File repository?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

File repository?

Kyle Hamilton
Is there a place where interested parties can upload useful binary
documents (such as the Derived Test Requirements document that forms
the basis for FIPS 140-2 testing), as well as metadata describing what
it is and where it was obtained?  I'd like something like CVS, SVN, or
git -- but the actual mechanism doesn't matter as long as it's
accessible to every platform that Squeak runs on.

Unfortunately, since there's no PDF viewer in Squeak, I don't think
that an in-Squeak solution would be appropriate.  However, I'm not a
member of the team (other than as a volunteer), and so I'm perfectly
happy and willing to be overruled. :)

--

-Kyle H
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: File repository?

Ron Teitelbaum
No there isn't right now I'm happy to take suggestions.  

The one thing to keep in mind is that our code repository is protected by
our bis/nsa open source notification
http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117
.html .  If we have a new repository that may contain code we would need to
register that also (I'm reminding myself as well as letting you know).  If
at all possible I would like to keep a single repository at squeak source.  

If that is not possible, and everyone thinks we need something else please
let me know, I'll make it happen.

Ron

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Kyle
> Hamilton
> Sent: Thursday, October 12, 2006 4:51 PM
> To: Cryptography Team Development List
> Subject: [Cryptography Team] File repository?
>
> Is there a place where interested parties can upload useful binary
> documents (such as the Derived Test Requirements document that forms
> the basis for FIPS 140-2 testing), as well as metadata describing what
> it is and where it was obtained?  I'd like something like CVS, SVN, or
> git -- but the actual mechanism doesn't matter as long as it's
> accessible to every platform that Squeak runs on.
>
> Unfortunately, since there's no PDF viewer in Squeak, I don't think
> that an in-Squeak solution would be appropriate.  However, I'm not a
> member of the team (other than as a volunteer), and so I'm perfectly
> happy and willing to be overruled. :)
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: File repository?

Kyle Hamilton
I'm not entirely sure it would contain code; what I'm aiming for is a
reference library for the various NIST/FIPS documents, perhaps a copy
of various implementation documents (descriptions of various
algorithms and modes of operation for them), the PKCS series, and so
on.

The point is that all code is going to be either implemented in squeak
or in the squeak VM; I don't know the best way to handle forked
development with the VM so I'm going to have to leave it up to the
devs to decide how they want to handle that.

Personally, I'm all for using external tools that can produce
revisions of ST code that can be filed in (for the code that has to be
in the machine), and the binary glue source code (which, if done
correctly, would only glue crypto code into the VM without
implementing cryptography itself -- until a branch is deemed
validation-ready, at which point it will have to be self-contained.

The validation process is typically "secret" (NDAs on all sides as to
the details), from what I understand from Dr. Stephen Henson of
OpenSSL.  So, I don't know too much about the actual process.

-Kyle H

On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:

> No there isn't right now I'm happy to take suggestions.
>
> The one thing to keep in mind is that our code repository is protected by
> our bis/nsa open source notification
> http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117
> .html .  If we have a new repository that may contain code we would need to
> register that also (I'm reminding myself as well as letting you know).  If
> at all possible I would like to keep a single repository at squeak source.
>
> If that is not possible, and everyone thinks we need something else please
> let me know, I'll make it happen.
>
> Ron
>
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Kyle
> > Hamilton
> > Sent: Thursday, October 12, 2006 4:51 PM
> > To: Cryptography Team Development List
> > Subject: [Cryptography Team] File repository?
> >
> > Is there a place where interested parties can upload useful binary
> > documents (such as the Derived Test Requirements document that forms
> > the basis for FIPS 140-2 testing), as well as metadata describing what
> > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > git -- but the actual mechanism doesn't matter as long as it's
> > accessible to every platform that Squeak runs on.
> >
> > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > that an in-Squeak solution would be appropriate.  However, I'm not a
> > member of the team (other than as a volunteer), and so I'm perfectly
> > happy and willing to be overruled. :)
> >
> > --
> >
> > -Kyle H
> > _______________________________________________
> > Cryptography mailing list
> > [hidden email]
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>


--

-Kyle H
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: File repository?

