Is there a place where interested parties can upload useful binary documents (such as the Derived Test Requirements document that forms the basis for FIPS 140-2 testing), as well as metadata describing what it is and where it was obtained? I'd like something like CVS, SVN, or git -- but the actual mechanism doesn't matter as long as it's accessible to every platform that Squeak runs on.
Unfortunately, since there's no PDF viewer in Squeak, I don't think that an in-Squeak solution would be appropriate. However, I'm not a member of the team (other than as a volunteer), and so I'm perfectly happy and willing to be overruled. :)
No there isn't right now I'm happy to take suggestions.
The one thing to keep in mind is that our code repository is protected by our bis/nsa open source notification http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117 .html . If we have a new repository that may contain code we would need to register that also (I'm reminding myself as well as letting you know). If at all possible I would like to keep a single repository at squeak source.
If that is not possible, and everyone thinks we need something else please let me know, I'll make it happen.
Ron
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Kyle Hamilton Sent: Thursday, October 12, 2006 4:51 PM To: Cryptography Team Development List Subject: [Cryptography Team] File repository?
Is there a place where interested parties can upload useful binary documents (such as the Derived Test Requirements document that forms the basis for FIPS 140-2 testing), as well as metadata describing what it is and where it was obtained? I'd like something like CVS, SVN, or git -- but the actual mechanism doesn't matter as long as it's accessible to every platform that Squeak runs on.
Unfortunately, since there's no PDF viewer in Squeak, I don't think that an in-Squeak solution would be appropriate. However, I'm not a member of the team (other than as a volunteer), and so I'm perfectly happy and willing to be overruled. :)
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
I'm not entirely sure it would contain code; what I'm aiming for is a reference library for the various NIST/FIPS documents, perhaps a copy of various implementation documents (descriptions of various algorithms and modes of operation for them), the PKCS series, and so on.
The point is that all code is going to be either implemented in squeak or in the squeak VM; I don't know the best way to handle forked development with the VM so I'm going to have to leave it up to the devs to decide how they want to handle that.
Personally, I'm all for using external tools that can produce revisions of ST code that can be filed in (for the code that has to be in the machine), and the binary glue source code (which, if done correctly, would only glue crypto code into the VM without implementing cryptography itself -- until a branch is deemed validation-ready, at which point it will have to be self-contained.
The validation process is typically "secret" (NDAs on all sides as to the details), from what I understand from Dr. Stephen Henson of OpenSSL. So, I don't know too much about the actual process.
-Kyle H
On 10/12/06, Ron Teitelbaum Ron@usmedrec.com wrote:
No there isn't right now I'm happy to take suggestions.
The one thing to keep in mind is that our code repository is protected by our bis/nsa open source notification http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117 .html . If we have a new repository that may contain code we would need to register that also (I'm reminding myself as well as letting you know). If at all possible I would like to keep a single repository at squeak source.
If that is not possible, and everyone thinks we need something else please let me know, I'll make it happen.
Ron
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Kyle Hamilton Sent: Thursday, October 12, 2006 4:51 PM To: Cryptography Team Development List Subject: [Cryptography Team] File repository?
Is there a place where interested parties can upload useful binary documents (such as the Derived Test Requirements document that forms the basis for FIPS 140-2 testing), as well as metadata describing what it is and where it was obtained? I'd like something like CVS, SVN, or git -- but the actual mechanism doesn't matter as long as it's accessible to every platform that Squeak runs on.
Unfortunately, since there's no PDF viewer in Squeak, I don't think that an in-Squeak solution would be appropriate. However, I'm not a member of the team (other than as a volunteer), and so I'm perfectly happy and willing to be overruled. :)
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
All,
What I suggest is that we wait for suggestions from Krishna, and that we focus on our current goal which is to satisfy ourselves that we can pass common criteria validation. Once we are satisfied that we are at that level we can move forward to either doing an actual CC validation, or to try for FIPS 140-2.
I'm thinking that Google's project hosting will do the trick. That would give us some tools that we can use to communicate.
Any other suggestions?
Ron
From: Kyle Hamilton Sent: Thursday, October 12, 2006 7:27 PM
I'm not entirely sure it would contain code; what I'm aiming for is a reference library for the various NIST/FIPS documents, perhaps a copy of various implementation documents (descriptions of various algorithms and modes of operation for them), the PKCS series, and so on.
The point is that all code is going to be either implemented in squeak or in the squeak VM; I don't know the best way to handle forked development with the VM so I'm going to have to leave it up to the devs to decide how they want to handle that.
