File repository?

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Kyle
> Hamilton
> Sent: Thursday, October 12, 2006 4:51 PM
> To: Cryptography Team Development List
> Subject: [Cryptography Team] File repository?
>
> Is there a place where interested parties can upload useful binary
> documents (such as the Derived Test Requirements document that forms
> the basis for FIPS 140-2 testing), as well as metadata describing what
> it is and where it was obtained?  I'd like something like CVS, SVN, or
> git -- but the actual mechanism doesn't matter as long as it's
> accessible to every platform that Squeak runs on.
>
> Unfortunately, since there's no PDF viewer in Squeak, I don't think
> that an in-Squeak solution would be appropriate.  However, I'm not a
> member of the team (other than as a volunteer), and so I'm perfectly
> happy and willing to be overruled. :)
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

> No there isn't right now I'm happy to take suggestions.
>
> The one thing to keep in mind is that our code repository is protected by
> our bis/nsa open source notification
> http://lists.squeakfoundation.org/pipermail/cryptography/2006-January/000117
> .html .  If we have a new repository that may contain code we would need to
> register that also (I'm reminding myself as well as letting you know).  If
> at all possible I would like to keep a single repository at squeak source.
>
> If that is not possible, and everyone thinks we need something else please
> let me know, I'll make it happen.
>
> Ron
>
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Kyle
> > Hamilton
> > Sent: Thursday, October 12, 2006 4:51 PM
> > To: Cryptography Team Development List
> > Subject: [Cryptography Team] File repository?
> >
> > Is there a place where interested parties can upload useful binary
> > documents (such as the Derived Test Requirements document that forms
> > the basis for FIPS 140-2 testing), as well as metadata describing what
> > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > git -- but the actual mechanism doesn't matter as long as it's
> > accessible to every platform that Squeak runs on.
> >
> > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > that an in-Squeak solution would be appropriate.  However, I'm not a
> > member of the team (other than as a volunteer), and so I'm perfectly
> > happy and willing to be overruled. :)
> >
> > --
> >
> > -Kyle H
> > _______________________________________________
> > Cryptography mailing list
> > [hidden email]
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>

> From: Kyle Hamilton
> Sent: Thursday, October 12, 2006 7:27 PM
>
> I'm not entirely sure it would contain code; what I'm aiming for is a
> reference library for the various NIST/FIPS documents, perhaps a copy
> of various implementation documents (descriptions of various
> algorithms and modes of operation for them), the PKCS series, and so
> on.
>
> The point is that all code is going to be either implemented in squeak
> or in the squeak VM; I don't know the best way to handle forked
> development with the VM so I'm going to have to leave it up to the
> devs to decide how they want to handle that.
>
> Personally, I'm all for using external tools that can produce
> revisions of ST code that can be filed in (for the code that has to be
> in the machine), and the binary glue source code (which, if done
> correctly, would only glue crypto code into the VM without
> implementing cryptography itself -- until a branch is deemed
> validation-ready, at which point it will have to be self-contained.
>
> The validation process is typically "secret" (NDAs on all sides as to
> the details), from what I understand from Dr. Stephen Henson of
> OpenSSL.  So, I don't know too much about the actual process.
>
> -Kyle H
>
> On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:
> > No there isn't right now I'm happy to take suggestions.
> >
> > The one thing to keep in mind is that our code repository is protected
> by
> > our bis/nsa open source notification
> > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> January/000117
> > .html .  If we have a new repository that may contain code we would need
> to
> > register that also (I'm reminding myself as well as letting you know).
> If
> > at all possible I would like to keep a single repository at squeak
> source.
> >
> > If that is not possible, and everyone thinks we need something else
> please
> > let me know, I'll make it happen.
> >
> > Ron
> >
> > > -----Original Message-----
> > > From: [hidden email]
> > > [mailto:[hidden email]] On Behalf Of
> Kyle
> > > Hamilton
> > > Sent: Thursday, October 12, 2006 4:51 PM
> > > To: Cryptography Team Development List
> > > Subject: [Cryptography Team] File repository?
> > >
> > > Is there a place where interested parties can upload useful binary
> > > documents (such as the Derived Test Requirements document that forms
> > > the basis for FIPS 140-2 testing), as well as metadata describing what
> > > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > > git -- but the actual mechanism doesn't matter as long as it's
> > > accessible to every platform that Squeak runs on.
> > >
> > > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > > that an in-Squeak solution would be appropriate.  However, I'm not a
> > > member of the team (other than as a volunteer), and so I'm perfectly
> > > happy and willing to be overruled. :)
> > >
> > > --
> > >
> > > -Kyle H
> > > _______________________________________________
> > > Cryptography mailing list
> > > [hidden email]
> > > http://lists.squeakfoundation.org/cgi-
> bin/mailman/listinfo/cryptography
> >
> >
> > _______________________________________________
> > Cryptography mailing list
> > [hidden email]
> > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> >
>
>
> --
>
> -Kyle H

> All,
>
> What I suggest is that we wait for suggestions from Krishna, and that we
> focus on our current goal which is to satisfy ourselves that we can pass
> common criteria validation.  Once we are satisfied that we are at that level
> we can move forward to either doing an actual CC validation, or to try for
> FIPS 140-2.
>
> I'm thinking that Google's project hosting will do the trick.  That would
> give us some tools that we can use to communicate.
>
> Any other suggestions?
>
> Ron
>
> > From: Kyle Hamilton
> > Sent: Thursday, October 12, 2006 7:27 PM
> >
> > I'm not entirely sure it would contain code; what I'm aiming for is a
> > reference library for the various NIST/FIPS documents, perhaps a copy
> > of various implementation documents (descriptions of various
> > algorithms and modes of operation for them), the PKCS series, and so
> > on.
> >
> > The point is that all code is going to be either implemented in squeak
> > or in the squeak VM; I don't know the best way to handle forked
> > development with the VM so I'm going to have to leave it up to the
> > devs to decide how they want to handle that.
> >
> > Personally, I'm all for using external tools that can produce
> > revisions of ST code that can be filed in (for the code that has to be
> > in the machine), and the binary glue source code (which, if done
> > correctly, would only glue crypto code into the VM without
> > implementing cryptography itself -- until a branch is deemed
> > validation-ready, at which point it will have to be self-contained.
> >
> > The validation process is typically "secret" (NDAs on all sides as to
> > the details), from what I understand from Dr. Stephen Henson of
> > OpenSSL.  So, I don't know too much about the actual process.
> >
> > -Kyle H
> >
> > On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:
> > > No there isn't right now I'm happy to take suggestions.
> > >
> > > The one thing to keep in mind is that our code repository is protected
> > by
> > > our bis/nsa open source notification
> > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > January/000117
> > > .html .  If we have a new repository that may contain code we would need
> > to
> > > register that also (I'm reminding myself as well as letting you know).
> > If
> > > at all possible I would like to keep a single repository at squeak
> > source.
> > >
> > > If that is not possible, and everyone thinks we need something else
> > please
> > > let me know, I'll make it happen.
> > >
> > > Ron
> > >
> > > > -----Original Message-----
> > > > From: [hidden email]
> > > > [mailto:[hidden email]] On Behalf Of
> > Kyle
> > > > Hamilton
> > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > To: Cryptography Team Development List
> > > > Subject: [Cryptography Team] File repository?
> > > >
> > > > Is there a place where interested parties can upload useful binary
> > > > documents (such as the Derived Test Requirements document that forms
> > > > the basis for FIPS 140-2 testing), as well as metadata describing what
> > > > it is and where it was obtained?  I'd like something like CVS, SVN, or
> > > > git -- but the actual mechanism doesn't matter as long as it's
> > > > accessible to every platform that Squeak runs on.
> > > >
> > > > Unfortunately, since there's no PDF viewer in Squeak, I don't think
> > > > that an in-Squeak solution would be appropriate.  However, I'm not a
> > > > member of the team (other than as a volunteer), and so I'm perfectly
> > > > happy and willing to be overruled. :)
> > > >
> > > > --
> > > >
> > > > -Kyle H
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > [hidden email]
> > > > http://lists.squeakfoundation.org/cgi-
> > bin/mailman/listinfo/cryptography
> > >
> > >
> > > _______________________________________________
> > > Cryptography mailing list
> > > [hidden email]
> > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
> > >
> >
> >
> > --
> >
> > -Kyle H
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On
> Behalf Of Kyle Hamilton
> Sent: Friday, October 13, 2006 10:40 AM
> To: [hidden email]; Cryptography Team Development List
> Subject: Re: [Cryptography Team] File repository?
>
> Google's project hosting does seem like a good idea.
>
> It occurs to me that if we're going to try for CC or FIPS
> validation, the longer of a paper trail we can provide the
> better off we'll be -- so my vote is to get it set up sooner
> than later.  (Plus, if we are going to try for validation
> [which Krishna's appointment suggests is a priority], it's a
> more efficient use of resources to build /to/ it, rather than
> try to retrofit it.)
>
> Incidentally, I don't know if there's anything that requires
> notification of citizenship in the process anymore, but FWIW
> I'm a citizen of the United States.
>
> -Kyle H
>
> On 10/13/06, Ron Teitelbaum <[hidden email]> wrote:
> > All,
> >
> > What I suggest is that we wait for suggestions from
> Krishna, and that
> > we focus on our current goal which is to satisfy ourselves
> that we can
> > pass common criteria validation.  Once we are satisfied
> that we are at
> > that level we can move forward to either doing an actual CC
> > validation, or to try for FIPS 140-2.
> >
> > I'm thinking that Google's project hosting will do the trick.  That
> > would give us some tools that we can use to communicate.
> >
> > Any other suggestions?
> >
> > Ron
> >
> > > From: Kyle Hamilton
> > > Sent: Thursday, October 12, 2006 7:27 PM
> > >
> > > I'm not entirely sure it would contain code; what I'm
> aiming for is
> > > a reference library for the various NIST/FIPS documents,
> perhaps a
> > > copy of various implementation documents (descriptions of various
> > > algorithms and modes of operation for them), the PKCS
> series, and so
> > > on.
> > >
> > > The point is that all code is going to be either implemented in
> > > squeak or in the squeak VM; I don't know the best way to handle
> > > forked development with the VM so I'm going to have to
> leave it up
> > > to the devs to decide how they want to handle that.
> > >
> > > Personally, I'm all for using external tools that can produce
> > > revisions of ST code that can be filed in (for the code
> that has to
> > > be in the machine), and the binary glue source code
> (which, if done
> > > correctly, would only glue crypto code into the VM without
> > > implementing cryptography itself -- until a branch is deemed
> > > validation-ready, at which point it will have to be
> self-contained.
> > >
> > > The validation process is typically "secret" (NDAs on all
> sides as
> > > to the details), from what I understand from Dr. Stephen
> Henson of
> > > OpenSSL.  So, I don't know too much about the actual process.
> > >
> > > -Kyle H
> > >
> > > On 10/12/06, Ron Teitelbaum <[hidden email]> wrote:
> > > > No there isn't right now I'm happy to take suggestions.
> > > >
> > > > The one thing to keep in mind is that our code repository is
> > > > protected
> > > by
> > > > our bis/nsa open source notification
> > > > http://lists.squeakfoundation.org/pipermail/cryptography/2006-
> > > January/000117
> > > > .html .  If we have a new repository that may contain code we
> > > > would need
> > > to
> > > > register that also (I'm reminding myself as well as
> letting you know).
> > > If
> > > > at all possible I would like to keep a single
> repository at squeak
> > > source.
> > > >
> > > > If that is not possible, and everyone thinks we need something
> > > > else
> > > please
> > > > let me know, I'll make it happen.
> > > >
> > > > Ron
> > > >
> > > > > -----Original Message-----
> > > > > From: [hidden email]
> > > > > [mailto:[hidden email]] On
> > > > > Behalf Of
> > > Kyle
> > > > > Hamilton
> > > > > Sent: Thursday, October 12, 2006 4:51 PM
> > > > > To: Cryptography Team Development List
> > > > > Subject: [Cryptography Team] File repository?
> > > > >
> > > > > Is there a place where interested parties can upload useful
> > > > > binary documents (such as the Derived Test
> Requirements document
> > > > > that forms the basis for FIPS 140-2 testing), as well as
> > > > > metadata describing what it is and where it was
> obtained?  I'd
> > > > > like something like CVS, SVN, or git -- but the
> actual mechanism
> > > > > doesn't matter as long as it's accessible to every
> platform that Squeak runs on.
> > > > >
> > > > > Unfortunately, since there's no PDF viewer in Squeak, I don't
> > > > > think that an in-Squeak solution would be
> appropriate.  However,
> > > > > I'm not a member of the team (other than as a
> volunteer), and so
> > > > > I'm perfectly happy and willing to be overruled. :)
> > > > >
> > > > > --
> > > > >
> > > > > -Kyle H
> > > > > _______________________________________________
> > > > > Cryptography mailing list
> > > > > [hidden email]
> > > > > http://lists.squeakfoundation.org/cgi-
> > > bin/mailman/listinfo/cryptography
> > > >
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > [hidden email]
> > > >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptog
> > > > raphy
> > > >
> > >
> > >
> > > --
> > >
> > > -Kyle H
> >
> > _______________________________________________
> > Cryptography mailing list
> > [hidden email]
> >
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptograph
> > y
> >
>
>
> --
>
> -Kyle H
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry