[Cryptography Team] Welcome New Members and Update

Ron Teitelbaum Ron at USMedRec.com
Wed Oct 11 17:37:21 UTC 2006 

Hi Krishna,

If you are still interested in joining the group, I thought I'd remind you to introduce yourself to the team: cryptography at lists.squeakfoundation.org 

Thank you for your interest, I'm looking forward to working with you!

Ron Teitelbaum

> -----Original Message-----
> From: Krishna Sankar [mailto:ksankar at doubleclix.net]
> Sent: Monday, October 09, 2006 4:28 PM
> To: Ron at USMedRec.com
> Subject: RE: [Cryptography Team] Welcome New Members and Update
> 
> Thanks. Some answers.
> >
> > What brings you to Smalltalk in general?  What is your
> > experience with the language?
> >
> <KS>
> 	I got introduced to Squeak thru the OLPC effort. Have been thinking
> about designing a program to introduce Chamber Music to kids. I also have
> been studying the various aspects of OLPC, mesh networking et al.
> 
> 	I am new to Smalltalk. Have worked on languages from FORTRAN to
> Pascal to Ada to COBOL to Java. Have been looking for an opportunity to
> work on Smalltalk (without a goal usually the work would be peripheral)...
> May be this is one, may be not.
> </KS>
> > What made you want to join the team, what are you looking to
> > get out of your participation?
> >
> <KS>
> 	This is an interesting problem - from implementation thru
> certification - especially in the security domain; experience in open
> source work, programming (I like to program stuff, sometimes get too much
> into the .ppt land ;o(), exploring nuances of cryptography, experience in
> Smalltalk and finally contribution to OLPC.
> </KS>
> > Your background in government standards and background in
> > cryptography would certainly qualify you to organize our
> > efforts.  I look forward to discussing it with you and other
> > members of the team.  Could you give me some more info on you
> > background?  I would be interested in reading your stuff, can
> > you point me to your work?
> >
> <KS>
> Here is a quick list of security related stuff. Pl let me know if this is
> enough.
> 
> My background is in interpreting and developing software as per government
> standards like MIL-STD-1521/1520, MIL-STD-490/498/499 and DoD-STD-
> 2167A/2168. Also was involved reviewing network related documents.
> 
> I am the lead author of the Cisco Press WLAN Security book -
> http://www.ciscopress.com/authors/bio.asp?a=9ed11cfa-9067-4205-8110-
> 76358f317825&rl=1
> 
> When java was new, I had been part of a few Java Books - now they all look
> very old and trivial ;o( In my book Java 1.2 Class Libraries Unleashed, I
> had covered the cryptography as well.
> 
> I also have been involved with the NIST/Internet2 PKI workshop -
> http://middleware.internet2.edu/pki04/
> 
> I also was part of Web Services standards like SAML et al.
> 
> Also have been doing security stuff as a part of my work for sometime.
> 
> </KS>
> 
> Cheers
> <k/>
> > -----Original Message-----
> > From: Ron Teitelbaum [mailto:Ron at USMedRec.com]
> > Sent: Monday, October 09, 2006 11:00 AM
> > To: 'Krishna Sankar'
> > Subject: RE: [Cryptography Team] Welcome New Members and Update
> >
> > Krishna,
> >
> > Thank you for volunteering, I will be very happy to help you
> > in any way I can.  I have some questions for you.
> >
> > What brings you to Smalltalk in general?  What is your
> > experience with the language?
> >
> > What made you want to join the team, what are you looking to
> > get out of your participation?
> >
> > Your background in government standards and background in
> > cryptography would certainly qualify you to organize our
> > efforts.  I look forward to discussing it with you and other
> > members of the team.  Could you give me some more info on you
> > background?  I would be interested in reading your stuff, can
> > you point me to your work?
> >
> > As for the slang code in squeak for SHA256: There are already
> > plug-in written for SHA1, which can serve as a working
> > prototype of the things that could be done for SHA256.  I
> > wrote the SHA256 Smalltalk code and I used the SHA1
> > implementation as a guide.  The similarity should definitely
> > make writing the plug-in much easier.  You would need to load
> > the VMMaker to get the SHA1 code.  Are you familiar with the
> > VMMaker or slang?
> >
> > I look forward to working with you!
> >
> > Ron
> >
> >
> > > From: Krishna Sankar
> > > Sent: Monday, October 09, 2006 1:21 PM
> > >
> > > Ron,
> > >
> > > 	Thanks for the e-mail. Even though this is a personal
> > e-mail to you,
> > > I will send an intro to the list.
> > >
> > > 	I would be happy to work on the Cryptography Security
> > Validation
> > > effort. While I do not have background on Common Criteria,
