Chris,
The concept is cool and makes sense; storing public and private keys on a personal device. The smart card was supposed to give us that too but readers are scarce and USB ports are plentiful. It really amazes me that security is not used more, look at email for example. There is no reason, other then companies wanting to make money on certificates, that every email is not encrypted. (see www.cacert.org) In my opinion anything that makes security easier and more widely available should be pursued.
Given that I would say you should post your code to squeakSource in our cryptography package (and Cees should post his keythingy too). Now for my OPINION on export issues (not a legal opinion since I'm not a lawyer), Dan tells me that there are no requirements or test we have to meet to allow for export since we are an open source platform. The only issue is one of notification. He is working on that now. There are a few steps to that and we decided to keep the repository locked until those steps are completed. So right now if you post your code only the cryptography team can see and download the code. In my opinion that is fine. There is the possibility that we will not be allowed to work with Dan to finish this (a very unlikely possibility), in which case we would probably just pack up and go home, deleting the repository (or just the US contributed pieces). The most likely scenario is that the repository will become public soon with all the blessings of the US Government and we can put this behind us.
Ron
-----Original Message----- From: Chris Muller [mailto:chris@funkyobjects.org] Sent: Tuesday, November 08, 2005 6:47 PM To: Ron Teitelbaum; cryptography@lists.squeakfoundation.org Subject: opinions?
Well, I'd love to post the KryptOn code.. Ron, can you gauge from your meeting last week or anyone else with knowledge of this subject, after reading the description of KryptOn what do you think?
http://minnow.cc.gatech.edu/squeak/5785
I'm not looking for legal advice (but I'll take it if someone offers), just "gut feelings" from you guys who know a lot more about it than I do. Safe to post this on squeaksource?
Swiki is in the US, maybe that would be even safer..?
Thanks, Chris