[Cryptography Team] File repository?

Fri Oct 13 17:43:34 UTC 2006

Let me look into setting up a Google project as well as prime it with a set
of top level tasks.

Cheers
<k/> 

> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org 
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On 
> Behalf Of Kyle Hamilton
> Sent: Friday, October 13, 2006 10:40 AM
> To: Ron at usmedrec.com; Cryptography Team Development List
> Subject: Re: [Cryptography Team] File repository?
> 
> Google's project hosting does seem like a good idea.
> 
> It occurs to me that if we're going to try for CC or FIPS 
> validation, the longer of a paper trail we can provide the 
> better off we'll be -- so my vote is to get it set up sooner 
> than later.  (Plus, if we are going to try for validation 
> [which Krishna's appointment suggests is a priority], it's a 
> more efficient use of resources to build /to/ it, rather than 
> try to retrofit it.)
> 
> Incidentally, I don't know if there's anything that requires 
> notification of citizenship in the process anymore, but FWIW 
> I'm a citizen of the United States.
> 
> -Kyle H
> 
> On 10/13/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > All,
> >
> > What I suggest is that we wait for suggestions from 
> Krishna, and that 
> > we focus on our current goal which is to satisfy ourselves 
> that we can 
> > pass common criteria validation.  Once we are satisfied 
> that we are at 
> > that level we can move forward to either doing an actual CC 
> > validation, or to try for FIPS 140-2.
> >
> > I'm thinking that Google's project hosting will do the trick.  That 
> > would give us some tools that we can use to communicate.
> >
> > Any other suggestions?
> >
> > Ron
> >
> > > From: Kyle Hamilton
> > > Sent: Thursday, October 12, 2006 7:27 PM
> > >
> > > I'm not entirely sure it would contain code; what I'm 
> aiming for is 
> > > a reference library for the various NIST/FIPS documents, 
> perhaps a 
> > > copy of various implementation documents (descriptions of various 
> > > algorithms and modes of operation for them), the PKCS 
> series, and so 
> > > on.
> > >
> > > The point is that all code is going to be either implemented in 
> > > squeak or in the squeak VM; I don't know the best way to handle 
> > > forked development with the VM so I'm going to have to 
> leave it up 
> > > to the devs to decide how they want to handle that.
> > >
> > > Personally, I'm all for using external tools that can produce 
> > > revisions of ST code that can be filed in (for the code 
> that has to 
> > > be in the machine), and the binary glue source code 
> (which, if done 
> > > correctly, would only glue crypto code into the VM without 
> > > implementing cryptography itself -- until a branch is deemed 
> > > validation-ready, at which point it will have to be 
> self-contained.
> > >
> > > The validation process is typically "secret" (NDAs on all 
> sides as 
> > > to the details), from what I understand from Dr. Stephen 
> Henson of 
> > > OpenSSL.  So, I don't know too much about the actual process.
> > >
> > > -Kyle H
> > >
> > > On 10/12/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > > > No there isn't right now I'm happy to take suggestions.
> > > >
> > > > The one thing to keep in mind is that our code repository is 
> > > > protected
> > > by
> > > > our bis/nsa open source notification
> > > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > > January/000117
> > > > .html .  If we have a new repository that may contain code we 
> > > > would need
> > > to
> > > > register that also (I'm reminding myself as well as 
> letting you know).
> > > If
> > > > at all possible I would like to keep a single 
> repository at squeak
> > > source.
> > > >
> > > > If that is not possible, and everyone thinks we need something 
> > > > else
> > > please
> > > > let me know, I'll make it happen.
> > > >
> > > > Ron
> > > >
> > > > > -----Original Message-----
> > > > > From: cryptography-bounces at lists.squeakfoundation.org
> > > > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On 
> > > > > Behalf Of
> > > Kyle
> > > > > Hamilton
> > > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > > To: Cryptography Team Development List
> > > > > Subject: [Cryptography Team] File repository?
> > > > >
> > > > > Is there a place where interested parties can upload useful 
> > > > > binary documents (such as the Derived Test 
> Requirements document 
> > > > > that forms the basis for FIPS 140-2 testing), as well as 
> > > > > metadata describing what it is and where it was 
> obtained?  I'd 
> > > > > like something like CVS, SVN, or git -- but the 
> actual mechanism 
> > > > > doesn't matter as long as it's accessible to every 
> platform that Squeak runs on.
> > > > >
> > > > > Unfortunately, since there's no PDF viewer in Squeak, I don't 
> > > > > think that an in-Squeak solution would be 
> appropriate.  However, 
> > > > > I'm not a member of the team (other than as a 
> volunteer), and so 
> > > > > I'm perfectly happy and willing to be overruled. :)
> > > > >
> > > > > --
> > > > >
> > > > > -Kyle H
> > > > > _______________________________________________
> > > > > Cryptography mailing list
> > > > > Cryptography at lists.squeakfoundation.org
> > > > > http://lists.squeakfoundation.org/cgi-
> > > bin/mailman/listinfo/cryptography
> > > >
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > Cryptography at lists.squeakfoundation.org
> > > > 
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptog
> > > > raphy
> > > >
> > >
> > >
> > > --
> > >
> > > -Kyle H
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > 
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
> > y
> >
> 
> 
> -- 
> 
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
ptography
> 