[Cryptography Team] CC and Squeak.

[Cerebus]

I was poking through the list archives and I notice a large amount of
traffic relating to CC certification.

All the CC OS PPs require--at a minimum--implementation of
discretionary access control over user actions.  As Squeak has no
concept of users or access control at all, I don't think any CC
certification is a realistic goal.   In fact, as Squeak is a live
system, I don't think access control is implementable without
rewriting the VM from scratch; and the result wouldn't be anything
like the Squeak you know and love.

For that matter, the live nature of the Squeak image will make FIPS
certification problematic.  FIPS certification requires strict version
control over the crypto code.  While subclassing a FIPS certified
crypto class would be OK, overloading a FIPS method could invalidate
the certification (unless it calls super for the certified sections).
Extending a FIPS certified class would be a similar problem.

Other crypto libraries have similar issues, but compiled code can
generally show that they are using a fixed API and are linked to a
certified version.  A live system such as Squeak faces unique
challenges.  Every application built on an ostensibly FIPS-certified
Squeak crypto library would have to be examined to ensure that FIPS
code is not being overloaded, and even then you can't be sure that the
final system isn't being modified by the end user...

-- Tim