Welcome New Members and Update

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Welcome New Members and Update

Ron Teitelbaum
All,

We have a few new members.  I would like to welcome you to the list and invite you to introduce yourselves to the list if you feel so inclined and please let us know what your interests in cryptography are, and what you hope to get from this group.

We have discussed previously that we might want to build Slang plug in representations of some of our cryptographic primitives to improve performance.  There appears to be support for including those primitives internally in the base VM for the different platforms, I would like to take advantage of this opportunity.  If anyone has a plug in they would like to have included in the VM maker and then in new VM Builds please submit it to this list for review.  (Rob could you enter a mantis bug requesting that we include the DES plug in with future builds of VM’s?).  We need the SHA256 plug in written (I have not had time to do it ☹, but I will get to it if nobody volunteers).  Are there suggestions for other plug ins that need to be written?

Also I would like us to consider looking at the fips common criteria http://niap.bahialab.com/cc-scheme/cc_docs/index.cfm .  My feeling is that more testing can not be bad for our cryptography code, and that the more we can accomplish in this area the closer we are to considering getting certified ourselves.  It does not make sense to hire a lab until we are satisfied internally that we will pass.

Because this is a large process it would be easy to consider this too difficult a task to complete.  The major reason to discount this problem is that we have no deadline.  This means that with proper organization anyone with some spare time can contribute and move us forward.  What we need is someone to help provide this organization.  That person needs to be very familiar with the common criteria, should have considerable experience in the cryptography field and should have good organization skills.  The job is not complicated and I don’t expect that it should take much time (about 1 hour a month after initial startup).  That person would be responsible for developing a short list of tasks that need to be accomplished, would work to help find people to validate work that is already completed, and would tell the community when the work is done.  I would suggest that this person would carry the official title of Squeak Cryptography Security Validation Officer.

Anyone want to volunteer?  Anyone have suggestions on how to elect that person if we get volunteers?

Along with providing a direction for the group we need some people with any time to spare to volunteer to work with that leader and the rest of the team to add the tests and code necessary to meet the requirements of the common criteria.  This type of work is really a wonderful chance to learn Cryptography.  It allows you to learn about areas that you might not be familiar with, not to mention being a very valuable way for you to contribute to this team.

Again welcome new members,

Ron Teitelbaum
Squeak Cryptography Team Leader
[hidden email]

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

RE: Welcome New Members and Update

Ron Teitelbaum
Hi Krishna,

If you are still interested in joining the group, I thought I'd remind you to introduce yourself to the team: [hidden email]

Thank you for your interest, I'm looking forward to working with you!

