[Cryptography Team] RE: opinions?
Ron Teitelbaum
Ron at USMedRec.com
Wed Nov 9 01:24:54 CET 2005
Chris,
The concept is cool and makes sense; storing public and private keys on a
personal device. The smart card was supposed to give us that too but
readers are scarce and USB ports are plentiful. It really amazes me that
security is not used more, look at email for example. There is no reason,
other then companies wanting to make money on certificates, that every email
is not encrypted. (see www.cacert.org) In my opinion anything that makes
security easier and more widely available should be pursued.
Given that I would say you should post your code to squeakSource in our
cryptography package (and Cees should post his keythingy too). Now for my
OPINION on export issues (not a legal opinion since I'm not a lawyer), Dan
tells me that there are no requirements or test we have to meet to allow for
export since we are an open source platform. The only issue is one of
notification. He is working on that now. There are a few steps to that and
we decided to keep the repository locked until those steps are completed.
So right now if you post your code only the cryptography team can see and
download the code. In my opinion that is fine. There is the possibility
that we will not be allowed to work with Dan to finish this (a very unlikely
possibility), in which case we would probably just pack up and go home,
deleting the repository (or just the US contributed pieces). The most
likely scenario is that the repository will become public soon with all the
blessings of the US Government and we can put this behind us.
Ron
-----Original Message-----
From: Chris Muller [mailto:chris at funkyobjects.org]
Sent: Tuesday, November 08, 2005 6:47 PM
To: Ron Teitelbaum; cryptography at lists.squeakfoundation.org
Subject: opinions?
Well, I'd love to post the KryptOn code.. Ron, can you gauge from your
meeting
last week or anyone else with knowledge of this subject, after reading the
description of KryptOn what do you think?
http://minnow.cc.gatech.edu/squeak/5785
I'm not looking for legal advice (but I'll take it if someone offers), just
"gut feelings" from you guys who know a lot more about it than I do. Safe
to
post this on squeaksource?
Swiki is in the US, maybe that would be even safer..?
Thanks,
Chris
More information about the Cryptography
mailing list