Ron Teitelbaum
All,

What I suggest is that we wait for suggestions from Krishna, and that we
focus on our current goal which is to satisfy ourselves that we can pass
common criteria validation.  Once we are satisfied that we are at that level
we can move forward to either doing an actual CC validation, or to try for
FIPS 140-2.  

I'm thinking that Google's project hosting will do the trick.  That would
give us some tools that we can use to communicate.

Any other suggestions?

Ron

> From: Kyle Hamilton
> Sent: Thursday, October 12, 2006 7:27 PM
>
> I'm not entirely sure it would contain code; what I'm aiming for is a
> reference library for the various NIST/FIPS documents, perhaps a copy
> of various implementation documents (descriptions of various
> algorithms and modes of operation for them), the PKCS series, and so
> on.
>
> The point is that all code is going to be either implemented in squeak
> or in the squeak VM; I don't know the best way to handle forked
> development with the VM so I'm going to have to leave it up to the
> devs to decide how they want to handle that.
>
> Personally, I'm all for using external tools that can produce
> revisions of ST code that can be filed in (for the code that has to be
> in the machine), and the binary glue source code (which, if done
> correctly, would only glue crypto code into the VM without
> implementing cryptography itself -- until a branch is deemed
> validation-ready, at which point it will have to be self-contained.
>
> The validation process is typically "secret" (NDAs on all sides as to
> the details), from what I understand from Dr. Stephen Henson of
> OpenSSL.  So, I don't know too much about the actual process.
>
> -Kyle H
>
> On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:
> > No there isn't right now I'm happy to take suggestions.
> >
> > The one thing to keep in mind is that our code repository is protected
> by
> > our bis/nsa open source notification
> > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> January/000117
> > .html .  If we have a new repository that may contain code we would need
> to
> > register that also (I'm reminding myself as well as letting you know).
> If
> > at all possible I would like to keep a single repository at squeak
> source.
> >
> > If that is not possible, and everyone thinks we need something else
> please
> > let me know, I'll make it happen.
> >
> > Ron
> >
> > > -----Original Message-----
> > > From: [hidden email]
> > > [mailto:[hidden email]] On Behalf Of
> Kyle
> > > Hamilton
> > > Sent: Thursday, October 12, 2006 4:51 PM
> > > To: Cryptography Team Development List
> > > Subject: [Cryptography Team] File repository?
> > >
> > > Is there a place where interested parties can upload useful binary
> > > documents (such as the Derived Test Requirements document that forms
> > > the basis for FIPS 140-2 testing), as well as metadata describing what
> > > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > > git -- but the actual mechanism doesn't matter as long as it's
> > > accessible to every platform that Squeak runs on.
> > >
> > > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > > that an in-Squeak solution would be appropriate.  However, I'm not a
> > > member of the team (other than as a volunteer), and so I'm perfectly
> > > happy and willing to be overruled. :)
> > >
> > > --
> > >
> > > -Kyle H
> > > _______________________________________________
> > > Cryptography mailing list
> > > [hidden email]
> > > http://lists.squeakfoundation.org/cgi-
> bin/mailman/listinfo/cryptography
> >
> >
> > _______________________________________________
> > Cryptography mailing list
> > [hidden email]
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> >
>
>
> --
>
> -Kyle H

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: File repository?

Kyle Hamilton
Google's project hosting does seem like a good idea.

It occurs to me that if we're going to try for CC or FIPS validation,
the longer of a paper trail we can provide the better off we'll be --
so my vote is to get it set up sooner than later.  (Plus, if we are
going to try for validation [which Krishna's appointment suggests is a
priority], it's a more efficient use of resources to build /to/ it,
rather than try to retrofit it.)

Incidentally, I don't know if there's anything that requires
notification of citizenship in the process anymore, but FWIW I'm a
citizen of the United States.

-Kyle H

On 10/13/06, Ron Teitelbaum <[hidden email]> wrote:

> All,
>
> What I suggest is that we wait for suggestions from Krishna, and that we
> focus on our current goal which is to satisfy ourselves that we can pass
> common criteria validation.  Once we are satisfied that we are at that level
> we can move forward to either doing an actual CC validation, or to try for
> FIPS 140-2.
>
> I'm thinking that Google's project hosting will do the trick.  That would
> give us some tools that we can use to communicate.
>
> Any other suggestions?
>
> Ron
>
> > From: Kyle Hamilton
> > Sent: Thursday, October 12, 2006 7:27 PM
> >
> > I'm not entirely sure it would contain code; what I'm aiming for is a
> > reference library for the various NIST/FIPS documents, perhaps a copy
> > of various implementation documents (descriptions of various
> > algorithms and modes of operation for them), the PKCS series, and so
> > on.
> >
> > The point is that all code is going to be either implemented in squeak
> > or in the squeak VM; I don't know the best way to handle forked
> > development with the VM so I'm going to have to leave it up to the
> > devs to decide how they want to handle that.
> >
> > Personally, I'm all for using external tools that can produce
> > revisions of ST code that can be filed in (for the code that has to be
> > in the machine), and the binary glue source code (which, if done
> > correctly, would only glue crypto code into the VM without
> > implementing cryptography itself -- until a branch is deemed
> > validation-ready, at which point it will have to be self-contained.
> >
> > The validation process is typically "secret" (NDAs on all sides as to
> > the details), from what I understand from Dr. Stephen Henson of
> > OpenSSL.  So, I don't know too much about the actual process.
> >
> > -Kyle H
> >
> > On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:
> > > No there isn't right now I'm happy to take suggestions.
> > >
> > > The one thing to keep in mind is that our code repository is protected
> > by
> > > our bis/nsa open source notification
> > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > January/000117
> > > .html .  If we have a new repository that may contain code we would need
> > to
> > > register that also (I'm reminding myself as well as letting you know).
> > If
> > > at all possible I would like to keep a single repository at squeak
> > source.
> > >
> > > If that is not possible, and everyone thinks we need something else
> > please
> > > let me know, I'll make it happen.
> > >
> > > Ron
> > >
> > > > -----Original Message-----
> > > > From: [hidden email]
> > > > [mailto:[hidden email]] On Behalf Of
> > Kyle
> > > > Hamilton
> > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > To: Cryptography Team Development List
> > > > Subject: [Cryptography Team] File repository?
> > > >
> > > > Is there a place where interested parties can upload useful binary
> > > > documents (such as the Derived Test Requirements document that forms
> > > > the basis for FIPS 140-2 testing), as well as metadata describing what
> > > > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > > > git -- but the actual mechanism doesn't matter as long as it's
> > > > accessible to every platform that Squeak runs on.
> > > >
> > > > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > > > that an in-Squeak solution would be appropriate.  However, I'm not a
> > > > member of the team (other than as a volunteer), and so I'm perfectly
> > > > happy and willing to be overruled. :)
> > > >
> > > > --
> > > >
> > > > -Kyle H
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > [hidden email]
> > > > http://lists.squeakfoundation.org/cgi-
> > bin/mailman/listinfo/cryptography
> > >
> > >
> > > _______________________________________________
> > > Cryptography mailing list
> > > [hidden email]
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> > >
> >
> >
> > --
> >
> > -Kyle H
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>


--

-Kyle H
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: File repository?

Krishna Sankar-2
Let me look into setting up a Google project as well as prime it with a set
of top level tasks.