Ron Teitelbaum

> -----Original Message-----
> From: Krishna Sankar [mailto:[hidden email]]
> Sent: Monday, October 09, 2006 4:28 PM
> To: [hidden email]
> Subject: RE: [Cryptography Team] Welcome New Members and Update
>
> Thanks. Some answers.
> >
> > What brings you to Smalltalk in general?  What is your
> > experience with the language?
> >
> <KS>
> I got introduced to Squeak thru the OLPC effort. Have been thinking
> about designing a program to introduce Chamber Music to kids. I also have
> been studying the various aspects of OLPC, mesh networking et al.
>
> I am new to Smalltalk. Have worked on languages from FORTRAN to
> Pascal to Ada to COBOL to Java. Have been looking for an opportunity to
> work on Smalltalk (without a goal usually the work would be peripheral)...
> May be this is one, may be not.
> </KS>
> > What made you want to join the team, what are you looking to
> > get out of your participation?
> >
> <KS>
> This is an interesting problem - from implementation thru
> certification - especially in the security domain; experience in open
> source work, programming (I like to program stuff, sometimes get too much
> into the .ppt land ;o(), exploring nuances of cryptography, experience in
> Smalltalk and finally contribution to OLPC.
> </KS>
> > Your background in government standards and background in
> > cryptography would certainly qualify you to organize our
> > efforts.  I look forward to discussing it with you and other
> > members of the team.  Could you give me some more info on you
> > background?  I would be interested in reading your stuff, can
> > you point me to your work?
> >
> <KS>
> Here is a quick list of security related stuff. Pl let me know if this is
> enough.
>
> My background is in interpreting and developing software as per government
> standards like MIL-STD-1521/1520, MIL-STD-490/498/499 and DoD-STD-
> 2167A/2168. Also was involved reviewing network related documents.
>
> I am the lead author of the Cisco Press WLAN Security book -
> http://www.ciscopress.com/authors/bio.asp?a=9ed11cfa-9067-4205-8110-
> 76358f317825&rl=1
>
> When java was new, I had been part of a few Java Books - now they all look
> very old and trivial ;o( In my book Java 1.2 Class Libraries Unleashed, I
> had covered the cryptography as well.
>
> I also have been involved with the NIST/Internet2 PKI workshop -
> http://middleware.internet2.edu/pki04/
>
> I also was part of Web Services standards like SAML et al.
>
> Also have been doing security stuff as a part of my work for sometime.
>
> </KS>
>
> Cheers
> <k/>
> > -----Original Message-----
> > From: Ron Teitelbaum [mailto:[hidden email]]
> > Sent: Monday, October 09, 2006 11:00 AM
> > To: 'Krishna Sankar'
> > Subject: RE: [Cryptography Team] Welcome New Members and Update
> >
> > Krishna,
> >
> > Thank you for volunteering, I will be very happy to help you
> > in any way I can.  I have some questions for you.
> >
> > What brings you to Smalltalk in general?  What is your
> > experience with the language?
> >
> > What made you want to join the team, what are you looking to
> > get out of your participation?
> >
> > Your background in government standards and background in
> > cryptography would certainly qualify you to organize our
> > efforts.  I look forward to discussing it with you and other
> > members of the team.  Could you give me some more info on you
> > background?  I would be interested in reading your stuff, can
> > you point me to your work?
> >
> > As for the slang code in squeak for SHA256: There are already
> > plug-in written for SHA1, which can serve as a working
> > prototype of the things that could be done for SHA256.  I
> > wrote the SHA256 Smalltalk code and I used the SHA1
> > implementation as a guide.  The similarity should definitely
> > make writing the plug-in much easier.  You would need to load
> > the VMMaker to get the SHA1 code.  Are you familiar with the
> > VMMaker or slang?
> >
> > I look forward to working with you!
> >
> > Ron
> >
> >
> > > From: Krishna Sankar
> > > Sent: Monday, October 09, 2006 1:21 PM
> > >
> > > Ron,
> > >
> > > Thanks for the e-mail. Even though this is a personal
> > e-mail to you,
> > > I will send an intro to the list.
> > >
> > > I would be happy to work on the Cryptography Security
> > Validation
> > > effort. While I do not have background on Common Criteria,
> > I am well
> > > versed with most of the cryptography aspects (I also have
> > written on
> > > WLAN security as well as Java Security plus have been involved with
> > > PKI NIST workshop et al) I also have background on Govt standards.
> > > Would this be sufficient to participate, may be even as a sub-lead ?
> > >
> > > May be it is a good idea to start with the SHA256
> > plug-in. Would
> > > appreciate your thoughts on the efforts and guidance, as this is my
> > > first foray into Squeak.
> > >
> > > Cheers
> > > <k/>
> > > > -----Original Message-----
> > > > From: [hidden email]
> > > > [mailto:[hidden email]]
> > On Behalf
> > > > Of Ron Teitelbaum
> > > > Sent: Monday, October 09, 2006 9:26 AM
> > > > To: 'Cryptography Team Development List'
> > > > Subject: [Cryptography Team] Welcome New Members and Update
> > > >
> > > > All,
> > > >
> > > > We have a few new members.  I would like to welcome you
> > to the list
> > > > and invite you to introduce yourselves to the list if you feel so
> > > > inclined and please let us know what your interests in
> > cryptography
> > > > are, and what you hope to get from this group.
> > > >
> > > > We have discussed previously that we might want to build
> > Slang plug
> > > > in representations of some of our cryptographic primitives to
> > > > improve performance.  There appears to be support for including
> > > > those primitives internally in the base VM for the different
> > > > platforms, I would like to take advantage of this
> > opportunity.  If
> > > > anyone has a plug in they would like to have included in the VM
> > > > maker and then in new VM Builds please submit it to this list for
> > > > review.  (Rob could you enter a mantis bug requesting that we
> > > > include the DES plug in with future builds of VM’s?).  We
> > need the
> > > > SHA256 plug in written (I have not had time to do it ☹,
> > but I will
> > > > get to it if nobody volunteers).  Are there suggestions for other
> > > > plug ins that need to be written?
> > > >
> > > > Also I would like us to consider looking at the fips
> > common criteria
> > > > http://niap.bahialab.com/cc-scheme/cc_docs/index.cfm
> > > > .  My feeling is that more testing can not be bad for our
> > > > cryptography code, and that the more we can accomplish in
> > this area
> > > > the closer we are to considering getting certified ourselves.  It
> > > > does not make sense to hire a lab until we are satisfied
> > internally
> > > > that we will pass.
> > > >
> > > > Because this is a large process it would be easy to consider this
> > > > too difficult a task to complete.  The major reason to
> > discount this
> > > > problem is that we have no deadline.  This means that with proper
> > > > organization anyone with some spare time can contribute
> > and move us
> > > > forward.  What we need is someone to help provide this
> > organization.
> > > > That person needs to be very familiar with the common criteria,
> > > > should have considerable experience in the cryptography field and
> > > > should have good organization skills.  The job is not complicated
> > > > and I don’t expect that it should take much time (about 1 hour a
> > > > month after initial startup).  That person would be
> > responsible for
> > > > developing a short list of tasks that need to be
> > accomplished, would
> > > > work to help find people to validate work that is already
> > completed,
> > > > and would tell the community when the work is done.  I
> > would suggest
> > > > that this person would carry the official title of Squeak
> > > > Cryptography Security Validation Officer.
> > > >
> > > > Anyone want to volunteer?  Anyone have suggestions on how
> > to elect
> > > > that person if we get volunteers?
> > > >
> > > > Along with providing a direction for the group we need
> > some people
> > > > with any time to spare to volunteer to work with that
> > leader and the
> > > > rest of the team to add the tests and code necessary to meet the
> > > > requirements of the common criteria.
> > > > This type of work is really a wonderful chance to learn
> > > > Cryptography.  It allows you to learn about areas that
> > you might not
> > > > be familiar with, not to mention being a very valuable
> > way for you
> > > > to contribute to this team.
> > > >
> > > > Again welcome new members,
> > > >
> > > > Ron Teitelbaum
> > > > Squeak Cryptography Team Leader
> > > > [hidden email]
> > > >
> > > > _______________________________________________
> > > > Cryptography mailing list
> > > > [hidden email]
> > > > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cry
> > > ptography
> > > >
> > >
> >
> >
> >
>


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography