[Cryptography Team] Common Criteria Documentation...
Kyle Hamilton
aerowolf at gmail.com
Tue Oct 17 16:13:30 UTC 2006
I do have SVN write access now, thank you. I've placed the Common
Criteria documents (as well as the Evaluation Methodology document,
and a couple of supplementary materials) in the repository as the
test.
What is our source control plan? "Only project members, as agreed by
Krishna and Ron through some 'hiring-type' process, shall have write
access to the repository"?
Also, EAL 3 and 4 require a "controlled development environment". I'm
not entirely certain what this means (likely that there is a low
possibility for viruses or other attack vectors that could create
unauthorized changes to the source)... I wonder if we can meet this
requirement using VMware player and a customized VM image, perhaps
Ubuntu 6.06LTS with all development tools installed and only security
updates. (We need to examine the Evaluation Methodology document to
understand this requirement and requirements of implementation.)
For Windows, I have MSDN Windows 2000 that I can install in a VM. I
don't like XP nor Vista, and am well-familiar with 2000. I can also
install VC++ 2005 Express Edition, as necessary, and (if we choose to
use OpenSSL on the Windows platform) the toolchain required to build
the FIPS-validated version of that as well.
(I also have a validly licensed copy of VMware 4.5 within which I can
build customized VM images.)
Remember, documentation of the process and any modifications to the
environments is key.
-Kyle H
On 10/17/06, Krishna Sankar <ksankar at doubleclix.net> wrote:
> Kyle,
>
> Can you see if you have the SVN write access ?
> All,
> Just as FYI, we need gmail address to become part of the Google
> project and it has no Wiki. Any thoughts on the Wiki for us to document the
> functionalities and the results of development/testing ?
>
> Cheers
> <k/>
>
> > -----Original Message-----
> > From: cryptography-bounces at lists.squeakfoundation.org
> > [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> > Behalf Of Kyle Hamilton
> > Sent: Monday, October 16, 2006 8:33 PM
> > To: Cryptography Team Development List
> > Subject: [Cryptography Team] Common Criteria Documentation...
> >
> > I found the Google Code project that Krishna started, and
> > uploaded the Common Criteria documentation I found (in PDF
> > form) to it as an issue.
> > Unfortunately, I don't have SVN write access, and I don't
> > know how to get it either.
> >
> > After reading it, I realized that it /IS/ a good idea for
> > anyone starting on CC validation to read it before they
> > start. It's important to realize what it is, and what the
> > goals must be. (As well, it also helps customers -- that'd
> > include you, Ron -- understand what the various validation
> > levels are, and compare them to regulatory
> > requirement.)
> >
> > --
> >
> > -Kyle H
> > I speak only for myself. I don't have the faintest clue
> > about anyone else.
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > ptography
> >
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
--
-Kyle H
More information about the Cryptography
mailing list