[Cryptography Team] Re: [Newbies] [ANN] Squeak Cryptography
Certification Validation Officer
Kyle Hamilton
aerowolf at gmail.com
Wed Oct 11 22:04:52 UTC 2006
Welcome, Krishna!
In the grand scheme of things, how can the integrity of the
cryptographic component module be verifiably maintained in Squeak?
Because of the NIST/FIPS requirement of a security boundary, the
implementation must be an immutable "black box" -- put data in, get
data out.
OpenSSL has a FIPS-validated component (no longer available for
obtainment, but people who obtained it before it was made
no-longer-available) that would operate in the context of an extension
to the interpreter. [They're working on a follow-up validation for a
to-be-made-available version of the library.] There is also at least
one FIPS-validated, freely-available module available for Windows
other than OpenSSL.
I bring this up only because I can't see how such a black box could be
created (and its internal state verifiable at all times) unless it's
not written within the Squeak environment itself. There isn't any
means that I know of "sealing" classes and preventing data from being
examined -- thus there isn't any means of enforcing a "black box"
boundary the way that FIPS requires.
Any thoughts on the matter? Anyone?
-Kyle H
On 10/11/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
>
> Krishna Sankar is joining our team as the new Squeak Cryptography
> Certification Validation Officer.
>
More information about the Cryptography
mailing list