Cheers
<k/>

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On
> Behalf Of Kyle Hamilton
> Sent: Friday, October 13, 2006 10:40 AM
> To: [hidden email]; Cryptography Team Development List
> Subject: Re: [Cryptography Team] File repository?
>
> Google's project hosting does seem like a good idea.
>
> It occurs to me that if we're going to try for CC or FIPS
> validation, the longer of a paper trail we can provide the
> better off we'll be -- so my vote is to get it set up sooner
> than later.  (Plus, if we are going to try for validation
> [which Krishna's appointment suggests is a priority], it's a
> more efficient use of resources to build /to/ it, rather than
> try to retrofit it.)
>
> Incidentally, I don't know if there's anything that requires
> notification of citizenship in the process anymore, but FWIW
> I'm a citizen of the United States.
>
> -Kyle H
>
> On 10/13/06, Ron Teitelbaum <[hidden email]> wrote:
> > All,
> >
> > What I suggest is that we wait for suggestions from
> Krishna, and that
> > we focus on our current goal which is to satisfy ourselves
> that we can
> > pass common criteria validation.  Once we are satisfied
> that we are at
> > that level we can move forward to either doing an actual CC
> > validation, or to try for FIPS 140-2.
> >
> > I'm thinking that Google's project hosting will do the trick.  That
> > would give us some tools that we can use to communicate.
> >
> > Any other suggestions?
> >
> > Ron
> >
> > > From: Kyle Hamilton
> > > Sent: Thursday, October 12, 2006 7:27 PM
> > >
> > > I'm not entirely sure it would contain code; what I'm
> aiming for is
> > > a reference library for the various NIST/FIPS documents,
> perhaps a
> > > copy of various implementation documents (descriptions of various
> > > algorithms and modes of operation for them), the PKCS
> series, and so
> > > on.
> > >
> > > The point is that all code is going to be either implemented in
> > > squeak or in the squeak VM; I don't know the best way to handle
> > > forked development with the VM so I'm going to have to
> leave it up
> > > to the devs to decide how they want to handle that.
> > >
> > > Personally, I'm all for using external tools that can produce
> > > revisions of ST code that can be filed in (for the code
> that has to
> > > be in the machine), and the binary glue source code
> (which, if done
> > > correctly, would only glue crypto code into the VM without
> > > implementing cryptography itself -- until a branch is deemed
> > > validation-ready, at which point it will have to be
> self-contained.
> > >
> > > The validation process is typically "secret" (NDAs on all
> sides as
> > > to the details), from what I understand from Dr. Stephen
> Henson of
> > > OpenSSL.  So, I don't know too much about the actual process.
> > >
> > > -Kyle H
> > >
> > > On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:
> > > > No there isn't right now I'm happy to take suggestions.
> > > >
> > > > The one thing to keep in mind is that our code repository is
> > > > protected
> > > by
> > > > our bis/nsa open source notification
> > > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > > January/000117
> > > > .html .  If we have a new repository that may contain code we
> > > > would need
> > > to
> > > > register that also (I'm reminding myself as well as
> letting you know).
> > > If
> > > > at all possible I would like to keep a single
> repository at squeak
> > > source.
> > > >
> > > > If that is not possible, and everyone thinks we need something
> > > > else
> > > please
> > > > let me know, I'll make it happen.
> > > >
> > > > Ron
> > > >
> > > > > -----Original Message-----
> > > > > From: [hidden email]
> > > > > [mailto:[hidden email]] On
> > > > > Behalf Of
> > > Kyle
> > > > > Hamilton
> > > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > > To: Cryptography Team Development List
> > > > > Subject: [Cryptography Team] File repository?
> > > > >
> > > > > Is there a place where interested parties can upload useful
> > > > > binary documents (such as the Derived Test
> Requirements document
> > > > > that forms the basis for FIPS 140-2 testing), as well as
> > > > > metadata describing what it is and where it was
> obtained?  I'd
> > > > > like something like CVS, SVN, or git -- but the
> actual mechanism
> > > > > doesn't matter as long as it's accessible to every
> platform that Squeak runs on.
> > > > >
> > > > > Unfortunately, since there's no PDF viewer in Squeak, I don't
> > > > > think that an in-Squeak solution would be
> appropriate.  However,
> > > > > I'm not a member of the team (other than as a
> volunteer), and so
> > > > > I'm perfectly happy and willing to be overruled. :)
> > > > >
> > > > > --
> > > > >
> > > > > -Kyle H
> > > > > _______________________________________________
> > > > > Cryptography mailing list
> > > > > [hidden email]
> > > > > http://lists.squeakfoundation.org/cgi-
> > > bin/mailman/listinfo/cryptography
> > > >
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > [hidden email]
> > > >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptog
> > > > raphy
> > > >
> > >
> > >
> > > --
> > >
> > > -Kyle H
> >
> > _______________________________________________
> > Cryptography mailing list
> > [hidden email]
> >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
> > y
> >
>
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
ptography
>

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography