[Cryptography Team] re: Common Criteria Documentation...
Krishna Sankar
ksankar at doubleclix.net
Wed Oct 18 04:30:28 UTC 2006
> there's a lot more to it than that. Are we going to split
> efforts between cryptography/FIPS and the remainder of the CC
> validation, and maybe do it more quickly? Are we going to
> focus on FIPS first, and only after we get something that we
> can submit for validation then worry about the remainder for CC?
<KS>
Yep, good thoughts. As you correctly point out, first we should aim
for the smallest subset possible; after a successful validation, we can
extend it. That way we get our infrastructure in place, the processes ironed
out and get overall experience. We still will have to address some of the
fundamental issues, but hopefully they are manageable.
In the commercial world, with a product like a firewall or a router,
there is no such luxury - the whole product need to be validated and in a
short period of time.
And as Ron points out, the authenticated site et al can come after
we go thru a dry run. We should still keep a track of the activities,
results et al, but not in a strict authenticated way until we have all the
ducks in a row.
One important aspect we need to think about now is this minimal
subset - and what it should consist of and what it should achieve.
I will also read thru, understand the current environment and think
thru the paces. If we can get the cryptography engine certified, it will be
a win. Am not sure it can be done separately, though.
</KS>
Cheers
<k/>
> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On
> Behalf Of Kyle Hamilton
> Sent: Tuesday, October 17, 2006 6:09 PM
> To: Cryptography Team Development List
> Subject: Re: [Cryptography Team] re: Common Criteria Documentation...
>
> Thank you, Craig.
>
> If you look at the bottom of the Cryptography page on the
> minnow/squeak wiki, you'll see what I mean by "serious redesign".
> I'll go through the EAL documentation and the PP, and see
> what else isn't currently implemented but needs to be. (I
> hope that someone else can and will, too, since this is going
> to require something close to actuarial skills. I'm good
> with details, but I sometimes get so tangled in them that I
> forget something important.)
>
> But, that brings this up: this list is about cryptography,
> but our direction is (eventually, as stated by Krishna) CC
> EAL 4+ validation.
> This requires FIPS-validated cryptographic software, but
> there's a lot more to it than that. Are we going to split
> efforts between cryptography/FIPS and the remainder of the CC
> validation, and maybe do it more quickly? Are we going to
> focus on FIPS first, and only after we get something that we
> can submit for validation then worry about the remainder for CC?
>
> -Kyle H
>
> On 10/17/06, Craig Latta <craig at netjam.org> wrote:
> >
> > Hi Kyle--
> >
> > > Since the system is written in itself (and runs inside itself),
> > > there are several things in the PP that require redesigning very
> > > large parts of the system. We need at least one VM
> hacker on this
> > > list to evaluate the feasability of some of the needed changes.
> >
> > I can do that.
> >
> >
> > thanks!
> >
> > -C
> >
> > --
> > Craig Latta
> > http://netjam.org/resume
> >
> >
> > _______________________________________________
> > Cryptography mailing list
> > Cryptography at lists.squeakfoundation.org
> >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
> > y
> >
>
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
ptography
>
More information about the Cryptography
mailing list