RE: [Cryptography Team] Welcome New Members and Update - Cryptography

11 Oct 2006


      Hi Krishna,
If you are still interested in joining the group, I thought I'd remind you to introduce yourself to the team: cryptography@lists.squeakfoundation.org
Thank you for your interest, I'm looking forward to working with you!
Ron Teitelbaum
...
-----Original Message-----
From: Krishna Sankar [mailto:ksankar@doubleclix.net]
Sent: Monday, October 09, 2006 4:28 PM
To: Ron@USMedRec.com
Subject: RE: [Cryptography Team] Welcome New Members and Update
Thanks. Some answers.
...
What brings you to Smalltalk in general?  What is your
experience with the language?
<KS>
   I got introduced to Squeak thru the OLPC effort. Have been thinking
about designing a program to introduce Chamber Music to kids. I also have
been studying the various aspects of OLPC, mesh networking et al.
I am new to Smalltalk. Have worked on languages from FORTRAN to
Pascal to Ada to COBOL to Java. Have been looking for an opportunity to
work on Smalltalk (without a goal usually the work would be peripheral)...
May be this is one, may be not.
</KS>
> What made you want to join the team, what are you looking to
> get out of your participation?
>
<KS>
   This is an interesting problem - from implementation thru
certification - especially in the security domain; experience in open
source work, programming (I like to program stuff, sometimes get too much
into the .ppt land ;o(), exploring nuances of cryptography, experience in
Smalltalk and finally contribution to OLPC.
</KS>
> Your background in government standards and background in
> cryptography would certainly qualify you to organize our
> efforts.  I look forward to discussing it with you and other
> members of the team.  Could you give me some more info on you
> background?  I would be interested in reading your stuff, can
> you point me to your work?
>
<KS>
Here is a quick list of security related stuff. Pl let me know if this is
enough.
My background is in interpreting and developing software as per government
standards like MIL-STD-1521/1520, MIL-STD-490/498/499 and DoD-STD-
2167A/2168. Also was involved reviewing network related documents.
I am the lead author of the Cisco Press WLAN Security book -
http://www.ciscopress.com/authors/bio.asp?a=9ed11cfa-9067-4205-8110-
76358f317825&rl=1
When java was new, I had been part of a few Java Books - now they all look
very old and trivial ;o( In my book Java 1.2 Class Libraries Unleashed, I
had covered the cryptography as well.
I also have been involved with the NIST/Internet2 PKI workshop -
http://middleware.internet2.edu/pki04/
I also was part of Web Services standards like SAML et al.
Also have been doing security stuff as a part of my work for sometime.
</KS>
Cheers
<k/>
> -----Original Message-----
> From: Ron Teitelbaum [mailto:Ron@USMedRec.com]
> Sent: Monday, October 09, 2006 11:00 AM
> To: 'Krishna Sankar'
> Subject: RE: [Cryptography Team] Welcome New Members and Update
>
> Krishna,
>
> Thank you for volunteering, I will be very happy to help you
> in any way I can.  I have some questions for you.
>
> What brings you to Smalltalk in general?  What is your
> experience with the language?
>
> What made you want to join the team, what are you looking to
> get out of your participation?
>
> Your background in government standards and background in
> cryptography would certainly qualify you to organize our
> efforts.  I look forward to discussing it with you and other
> members of the team.  Could you give me some more info on you
> background?  I would be interested in reading your stuff, can
> you point me to your work?
>
> As for the slang code in squeak for SHA256: There are already
> plug-in written for SHA1, which can serve as a working
> prototype of the things that could be done for SHA256.  I
> wrote the SHA256 Smalltalk code and I used the SHA1
> implementation as a guide.  The similarity should definitely
> make writing the plug-in much easier.  You would need to load
> the VMMaker to get the SHA1 code.  Are you familiar with the
> VMMaker or slang?
>
> I look forward to working with you!
>
> Ron
>
>
> > From: Krishna Sankar
> > Sent: Monday, October 09, 2006 1:21 PM
> >
> > Ron,
> >
> > 	Thanks for the e-mail. Even though this is a personal
> e-mail to you,
> > I will send an intro to the list.
> >
> > 	I would be happy to work on the Cryptography Security
> Validation
> > effort. While I do not have background on Common Criteria,
> I am well
> > versed with most of the cryptography aspects (I also have
> written on
> > WLAN security as well as Java Security plus have been involved with
> > PKI NIST workshop et al) I also have background on Govt standards.
> > Would this be sufficient to participate, may be even as a sub-lead ?
> >
> > 	May be it is a good idea to start with the SHA256
> plug-in. Would
> > appreciate your thoughts on the efforts and guidance, as this is my
> > first foray into Squeak.
> >
> > Cheers
> > <k/>
> > > -----Original Message-----
> > > From: cryptography-bounces@lists.squeakfoundation.org
> > > [mailto:cryptography-bounces@lists.squeakfoundation.org]
> On Behalf
> > > Of Ron Teitelbaum
> > > Sent: Monday, October 09, 2006 9:26 AM
> > > To: 'Cryptography Team Development List'
> > > Subject: [Cryptography Team] Welcome New Members and Update
> > >
> > > All,
> > >
> > > We have a few new members.  I would like to welcome you
> to the list
> > > and invite you to introduce yourselves to the list if you feel so
> > > inclined and please let us know what your interests in
> cryptography
> > > are, and what you hope to get from this group.
> > >
> > > We have discussed previously that we might want to build
> Slang plug
> > > in representations of some of our cryptographic primitives to
> > > improve performance.  There appears to be support for including
> > > those primitives internally in the base VM for the different
> > > platforms, I would like to take advantage of this
> opportunity.  If
> > > anyone has a plug in they would like to have included in the VM
> > > maker and then in new VM Builds please submit it to this list for
> > > review.  (Rob could you enter a mantis bug requesting that we
> > > include the DES plug in with future builds of VM’s?).  We
> need the
> > > SHA256 plug in written (I have not had time to do it ☹,
> but I will
> > > get to it if nobody volunteers).  Are there suggestions for other
> > > plug ins that need to be written?
> > >
> > > Also I would like us to consider looking at the fips
> common criteria
> > > http://niap.bahialab.com/cc-scheme/cc_docs/index.cfm
> > > .  My feeling is that more testing can not be bad for our
> > > cryptography code, and that the more we can accomplish in
> this area
> > > the closer we are to considering getting certified ourselves.  It
> > > does not make sense to hire a lab until we are satisfied
> internally
> > > that we will pass.
> > >
> > > Because this is a large process it would be easy to consider this
> > > too difficult a task to complete.  The major reason to
> discount this
> > > problem is that we have no deadline.  This means that with proper
> > > organization anyone with some spare time can contribute
> and move us
> > > forward.  What we need is someone to help provide this
> organization.
> > > That person needs to be very familiar with the common criteria,
> > > should have considerable experience in the cryptography field and
> > > should have good organization skills.  The job is not complicated
> > > and I don’t expect that it should take much time (about 1 hour a
> > > month after initial startup).  That person would be
> responsible for
> > > developing a short list of tasks that need to be
> accomplished, would
> > > work to help find people to validate work that is already
> completed,
> > > and would tell the community when the work is done.  I
> would suggest
> > > that this person would carry the official title of Squeak
> > > Cryptography Security Validation Officer.
> > >
> > > Anyone want to volunteer?  Anyone have suggestions on how
> to elect
> > > that person if we get volunteers?
> > >
> > > Along with providing a direction for the group we need
> some people
> > > with any time to spare to volunteer to work with that
> leader and the
> > > rest of the team to add the tests and code necessary to meet the
> > > requirements of the common criteria.
> > > This type of work is really a wonderful chance to learn
> > > Cryptography.  It allows you to learn about areas that
> you might not
> > > be familiar with, not to mention being a very valuable
> way for you
> > > to contribute to this team.
> > >
> > > Again welcome new members,
> > >
> > > Ron Teitelbaum
> > > Squeak Cryptography Team Leader
> > > Ron@USMedRec.com
> > >
> > > _______________________________________________
> > > Cryptography mailing list
> > > Cryptography@lists.squeakfoundation.org
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > ptography
> > >
> >
>
>
>