Personally, I'm all for using external tools that can produce revisions of ST code that can be filed in (for the code that has to be in the machine), and the binary glue source code (which, if done correctly, would only glue crypto code into the VM without implementing cryptography itself -- until a branch is deemed validation-ready, at which point it will have to be self-contained.
The validation process is typically "secret" (NDAs on all sides as to the details), from what I understand from Dr. Stephen Henson of OpenSSL. So, I don't know too much about the actual process.
-Kyle H
On 10/12/06, Ron Teitelbaum Ron@usmedrec.com wrote:
No there isn't right now I'm happy to take suggestions.
The one thing to keep in mind is that our code repository is protected
by
our bis/nsa open source notification http://lists.squeakfoundation.org/pipermail/cryptography/2006-
January/000117
.html . If we have a new repository that may contain code we would need
to
register that also (I'm reminding myself as well as letting you know).
If
at all possible I would like to keep a single repository at squeak
source.
If that is not possible, and everyone thinks we need something else
please
let me know, I'll make it happen.
Ron
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of
Kyle
Hamilton Sent: Thursday, October 12, 2006 4:51 PM To: Cryptography Team Development List Subject: [Cryptography Team] File repository?
Is there a place where interested parties can upload useful binary documents (such as the Derived Test Requirements document that forms the basis for FIPS 140-2 testing), as well as metadata describing what it is and where it was obtained? I'd like something like CVS, SVN, or git -- but the actual mechanism doesn't matter as long as it's accessible to every platform that Squeak runs on.
Unfortunately, since there's no PDF viewer in Squeak, I don't think that an in-Squeak solution would be appropriate. However, I'm not a member of the team (other than as a volunteer), and so I'm perfectly happy and willing to be overruled. :)
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-
bin/mailman/listinfo/cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
--
-Kyle H
Google's project hosting does seem like a good idea.
It occurs to me that if we're going to try for CC or FIPS validation, the longer of a paper trail we can provide the better off we'll be -- so my vote is to get it set up sooner than later. (Plus, if we are going to try for validation [which Krishna's appointment suggests is a priority], it's a more efficient use of resources to build /to/ it, rather than try to retrofit it.)
Incidentally, I don't know if there's anything that requires notification of citizenship in the process anymore, but FWIW I'm a citizen of the United States.
-Kyle H
On 10/13/06, Ron Teitelbaum Ron@usmedrec.com wrote:
All,
What I suggest is that we wait for suggestions from Krishna, and that we focus on our current goal which is to satisfy ourselves that we can pass common criteria validation. Once we are satisfied that we are at that level we can move forward to either doing an actual CC validation, or to try for FIPS 140-2.
I'm thinking that Google's project hosting will do the trick. That would give us some tools that we can use to communicate.
Any other suggestions?
Ron
From: Kyle Hamilton Sent: Thursday, October 12, 2006 7:27 PM
I'm not entirely sure it would contain code; what I'm aiming for is a reference library for the various NIST/FIPS documents, perhaps a copy of various implementation documents (descriptions of various algorithms and modes of operation for them), the PKCS series, and so on.
The point is that all code is going to be either implemented in squeak or in the squeak VM; I don't know the best way to handle forked development with the VM so I'm going to have to leave it up to the devs to decide how they want to handle that.
Personally, I'm all for using external tools that can produce revisions of ST code that can be filed in (for the code that has to be in the machine), and the binary glue source code (which, if done correctly, would only glue crypto code into the VM without implementing cryptography itself -- until a branch is deemed validation-ready, at which point it will have to be self-contained.
The validation process is typically "secret" (NDAs on all sides as to the details), from what I understand from Dr. Stephen Henson of OpenSSL. So, I don't know too much about the actual process.
-Kyle H
On 10/12/06, Ron Teitelbaum Ron@usmedrec.com wrote:
No there isn't right now I'm happy to take suggestions.
The one thing to keep in mind is that our code repository is protected
by
our bis/nsa open source notification http://lists.squeakfoundation.org/pipermail/cryptography/2006-
January/000117
.html . If we have a new repository that may contain code we would need
to
register that also (I'm reminding myself as well as letting you know).
If
at all possible I would like to keep a single repository at squeak
source.
If that is not possible, and everyone thinks we need something else
please
let me know, I'll make it happen.
Ron
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of
Kyle
Hamilton Sent: Thursday, October 12, 2006 4:51 PM To: Cryptography Team Development List Subject: [Cryptography Team] File repository?
