[Cryptography Team] Common Criteria Documentation...
Ron Teitelbaum
Ron at USMedRec.com
Tue Oct 17 16:51:46 UTC 2006
Kyle,
I like the idea of letting Krishna flush out the details of step one. Keep
in mind our goal is to be very through and thoughtful about each step which
may require a slower pace. Also a major goal is to provide a road map which
others (including us) can learn from.
I understand the need for a controlled environment, which we spoke about
earlier, but I'm not sure that is the right place to start. I am also ok
with letting Krishna define access requirements to repositories based on his
interpretation of what is needed to move forward.
Ron
> From: Kyle Hamilton
> Sent: Tuesday, October 17, 2006 12:14 PM
>
> I do have SVN write access now, thank you. I've placed the Common
> Criteria documents (as well as the Evaluation Methodology document,
> and a couple of supplementary materials) in the repository as the
> test.
>
> What is our source control plan? "Only project members, as agreed by
> Krishna and Ron through some 'hiring-type' process, shall have write
> access to the repository"?
>
> Also, EAL 3 and 4 require a "controlled development environment". I'm
> not entirely certain what this means (likely that there is a low
> possibility for viruses or other attack vectors that could create
> unauthorized changes to the source)... I wonder if we can meet this
> requirement using VMware player and a customized VM image, perhaps
> Ubuntu 6.06LTS with all development tools installed and only security
> updates. (We need to examine the Evaluation Methodology document to
> understand this requirement and requirements of implementation.)
>
> For Windows, I have MSDN Windows 2000 that I can install in a VM. I
> don't like XP nor Vista, and am well-familiar with 2000. I can also
> install VC++ 2005 Express Edition, as necessary, and (if we choose to
> use OpenSSL on the Windows platform) the toolchain required to build
> the FIPS-validated version of that as well.
>
> (I also have a validly licensed copy of VMware 4.5 within which I can
> build customized VM images.)
>
> Remember, documentation of the process and any modifications to the
> environments is key.
>
> -Kyle H
>
>
>
> On 10/17/06, Krishna Sankar <ksankar at doubleclix.net> wrote:
> > Kyle,
> >
> > Can you see if you have the SVN write access ?
> > All,
> > Just as FYI, we need gmail address to become part of the Google
> > project and it has no Wiki. Any thoughts on the Wiki for us to document
> the
> > functionalities and the results of development/testing ?
> >
> > Cheers
> > <k/>
> >
> > > -----Original Message-----
> > > From: cryptography-bounces at lists.squeakfoundation.org
> > > [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> > > Behalf Of Kyle Hamilton
> > > Sent: Monday, October 16, 2006 8:33 PM
> > > To: Cryptography Team Development List
> > > Subject: [Cryptography Team] Common Criteria Documentation...
> > >
> > > I found the Google Code project that Krishna started, and
> > > uploaded the Common Criteria documentation I found (in PDF
> > > form) to it as an issue.
> > > Unfortunately, I don't have SVN write access, and I don't
> > > know how to get it either.
> > >
> > > After reading it, I realized that it /IS/ a good idea for
> > > anyone starting on CC validation to read it before they
> > > start. It's important to realize what it is, and what the
> > > goals must be. (As well, it also helps customers -- that'd
> > > include you, Ron -- understand what the various validation
> > > levels are, and compare them to regulatory
> > > requirement.)
> > >
> > > --
> > >
> > > -Kyle H
> > > I speak only for myself. I don't have the faintest clue
> > > about anyone else.
> > > _______________________________________________
> > > Cryptography mailing list
> > > Cryptography at lists.squeakfoundation.org
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > > ptography
> > >
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> >
>
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
More information about the Cryptography
mailing list