[Cryptography Team] File repository?

[Ron Teitelbaum]

All,

What I suggest is that we wait for suggestions from Krishna, and that we
focus on our current goal which is to satisfy ourselves that we can pass
common criteria validation.  Once we are satisfied that we are at that level
we can move forward to either doing an actual CC validation, or to try for
FIPS 140-2.  

I'm thinking that Google's project hosting will do the trick.  That would
give us some tools that we can use to communicate.

Any other suggestions?

Ron

> From: Kyle Hamilton 
> Sent: Thursday, October 12, 2006 7:27 PM
> 
> I'm not entirely sure it would contain code; what I'm aiming for is a
> reference library for the various NIST/FIPS documents, perhaps a copy
> of various implementation documents (descriptions of various
> algorithms and modes of operation for them), the PKCS series, and so
> on.
> 
> The point is that all code is going to be either implemented in squeak
> or in the squeak VM; I don't know the best way to handle forked
> development with the VM so I'm going to have to leave it up to the
> devs to decide how they want to handle that.
> 
> Personally, I'm all for using external tools that can produce
> revisions of ST code that can be filed in (for the code that has to be
> in the machine), and the binary glue source code (which, if done
> correctly, would only glue crypto code into the VM without
> implementing cryptography itself -- until a branch is deemed
> validation-ready, at which point it will have to be self-contained.
> 
> The validation process is typically "secret" (NDAs on all sides as to
> the details), from what I understand from Dr. Stephen Henson of
> OpenSSL.  So, I don't know too much about the actual process.
> 
> -Kyle H
> 
> On 10/12/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > No there isn't right now I'm happy to take suggestions.
> >
> > The one thing to keep in mind is that our code repository is protected
> by
> > our bis/nsa open source notification
> > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> January/000117
> > .html .  If we have a new repository that may contain code we would need
> to
> > register that also (I'm reminding myself as well as letting you know).
> If
> > at all possible I would like to keep a single repository at squeak
> source.
> >
> > If that is not possible, and everyone thinks we need something else
> please
> > let me know, I'll make it happen.
> >
> > Ron
> >
> > > -----Original Message-----
> > > From: cryptography-bounces at lists.squeakfoundation.org
> > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of
> Kyle
> > > Hamilton
> > > Sent: Thursday, October 12, 2006 4:51 PM
> > > To: Cryptography Team Development List
> > > Subject: [Cryptography Team] File repository?
> > >
> > > Is there a place where interested parties can upload useful binary
> > > documents (such as the Derived Test Requirements document that forms
> > > the basis for FIPS 140-2 testing), as well as metadata describing what
> > > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > > git -- but the actual mechanism doesn't matter as long as it's
> > > accessible to every platform that Squeak runs on.
> > >
> > > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > > that an in-Squeak solution would be appropriate.  However, I'm not a
> > > member of the team (other than as a volunteer), and so I'm perfectly
> > > happy and willing to be overruled. :)
> > >
> > > --
> > >
> > > -Kyle H
> > > _______________________________________________
> > > Cryptography mailing list
> > > Cryptography at lists.squeakfoundation.org
> > > http://lists.squeakfoundation.org/cgi-
> bin/mailman/listinfo/cryptography
> >
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> >
> 
> 
> --
> 
> -Kyle H