Is there a place where interested parties can upload useful binary documents (such as the Derived Test Requirements document that forms the basis for FIPS 140-2 testing), as well as metadata describing what it is and where it was obtained? I'd like something like CVS, SVN, or git -- but the actual mechanism doesn't matter as long as it's accessible to every platform that Squeak runs on.
Unfortunately, since there's no PDF viewer in Squeak, I don't think that an in-Squeak solution would be appropriate. However, I'm not a member of the team (other than as a volunteer), and so I'm perfectly happy and willing to be overruled. :)
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-
bin/mailman/listinfo/cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
--
-Kyle H
Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Let me look into setting up a Google project as well as prime it with a set of top level tasks.
Cheers <k/>
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of Kyle Hamilton Sent: Friday, October 13, 2006 10:40 AM To: Ron@usmedrec.com; Cryptography Team Development List Subject: Re: [Cryptography Team] File repository?
Google's project hosting does seem like a good idea.
It occurs to me that if we're going to try for CC or FIPS validation, the longer of a paper trail we can provide the better off we'll be -- so my vote is to get it set up sooner than later. (Plus, if we are going to try for validation [which Krishna's appointment suggests is a priority], it's a more efficient use of resources to build /to/ it, rather than try to retrofit it.)
Incidentally, I don't know if there's anything that requires notification of citizenship in the process anymore, but FWIW I'm a citizen of the United States.
-Kyle H
On 10/13/06, Ron Teitelbaum Ron@usmedrec.com wrote:
All,
What I suggest is that we wait for suggestions from
Krishna, and that
we focus on our current goal which is to satisfy ourselves
that we can
pass common criteria validation. Once we are satisfied
that we are at
that level we can move forward to either doing an actual CC validation, or to try for FIPS 140-2.
I'm thinking that Google's project hosting will do the trick. That would give us some tools that we can use to communicate.
Any other suggestions?
Ron
From: Kyle Hamilton Sent: Thursday, October 12, 2006 7:27 PM
I'm not entirely sure it would contain code; what I'm
aiming for is
a reference library for the various NIST/FIPS documents,
perhaps a
copy of various implementation documents (descriptions of various algorithms and modes of operation for them), the PKCS
series, and so
on.
The point is that all code is going to be either implemented in squeak or in the squeak VM; I don't know the best way to handle forked development with the VM so I'm going to have to
leave it up
to the devs to decide how they want to handle that.
Personally, I'm all for using external tools that can produce revisions of ST code that can be filed in (for the code
that has to
be in the machine), and the binary glue source code
(which, if done
correctly, would only glue crypto code into the VM without implementing cryptography itself -- until a branch is deemed validation-ready, at which point it will have to be
self-contained.
The validation process is typically "secret" (NDAs on all
sides as
to the details), from what I understand from Dr. Stephen
Henson of
OpenSSL. So, I don't know too much about the actual process.
-Kyle H
On 10/12/06, Ron Teitelbaum Ron@usmedrec.com wrote:
No there isn't right now I'm happy to take suggestions.
The one thing to keep in mind is that our code repository is protected
by
our bis/nsa open source notification http://lists.squeakfoundation.org/pipermail/cryptography/2006-
January/000117
.html . If we have a new repository that may contain code we would need
to
register that also (I'm reminding myself as well as
letting you know).
If
at all possible I would like to keep a single
repository at squeak
source.
If that is not possible, and everyone thinks we need something else
please
let me know, I'll make it happen.
Ron
-----Original Message----- From: cryptography-bounces@lists.squeakfoundation.org [mailto:cryptography-bounces@lists.squeakfoundation.org] On Behalf Of
Kyle
Hamilton Sent: Thursday, October 12, 2006 4:51 PM To: Cryptography Team Development List Subject: [Cryptography Team] File repository?
Is there a place where interested parties can upload useful binary documents (such as the Derived Test
Requirements document
that forms the basis for FIPS 140-2 testing), as well as metadata describing what it is and where it was
obtained? I'd
like something like CVS, SVN, or git -- but the
actual mechanism
doesn't matter as long as it's accessible to every
platform that Squeak runs on.
Unfortunately, since there's no PDF viewer in Squeak, I don't think that an in-Squeak solution would be
appropriate. However,
I'm not a member of the team (other than as a
volunteer), and so
I'm perfectly happy and willing to be overruled. :)
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-
bin/mailman/listinfo/cryptography
Cryptography mailing list Cryptography@lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptog
raphy
--
-Kyle H
Cryptography mailing list Cryptography@lists.squeakfoundation.org
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
y
--
-Kyle H _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
ptography
cryptography@lists.squeakfoundation.org
-
Krishna Sankar -
Kyle Hamilton -
Ron Teitelbaum