flexibility …  ?  Personally I would prefer having the code be in squeak, but I thought the question worth asking.  Should we do both?

 

Thoughts?

 

Ron Teitelbaum

Squeak Cryptography Team Leader