[Cryptography Team] Welcome New Members and Update

[Ron Teitelbaum]

All,

We have a few new members.  I would like to welcome you to the list and invite you to introduce yourselves to the list if you feel so inclined and please let us know what your interests in cryptography are, and what you hope to get from this group.

We have discussed previously that we might want to build Slang plug in representations of some of our cryptographic primitives to improve performance.  There appears to be support for including those primitives internally in the base VM for the different platforms, I would like to take advantage of this opportunity.  If anyone has a plug in they would like to have included in the VM maker and then in new VM Builds please submit it to this list for review.  (Rob could you enter a mantis bug requesting that we include the DES plug in with future builds of VM’s?).  We need the SHA256 plug in written (I have not had time to do it ☹, but I will get to it if nobody volunteers).  Are there suggestions for other plug ins that need to be written?

Also I would like us to consider looking at the fips common criteria http://niap.bahialab.com/cc-scheme/cc_docs/index.cfm .  My feeling is that more testing can not be bad for our cryptography code, and that the more we can accomplish in this area the closer we are to considering getting certified ourselves.  It does not make sense to hire a lab until we are satisfied internally that we will pass.

Because this is a large process it would be easy to consider this too difficult a task to complete.  The major reason to discount this problem is that we have no deadline.  This means that with proper organization anyone with some spare time can contribute and move us forward.  What we need is someone to help provide this organization.  That person needs to be very familiar with the common criteria, should have considerable experience in the cryptography field and should have good organization skills.  The job is not complicated and I don’t expect that it should take much time (about 1 hour a month after initial startup).  That person would be responsible for developing a short list of tasks that need to be accomplished, would work to help find people to validate work that is already completed, and would tell the community when the work is done.  I would suggest that this person would carry the official title of Squeak Cryptography Security Validation Officer.

Anyone want to volunteer?  Anyone have suggestions on how to elect that person if we get volunteers?

Along with providing a direction for the group we need some people with any time to spare to volunteer to work with that leader and the rest of the team to add the tests and code necessary to meet the requirements of the common criteria.  This type of work is really a wonderful chance to learn Cryptography.  It allows you to learn about areas that you might not be familiar with, not to mention being a very valuable way for you to contribute to this team. 

Again welcome new members, 

Ron Teitelbaum
Squeak Cryptography Team Leader
Ron at USMedRec.com