[Cryptography Team] File repository?

Kyle Hamilton aerowolf at gmail.com
Fri Oct 13 17:40:04 UTC 2006 

Google's project hosting does seem like a good idea.

It occurs to me that if we're going to try for CC or FIPS validation,
the longer of a paper trail we can provide the better off we'll be --
so my vote is to get it set up sooner than later.  (Plus, if we are
going to try for validation [which Krishna's appointment suggests is a
priority], it's a more efficient use of resources to build /to/ it,
rather than try to retrofit it.)

Incidentally, I don't know if there's anything that requires
notification of citizenship in the process anymore, but FWIW I'm a
citizen of the United States.

-Kyle H

On 10/13/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> All,
>
> What I suggest is that we wait for suggestions from Krishna, and that we
> focus on our current goal which is to satisfy ourselves that we can pass
> common criteria validation.  Once we are satisfied that we are at that level
> we can move forward to either doing an actual CC validation, or to try for
> FIPS 140-2.
>
> I'm thinking that Google's project hosting will do the trick.  That would
> give us some tools that we can use to communicate.
>
> Any other suggestions?
>
> Ron
>
> > From: Kyle Hamilton
> > Sent: Thursday, October 12, 2006 7:27 PM
> >
> > I'm not entirely sure it would contain code; what I'm aiming for is a
> > reference library for the various NIST/FIPS documents, perhaps a copy
> > of various implementation documents (descriptions of various
> > algorithms and modes of operation for them), the PKCS series, and so
> > on.
> >
> > The point is that all code is going to be either implemented in squeak
> > or in the squeak VM; I don't know the best way to handle forked
> > development with the VM so I'm going to have to leave it up to the
> > devs to decide how they want to handle that.
> >
> > Personally, I'm all for using external tools that can produce
> > revisions of ST code that can be filed in (for the code that has to be
> > in the machine), and the binary glue source code (which, if done
> > correctly, would only glue crypto code into the VM without
> > implementing cryptography itself -- until a branch is deemed
> > validation-ready, at which point it will have to be self-contained.
> >
> > The validation process is typically "secret" (NDAs on all sides as to
> > the details), from what I understand from Dr. Stephen Henson of
> > OpenSSL.  So, I don't know too much about the actual process.
> >
> > -Kyle H
> >
> > On 10/12/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > > No there isn't right now I'm happy to take suggestions.
> > >
> > > The one thing to keep in mind is that our code repository is protected
> > by
> > > our bis/nsa open source notification
> > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > January/000117
> > > .html .  If we have a new repository that may contain code we would need
> > to
> > > register that also (I'm reminding myself as well as letting you know).
> > If
> > > at all possible I would like to keep a single repository at squeak
> > source.
> > >
> > > If that is not possible, and everyone thinks we need something else
> > please
> > > let me know, I'll make it happen.
> > >
> > > Ron
> > >
> > > > -----Original Message-----
> > > > From: cryptography-bounces at lists.squeakfoundation.org
> > > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of
> > Kyle
> > > > Hamilton
> > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > To: Cryptography Team Development List
> > > > Subject: [Cryptography Team] File repository?
> > > >
> > > > Is there a place where interested parties can upload useful binary
> > > > documents (such as the Derived Test Requirements document that forms
> > > > the basis for FIPS 140-2 testing), as well as metadata describing what
> > > > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > > > git -- but the actual mechanism doesn't matter as long as it's
> > > > accessible to every platform that Squeak runs on.
> > > >
> > > > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > > > that an in-Squeak solution would be appropriate.  However, I'm not a
> > > > member of the team (other than as a volunteer), and so I'm perfectly
> > > > happy and willing to be overruled. :)
> > > >
> > > > --
> > > >
> > > > -Kyle H
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > Cryptography at lists.squeakfoundation.org
> > > > http://lists.squeakfoundation.org/cgi-
> > bin/mailman/listinfo/cryptography
> > >
> > >
> > > _______________________________________________
> > > Cryptography mailing list
> > > Cryptography at lists.squeakfoundation.org
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> > >
> >
> >
> > --
> >
> > -Kyle H
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>


-- 

-Kyle H

More information about the Cryptography mailing list