All,

Ok so we have started a cryptography team.  There is a new Cryptography List
you can sign up at:
http://lists.squeakfoundation.org/mailman/listinfo/cryptography 

We are still looking for volunteers if you have an interest, have some
experience, or need cryptography for your application please volunteer.  

We are starting with ASN.1 which could also be used to help optimize
communications between systems.  From there we will move on to x.509v3 and
PGP.

One of our members suggested that we contact Cincom, which we did.  We asked
if a port of Cincom code was possible, and we received a positive reply.
The only issue that came up was about license rights.  We are waiting for a
more definite response, but so far they are not comfortable with Squeak
license.  They would prefer LGPL or the Artistic License for the code that
we port from them directly.

I've read through them but I'm not an expert on licenses.  Can you give me
your reactions to using either one of these license models for our
cryptography packages?  What would the general reaction be?  Has anyone
compared the models enough to tell me the difference between Squeak and
LGPL?  For LGPL I understood the extra requirements to separate
functionality of the package form the applications so that it can be run
separately and the source code availability requirements which considering
that this is smalltalk and source is always available we can include the
license on the class comment to make sure that developers include this
notice in their applications.  We have not decided to go this route; we are
just exploring the options.

Also, there are currently PKI classes in the base image.  Those classes are
duplicated in the current cryptographic package.  Does anyone have an
opinion on whether or not cryptographic classes should be in the base image?
If so what pieces do you think should be there?

Your thoughts are welcome.

Thanks,

Ron Teitelbaum