[Cryptography Team] File repository?
Krishna Sankar
ksankar at doubleclix.net
Fri Oct 13 17:43:34 UTC 2006
Let me look into setting up a Google project as well as prime it with a set
of top level tasks.
Cheers
<k/>
> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> Behalf Of Kyle Hamilton
> Sent: Friday, October 13, 2006 10:40 AM
> To: Ron at usmedrec.com; Cryptography Team Development List
> Subject: Re: [Cryptography Team] File repository?
>
> Google's project hosting does seem like a good idea.
>
> It occurs to me that if we're going to try for CC or FIPS
> validation, the longer of a paper trail we can provide the
> better off we'll be -- so my vote is to get it set up sooner
> than later. (Plus, if we are going to try for validation
> [which Krishna's appointment suggests is a priority], it's a
> more efficient use of resources to build /to/ it, rather than
> try to retrofit it.)
>
> Incidentally, I don't know if there's anything that requires
> notification of citizenship in the process anymore, but FWIW
> I'm a citizen of the United States.
>
> -Kyle H
>
> On 10/13/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > All,
> >
> > What I suggest is that we wait for suggestions from
> Krishna, and that
> > we focus on our current goal which is to satisfy ourselves
> that we can
> > pass common criteria validation. Once we are satisfied
> that we are at
> > that level we can move forward to either doing an actual CC
> > validation, or to try for FIPS 140-2.
> >
> > I'm thinking that Google's project hosting will do the trick. That
> > would give us some tools that we can use to communicate.
> >
> > Any other suggestions?
> >
> > Ron
> >
> > > From: Kyle Hamilton
> > > Sent: Thursday, October 12, 2006 7:27 PM
> > >
> > > I'm not entirely sure it would contain code; what I'm
> aiming for is
> > > a reference library for the various NIST/FIPS documents,
> perhaps a
> > > copy of various implementation documents (descriptions of various
> > > algorithms and modes of operation for them), the PKCS
> series, and so
> > > on.
> > >
> > > The point is that all code is going to be either implemented in
> > > squeak or in the squeak VM; I don't know the best way to handle
> > > forked development with the VM so I'm going to have to
> leave it up
> > > to the devs to decide how they want to handle that.
> > >
> > > Personally, I'm all for using external tools that can produce
> > > revisions of ST code that can be filed in (for the code
> that has to
> > > be in the machine), and the binary glue source code
> (which, if done
> > > correctly, would only glue crypto code into the VM without
> > > implementing cryptography itself -- until a branch is deemed
> > > validation-ready, at which point it will have to be
> self-contained.
> > >
> > > The validation process is typically "secret" (NDAs on all
> sides as
> > > to the details), from what I understand from Dr. Stephen
> Henson of
> > > OpenSSL. So, I don't know too much about the actual process.
> > >
> > > -Kyle H
> > >
> > > On 10/12/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> > > > No there isn't right now I'm happy to take suggestions.
> > > >
> > > > The one thing to keep in mind is that our code repository is
> > > > protected
> > > by
> > > > our bis/nsa open source notification
> > > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > > January/000117
> > > > .html . If we have a new repository that may contain code we
> > > > would need
> > > to
> > > > register that also (I'm reminding myself as well as
> letting you know).
> > > If
> > > > at all possible I would like to keep a single
> repository at squeak
> > > source.
> > > >
> > > > If that is not possible, and everyone thinks we need something
> > > > else
> > > please
> > > > let me know, I'll make it happen.
> > > >
> > > > Ron
> > > >
> > > > > -----Original Message-----
> > > > > From: cryptography-bounces at lists.squeakfoundation.org
> > > > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> > > > > Behalf Of
> > > Kyle
> > > > > Hamilton
> > > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > > To: Cryptography Team Development List
> > > > > Subject: [Cryptography Team] File repository?
> > > > >
> > > > > Is there a place where interested parties can upload useful
> > > > > binary documents (such as the Derived Test
> Requirements document
> > > > > that forms the basis for FIPS 140-2 testing), as well as
> > > > > metadata describing what it is and where it was
> obtained? I'd
> > > > > like something like CVS, SVN, or git -- but the
> actual mechanism
> > > > > doesn't matter as long as it's accessible to every
> platform that Squeak runs on.
> > > > >
> > > > > Unfortunately, since there's no PDF viewer in Squeak, I don't
> > > > > think that an in-Squeak solution would be
> appropriate. However,
> > > > > I'm not a member of the team (other than as a
> volunteer), and so
> > > > > I'm perfectly happy and willing to be overruled. :)
> > > > >
> > > > > --
> > > > >
> > > > > -Kyle H
> > > > > _______________________________________________
> > > > > Cryptography mailing list
> > > > > Cryptography at lists.squeakfoundation.org
> > > > > http://lists.squeakfoundation.org/cgi-
> > > bin/mailman/listinfo/cryptography
> > > >
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > Cryptography at lists.squeakfoundation.org
> > > >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptog
> > > > raphy
> > > >
> > >
> > >
> > > --
> > >
> > > -Kyle H
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
> > y
> >
>
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
ptography
>
More information about the Cryptography
mailing list