> > I am well
> > > versed with most of the cryptography aspects (I also have
> > written on
> > > WLAN security as well as Java Security plus have been involved with
> > > PKI NIST workshop et al) I also have background on Govt standards.
> > > Would this be sufficient to participate, may be even as a sub-lead ?
> > >
> > > 	May be it is a good idea to start with the SHA256
> > plug-in. Would
> > > appreciate your thoughts on the efforts and guidance, as this is my
> > > first foray into Squeak.
> > >
> > > Cheers
> > > <k/>
> > > > -----Original Message-----
> > > > From: cryptography-bounces at lists.squeakfoundation.org
> > > > [mailto:cryptography-bounces at lists.squeakfoundation.org]
> > On Behalf
> > > > Of Ron Teitelbaum
> > > > Sent: Monday, October 09, 2006 9:26 AM
> > > > To: 'Cryptography Team Development List'
> > > > Subject: [Cryptography Team] Welcome New Members and Update
> > > >
> > > > All,
> > > >
> > > > We have a few new members.  I would like to welcome you
> > to the list
> > > > and invite you to introduce yourselves to the list if you feel so
> > > > inclined and please let us know what your interests in
> > cryptography
> > > > are, and what you hope to get from this group.
> > > >
> > > > We have discussed previously that we might want to build
> > Slang plug
> > > > in representations of some of our cryptographic primitives to
> > > > improve performance.  There appears to be support for including
> > > > those primitives internally in the base VM for the different
> > > > platforms, I would like to take advantage of this
> > opportunity.  If
> > > > anyone has a plug in they would like to have included in the VM
> > > > maker and then in new VM Builds please submit it to this list for
> > > > review.  (Rob could you enter a mantis bug requesting that we
> > > > include the DES plug in with future builds of VM’s?).  We
> > need the
> > > > SHA256 plug in written (I have not had time to do it ☹,
> > but I will
> > > > get to it if nobody volunteers).  Are there suggestions for other
> > > > plug ins that need to be written?
> > > >
> > > > Also I would like us to consider looking at the fips
> > common criteria
> > > > http://niap.bahialab.com/cc-scheme/cc_docs/index.cfm
> > > > .  My feeling is that more testing can not be bad for our
> > > > cryptography code, and that the more we can accomplish in
> > this area
> > > > the closer we are to considering getting certified ourselves.  It
> > > > does not make sense to hire a lab until we are satisfied
> > internally
> > > > that we will pass.
> > > >
> > > > Because this is a large process it would be easy to consider this
> > > > too difficult a task to complete.  The major reason to
> > discount this
> > > > problem is that we have no deadline.  This means that with proper
> > > > organization anyone with some spare time can contribute
> > and move us
> > > > forward.  What we need is someone to help provide this
> > organization.
> > > > That person needs to be very familiar with the common criteria,
> > > > should have considerable experience in the cryptography field and
> > > > should have good organization skills.  The job is not complicated
> > > > and I don’t expect that it should take much time (about 1 hour a
> > > > month after initial startup).  That person would be
> > responsible for
> > > > developing a short list of tasks that need to be
> > accomplished, would
> > > > work to help find people to validate work that is already
> > completed,
> > > > and would tell the community when the work is done.  I
> > would suggest
> > > > that this person would carry the official title of Squeak
> > > > Cryptography Security Validation Officer.
> > > >
> > > > Anyone want to volunteer?  Anyone have suggestions on how
> > to elect
> > > > that person if we get volunteers?
> > > >
> > > > Along with providing a direction for the group we need
> > some people
> > > > with any time to spare to volunteer to work with that
> > leader and the
> > > > rest of the team to add the tests and code necessary to meet the
> > > > requirements of the common criteria.
> > > > This type of work is really a wonderful chance to learn
> > > > Cryptography.  It allows you to learn about areas that
> > you might not
> > > > be familiar with, not to mention being a very valuable
> > way for you
> > > > to contribute to this team.
> > > >
> > > > Again welcome new members,
> > > >
> > > > Ron Teitelbaum
> > > > Squeak Cryptography Team Leader
> > > > Ron at USMedRec.com
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > Cryptography at lists.squeakfoundation.org
> > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > > ptography
> > > >
> > >
> >
> >
> >
>

More information about the Cryptography mailing list